Results 1 to 6 of 6
  1. #1
    Join Date
    Jan 2011
    Posts
    15

    Default Supported Cipher Suites

    Which cipher suites does BC3 support when using SFTP over SSH?
    Our company recently changed theirs to aes256-ctr,aes192-ctr,aes128-ctr,arcfour256 (MACs: hmac-sha2-256,hmac-sha2-512,hmac-ripemd160), and ever since that I cannot use BC3 on our servers anymore (getting errors about "SSL is not available on this server").

  2. #2
    Join Date
    Oct 2007
    Location
    Madison, WI
    Posts
    11,376

    Default

    Hello,

    Would you be using SSL certificates or a private/public key pair?

    BC3 also supports using Pageant (Putty) to verification. If you remove the settings in BC3 and clear them out, then set up pageant (and test against putty), does pageant then get BC3 working for you as well?
    Aaron P Scooter Software

  3. #3
    Join Date
    Jan 2011
    Posts
    15

    Default

    Well, after complaining to our IT department, they changed the order of the encryption protocols, and now it works again...

    But I wasn't aware that BC3 supports Pageant. That will definitely be good to know if I ever run into these issues again!

    And thanks for the quick reply. You guys are the best!

  4. #4
    Join Date
    Jan 2008
    Posts
    32

    Default

    I've run into a similar issue as well connecting to a SSH server, however I think it would also be nice to know all supported ciphers. Reviewing the previous replies, it was never stated what ciphers are supported.

    Can someone please post the answer here.

  5. #5
    Join Date
    Jan 2008
    Posts
    32

    Default

    Did some quick testing and found I had to enable diffie-hellman-group1-sha1 OR diffie-hellman-group1-sha14 for the Key Exchange.

    SSH server was looking for ecdh-sha2/secp256k1 which isn't support by BC 4.07. Maybe in the future?

    But please still post supported ciphers!

  6. #6
    Join Date
    Oct 2007
    Location
    Madison, WI
    Posts
    2,503

    Default

    BC should support all of the following algorithms for key exchange:

    diffie-hellman-group14-sha1
    diffie-hellman-group-exchange-sha256
    rsa1024-sha1
    rsa2048-sha256
    ecdh-sha2-nistp256
    ecdh-sha2-nistp384
    ecdh-sha2-nistp521
    ecdh-sha2-nistk163
    ecdh-sha2-nistp192
    ecdh-sha2-nistp224
    ecdh-sha2-nistk233
    ecdh-sha2-nistb233
    ecdh-sha2-nistk283
    ecdh-sha2-nistk409
    ecdh-sha2-nistb409
    ecdh-sha2-nistt571
    ecdh-sha2-curve25519
    However, in order to work around buggy servers, it will disable everything except the diff-hellman algorithms if the server software is reported as any of the following:

    OpenSSH_3.6
    OpenSSH_3.5
    OpenSSH_3.4
    OpenSSH_3.3
    OpenSSH_3.2
    OpenSSH_3.1
    SSHSecureShellWindowsNTServer
    mod_sftp/0.9
    InternetServerSSHD
    3.2.0SSHOpenVMSV5.5VMS_sftp_version3
    ZoŽ P Scooter Software

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •