Support for GCM ciphers for SSH/(S)FTP connections - edtFTPj/PRO

Question

Is there any plans/timeline as to when will GCM ciphers going to be supported for SSH connections? 

I am checking the documentation for SSHFTPAlgorithm

We have a couple of clients who are being required by their vendors to connect via SSH and use GCM ciphers, particularly aes128-gcm@openssh.com and aes256-gcm@openssh.com.

Thank you.

Comments

I would like to ask if EDT can revisit this request.

We have a customer who is using our product to connect to JP Morgan (US bank). We just found out through our customer that JP Morgan (using Axway Secure Client)  will be ending support for aes-ctr SSH ciphers by June 21, 2025.

Announcement can be found here: https://www.jpmorgan.com/payments/client-resource-center/h2h/sssupport

Edit:
AWS also drops support for aes-ctr as per their latest TransferSFTPConnectorSecurityPolicy. You can argue that TransferSFTPConnectorSecurityPolicy-2024-03 is still their default policy, but there is no telling when they will default to the latest one. Link here: https://docs.aws.amazon.com/transfer/latest/userguide/security-policies-connectors.html

Thank you.

---

Thanks for the information - we'll look into this.

Answer 1

We aren't likely to support vendor specific ciphers like the @openssh.com ciphers.

Because of this, the recent Terrapin attack on the openssh.com ciphers didn't affect our products.

Comments

Hello, thank you for answering. How about support for standard GCM ciphers?  ie AES GCM

---

Interestingly, there aren't any standard GCM ciphers for SSH. The @openssh.com ciphers are the only ones we're aware of. I'm not sure why as GCM is used in TLS (and indeed we support it).

---

Hello, can you please check my latest comment? Thanks!