Xact File Transfer: Ciphers and algorithms support - Update

25.07.2024

Note: This announcement, originally published on 15 May 2024 and updated on 2 July 2024, has been further updated to remind clients that some algorithms will still be available until 2 September 2024. As of this date, they will no longer be accepted. These algorithms have been highlighted.

Clearstream Banking1 informs clients that, effective

1 July 2024

the following list of connectivity parameters will be enabled and kept only for SSH, HTTP and FTP protocols:

Algorithm type (Associated protocol)

Algorithms list

host-key algorithms (SSH)

rsa-sha2-512, rsa-sha2-256, ssh-rsa

encryption algorithms (SSH)

aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr, aes128-ctr

message authentication code algorithms (SSH)

hmac-sha2-512, hmac-sha2-256

key exchange algorithms (SSH)

curve25519-sha256, curve25519-sha256@libssh.org, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512, diffie-hellman-group17-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, rsa2048-sha256,
ecdh-sha2-nistp384

TLS ciphers (HTTP and FTP)

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

Impacted application

Xact File Transfer

Clients that are not using the above ciphers and algorithms after implementation will be impacted.

No impact is expected for clients with standard and updated file transfer software, it should negotiate the correct connectivity parameters. No impact is expected for clients using the latest versions of web browsers.

To avoid any problem linked with the compatibility, Clearstream Banking strongly advises that clients conduct tests with their browser, FTP and SFTP tools.

Testing

Clients wishing to test their connectivity, can do so using Clearstream Banking’s OCCT environment to avoid any service disruption.

Clients are responsible if they are still using deprecated ciphers and algorithms after the rollout, as a service disruption will occur.

Further information

For further information, please contact the Connectivity Helpdesk.

-------------------------------

1. Clearstream Banking refers collectively to Clearstream Banking S.A., registered office at 42, avenue John F. Kennedy, L-1855 Luxembourg, and registered with the Luxembourg Trade and Companies Register under number B-9248, and Clearstream Banking AG, registered office at 61, Mergenthalerallee, 65760 Eschborn, Germany and registered in Register B of the Amtsgericht Frankfurt am Main, Germany under number HRB 7500.