Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
+1 vote
in edtFTPj by (170 points)
recategorized by

We have customers configuring MAC algorithms to hmac-sha2-256-etm@openssh.com or hmac-sha2-512-etm@openssh.com, but edtFTPj/PRO doesn't yet support these.

It appears from the OpenSSH specs https://www.openssh.com/specs.html that OpenSSH have defined a bunch of enhanced security specifications, which are now in common use.

Credible security recommendations such as Tenable are now listing two out of four recommended MAC settings as OpenSSH specs:  https://www.tenable.com/audits/items/CIS_Ubuntu_18.04_LTS_Server_v2.1.0_L1.audit:2dbcde6bce31fd58c2ebd4a19427cef6. 

I don't think these MAC and crypto features are individually particularly complicated to implement, but need to be supported to maintain parity with customer security expectations.

When is EDT planning to add support for these?

1 Answer

+1 vote
by (161k points)
selected by
Best answer
We normally don't support vendor-specific ciphers and MACs, but these ones are certainly quite widespread. I've added them as a feature request.