Announcement

Collapse
No announcement yet.

Supported Cipher Suites

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Supported Cipher Suites

    Which cipher suites does BC3 support when using SFTP over SSH?
    Our company recently changed theirs to aes256-ctr,aes192-ctr,aes128-ctr,arcfour256 (MACs: hmac-sha2-256,hmac-sha2-512,hmac-ripemd160), and ever since that I cannot use BC3 on our servers anymore (getting errors about "SSL is not available on this server").

  • #2
    Hello,

    Would you be using SSL certificates or a private/public key pair?

    BC3 also supports using Pageant (Putty) to verification. If you remove the settings in BC3 and clear them out, then set up pageant (and test against putty), does pageant then get BC3 working for you as well?
    Aaron P Scooter Software

    Comment


    • #3
      Well, after complaining to our IT department, they changed the order of the encryption protocols, and now it works again...

      But I wasn't aware that BC3 supports Pageant. That will definitely be good to know if I ever run into these issues again!

      And thanks for the quick reply. You guys are the best!

      Comment


      • #4
        I've run into a similar issue as well connecting to a SSH server, however I think it would also be nice to know all supported ciphers. Reviewing the previous replies, it was never stated what ciphers are supported.

        Can someone please post the answer here.

        Comment


        • #5
          Did some quick testing and found I had to enable diffie-hellman-group1-sha1 OR diffie-hellman-group1-sha14 for the Key Exchange.

          SSH server was looking for ecdh-sha2/secp256k1 which isn't support by BC 4.07. Maybe in the future?

          But please still post supported ciphers!

          Comment


          • #6
            BC should support all of the following algorithms for key exchange:

            diffie-hellman-group14-sha1
            diffie-hellman-group-exchange-sha256
            rsa1024-sha1
            rsa2048-sha256
            ecdh-sha2-nistp256
            ecdh-sha2-nistp384
            ecdh-sha2-nistp521
            ecdh-sha2-nistk163
            ecdh-sha2-nistp192
            ecdh-sha2-nistp224
            ecdh-sha2-nistk233
            ecdh-sha2-nistb233
            ecdh-sha2-nistk283
            ecdh-sha2-nistk409
            ecdh-sha2-nistb409
            ecdh-sha2-nistt571
            ecdh-sha2-curve25519
            However, in order to work around buggy servers, it will disable everything except the diff-hellman algorithms if the server software is reported as any of the following:

            OpenSSH_3.6
            OpenSSH_3.5
            OpenSSH_3.4
            OpenSSH_3.3
            OpenSSH_3.2
            OpenSSH_3.1
            SSHSecureShellWindowsNTServer
            mod_sftp/0.9
            InternetServerSSHD
            3.2.0SSHOpenVMSV5.5VMS_sftp_version3
            ZoŽ P Scooter Software

            Comment

            Working...
            X