175
Keywords for the preferred server-to-client encryption algorithm prefer-stoc-cipher:
ï‚¡ The 3des keyword was changed to 3des-cbc.
ï‚¡ The aes128 keyword was changed to aes128-cbc.
ï‚¡ The aes256 keyword was changed to aes256-cbc.
ï‚¡ The des keyword was changed to des-cbc.
The default settings for the following algorithms were changed:
For the preferred client-to-server encryption algorithm prefer-ctos-cipher:
ï‚¡ Before modification: The default is aes128.
ï‚¡ After modification: The default is aes128-ctr.
For the preferred client-to-server HMAC algorithm prefer-ctos-hmac:
ï‚¡ Before modification: The default is sha1.
ï‚¡ After modification: The default is sha2-256.
For the preferred key exchange algorithm prefer-kex:
ï‚¡ Before modification: The default is dh-group-exchange in non-FIPS mode and is
dh-group14 in FIPS mode.
ï‚¡ After modification: The default is ecdh-sha2-nistp256 in both non-FIPS mode and FIPS
mode.
For the preferred server-to-client encryption algorithm prefer-stoc-cipher:
ï‚¡ Before modification: The default is aes128.
ï‚¡ After modification: The default is aes128-ctr.
For the preferred server-to-client HMAC algorithm prefer-stoc-hmac:
ï‚¡ Before modification: The default is sha1.
ï‚¡ After modification: The default is sha2-256.
Modified command: sftp ipv6
Old syntax
In non-FIPS mode:
sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type
interface-number ] [ identity-key { dsa | rsa } | prefer-compress zlib | prefer-ctos-cipher { 3des |
aes128 | aes256 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex
{ dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | aes256 |
des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * [ dscp dscp-value | publickey
keyname | source { interface interface-type interface-number | ipv6 ipv6-address } ] *
In FIPS mode:
To Next Page
Loading...
Need help?
General
