Ask a Question

Will Rebex client support below cipher suites, Macs and Algorithms while connecting to CB SFTP server in c#??

0 votes
by (600 points)

I am connecting/uploading/downloading with CB sftp server via Rebex in c#.
Rebex dll version used for the same is 6.0.8372.0

ciphers
aes256-gcm@openssh.com
rijndael-cbc@lysator.liu.se
aes128-gcm@openssh.com
chacha20-poly1305@openssh.com

MACs
hmac-sha2-512-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-shal-etm@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

Key exchange algorithm
curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org

Applies to: Rebex SFTP

1 Answer

0 votes
by (147k points)

aes256-gcm@openssh.com - supported
rijndael-cbc@lysator.liu.se - this is an old name for aes256-cbc from roughly 20 years ago; use aes256-cbc instead (or rather not because it's weak)
aes128-gcm@openssh.com - supported
chacha20-poly1305@openssh.com - supported

MACs
hmac-sha2-512-etm@openssh.com - supported
hmac-sha2-256-etm@openssh.com - supported
hmac-shal-etm@openssh.com - supported (and considered weak)
umac-64-etm@openssh.com - not supported (and considered weak)
umac-64@openssh.com - not supported (and considered weak)

Key exchange algorithm
curve25519-sha256@libssh.org - supported on Windows 10/11 and Windows Server 2016/2019/2022; external plugin needed for other platforms
sntrup4591761x25519-sha512@tinyssh.org - not supported (most likely won't ever be supported because the sntrup4591761 algorithm was superseded almost two years ago by sntrup761)

Show 23 previous comments
by (600 points)
Actually we have being using Rebex dll for many years. Of late  as part of SFTP server upgrade we upgraded Rebex SFTP  dll to 6.0.8372.0 and noticed connectivity issues happening in between at times after the SFTP server upgrade.  Before that there was no connectivity errors happening at all. We couldn't completely investigate the same where the issue is happening. However we want the connectivity to work without any failure at all times from our side . Will it be due to connectivity issue at the server side or client side .

List of ciphers macs and key exchange algorithms are already updated above.
by (600 points)
I am connecting/uploading/downloading with CB sftp server via Rebex in c#.
Rebex dll version used for the same is 5.0.7501.0. It was mentioned that there would be small percentage of connectivity issues with version 5.0.7161.0 since ECDH algorithm not supported in windows. Please confirm

ciphers
aes256-gcm@openssh.com
rijndael-cbc@lysator.liu.se
aes128-gcm@openssh.com
chacha20-poly1305@openssh.com

MACs
hmac-sha2-512-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-shal-etm@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

Key exchange algorithm
aes256-gcm@openssh.com
aes128-gcm@openssh.com

hmac-sha2-512-etm@openssh.com
hmac-sha2-256-etm@openssh.com
curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org
by (147k points)
There seems to be a mistake in your list - aes256-gcm@openssh.com
aes128-gcm@openssh.com are not key exchange algorithms.

What did the connectivity errors you observed with v6.0.8372 say?
by (600 points)
Error while connecting SFTP: No connection could be made because the target machine actively refused it was one exception we got. Connection attempt timed out.  
Connectivity failure happened intermittently in between.

We are connecting as below in windows service
objSFTP.Connect(sSFTPHost[0], int.Parse(sSFTPHost[1]));
objSFTP.Login(sSFTPHost[2], sSFTPHost[3]);
by (147k points)
Well, these errors are not actually related to SFTP or SSH protocol and ciphers at all!
They are connectivity issues at the TCP level. It's a network issue for network administrators to solve.
...