Automic Workload Automation

We just got blind sided this month by the Medicare SFTP (Section111) folks.  Without warning they changed their minimum cipher requirements.  I've opened a ticket with support to find out if there is a newer RAFTP  that will meet this requirement.  (We are on 4.0.7 build 79 and I see from downloads that 4.0.9 is available).

Thought I'd throw this out here in case someone else has already dealt with the same issue.

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

Haven't seen this, but i'm sure I will!
Very interested in what Broadcom respond with.
Thanks!
Original Message:
Sent: 09-16-2020 12:40 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

We just got blind sided this month by the Medicare SFTP (Section111) folks.  Without warning they changed their minimum cipher requirements.  I've opened a ticket with support to find out if there is a newer RAFTP  that will meet this requirement.  (We are on 4.0.7 build 79 and I see from downloads that 4.0.9 is available).

Thought I'd throw this out here in case someone else has already dealt with the same issue.

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

I opened a ticket with Broadcom and provided them with the email I received from section111 describing what ciphers were required.  The response from Broadcom was not very helpful, and they closed the ticket automatically after 48 hours of ticket inactivity.  (EDIT CORRECTION: THEY HAVE NOT CLOSED MY CALL.)

I have installed RAFTP 4.0.9 into our sandbox and DEV AE's for testing.  However these tests are stalled right now because during testing we accidentally locked our section111 account (thanks to a stale password in DEV), and we are waiting for them to unlock it.  

We tried to upload our files manually to section111 via their web site, but they have imposed a size limit that we exceed by only a few thousand bytes.

If RAFTP 4.0.9 does not resolve this, I suspect we will be forced to use a different transfer software product.

Pete

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

Original Message:
Sent: 09-29-2020 05:06 AM
From: Tony Ferraro
Subject: RAFTP and Medicare SFTP (section111)

Haven't seen this, but i'm sure I will!
Very interested in what Broadcom respond with.
Thanks!
Original Message:
Sent: 09-16-2020 12:40 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

We just got blind sided this month by the Medicare SFTP (Section111) folks.  Without warning they changed their minimum cipher requirements.  I've opened a ticket with support to find out if there is a newer RAFTP  that will meet this requirement.  (We are on 4.0.7 build 79 and I see from downloads that 4.0.9 is available).

Thought I'd throw this out here in case someone else has already dealt with the same issue.

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

Hi, @Pete Wirfs we have already planned to exchange jsch library in RA FTP. Could you tell me in more detail which ciphers are in section111?

------------------------------
Product Manager - Automation
CA Technologies, A Broadcom Company
------------------------------

Original Message:
Sent: 09-29-2020 05:45 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

I opened a ticket with Broadcom and provided them with the email I received from section111 describing what ciphers were required.  The response from Broadcom was not helpful at all, and they closed the ticket automatically after 48 hours of ticket inactivity. 

I have installed RAFTP 4.0.9 into our sandbox and DEV AE's for testing.  However these tests are stalled right now because during testing we accidentally locked our section111 account (thanks to a stale password in DEV), and we are waiting for them to unlock it.  

We tried to upload our files manually to section111 via their web site, but they have imposed a size limit that we exceed by only a few thousand bytes.

If RAFTP 4.0.9 does not resolve this, I suspect we will be forced to use a different transfer software product.

Pete

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA

Original Message:
Sent: 09-29-2020 05:06 AM
From: Tony Ferraro
Subject: RAFTP and Medicare SFTP (section111)

Haven't seen this, but i'm sure I will!
Very interested in what Broadcom respond with.
Thanks!
Original Message:
Sent: 09-16-2020 12:40 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

We just got blind sided this month by the Medicare SFTP (Section111) folks.  Without warning they changed their minimum cipher requirements.  I've opened a ticket with support to find out if there is a newer RAFTP  that will meet this requirement.  (We are on 4.0.7 build 79 and I see from downloads that 4.0.9 is available).

Thought I'd throw this out here in case someone else has already dealt with the same issue.

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

@Tatjana Radic 

This is a cut/paste from an email we received from section111;

They should be using: TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256 security.StrongCipherSuite=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256 security.AllCipherSuite=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256 security.dashboardCipherSuite=JDK security.JDKCipherSuite=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 security.SSHMacAlgList=hmac-sha2-256" ​​

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

Original Message:
Sent: 10-02-2020 04:46 AM
From: Tatjana Radic
Subject: RAFTP and Medicare SFTP (section111)

Hi, @Pete Wirfs we have already planned to exchange jsch library in RA FTP. Could you tell me in more detail which ciphers are in section111?

------------------------------
Product Manager - Automation
CA Technologies, A Broadcom Company

Original Message:
Sent: 09-29-2020 05:45 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

I opened a ticket with Broadcom and provided them with the email I received from section111 describing what ciphers were required.  The response from Broadcom was not helpful at all, and they closed the ticket automatically after 48 hours of ticket inactivity. 

I have installed RAFTP 4.0.9 into our sandbox and DEV AE's for testing.  However these tests are stalled right now because during testing we accidentally locked our section111 account (thanks to a stale password in DEV), and we are waiting for them to unlock it.  

We tried to upload our files manually to section111 via their web site, but they have imposed a size limit that we exceed by only a few thousand bytes.

If RAFTP 4.0.9 does not resolve this, I suspect we will be forced to use a different transfer software product.

Pete

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA

Original Message:
Sent: 09-29-2020 05:06 AM
From: Tony Ferraro
Subject: RAFTP and Medicare SFTP (section111)

Haven't seen this, but i'm sure I will!
Very interested in what Broadcom respond with.
Thanks!
Original Message:
Sent: 09-16-2020 12:40 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

We just got blind sided this month by the Medicare SFTP (Section111) folks.  Without warning they changed their minimum cipher requirements.  I've opened a ticket with support to find out if there is a newer RAFTP  that will meet this requirement.  (We are on 4.0.7 build 79 and I see from downloads that 4.0.9 is available).

Thought I'd throw this out here in case someone else has already dealt with the same issue.

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

@Tatjana Radic

I spoke incorrectly when I said support closed my call.  They have done so on some of my other calls recently, but I'm pleasantly suprised to see that this one is not closed.  It is call number 32230443.   In that call support also provided this information:
However please note, than if you are using Oracle Java -> you must install JCE (Java Cryptography Extension) to use the higher level of ciphers for it. If you are using OpenJDK from adoptopenjdk -> JCE is enabled/installed by default.​
I'm operating on the assumption that our Java also has JCE enabled/installed;
openjdk version "11.0.6" 2020-01-14 LTS OpenJDK Runtime Environment Corretto-11.0.6.10.1 (build 11.0.6+10-LTS) OpenJDK 64-Bit Server VM Corretto-11.0.6.10.1 (build 11.0.6+10-LTS, mixed mode)​

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

Original Message:
Sent: 10-02-2020 04:46 AM
From: Tatjana Radic
Subject: RAFTP and Medicare SFTP (section111)

Hi, @Pete Wirfs we have already planned to exchange jsch library in RA FTP. Could you tell me in more detail which ciphers are in section111?

------------------------------
Product Manager - Automation
CA Technologies, A Broadcom Company

Original Message:
Sent: 09-29-2020 05:45 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

I opened a ticket with Broadcom and provided them with the email I received from section111 describing what ciphers were required.  The response from Broadcom was not helpful at all, and they closed the ticket automatically after 48 hours of ticket inactivity. 

I have installed RAFTP 4.0.9 into our sandbox and DEV AE's for testing.  However these tests are stalled right now because during testing we accidentally locked our section111 account (thanks to a stale password in DEV), and we are waiting for them to unlock it.  

We tried to upload our files manually to section111 via their web site, but they have imposed a size limit that we exceed by only a few thousand bytes.

If RAFTP 4.0.9 does not resolve this, I suspect we will be forced to use a different transfer software product.

Pete

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA

Original Message:
Sent: 09-29-2020 05:06 AM
From: Tony Ferraro
Subject: RAFTP and Medicare SFTP (section111)

Haven't seen this, but i'm sure I will!
Very interested in what Broadcom respond with.
Thanks!
Original Message:
Sent: 09-16-2020 12:40 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

We just got blind sided this month by the Medicare SFTP (Section111) folks.  Without warning they changed their minimum cipher requirements.  I've opened a ticket with support to find out if there is a newer RAFTP  that will meet this requirement.  (We are on 4.0.7 build 79 and I see from downloads that 4.0.9 is available).

Thought I'd throw this out here in case someone else has already dealt with the same issue.

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

@Tatjana Radic
@Tony Ferraro

We tested RAFTP 4.0.9 today, but it connected to sftp.section111.cms.hhs.gov with the same ciphers.
2020-10-09 16:23:14 kex: server->client aes128-ctr hmac-md5 zlib 2020-10-09 16:23:14 kex: client->server aes128-ctr hmac-md5 zlib
I'm not ruling out that the problem might be something in our Java or Windows settings.  @Tony Ferraro do you think you might be able to test your connection to section111 and let me know how it is working?  If yours works, then we might be shooting ourselves in the foot here.

In the mean time, we are falling behind.  On Monday I'm going to see about setting up a desktop ftp app as a manual workaround.

​​

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

Original Message:
Sent: 10-02-2020 10:54 AM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

@Tatjana Radic

I spoke incorrectly when I said support closed my call.  They have done so on some of my other calls recently, but I'm pleasantly suprised to see that this one is not closed.  It is call number 32230443.   In that call support also provided this information:
However please note, than if you are using Oracle Java -> you must install JCE (Java Cryptography Extension) to use the higher level of ciphers for it.If you are using OpenJDK from adoptopenjdk -> JCE is enabled/installed by default.​
I'm operating on the assumption that our Java also has JCE enabled/installed;
openjdk version "11.0.6" 2020-01-14 LTSOpenJDK Runtime Environment Corretto-11.0.6.10.1 (build 11.0.6+10-LTS)OpenJDK 64-Bit Server VM Corretto-11.0.6.10.1 (build 11.0.6+10-LTS, mixed mode)​

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA

Original Message:
Sent: 10-02-2020 04:46 AM
From: Tatjana Radic
Subject: RAFTP and Medicare SFTP (section111)

Hi, @Pete Wirfs we have already planned to exchange jsch library in RA FTP. Could you tell me in more detail which ciphers are in section111?

------------------------------
Product Manager - Automation
CA Technologies, A Broadcom Company

Original Message:
Sent: 09-29-2020 05:45 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

I opened a ticket with Broadcom and provided them with the email I received from section111 describing what ciphers were required.  The response from Broadcom was not helpful at all, and they closed the ticket automatically after 48 hours of ticket inactivity. 

I have installed RAFTP 4.0.9 into our sandbox and DEV AE's for testing.  However these tests are stalled right now because during testing we accidentally locked our section111 account (thanks to a stale password in DEV), and we are waiting for them to unlock it.  

We tried to upload our files manually to section111 via their web site, but they have imposed a size limit that we exceed by only a few thousand bytes.

If RAFTP 4.0.9 does not resolve this, I suspect we will be forced to use a different transfer software product.

Pete

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA

Original Message:
Sent: 09-29-2020 05:06 AM
From: Tony Ferraro
Subject: RAFTP and Medicare SFTP (section111)

Haven't seen this, but i'm sure I will!
Very interested in what Broadcom respond with.
Thanks!
Original Message:
Sent: 09-16-2020 12:40 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

We just got blind sided this month by the Medicare SFTP (Section111) folks.  Without warning they changed their minimum cipher requirements.  I've opened a ticket with support to find out if there is a newer RAFTP  that will meet this requirement.  (We are on 4.0.7 build 79 and I see from downloads that 4.0.9 is available).

Thought I'd throw this out here in case someone else has already dealt with the same issue.

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

**** RESOLVED *****
@Tatjana Radic
@Tony Ferraro

The problem had nothing to do with ciphers. That was just a red herring fed to us by section111 staff.  RAFTP 4.0.6 is fine for connecting with section111.

The real problem was very simple.  They had messed up the grants on our credentials.  

As part of our problem analysis we had them allocate some new section111 credentials for us.  We discovered the new credentials worked, where our old credentials didn't.

I can't believe we just spent a month and 11 days chasing a red herring!

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------

Original Message:
Sent: 10-09-2020 08:29 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

@Tatjana Radic
@Tony Ferraro

We tested RAFTP 4.0.9 today, but it connected to sftp.section111.cms.hhs.gov with the same ciphers.
2020-10-09 16:23:14 kex: server->client aes128-ctr hmac-md5 zlib2020-10-09 16:23:14 kex: client->server aes128-ctr hmac-md5 zlib
I'm not ruling out that the problem might be something in our Java or Windows settings.  @Tony Ferraro do you think you might be able to test your connection to section111 and let me know how it is working?  If yours works, then we might be shooting ourselves in the foot here.

In the mean time, we are falling behind.  On Monday I'm going to see about setting up a desktop ftp app as a manual workaround.

​​

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA

Original Message:
Sent: 10-02-2020 10:54 AM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

@Tatjana Radic

I spoke incorrectly when I said support closed my call.  They have done so on some of my other calls recently, but I'm pleasantly suprised to see that this one is not closed.  It is call number 32230443.   In that call support also provided this information:
However please note, than if you are using Oracle Java -> you must install JCE (Java Cryptography Extension) to use the higher level of ciphers for it.If you are using OpenJDK from adoptopenjdk -> JCE is enabled/installed by default.​
I'm operating on the assumption that our Java also has JCE enabled/installed;
openjdk version "11.0.6" 2020-01-14 LTSOpenJDK Runtime Environment Corretto-11.0.6.10.1 (build 11.0.6+10-LTS)OpenJDK 64-Bit Server VM Corretto-11.0.6.10.1 (build 11.0.6+10-LTS, mixed mode)​

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA

Original Message:
Sent: 10-02-2020 04:46 AM
From: Tatjana Radic
Subject: RAFTP and Medicare SFTP (section111)

Hi, @Pete Wirfs we have already planned to exchange jsch library in RA FTP. Could you tell me in more detail which ciphers are in section111?

------------------------------
Product Manager - Automation
CA Technologies, A Broadcom Company

Original Message:
Sent: 09-29-2020 05:45 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

I opened a ticket with Broadcom and provided them with the email I received from section111 describing what ciphers were required.  The response from Broadcom was not helpful at all, and they closed the ticket automatically after 48 hours of ticket inactivity. 

I have installed RAFTP 4.0.9 into our sandbox and DEV AE's for testing.  However these tests are stalled right now because during testing we accidentally locked our section111 account (thanks to a stale password in DEV), and we are waiting for them to unlock it.  

We tried to upload our files manually to section111 via their web site, but they have imposed a size limit that we exceed by only a few thousand bytes.

If RAFTP 4.0.9 does not resolve this, I suspect we will be forced to use a different transfer software product.

Pete

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA

Original Message:
Sent: 09-29-2020 05:06 AM
From: Tony Ferraro
Subject: RAFTP and Medicare SFTP (section111)

Haven't seen this, but i'm sure I will!
Very interested in what Broadcom respond with.
Thanks!
Original Message:
Sent: 09-16-2020 12:40 PM
From: Pete Wirfs
Subject: RAFTP and Medicare SFTP (section111)

We just got blind sided this month by the Medicare SFTP (Section111) folks.  Without warning they changed their minimum cipher requirements.  I've opened a ticket with support to find out if there is a newer RAFTP  that will meet this requirement.  (We are on 4.0.7 build 79 and I see from downloads that 4.0.9 is available).

Thought I'd throw this out here in case someone else has already dealt with the same issue.

------------------------------
Pete Wirfs
SAIF Corporation
Salem Oregon USA
------------------------------