Sign in
< Back to Top

OFTP Endpoint

This article describes OFTP Endpoint attributes and other information about OFTP as it relates to your trading partners.

Attribute Description

User ID
Password

 Credentials that identify you.

Partner User ID
Partner Password

 Credentials that identify your trading partner.
Mode
Initiator and Responder CIC acts as an initiator and a responderHost
PortEnter either a fully qualified domain name (recommended) or an IP address, and a port number.
OFTPS Denotes that outbound traffic will use a secure connection.
Responder Only

CIC acts as a responder only. 

If an OFTP Responder Only mode Endpoint is the destination of the Data Flow, any payload sent to the Endpoint is staged. The staged payload is then sent when an OFTP client connects to the responder only endpoint

Responder Commands Use custom commands to send staged payload to the client after the client connects to the responder. By default, all payload staged for a responder only endpoint is sent with the command, PUT -DEL -UNS *.
Inbound
Attribute Description
Verify Signed Payloads Ensure that when a signed payload is received, the signature matches the payload that was sent.

When you select this check box, you are prompted to select the trading partner's signing PGP key. The PGP key named in this field is the same as the outbound encryption PGP key. If you change this value here, it is also changed for the outbound encryption PGP key. See Endpoint Security.
Require Signing Require inbound payloads to be signed.
Verify Encrypted Payload When you select this check box, you are prompted to select your decryption PGP key. The PGP key named in this field is the same as the outbound signing PGP key. If you change this value here, it is also changed for the outbound signing PGP key. See Endpoint Security
Require Encryption Require inbound payloads to be encrypted.
Sign Returned EERP Receipts Denotes that we should sign the EERP receipts that we return in receipt for inbound payload
Require OFTPS Require a secure connection on all incoming traffic.
Outbound
Attribute Description
Sign

Sign messages sent from this Endpoint.

When you select Sign, you are prompted to select your signing PGP key. The PGP key named in this field is the same as the inbound decryption PGP key. If you change this value here, it is also changed for the inbound decryption PGP key. See Endpoint Security.
Encrypt Apply encryption to messages sent from this Endpoint.

When you select Encrypt, you are prompted to select the trading partner's encryption certificate. The PGP key named in this field is the same as the inbound signing PGP key. If you change this value here, it is also changed for the inbound signing PGP key. See Endpoint Security.
Compress Apply ZLIB compression to messages sent from this Endpoint. Choose this option for large files to conserve bandwidth and improve efficiency and security.
Sign EERP Expect EERP receipts from the trading partner to be signed.

Advanced
Security
Attribute Description
Cipher Suite Used for encryption, signing, and generating hash values.

TLS Minimum Protocol Version

TLS Maximum Protocol Version

Indicates the minimum and maximum protocol versions allowed, respectively. By default, this field is blank, indicating that CIC will select the most recent version (currently TLS 1.2).

Possible values:

  • SSL 3.0
  • TLS 1.0 (SSL 3.1)
  • TLS 1.1 (SSL 3.2)
  • TLS 1.2 (SSL 3.3)
TLS Minimum Key Size (bits)

Specify the minimum encryption key size allowed when selecting an SSL cipher. To prevent the use of low- or medium-strength ciphers, change from the default value of 0 to 112, 128, or 256 (depending on the requirement). Note that if this value is set too high, all ciphers are filtered out causing the "No suitable cipher suites are enabled" exception to occur.

Possible values: 0 - n bits
Default value: 0
TLS Ciphers Select All Ciphers to present the list of supported ciphers to the server and allow the server to pick one.
Select "Select from list" to display a list from which you choose a specific cipher.
The cipher selected is used with the server for key exchange, encryption, and hashing. If the server does not support the cipher, an SSL handshake error will occur.  
Allow TLS Legacy Renegotiation When selected, legacy renegotiation is allowed. If this property is not selected, the extension described in RFC5746 is used for renegotiation and the server must also support this extension. See RFC5746 for a description of the extension and the vulnerability it addresses. Possible values: On or Off Default value: On
TLS Client Certificate The certificate to use for TLS over a secure connection.
TLS Reject Expired Certificates When set, if an expired server certificate is received during TLS negotiations, the certificate will be rejected and the SSL handshake will be terminated. Possible values: On or Off
Default value: Off
TLS Use Record Splitting Indicates whether to use 1/n-1 record splitting in CBC mode as a countermeasure against the Rizzo/Duong BEAST (Browser Exploit Against SSL/TLS) attack against the SSL 3.0 / TLS 1.0 protocol. Must be turned off if the SSL library on the other side of the connection does not support the feature.
Possible values: On or Off
Default value: On
Check Server Name Validate that server name matches the certificate.
Secure Authentication Indicates whether OFTP secure authentication should be used in exchanges with your trading partner (i.e., SSIDAUTH=Y/N). This setting controls what is placed in the SSIDAUTH field (Y/N) when sending and responding. It also is used by the responder to enforce compliance with RFC 5024, which states the secure authentication must be set to the same value for both the initiator and responder. When selected it will give you the option to set the session authentication certificates.
Connection and Transfer
Attribute Description
Buffer Credits (SSIDCRED) The number of data exchange buffers that can be sent consecutively by the speaker without listener acknowledgment.
Possible values: 1 - 999.
Buffer Size (SSIDSDEB) (bytes) Possible values: 128 - 99999 bytes. 
Compress Content (SSIDCMPR) Indicates whether the OFTP data compression algorithm should be invoked. This applies to buffer-level compression. OFTP2 utilizes better compression algorithms, which can be specified using the Cipher Suite property.
Default Virtual Filename (SFIDDSN) Optionally, enter an outgoing Default Virtual Filename. A dataflow custom PUT command destination, if specified, will override this value. If a PUT command does not specify a destination and a Default Virtual Filename is also not specified, then the source filename is used.
Originator (SFIDORIG) A user ID identifying the sender. Provide a value to override the default, which is the User ID value. 
Destination (SFIDDEST) A user ID identifying the receiver. Provide a value to override the default, which is the Partner User ID value. 
Maximum Record Size (SFIDLRECL) (bytes) Indicates the maximum length of any single record when transferring a file. Maximum Record Size applies to the OFTP Text, Fixed, and Variable file formats; it does not apply to the OFTP Unstructured file format. In the case of the OFTP Fixed file format, Maximum Record Size specifies the fixed record length.
Validate String Characters For Inbound Message Fields Validates that the incoming values for SSID and SFID string fields only contain characters from the following set:
  • Numbers: 0-9
  • Upper Case Letters: A-Z
  • Special Characters: / - . & ( )
The fields validated are: SSIDCODE, SSIDPSWD, SSIDUSER, SFIDORIG, SFIDDEST, and SFIDDSN.
Connection Timeout (seconds) The amount of time allowed for each read operation.
Possible values: 1 - n seconds
Default value: 150 seconds
Automatic Retries

The number of retries that should be made during an attempt. An attempt consists of the number of transfer retries you specify. For example, if you specify 5 retries and 30 seconds, an attempt would consist of 5 retries occurring in the span of 30 seconds.

This setting applies to both sends and receives. 

The minimum number of retries is 0 and the maximum is 5.

The time between retries can range from 0 to 120 seconds.

See Retrying Failed File Transfer Attempts.
Extended Outbound Retries

The period of time during which outbound retries are attempted after a failed send attempt and subsequent failed automatic retry. Retries will not be attempted after the end of the period specified.

This period starts when the first retry is attempted and ends after the value you specify elapses.

Minimum value is 15 minutes.

Maximum value is 3 days.

See Retrying Failed File Transfer Attempts.
Concurrent Outbound Transfers Specify the maximum number of connections that can be transferring to this Endpoint at the same time.

Minimum value is 1 and maximum is 10.
Inbound IP Whitelisting

Specifies the IP addresses allowed to connect to this Endpoint.

IP addresses can be a single address or a range of addresses.

Enter addresses or address ranges one per row or separate them using commas.

Note: Inbound IP Whitelisting is not available on Endpoints using Cleo's Limited Primary/Failover IP Network. See Limited Primary/Failover IP Network for more information.

The following are examples of valid IP addresses:

IP Address Description
* All IP addresses
10.11.12.13 Single IPv4 address matching 10.11.12.13
10.* IPv4 addresses in the range 10.0.0.0-10.255.255.255
10.11.* IPv4 addresses in the range 10.11.0.0-10.11.255.255
10.11.12.50-10.11.12.70 IPv4 addresses in the range 10.11.12.50-10.11.12.70
10.11.12.0/24 IPv4 addresses in the range 10.11.12.0-10.11.12.255
Wait For Disconnect After Sending End Of Session Indicates that if CIC initiates end-of-session, it should wait for a disconnect request from the connected trading partner rather than immediately disconnecting.
Downgrade OFTP Version This might be necessary if the trading partner OFTP software does not on its own properly downgrade from CIC OFTP version 2.0. 
Possible values:
  • 1.2, 1.3, or 1.4 to force downgrade only when initiator of session
  • -1.2, -1.3, or -1.4 to force downgrade whether initiator of session or not
Change Direction After Sending Send a CD after sending a set of files, giving the trading partner the opportunity to provide pending EERPs.
Subdomain If you have more than one subdomain, select the one you want to use for this Endpoint. 
Note: This field appears only when you have more than one subdomain.
EERP Receipt Timeout (applied if no receipt is received)
Wait before transfer resend (minutes) The maximum time (in minutes) that CIC will wait for an asynchronous response before either resending the transaction (if Maximum resend attempts > 0) or logging an error.

Default value: 0
Maximum resend attempts The maximum number of times to retry.
Payload Format
EBCDIC Encoding

When translating to and from EBCDIC, indicates the specific EBCDIC character encoding.

Possible values: Cp037 - Cp1149

Default value: Cp500 - EBCDIC International
Fixed Record Length From OFTP

Causes EOL characters to be inserted while receiving a file based on the SFIDLRECL value. Note: For this property to be effective, Fixed Record EOL Characters must be specified, Fixed Record Incoming Insert EOL must be enabled, and a fixed SFIDFMT format with a positive SFIDLRECL value must be requested by the OFTP trading partner.

Default value: Off
Fixed Record End of Line (EOL) Characters

End-of-line characters to be inserted and/or deleted.

Possible values: 0 to n characters. 

Special character sequences:

  • \r - carriage return
  • \n - new line (linefeed)
  • \f - form feed
  • \t - horizontal tab
  • \0 - null
  • \\ - backslash
Fixed Record Length

The fixed record length after which end-of-line characters need to be inserted and/or deleted.

Possible values: 0 - n

Default value: 0
Incoming Fixed Record EOL Policy Insert EOL: If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to look for and delete EOL characters while receiving a file.

Delete EOL: If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to insert EOL characters while receiving a file.
Insert EOL for Outgoing Fixed Records

If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to insert EOL characters while sending a file.

Possible values: On or Off
Default value: Off
Insert EOL between Outgoing Interchanges

If Fixed Record Outgoing Insert EOL is active, indicates to also insert EOL characters between EDI interchanges while sending the file.

Possible values: On or Off
Default value: Off

Related articles

Comments

0 comments

Please sign in to leave a comment.