Filers who use third-party custom software solutions to connect to EDGAR were notified that, on November 30th, the SEC would update the ciphers it supports in its Transport Layer Security (TLS) cryptographic protocol. The update will now occur on January 17, 2022.
To encrypt and authenticate data, TLS relies on cipher sets (or profiles) that are updated periodically to enhance efficacy and security. While older cipher profiles support out-of-date, weak ciphers, the SEC aims to use newer, stronger cipher profiles that are compatible with all up-to-date web browsers.
The following ciphers will not be supported after January 17, 2022.
TLS Version |
OpenSSL Cipher Name (Hex Code) |
IANA Cipher Name |
1.3 |
TLS-AES-128-CCM-8-SHA256 (0x13,0x05) (0x13,0x05) |
TLS_AES_128_CCM_8_SHA256 |
1.3 |
TLS-AES-128-CCM-SHA256 (0x13,0x04) |
TLS_AES_128_CCM_SHA256 |
1.2 |
ECDHE-ECDSA-AES256-SHA384 (0xC0,0x24) |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
1.2 |
ECDHE-ECDSA-AES128-SHA256 (0xC0,0x23) |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
1.2 |
ECDHE-RSA-AES256-SHA384 (0xC0,0x28) |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
1.2 |
ECDHE-RSA-AES128-SHA256 (0xC0,0x27) |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
1.2 |
ECDHE-RSA-AES256-SHA (0xC0,0x14) |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
1.2 |
ECDHE-RSA-AES128-SHA (0xC0,0x13) |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
Newer versions of Windows automatically support the ciphers required by the SEC. If you are using an older version of Windows (Windows 8 or 7, for example), please update your operating system as soon as is feasible or consult your IT department for other alternatives.
Questions or comments may be submitted via email to: EDGAR_Escalations@sec.gov. Questions about GoFiler can be directed to support@novaworkssoftware.com.
Source:
EDGAR Cipher Updates (sec.gov)