Menu Home

OFAC issues technical note about SSL certificates

Here’s the note:

Important Technical Notice for Users of the OFAC website on SSL Certificates

ISSUE: 

Replacement of SSL certificates on the Treasury Website

SYSTEMS/PROCESSES IMPACTED: 

Scripts and other automated processes that download OFAC’s list-related data products; browsing OFAC’s website (depending on browser used and its configuration). 

WARNING:

Failure to act on the advice provided in this notice may prevent SDN (and other list) screening systems from properly updating. 

DESCRIPTION AND REMEDY:

The US Department of Treasury is initiating the annual renewal of the public certificate securing www.treasury.gov website, including OFAC sanctions list downloads. The existing certificate (expiring August 26, 2022) will be replaced on May 26, 2022 at 9PM. This process will take roughly 3-6 hours for the replacement certificate to be distributed worldwide. 

In addition, this year’s certificate will be updated with new TLS and Cipher settings, notably TLS 1.0, TLS 1.1 support will be removed.

Protocols Supported: TLS 1.2, TLS 1.3

Ciphers Supported: 

  • TLS-AES-256-GMC-SHA384
  • TLS-CHACHA20-POLY1305-SHA256
  • TLS-AES-128-GCM-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-CHACHA20-POLY1305
  • ECDHE-RSA-CHACHA20-POLY1305

If your application pins or otherwise trusts the serial number of the existing certificate as part your application functionality, you may need to update your configuration to trust the renewed certificate. The renewed public certificate, effective May 26, 2022 at 9PM, can be downloaded via the following URL, https://s3.amazonaws.com/www.treasury.gov-2022-certificate/www.treasury.gov-2022-2023-Renewed-Certificate.cer.zip. To prevent loss in functionality, please ensure your applications trust this certificate, and are configured to accept encrypted connections using the updated TLS protocols and ciphers by the May 26 replacement date.

Please contact OFAC technical support at 1-800-540-6322 Option #8 or O_F_A_C@treasury.gov with any questions that you may have about this change.

Links:

OFAC Notice

Technical Note

Categories: OFAC Updates Technical Notice Technology

eric9to5

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: