SSH

Supported Cryptographic Algorithms

FIPS-Certified Cryptographic Library

The following cryptographic algorithms are supported by Tectia ConnectSecure.

Table 3.2. Tectia ConnectSecure supports the following algorithms

Used forAlgorithm
Key exchangeSHA-1:diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
SHA-2:diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha224@ssh.com
diffie-hellman-group14-sha256@ssh.com
diffie-hellman-group15-sha256@ssh.com *
diffie-hellman-group15-sha384@ssh.com *
diffie-hellman-group16-sha384@ssh.com
diffie-hellman-group16-sha512@ssh.com
diffie-hellman-group18-sha512@ssh.com
diffie-hellman-group-exchange-sha224@ssh.com
diffie-hellman-group-exchange-sha384@ssh.com
diffie-hellman-group-exchange-sha512@ssh.com
Public keyDSA (768-, 1024-, 2048-, or 3072-bit key)
RSA (768-, 1024-, 2048-, or 3072-bit key)
Data integrityCryptiCore (Badger) (16-byte key)
hmac md5 (16-byte key)
hmac md5-96 (16-byte key)
hmac sha-1(20-byte key, FIPS PUB 198)
hmac sha-1-96 (20-byte key, FIPS PUB 198)
hmac sha224@ssh.com (28-byte key, FIPS PUB 198)
hmac sha256@ssh.com (16-byte key, FIPS PUB 198)
hmac sha256-2@ssh.com (32-byte key, FIPS PUB 198)
hmac sha384@ssh.com (48-byte key, FIPS PUB 198)
hmac sha512@ssh.com (64-byte key, FIPS PUB 198)
Session encryption3DES (168-bit key)
AES (128-, 192-, or 256-bit key, CBC or CTR mode)
Arcfour (128-bit key)
Blowfish (128-bit key)
CryptiCore (Rabbit) (128-bit key)
SEED (128-bit key)
Twofish (128-, 192-, or 256-bit key)

* Due to issues in the OpenSSL library, this algorithm is not supported in FIPS mode.