IBM Support

ECuRep encryption information

General Page

Encryption options supported by the data exchange server.

The ECuRep servers support different encryption options. This page lists the current encryption settings plus planned changes. 

TLS Server certificates are replaced without any notice unless intermediate or root certificate changes.

For further information also, read the encryption help page.

New network connections between your machine and IBM servers are required to keep your ability to exchange diagnostic data with ECuRep, see here.
During the gradual transition to the new solution starting on 29th October 2024, and ending on March 10, 2025, IBM will discontinue support for deprecated ciphers used in connections to ECuRep. Connections will be impacted, if using deprecated ciphers to connect to the ECuRep data exchange environment using Secure FTP,  Secure HTTP.

 

HTTPS upload server details:

Server Port
Root certificate
 Protocol
Cipher suites (openssl denotation)
NOTE: *deprecated ciphers
www.ecurep.ibm.com
(192.148.6.11 & 2620:1f7:c010:1:1:1:1:11)

Static IP access is not intended
Note this is the same IP as esupport.ibm.com

 443
DigiCert Global Root G2
TLSv1.3
TLSv1.2
0x1301 – TLS_AES_128_GCM_SHA256 ( TLSv1.3)
0x1302 – TLS_AES_256_GCM_SHA384 ( TLSv1.3)
0xc02f – ECDHE_RSA_AES128_GCM_SHA256 (FIPS approved; TLSv1.2)
0xc030 – ECDHE_RSA_AES256_GCM_SHA384 (FIPS approved; TLSv1.2)

 

FTPS (FTP over TLS) upload server details:

Server Ports
Root certificate
 Protocol
Cipher suites (openssl denotation)
NOTE: *deprecated, removal coming soon
ftps.ecurep.ibm.com

(149.81.237.70, 52.118.103.99, 165.192.140.113)

Static IP access is not intended
21 + range:
65024 to 65535
DigiCert Global Root G2
TLSv1.3
TLSv1.2
0x1301 – TLS_AES_128_GCM_SHA256 ( TLSv1.3)
0x1302 – TLS_AES_256_GCM_SHA384 ( TLSv1.3)
0x1304 – TLS_AES_128_CCM_SHA256 ( TLSv1.3)
0xc02f – ECDHE_RSA_AES128_GCM_SHA256 (FIPS approved; TLSv1.2)
0xc030 – ECDHE_RSA_AES256_GCM_SHA384 (FIPS approved; TLSv1.2)

 

SFTP (Secure FTP (SSH)) protocol:

Server Port Key exchange
Encryption
sftp.ecurep.ibm.com

(149.81.237.70, 52.118.103.99, 165.192.140.113)

Static IP access is not intended

 22
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
aes256-ctr
aes192-ctr
aes128-ctr

 

SFTP Server host keys:

Server
Key type
 Key length Server key fingerprint (sha256)
sftp.ecurep.ibm.com

(149.81.237.70, 52.118.103.99, 165.192.140.113)

Static IP access is not intended

 RSA 3072
NmQSXbHir/W7ymYmJ9/5Noz0/VNiX3WZscvs9O/vNE8
(Last key update: April 8, 2021)
ECDSA 521
cuct5SerokPF0nSpP0oJu0VrP84TXKTPePAvnhdUnlE
(Last key update: Nov 15, 2022)
 
Detailed information for email server: 
 
Server Port
Root certificate
 Protocol
Cipher suites (openssl denotation)
mx0a-001b2d01.pphosted.com
(148.163.156.1)
mx0b-001b2d01.pphosted.com
(148.163.158.5)
 25
Sectigo RSA organization Validation Secure Server CA
TLSv1.2

0xC030 - ECDHE-RSA-AES256-GCM-SHA384
0xc02F - ECDHE-RSA-AES128-GCM-SHA256
0xC028 - ECDHE-RSA-AES256-SHA384
0xC027 - ECDHE-RSA-AES128-SHA256
0x009D - AES256-GCM-SHA384
0x009C - AES128-GCM-SHA256
0x003D - AES256-SHA256
0x003C - AES128-SHA256

Related links

[{"Business Unit":{"code":"BU051","label":"N\/A"},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB33","label":"N\/A"}},{"Type":"MASTER","Line of Business":{"code":"","label":""},"Business Unit":{"code":"","label":""},"Product":{"code":"ECUREP","label":"ECuRep notice"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
15 May 2025

UID

ibm16257487

Page Feedback