Home
>
WinDev Forum
>
Topic
SFTP
Posted by ewiegert
Hello All
I have been using sftp connection in an app for a few years without issue.
I have recently been asked by the organization that I'm connecting to via sftp to ensure that the encryption cipher utilized is aes256-ctr or aes192-ctr or aes128-ctr as they will be discontinuing aes128-cbc, aes192-cbc, aes256-cbc.
The help article titled "Handling files on an FTP server" indicates that "The following symmetric encryption algorithms are supported: 3DES, Blowfish, AES and APRCFOUR. "
Since my app initiates the connection I can limit the available encryption ciphers to the server.
Does anyone know how to set these, the help doesn't indicate how to specify alternate ciphers or to find out what is the current list.
Thanks
Eric
I have been using sftp connection in an app for a few years without issue.
I have recently been asked by the organization that I'm connecting to via sftp to ensure that the encryption cipher utilized is aes256-ctr or aes192-ctr or aes128-ctr as they will be discontinuing aes128-cbc, aes192-cbc, aes256-cbc.
The help article titled "Handling files on an FTP server" indicates that "The following symmetric encryption algorithms are supported: 3DES, Blowfish, AES and APRCFOUR. "
Since my app initiates the connection I can limit the available encryption ciphers to the server.
Does anyone know how to set these, the help doesn't indicate how to specify alternate ciphers or to find out what is the current list.
Thanks
Eric
Hi,
[help.windev.com]
they're using implicit encryption, either SSH or SSL.
Kind regards,
Guenter Predl
office@windev.at
[help.windev.com]
they're using implicit encryption, either SSH or SSL.
Kind regards,
Guenter Predl
office@windev.at
I don't know what is the list of ciphers and the order for the ftpconnect command but if the ciphers are removed from the server it can't be used by the client software.
If they remove the ciphers from the sftp server and leave only the supported ones the only thing you have to test is if you can connect or not.
Usually in SFTP algorithms are negotiated during the handshake. Both client and server exchange their supported algorithms ordered by preference and both the client and the server pick the first algorithms supported by both, ordered by client preference.
Regards
Paulo Oliveira
If they remove the ciphers from the sftp server and leave only the supported ones the only thing you have to test is if you can connect or not.
Usually in SFTP algorithms are negotiated during the handshake. Both client and server exchange their supported algorithms ordered by preference and both the client and the server pick the first algorithms supported by both, ordered by client preference.
Regards
Paulo Oliveira
Thanks Guenter & Paulo
Paulo I ended up setting up an internal sftp server and as you indicated and limited it to just the desired ciphers.
Windev connected using the aes128-ctr which was one of the desired ciphers.
I haven't tested limiting the internal sftp server even more but at least I'm not faced with incorporating an outside sftp client for now.
Thanks again for taking the time to respond to my post.
Eric
Paulo I ended up setting up an internal sftp server and as you indicated and limited it to just the desired ciphers.
Windev connected using the aes128-ctr which was one of the desired ciphers.
I haven't tested limiting the internal sftp server even more but at least I'm not faced with incorporating an outside sftp client for now.
Thanks again for taking the time to respond to my post.
Eric