Loading

Direct 2.0
Collapse

Dun & Bradstreet’s Online Services Security Enhancement

October 21, 2020

Dun & Bradstreet is making security enhancements to its Direct 2.0 application in November. In preparation for this activity, we would like to share important information and actions that are required of your business to ensure a continuous user experience. First, please be sure that your business successfully meets the following technical and security requirements, including:

    • Updating the accepted Cipher Suite to accompany TLS 1.2 – TLS 1.3 secure transport protocol
    • Updating the server certificate if you are storing this in your trust store
    • Changes to Dun & Bradstreet’s IP address if you are whitelisting our IP within your environment
    • Changing to the Dun & Bradstreet endpoint if you are using maxcvservices.dnb.com

In rare cases, customers who use a Trust Store that support only one active certificate per URL connection (one to one mapping) should utilize the new certificate only after the cutover.

To avoid potential disruption, the applications must be compatible with the following versions:

    • Oracle Java 7u95 (requires an enterprise support contract with Oracle)
    • Oracle Java 8 and above
    • Microsoft .NET version 4.5 or later

We are providing a test environment using the Oracle, Java and .NET versions listed above, as well the accepted list of ciphers. If you currently have a test environment available, you can connect to Dun & Bradstreet’s pre-production environment supporting the new protocols to test changes.Our test environment has not changed since August 04, 2020 so any testing done since then is still valid. Connectivity tests may be conducted using https://direct-stg.dnb.com to confirm compatibility. Please open a ticket with Customer Support at https://support.dnb.com/Support_Home or contact 1-866-465-3829 to confirm credentials to test in this environment.

Approved Ciphers

Open SSLIANA /RFC5289
TLS 1.3TLS-AES-256-‍GCM-SHA384TLS_AES_256_GCM_SHA384
TLS 1.3TLS-CHACHA20-POLY1305-SHA256TLS_CHACHA20_POLY1305_SHA256
TLS 1.3TLS-AES-128-GCM-SHA256TLS_AES_128_GCM_SHA256
TLS 1.3TLS-AES-128-CCM-8-SHA256TLS_AES_128_CCM_8_SHA256
TLS 1.3TLS-AES-128-CCM-SHA256TLS_AES_128_CCM_SHA256
TLS 1.2ECDHE-ECDSA-AES256-GCM-SHA384TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS 1.2ECDHE-ECDSA-AES128-GCM-SHA256TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS 1.2ECDHE-RSA-AES256-GCM-SHA384TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS 1.2ECDHE-RSA-AES128-GCM-SHA256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS 1.2ECDHE-ECDSA-CHACHA20-POLY1305TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS 1.2ECDHE-RSA-CHACHA20-POLY1305TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS 1.2ECDHE-ECDSA-AES256-SHA384TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS 1.2ECDHE-ECDSA-AES128-SHA256TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS 1.2ECDHE-RSA-AES256-SHA384TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS 1.2ECDHE-RSA-AES128-SHA256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS 1.2ECDHE-RSA-AES256-SHATLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS 1.2ECDHE-RSA-AES128-SHATLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS 1.2AES256-GCM-SHA384TLS_RSA_WITH_AES_256_GCM_SHA384
TLS 1.2AES128-GCM-SHA256TLS_RSA_WITH_AES_128_GCM_SHA256
TLS 1.2AES256-SHA256TLS_RSA_WITH_AES_256_CBC_SHA256
TLS 1.2AES128-SHA256TLS_RSA_WITH_AES_128_CBC_SHA256
TLS 1.2AES256-SHATLS_RSA_WITH_AES_256_CBC_SHA
TLS 1.2AES128-SHATLS_RSA_WITH_AES_128_CBC_SHA

Following are additional details for updating the accepted Cipher Suite beginning 12:00 a.m. ET, Monday, November 09, 2020.As part of the change, we are extending support for ECDSA certificates as well as RSA certificates (dual stack).

1. Updates to the server certificate if you are storing it in your trust store.

If you are storing the Direct 2.0 server certificate within you server store, you will need to replace it with a new server certificate. If this applies to you, please open a ticket with Customer Support to acquire the new certificate after October 1, 2020.

2. Whitelisting our IP within your environment.

IP addresses for the application will be dynamically assigned after November 09, 2020. If you connect over an IP address, please use the fully qualified domain name direct.dnb.com. Whitelisting is not recommended as our IP addresses may change. Our production IP range and the new server certificate will be provided October 1, 2020.

3. Sunsetting of maxcvservices.dnb.com

If you are using https://maxcvservices.dnb.com in an endpoint, it will be sunset and no longer available after November 13. Please modify the endpoint to direct.dnb.com for the service you are accessing.

Support

If you have any questions or concerns, please submit an inquiry at https://support.dnb.com/Support_Home or contact 1-866-465-3829.