IBM Support

ECuRep encryption information

General Page

Encryption options supported by the data exchange server.

The ECuRep servers support different encryption options. This page lists the current encryption settings plus planned changes. 

TLS Server certificates are replaced without any notice unless intermediate or root certificate changes.

For further information also, read the encryption help page.

As already informed by MyNotifications note changes on Testcase for HTTPS and FTP over TLS (FTPS):
Ensure that the new Digicert Global Root G2 Certificate Authority (CA) Certificate is added to keystores on customer servers before 7 Jun 2023 for Testcase, see further details here.

Detailed information for server that uses HTTPS protocol:

Server Port
Root certificate
 Protocol
Cipher suites (openssl denotation)
NOTE: *deprecated, removal coming soon
Testcase.boulder.ibm.com
(170.225.126.22)
 443
DigiCert Global Root G2
DigiCert Global Root CA
TLSv1.2
0xC030 - ECDHE-RSA-AES256-GCM-SHA384
0xC028 - ECDHE-RSA-AES256-SHA384
0xC02F - ECDHE-RSA-AES128-GCM-SHA256
0xC027 - ECDHE-RSA-AES128-SHA256
0x009e - DHE-RSA-AES128-GCM-SHA256
0x009f - DHE-RSA-AES256-GCM-SHA384
0x009D - AES256-GCM-SHA384*
0x003D - AES256-SHA256*
0x0035 - AES256-SHA*
0x009C - AES128-GCM-SHA256*
0x003C - AES128-SHA256*
0x002F - AES128-SHA*
www.ap.ecurep.ibm.com
(169.56.38.170)
 443
DigiCert Global Root G2
TLSv1.3
TLSv1.2
0xC030 - ECDHE-RSA-AES256-GCM-SHA384
0xC028- ECDHE-RSA-AES256-SHA384
0x009D - AES256-GCM-SHA384*
0x003D - AES256-SHA256*
0xC02F - ECDHE-RSA-AES128-GCM-SHA256
0xC027 - ECDHE-RSA-AES128-SHA256
0x009C - AES128-GCM-SHA256*
0x003C - AES128-SHA256*
www.secure.ecurep.ibm.com
(192.109.81.21)
 443
DigiCert Global Root G2
TLSv1.3
TLSv1.2
0xC030 - ECDHE-RSA-AES256-GCM-SHA384
0xC028 - ECDHE-RSA-AES256-SHA384
0x009D- AES256-GCM-SHA384*
0x003D - AES256-SHA256*
0xC02F - ECDHE-RSA-AES128-GCM-SHA256
0xC027 - ECDHE-RSA-AES128-SHA256
0x009C - AES128-GCM-SHA256*
0x003C - AES128-SHA256*

0x1301 - TLS_AES_128_GCM_SHA256
0x1302 - TLS_AES_256_GCM_SHA384
0xc02b - ECDHE-ECDSA-AES128-GCM-SHA256
0xc02f - ECDHE-RSA-AES128-GCM-SHA256
0xc02c - ECDHE-ECDSA-AES256-GCM-SHA384
0xc030 - ECDHE-RSA-AES256-GCM-SHA384
0x009e - DHE-RSA-AES128-GCM-SHA256
0x009f - DHE-RSA-AES256-GCM-SHA384

Detailed information for server that uses FTP over TLS protocol:

Server Port
Root certificate
 Protocol
Cipher suites (openssl denotation)
NOTE: *deprecated, removal coming soon
ftps.ecurep.ibm.com
(192.109.81.10)
21
65024 - 65535
DigiCert Global Root G2
TLSv1.3
TLSv1.2
0xC030 - ECDHE-RSA-AES256-GCM-SHA384
0xC02F - ECDHE-RSA-AES128-GCM-SHA256
0xC027 - ECDHE-RSA-AES128-SHA256
0x009D - AES256-GCM-SHA384*
0x003D - AES256-SHA256*
0x009C - AES128-GCM-SHA256*
0x003C - AES128-SHA256*
ftps.ap.ecurep.ibm.com
(169.56.38.162, 169.56.38.163)
21
65024 - 65535
DigiCert Global Root G2
 TLSv1.2
0xC030 - ECDHE-RSA-AES256-GCM-SHA384
0xC02F - ECDHE-RSA-AES128-GCM-SHA256
0xC027 - ECDHE-RSA-AES128-SHA256
0x009D - AES256-GCM-SHA384*
0x003D - AES256-SHA256*
0x009C - AES128-GCM-SHA256*
0x003C - AES128-SHA256*
Testcase.boulder.ibm.com
(170.225.126.22)
21
65024 - 65535
DigiCert Global Root G2
DigiCert Global Root CA
TLSv1.2
0xC030 - ECDHE-RSA-AES256-GCM-SHA384
0xC028 - ECDHE-RSA-AES256-SHA384
0xC02F - ECDHE-RSA-AES128-GCM-SHA256
0xC027 - ECDHE-RSA-AES128-SHA256
0x009e - DHE-RSA-AES128-GCM-SHA256
0x009f - DHE-RSA-AES256-GCM-SHA384
0x009D - AES256-GCM-SHA384*
0x003D - AES256-SHA256*
0x0035 - AES256-SHA*
0x009C - AES128-GCM-SHA256*
0x003C - AES128-SHA256*
0x002F - AES128-SHA*

Detailed information for server that uses Secure Shell (SSH) version 2 protocol:

Server Port Key exchange
Encryption
sftp.ecurep.ibm.com
(192.109.81.25)
 22
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
aes256-ctr
aes192-ctr
aes128-ctr
sftp.ap.ecurep.ibm.com
(169.56.38.162, 169.56.38.163)
 22
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
aes256-ctr
aes192-ctr
aes128-ctr
Testcase.boulder.ibm.com
(170.225.126.22)
 22
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1
aes256-ctr
aes192-ctr
aes128-ctr

SFTP Server host keys:

Server
Key type
 Key length Server key fingerprint (sha256)
sftp.ecurep.ibm.com
(192.109.81.25)
 RSA 2048
NmQSXbHir/W7ymYmJ9/5Noz0/VNiX3WZscvs9O/vNE8
(Last key update: April 8, 2021)
ECDSA 521
cuct5SerokPF0nSpP0oJu0VrP84TXKTPePAvnhdUnlE
(Last key update: Nov 15, 2022)
sftp.ap.ecurep.ibm.com
(169.56.38.162, 169.56.38.163)
 RSA
2048
+ZrSlci5Q9NdTxg6HuspV397fdJPPRED/pGk58NGhOQ
(Last key update: Feb 25, 2021)
ECDSA 521
hqqL5qRwsHsrYZgaBoWC2pRV78E6pwEYgPxxuqZkY5g
(Last key update: Nov 15, 2022)
Testcase.boulder.ibm.com
(170.225.126.22)
 RSA 2048
hsPI1gW5845xXusI7b1qugRNsizTkez40iv+lKcUN84
 
Details information for email server: 
 
Server Port
Root certificate
 Protocol
Cipher suites (openssl denotation)
mx0a-001b2d01.pphosted.com
(148.163.156.1)
mx0b-001b2d01.pphosted.com
(148.163.158.5)
 25
Sectigo RSA organization Validation Secure Server CA
TLSv1.2

0xC030 - ECDHE-RSA-AES256-GCM-SHA384
0xc02F - ECDHE-RSA-AES128-GCM-SHA256
0xC028 - ECDHE-RSA-AES256-SHA384
0xC027 - ECDHE-RSA-AES128-SHA256
0x009D - AES256-GCM-SHA384
0x009C - AES128-GCM-SHA256
0x003D - AES256-SHA256
0x003C - AES128-SHA256

Related links

[{"Business Unit":{"code":"BU051","label":"N\/A"},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB33","label":"N\/A"}}]

Document Information

Modified date:
02 June 2023

UID

ibm16257487

Page Feedback