Supported Cryptographic Algorithms, Protocols, and Standards

This section lists the supported cryptographic algorithms and standards supported by SSH Tectia client/server solution.

Public-Key Algorithms

The following public-key algorithms are supported:

DSA (768-, 1024-, 2048-, or 3072-bit key)
RSA (768-, 1024-, 2048-, or 3072-bit key)

Data Integrity Algorithms

The following data integrity algorithms are supported:

CryptiCore (Badger) (16-byte key)*
HMAC MD5 (16-byte key, FIPS PUB 198)
HMAC SHA-1 (20-byte key, FIPS PUB 198)

* Supported with SSH Tectia Server (with EFT) and Server (with Tunneling)

Encryption Algorithms

For symmetric session encryption, the following algorithms are supported:

3DES (168-bit key)
AES (128-, 192-, or 256-bit key)
Arcfour (128-bit key)
Blowfish (128-bit key)
CryptiCore (Rabbit) (128-bit key)*
SEED (128-bit key)
Twofish (128-, 192-, or 256-bit key)

* Supported with SSH Tectia Server (with EFT) and Server (with Tunneling)

Additional Hardware Crypto Support (SSH Tectia Server for IBM z/OS)

SSH Tectia Server for IBM z/OS supports hardware acceleration on cryptographic operations with the following:

3DES
AES
SHA-1
RNG (random number generation)

FIPS-Certified Cryptographic Library

SSH Tectia Server, Client, and Connector can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS) 140-2.

The FIPS 140-2 Cryptographic Library has been validated for the following operating systems:

Microsoft Windows XP
Sun Solaris 8
HP-UX 11.11

In addition, the FIPS 140-2 Cryptographic Library is supported on the following operating systems:

Microsoft Windows 2000, Server 2003, and Vista (for SSH Tectia Client)
Sun Solaris 9 and 10
Red Hat Enterprise Linux 3, 4, and 5
AIX 5.3
HP-UX 11.23