Xact File Transfer: Ciphers and algorithms support - Update
Note: This announcement, originally published on 15 May 2024 and updated on 2 July 2024, has been further updated to remind clients that some algorithms will still be available until 2 September 2024. As of this date, they will no longer be accepted. These algorithms have been highlighted.
Clearstream Banking1 informs clients that, effective
1 July 2024
the following list of connectivity parameters will be enabled and kept only for SSH, HTTP and FTP protocols:
Algorithm type (Associated protocol) | Algorithms list |
host-key algorithms (SSH) | rsa-sha2-512, rsa-sha2-256, ssh-rsa |
encryption algorithms (SSH) | aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr, aes128-ctr |
message authentication code algorithms (SSH) | hmac-sha2-512, hmac-sha2-256 |
key exchange algorithms (SSH) | curve25519-sha256, curve25519-sha256@libssh.org, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512, diffie-hellman-group17-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, rsa2048-sha256, |
TLS ciphers (HTTP and FTP) | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
Impacted application
Xact File Transfer
Clients that are not using the above ciphers and algorithms after implementation will be impacted.
No impact is expected for clients with standard and updated file transfer software, it should negotiate the correct connectivity parameters. No impact is expected for clients using the latest versions of web browsers.
To avoid any problem linked with the compatibility, Clearstream Banking strongly advises that clients conduct tests with their browser, FTP and SFTP tools.
Testing
Clients wishing to test their connectivity, can do so using Clearstream Banking’s OCCT environment to avoid any service disruption.
Clients are responsible if they are still using deprecated ciphers and algorithms after the rollout, as a service disruption will occur.
Further information
For further information, please contact the Connectivity Helpdesk.
-------------------------------
1. Clearstream Banking refers collectively to Clearstream Banking S.A., registered office at 42, avenue John F. Kennedy, L-1855 Luxembourg, and registered with the Luxembourg Trade and Companies Register under number B-9248, and Clearstream Banking AG, registered office at 61, Mergenthalerallee, 65760 Eschborn, Germany and registered in Register B of the Amtsgericht Frankfurt am Main, Germany under number HRB 7500.