Common Report Engine (CRE) security upgrade
Common Report Engine (CRE) security upgrade New Test Server
As announced via Xetra Circular 131/2018 Deutsche Börse Group has decided to upgrade the Common Report Engine (CRE) security. The SSH Key Exchange Algorithms, Ciphers and MACs will be updated in order to ensure reliable and secure communication with the infrastructure of the CRE.
Please be aware, that starting Sunday, 10 March 2019, these will be the only versions supported by the CRE:
Key Exchange Algorithms
- curve25519-sha256
- curve25519-sha256@libssh.org
- diffie-hellman-group18-sha512
- diffie-hellman-group14-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group-exchange-sha256
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
Ciphers
- chacha20-poly1305@openssh.com
- aes256-gcm@openssh.com
- aes128-gcm@openssh.com
- aes256-ctr
- aes192-ctr
- aes128-ctr
MACs
- hmac-sha2-512-etm@openssh.com
- hmac-sha2-256-etm@openssh.com
- umac-128-etm@openssh.com
- hmac-sha2-512
- hmac-sha2-256
Those Key Exchange Algorithms, Ciphers and MACs which are not listed above, will be decommissioned with effect from 10 March 2019. We strongly recommend that Trading Participants review and adapt their IT systems accordingly before 10 March 2019.
To ensure a smooth transition Deutsche Börse is offering an additional test connection to the CRE which offers the same security suites as the CRE server on the cut-over date on 10 March.
- a. via an existing test account or
- b. by creating a new account
and removing all security versions from their software and leave only those which are allowed by Deutsche Börse.
Additionally a Test-SFTP-Server has been provided by Deutsche Börse which can be reached at the following IP addresses:
- Internet: 193.29.90.129 Port: 2222
- Leased Line A: 193.29.90.65 Port: 2222
- Leased Line B: 193.29.90.97 Port: 2222
Please note, that it is not possible to download any reports from the test server, it will just display a Welcome.txt. The aim of the test server is to have another independent instance to verify the trading participants SFTP client software will function on the cut-over date.
If you have any questions or need further information please contact your Technical Key Account Manager, via your VIP number or send an e-mail to: cts@deutsche-boerse.com.