Supported Cryptographic Algorithms, Protocols, and Standards

This section lists the supported cryptographic algorithms and standards supported by SSH Tectia client/server solution.

Public-Key Algorithms

The following public-key algorithms are supported:

DSA (768-, 1024-, 2048-, or 3072-bit key)
RSA (768-, 1024-, 2048-, or 3072-bit key)

Data Integrity Algorithms

The following data integrity algorithms are supported:

CryptiCore (Badger) (16-byte key)*
MD5 (16-byte key, RFC 2104)
SHA-1 (20-byte key, RFC 2104)

* Supported with SSH Tectia Server (with EFT) and Server (with Tunneling)

Encryption Algorithms

For symmetric session encryption, the following algorithms are supported:

3DES (168-bit key)
AES (128-, 192-, or 256-bit key)
Arcfour (128-bit key)
Blowfish (128-bit key)
CryptiCore (Rabbit) (128-bit key)*
SEED (128-bit key)
Twofish (128-, 192-, or 256-bit key)

* Supported with SSH Tectia Server (with EFT) and Server (with Tunneling)

Additional Hardware Crypto Support (SSH Tectia Server for IBM z/OS)

SSH Tectia Server for IBM z/OS supports hardware acceleration on cryptographic operations with the following:

3DES
AES
SHA-1
RNG (random number generation)

FIPS-Certified Cryptographic Library

SSH Tectia Server, Client, and Connector can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS) 140-2.

The FIPS 140-2 Cryptographic Library has been validated for the following operating systems:

Microsoft Windows XP
Sun Solaris 8
HP-UX 11.11

In addition, the FIPS 140-2 Cryptographic Library is supported on the following operating systems:

Microsoft Windows 2000 and Server 2003
Sun Solaris 2.6, 9, 10
Red Hat Enterprise Linux 3
AIX 5.3
HP-UX 11.00, 11.22, 11.23