Managed File Transfer Services

Our Managed File Transfer platform allows you to exchange files with us effortlessly.

Supported Protocols and Ciphers

The information in this section contains technical details regarding secure connections between J.P. Morgan and our clients. It is designed to be used by technical teams within your organization.

What’s Happening?

All accounts on FTS3, FTS4, and FTS5 affected by the Cipher Deprecation Event should review their accounts and remove any unsupported ciphers as soon as possible to avoid possible service disruption.

Specifically, SSH KEX: diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1 are being deprecated.

Timing

Effective Q4 2023: The SSH KEX: diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1 will need to be removed.

You Should Know

To take advantage of these security features and avoid a disruption in service, we recommend you keep all applications in your file transmission infrastructure up to date. Please review the following requirements for the upgraded MFTS platform:

  • All Secure Sockets Layer (SSL) connections to the platform must use a minimum version of Transport Layer Security version 1.2 (TLSv1.2) for communication session encryption. The less secure SSLv3, TLSv1.0 and TLSv1.1 are not supported.
  • Java-based applications must use Java™ Virtual Machine version 1.8 (JVM 1.8) or higher to provide the appropriate level of support for encryption.
  • The following types of ciphers are no longer supported:
  • Blowfish
  • ARCFOUR (ARC4)
  • Cipher Block Chain (CBC) below 256
  • 3DES
  • TLS_RSA
  • The diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1 key exchange (KEX) algorithms are out of date.

If your application cannot support one of the applicable ciphers below, you will not be able to properly connect to the MFTS platform. Outdated ciphers will not be migrated to the new data center.

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS 1.2

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Support for TLS 1.2 was added in Secure+ for the below versions:

  • Connect:Direct for z/OS version 5.2
  • Connect:Direct for Microsoft Windows version 4.7
  • Connect:Direct for UNIX version 4.2
  • Connect:Direct for i5/OS version 3.8

HMAC

  • hmac-sha1-96
  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com

CIPHERS

  • aes128-ctr
  • aes192-ctr
  • aes256-ctr

Newly available in the new Data Centers:

  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
  • chacha20-poly1305@openssh.com

Key Exchange

  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256

TLS 1.2

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS 1.2

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Application Compatibility

If your application does not support the available ciphers, or otherwise does not have the required encryption capabilities, then it may be necessary to change its configuration, upgrade it to current version, replace it, or switch to another protocol.

You are strongly encouraged to test your file transfer applications in the MFTS client acceptance testing environment, which is currently configured with the upgraded infrastructure. Please refer to the Testing Instructions page for additional information and testing details.