Please update your browser.
Managed File Transfer Services
Our Managed File Transfer platform allows you to exchange files with us effortlessly.
Supported Protocols and Ciphers
The information in this section contains technical details regarding secure connections between J.P. Morgan and our clients. It is designed to be used by technical teams within your organization.
All accounts on FTS3, FTS4, and FTS5 affected by the Cipher Deprecation Event should review their accounts and remove any unsupported ciphers as soon as possible to avoid possible service disruption.
Specifically, SSH KEX: diffie-hellman-group14-sha1 is being deprecated.
Effective Q4 2021: The SSH KEX: diffie-hellman-group14-sha1 will need to be removed. Please see the PowerPoint for reference.
You Should Know
In order to take advantage of these security features and avoid a disruption in service, we recommend you keep all applications in your file transmission infrastructure up to date. Please review the following requirements for the upgraded MFTS platform:
- All Secure Sockets Layer (SSL) connections to the platform must use a minimum version of Transport Layer Security version 1.2 (TLSv1.2) for communication session encryption. The less secure SSLv3, TLSv1.0 and TLSv1.1 are not supported.
- Java-based applications must use Java™ Virtual Machine version 1.8 (JVM 1.8) or higher to provide the appropriate level of support for encryption.
- The following types of ciphers are no longer supported:
- ARCFOUR (ARC4)
- Cipher Block Chain (CBC) below 256
- The diffie-hellman-group14-sha1 key exchange (KEX) algorithm is no longer supported (as of 9/1/2019).
If your application cannot support one of the applicable ciphers below, you will not be able to properly connect to the MFTS platform. Out of date ciphers will not be migrated to the new data center.
MFTS Supported TLS Ciphers
The following ciphers are supported for internet-based connections via applications that use:
- Applicability Statement 2 (AS2)
- Hypertext Transfer Protocol Secure (HTTPS)
- File Transport Protocol Secure (FTPS)
If you send or receive files by NDM via IBM® Sterling Connect:Direct® with Secure+, please be sure that your application meets the minimum security standards for encryption. For your information, TLSv1.2 support was introduced into Secure+ for the following versions:
- Connect:Direct for z/OS version 5.2
- Connect:Direct for Microsoft Windows version 4.7
- Connect:Direct for UNIX version 4.2
- Connect:Direct for i5/OS version 3.8
MFTS Supported TLS Ciphers for Secure+
The following ciphers are supported for connections that use Secure+:
If you use SSH File Transfer Protocol (SFTP), please be sure your application supports the following:
- Key Exchange Algorithms
- SSH Public Keys
If your application does not support the available ciphers, or otherwise does not have the required encryption capabilities, then it may be necessary to change its configuration, upgrade it to current version, replace it, or switch to another protocol.
You are strongly encouraged to test your file transfer applications in the MFTS client acceptance testing environment, which is currently configured with the upgraded infrastructure. Please refer to the Testing Instructions page for additional information and testing details.
You're now leaving J.P. Morgan
J.P. Morgan’s website and/or mobile terms, privacy and security policies don’t apply to the site or app you're about to visit. Please review its terms, privacy and security policies to see how they apply to you. J.P. Morgan isn’t responsible for (and doesn’t provide) any products, services or content at this third-party site or app, except for products and services that explicitly carry the J.P. Morgan name.