Does Rebex STFP 2.0.4086.0 support TLS 1.2?

0 votes
asked May 15 by exploit021 (120 points)

Our company has software working with Rebex STFP 2.0.4086.0.

Recently, the vendor asked us to move to a new server that supports TLS 1.2. I thought it was going to be easy by changing target IP address but it turned out it gave us "The client and server cannot communicate, because they do not possess a common algorithm".

Does Rebex STFP 2.0.4086.0 support TLS 1.2?

If it does already, do you have a suggestion?

Applies to: Rebex SFTP

1 Answer

0 votes
answered May 15 by Lukas Pokorny (99,970 points)

SFTP protocol runs over SSH, which is a different protocol than TLS. Although both TLS and SSH are used to secure network communication, they are different and incompatible. See our FTP/SFTP/FTPS/TLS/SSL/SSH protocol disambiguation page for details.

However, if you have been using the Sftp class from Rebex SFTP 2.0.4086 and it started failing with a "The client and the server have no common algorithms" exception, the most likely reason is that the new server requires clients to use modern SSH ciphers that have not been supported 8 years ago. In this case, upgrading to a recent version of Rebex SFTP would most likely solve the issue. If the server is publicly accessible, use our SSH check site to determine whether it's compatible.

We also maintain a list of SSH ciphers supported by the current version of Rebex SFTP.

For comparison, only the following SSH ciphers were supported by Rebex SFTP 2.0.4086:

  • Key exchange ciphers: "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"
  • Host key ciphers: "ssh-dss", "ssh-rsa"
  • Encryption ciphers: "aes256-ctr", "aes192-ctr", "aes128-ctr", "3des-ctr", "aes256-cbc", "aes192-cbc", "aes128-cbc", "3des-cbc", "twofish-cbc", "twofish256-cbc", "twofish192-cbc", "twofish128-cbc", "blowfish-cbc", "arcfour256", "arcfour128", "arcfour"
  • MAC ciphers: "hmac-sha1", "hmac-md5"
...