Topic: Planned PDA Release 4.7 updates to SFTP Server Ciphers and MAC Algorithms

Date/Time Issued: May 31, 2024 1406Z

Product(s) or Data Impacted: All SFTP connections and related products to/from the PDA NSOF OPS site.

Date/Time of Initial Impact: June 11, 2024 1200Z

Date/Time of Expected End: June 12, 2024 2100Z

Length of Event: 33 hours

Details/Specifics of Change: The PDA team will install PDA Release 4.7 which will impact available Ciphers and Algorithms which are used during SFTP Server handshake. The spirit of this change is to remove vulnerable ciphers. If you connect to PDA SFTP Servers as a client this change may affect you.

Specifics of the change:

The following ciphers & MACs will be usable after the Rel4.7 update:

- AES128CTR

- AES192CTR

- AES256CTR

- AES128CBC

- AES192CBC

- AES256CBC

- TripleDESCBC

- HMACMD5

- HMACSHA1

- HMACMD596

- HMACSHA196

The following ciphers have been removed:

- ARCFOUR128

- ARCFOUR256

- BlowfishCBC

Recommended Action:

Users that have SFTP clients that connect to PDA SFTP Servers should verify they support one of the usable algorithms listed above.

Note: These security updates are ongoing and further changes to our SFTP Servers are coming in Rel4.8 to enable newer more secure Ciphers and MAC Algorithms. When we get closer to the Rel4.8 date more information will be provided.

The PDA Support team will be monitoring the environment to quickly address and remediate any issues that may occur.

Contact Information for Further Information: ESPC Operations at ESPCOperations@noaa.gov at 301-817-3880

Web Site(s) for applicable information: N/A

This message was sent by ESPC.Notification@noaa.gov. You have been sent this and other notifications because you have opted in to receive it. If for any reason, you wish to unsubscribe, please contact ESPC Help Desk at ESPCOperations@noaa.gov or (301) 817-3880. Please note: it may take up to two business days to process your unsubscribe request.