- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
The information in this section contains technical details regarding secure connections between J.P. Morgan and our clients. It is designed to be used by technical teams within your organization.
What’s Happening?
All accounts on FTS3, FTS4, and FTS5 affected by the Cipher Deprecation Event should review their accounts and remove any unsupported ciphers as soon as possible to avoid possible service disruption.
Specifically, SSH KEX: diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1 are being deprecated.
Timing
Effective Q4 2023: The SSH KEX: diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1 will need to be removed.
You Should Know
To take advantage of these security features and avoid a disruption in service, we recommend you keep all applications in your file transmission infrastructure up to date. Please review the following requirements for the upgraded MFTS platform:
If your application cannot support one of the applicable ciphers below, you will not be able to properly connect to the MFTS platform. Outdated ciphers will not be migrated to the new data center.
TLS 1.2
Support for TLS 1.2 was added in Secure+ for the below versions:
HMAC
CIPHERS
Newly available in the new Data Centers:
Key Exchange
TLS 1.2
TLS 1.2
If your application does not support the available ciphers, or otherwise does not have the required encryption capabilities, then it may be necessary to change its configuration, upgrade it to current version, replace it, or switch to another protocol.
You are strongly encouraged to test your file transfer applications in the MFTS client acceptance testing environment, which is currently configured with the upgraded infrastructure. Please refer to the Testing Instructions page for additional information and testing details.