The upgraded J.P. Morgan Managed File Transfer Services (MFTS) infrastructure provides enhanced security features to protect your data.
It is recommended that you maintain all applications in your file transmission infrastructure at their most current revision levels to take advantage of these security features and to avoid incompatibility issues.
Please be aware of the following requirements related to the upgraded platform:
If your application cannot support one of the applicable ciphers below, you will not be able to properly connect to the MFTS platform.
MFTS Supported TLS Ciphers
The following ciphers are supported for internet-based connections via applications that use:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
If you send or receive files by NDM via IBM® Sterling Connect:Direct® with Secure+, please be sure that your application meets the minimum security standards for encryption. For your information, TLSv1.2 support was introduced into Secure+ for the following versions:
MFTS Supported TLS Ciphers for Secure+
The following ciphers are supported for connections that use Secure+:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
If you use SSH File Transfer Protocol (SFTP), please be sure your application supports the following:
If your application does not support the available ciphers, or otherwise does not have the required encryption capabilities, then it may be necessary to change its configuration, upgrade it to current version, replace it, or switch to another protocol.
You are strongly encouraged to test your file transfer applications in the MFTS client acceptance testing environment, which is currently configured with the upgraded infrastructure. Please refer to the Testing Instructions page for additional information and testing details.