I received the following questions from our IT Security Team (we are an Insurance Company):
To meet the HIPAA regulation, we have to make sure our SFTP (SSH) server only offers strong cipher suites during the initial negotiation phase:
We should avoid the following:
- algorithms known for being “broken” (like DES)
- bit-lengths lower or equal to 96 for encryption algorithms
- known “broken” MAC algorithms (like MD5)
- plain/unencrypted crypto schemes (obviously)
Along with the above requirements, we should ensure that our SFTP server is configured to offer only the most stable and reliable versions of the protocol: SFTPv3, SFTPv5, SFTPv6.
In relation to the questions asked above can you tell me the algorithms and protocol versions used in the .Net SFTP library?