Security policies for Amazon Transfer Family SFTP connectors
SFTP connector security policies in Amazon Transfer Family allow you to limit the set of cryptographic algorithms (message authentication codes (MACs), key exchanges (KEXs), and cipher suites) associated with your SFTP connector. The following is a list of supported cryptographic algorithms for each SFTP connector security policy.
Note
TransferSFTPConnectorSecurityPolicy-2024-03 is the default
security policy that is applied to SFTP connectors.
| Security policy | TransferSFTPConnectorSecurityPolicy-2024-03 | TransferSFTPConnectorSecurityPolicy-2023-07 |
|---|---|---|
|
Ciphers |
||
|
aes128-ctr |
♦ |
|
|
aes128-gcm@openssh.com |
♦ |
♦ |
|
aes192-ctr |
♦ |
♦ |
|
aes256-ctr |
♦ |
♦ |
|
aes256-gcm@openssh.com |
♦ |
♦ |
|
Kexs |
||
|
curve25519-sha256 |
♦ |
♦ |
|
curve25519-sha256@libssh.org |
♦ |
♦ |
|
diffie-hellman-group14-sha1 |
♦ |
|
|
diffie-hellman-group16-sha512 |
♦ |
♦ |
|
diffie-hellman-group18-sha512 |
♦ |
♦ |
|
diffie-hellman-group-exchange-sha256 |
♦ |
♦ |
|
Macs |
||
|
hmac-sha2-512-etm@openssh.com |
♦ |
♦ |
|
hmac-sha2-256-etm@openssh.com |
♦ |
♦ |
| hmac-sha2-512 |
♦ |
♦ |
|
hmac-sha2-256 |
♦ |
♦ |
|
hmac-sha1 |
♦ |
|
|
hmac-sha1-96 |
♦ |
|
|
Host Key Algorithms |
||
| rsa-sha2-256 |
♦ |
♦ |
| rsa-sha2-512 |
♦ |
♦ |
| ecdsa-sha2-nistp256 |
♦ |
♦ |
| ecdsa-sha2-nistp384 | ♦ |
♦ |
| ecdsa-sha2-nistp521 | ♦ |
♦ |
| ssh-rsa |
♦ |
|