172
Keywords for the preferred server-to-client encryption algorithm prefer-stoc-cipher:
The 3des keyword was changed to 3des-cbc.
The aes128 keyword was changed to aes128-cbc.
The aes256 keyword was changed to aes256-cbc.
The des keyword was changed to des-cbc.
The default settings for the following algorithms were changed:
For the preferred client-to-server encryption algorithm prefer-ctos-cipher:
Before modification: The default is aes128.
After modification: The default is aes128-ctr.
For the preferred client-to-server HMAC algorithm prefer-ctos-hmac:
Before modification: The default is sha1.
After modification: The default is sha2-256.
For the preferred key exchange algorithm prefer-kex:
Before modification: The default is dh-group-exchange in non-FIPS mode and is
dh-group14 in FIPS mode.
After modification: The default is ecdh-sha2-nistp256 in both non-FIPS mode and FIPS
mode.
For the preferred server-to-client encryption algorithm prefer-stoc-cipher:
Before modification: The default is aes128.
After modification: The default is aes128-ctr.
For the preferred server-to-client HMAC algorithm prefer-stoc-hmac:
Before modification: The default is sha1.
After modification: The default is sha2-256.
Modified command: sftp
Old syntax
In non-FIPS mode:
sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | rsa } |
prefer-compress zlib | prefer-ctos-cipher { 3des | aes128 | aes256 | des } | prefer-ctos-hmac
{ md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } |
prefer-stoc-cipher { 3des | aes128 | aes256 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 |
sha1-96 } ] * [ dscp dscp-value | publickey keyname | source { interface interface-type
interface-number | ip ip-address} ] *
In FIPS mode:
To Next Page
Loading...
