Supported Cipher Suites

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Frescard
    Journeyman
    • Jan 2011
    • 18
    #1

    Supported Cipher Suites

    Which cipher suites does BC3 support when using SFTP over SSH?
    Our company recently changed theirs to aes256-ctr,aes192-ctr,aes128-ctr,arcfour256 (MACs: hmac-sha2-256,hmac-sha2-512,hmac-ripemd160), and ever since that I cannot use BC3 on our servers anymore (getting errors about "SSL is not available on this server").
    Tags: None
    • Aaron
      Team Scooter
      • Oct 2007
      • 16002
      #2
      Hello,

      Would you be using SSL certificates or a private/public key pair?

      BC3 also supports using Pageant (Putty) to verification. If you remove the settings in BC3 and clear them out, then set up pageant (and test against putty), does pageant then get BC3 working for you as well?
      Aaron P Scooter Software

        Comment

        • Frescard
          Journeyman
          • Jan 2011
          • 18
          #3
          Well, after complaining to our IT department, they changed the order of the encryption protocols, and now it works again...

          But I wasn't aware that BC3 supports Pageant. That will definitely be good to know if I ever run into these issues again!

          And thanks for the quick reply. You guys are the best!

            Comment

            • markm9999
              Enthusiast
              • Jan 2008
              • 32
              #4
              I've run into a similar issue as well connecting to a SSH server, however I think it would also be nice to know all supported ciphers. Reviewing the previous replies, it was never stated what ciphers are supported.

              Can someone please post the answer here.

                Comment

                • markm9999
                  Enthusiast
                  • Jan 2008
                  • 32
                  #5
                  Did some quick testing and found I had to enable diffie-hellman-group1-sha1 OR diffie-hellman-group1-sha14 for the Key Exchange.

                  SSH server was looking for ecdh-sha2/secp256k1 which isn't support by BC 4.07. Maybe in the future?

                  But please still post supported ciphers!

                    Comment

                    • Zoë
                      Team Scooter
                      • Oct 2007
                      • 2666
                      #6
                      BC should support all of the following algorithms for key exchange:

                      diffie-hellman-group14-sha1
                      diffie-hellman-group-exchange-sha256
                      rsa1024-sha1
                      rsa2048-sha256
                      ecdh-sha2-nistp256
                      ecdh-sha2-nistp384
                      ecdh-sha2-nistp521
                      ecdh-sha2-nistk163
                      ecdh-sha2-nistp192
                      ecdh-sha2-nistp224
                      ecdh-sha2-nistk233
                      ecdh-sha2-nistb233
                      ecdh-sha2-nistk283
                      ecdh-sha2-nistk409
                      ecdh-sha2-nistb409
                      ecdh-sha2-nistt571
                      ecdh-sha2-curve25519
                      However, in order to work around buggy servers, it will disable everything except the diff-hellman algorithms if the server software is reported as any of the following:

                      OpenSSH_3.6
                      OpenSSH_3.5
                      OpenSSH_3.4
                      OpenSSH_3.3
                      OpenSSH_3.2
                      OpenSSH_3.1
                      SSHSecureShellWindowsNTServer
                      mod_sftp/0.9
                      InternetServerSSHD
                      3.2.0SSHOpenVMSV5.5VMS_sftp_version3
                      Zoë P Scooter Software

                        Comment

                        Previous template Next
                        Working...