Using OFTP in NIST 800-131a compliance mode

OFTP protocol is supported in Sterling B2B Integrator in OFTP 1.2, OFTP 1.3, OFTP 1.4, and OFTP 2.0; however, only OFTP 2.0 supports secure communications.

TLS Support

The OFTP 2 RFC enforces the usage of TLS and previous versions of SSL are not supported; therefore, only TLS1, TLS 1.1 and TLS 1.2 are supported. This is defined by using the property OFTP.Global.HelloProtocol in The default value is OFTP.Global.HelloProtocol=TLS1-TLS1.2.

Ciphers Supported

The following Ciphers supported by OFTP2 are below:

Table 1. Supported Ciphers with OFTP2
Cipher Suite Symmetric Asymmetric Hashing
02 AEO_256_CBC RSA_PKCS1_15 SHA-1

TLS Certificate Download

The TLS certificate functionality of OFTP is NOT functional in strict mode. The xml file on the ODETTE site is signed by a non-NIST 800-131a compliant certificate algorithm which is not permitted in strict mode.

Certificate Exchange

When using automatic certificate exchange, the root certificate and/or the auth chain must be present at the receiver's end. The automatic certificate exchange fails if the root or auth chain is not NIST 800-131a complaint.

Adapter and Profile Configuration Considerations:
  • When configuring a new adapter or profile, only NIST 800-131a compliant certificates and Cipher strength are available.
  • If any non-compliant adapter, certificate, or profile configuration is found, the adapter will not be enabled, the communication fails, and a status message about the non-NIST 800-131a compliance appears.