BaFin - Navigation & Service

Go to:

Erscheinung:03.07.2012, Stand:updated on 25.03.2019 | Topic MVP Portal Important information MVP-Portal

Here you will find important information on technical issues for MVP-Portal

TLS 1.2 Protocol in combination with Perfect Forward Secrecy (PFS)

Following approval by the Council of the IT representatives, the Federal Ministry of the Interior issued a General Administrative Regulation, issued by resolution no. 2014/11 from the 12th of December 2014. Thus, the application of the minimum standards of the Federal Office for Information Security (BSI) pursuant to paragraph 8 sentence 1 of the BSIG for use of SSL/TLS protocol is binding for Federal Government and thus, BaFin as well.

The minimum standard as outlined by BSI can be viewed here (german only). This minimum standard refers to the latest version of the Technical Guidelines TR-02102-2 "Cryptographic Methods: Recommendations and Key Lengths. Part 2 - Use of Transport Layer Security (TLS) "[TR-02102-2]. These guidelines can be obtained from BSI (german only).

BaFin will implement the aforementioned minimum standard requirements as of December 31st, 2016.

Specifically, this means that from January 1st, 2017 the MVP Portal will only support the TLS 1.2 protocol in combination with Perfect Forward Secrecy (PFS).

From the 1st of January 2017 onwards, BaFin will only support the following cipher suites / Elliptic Curves:

Cipher Suites:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6B) DH 2048 bits
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9E) DH 2048 bits
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits

Elliptic Curves:

secp256r1
secp384r1
secp521r1

All cipher suites/Elliptic Curves for both the Web application (port 443) and web services (port 444) that will be used as of January 1st, 2017 are currently supported. In addition, it is currently possible to test configurations that will support the aforementioned TLS requirements. For all MVP Portal web services for specialized procedures, a second access route has been configured through the port 446.

When using an endpoint with port 446, rather than the standard port 444, the TLS configuration described above is used. As of January 1st, 2017, the new TLS configuration will be applied to the default ports 443 and 444 and access over port 446 will be disabled without further notice.

Example of test procedures "Filing of Final Terms" (EFT) using port 446:

https://portal.mvp.bafin.de:446/services/ws/t_eft

When you only use a browser (no web service), no further action is required when using a current browser version.

An overview (without guarantee) of current Internet browser capabilities can be downloaded here. In particular, please note that Microsoft Internet Explorer version 10 and older will not be supported.

Di­rect­ly to MVP-Por­tal

Datenbanken (refer to: Directly to MVP-Portal)

© Franny-Anne / Fotolia.com

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field