Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
+1 vote
244 views
in edtFTPj by (170 points)
recategorized by

We have customers configuring MAC algorithms to hmac-sha2-256-etm@openssh.com or hmac-sha2-512-etm@openssh.com, but edtFTPj/PRO doesn't yet support these.

It appears from the OpenSSH specs https://www.openssh.com/specs.html that OpenSSH have defined a bunch of enhanced security specifications, which are now in common use.

Credible security recommendations such as Tenable are now listing two out of four recommended MAC settings as OpenSSH specs:  https://www.tenable.com/audits/items/CIS_Ubuntu_18.04_LTS_Server_v2.1.0_L1.audit:2dbcde6bce31fd58c2ebd4a19427cef6. 

I don't think these MAC and crypto features are individually particularly complicated to implement, but need to be supported to maintain parity with customer security expectations.

When is EDT planning to add support for these?

1 Answer

+1 vote
by (162k points)
selected by
 
Best answer
We normally don't support vendor-specific ciphers and MACs, but these ones are certainly quite widespread. I've added them as a feature request.
by (100 points)
Hello,
These algorithms are still not available on V12.1.1 EdtFtpNetPro.
Could you please tell us if this update is planned for a future version and provide us a expected date of availability?
Regards
by (162k points)
We're currently relooking at these. The main issue for us is that these are vendor-specific algorithms and are not defined in an RFC anywhere.

Categories

...