ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

API Gateway: SFTP PUT via sftp server assertion ciphers

book

Article ID: 200567

calendar_today

Updated On:

Products

CA API Gateway API SECURITY

Issue/Introduction

One of our policies goes through an SFTP server using the "SFTP PUT via sftp server.." assertion.  SFTP just went under security hardening (FIPS) changes and cannot connect to the gateway unless the hardening is relaxed and allows the following ciphers on the server side:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

MACs hmac-sha2-256,hmac-sha2-512

These ciphers are in the sshd_config file on the gateway (Linux side) but it appears that the gateway application uses something other then what is stated in the sshd_config file.  

Is there a way to control the ciphers within the assertion SFTP PUT via sftp server?  

Environment

API Gateway: 9.4

Resolution

HMAC is not supported with SFTP Polling. These are the only ciphers we support: aes128-ctr, aes128-cbc, 3des-cbc, blowfish-cbc, aes192-ctr, aes192-cbc, aes256-ctr, aes256-cbc