Skip to content

CEF SMK SML Cipher Suite Update 2020 03

Philip Helger edited this page Mar 10, 2020 · 1 revision

CEF is updating their SMK on March 16th, 2020.

Based on my analysis, all versions of phoss SMP 5.x should be working without any modification.

A change of the TLS Security Profile will be made on the SML in acceptance (SMK). Once the change has been applied, the following protocols will be accepted: Accepted TLS protocols:

  • TLSv1.2
  • TLSv1.1 will be disabled!

Accepted Cipher-suites:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (coming soon)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

We request all the users to test their SMP connection with SML in Acceptance environment after the maintenance operation.

This page lists the minimum requirements from a Java perspective.

TLS 1.2

Support in Java 1.7+

Cipher suites

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Supported in Java 1.7+

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

Supported in Java 12+

Note: works only with TLS 1.2. Would be “TLS_CHACHA20_POLY1305_SHA256” for TLS 1.3

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Supported in Java 1.7+

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Supported in Java 1.7+

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Supported in Java 1.7+

Sources

You can’t perform that action at this time.