Overview

As of 20th June 2024 NAB Transact decommissioned the following ciphers that will mean NAB Transact may no longer function if used:

TLSv1.2 ciphers

• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Please ensure that your system supports the following accepted ciphers:

The following cipher suites are accepted for TLS 1.3:

• TLS_AES_128_GCM_SHA256

• TLS_AES_256_GCM_SHA384

• TLS_CHACHA20_POLY1305_SHA256

The following cipher suites are accepted for TLS 1.2:

• ECDHE-ECDSA-AES128-GCM-SHA256

• ECDHE-RSA-AES128-GCM-SHA256

• ECDHE-ECDSA-AES256-GCM-SHA384

• ECDHE-RSA-AES256-GCM-SHA384

• ECDHE-ECDSA-CHACHA20-POLY1305

• ECDHE-RSA-CHACHA20-POLY1305

Open

Message excerpt from NAB login

As of 21st June 2024 NAB Transact re-instated support for these ciphers as they recognised a failure to communicate this to users.

NAB has then communicated direct with customers on 05 July 2024:

What does this mean?

Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website.

https://www.cloudflare.com/en-au/learning/ssl/transport-layer-security-tls/

Over time legacy TLS protocols have been identified as less secure and no longer supported by vendors, such as in this instance, in favor of more secure protocols.

If this occurs you will see the following error:

Open

Resolution

Clients will need to remove the affected cyphers from being used on their web servers.

A free tool, IIS Crypto, can be used for this.
https://www.nartac.com/Downloads/IISCrypto/IISCrypto.exe

Selecting the Best Practices button in IIS Crypto will achieve a similar (or better) result.

If you have any issues please raise an case with us and our Systems Specialists can assist.