The following tables contain all the encryption algorithms you can configure One Identity Safeguard for Privileged Sessions (SPS) to recognize. If you use a configuration that is only partially supported, SPS might ignore the connection without warning.
|
NOTE:
Do not use the CBC block cipher mode, or the diffie-hellman-group1-sha1 key exchange algorithm. |
The default SPS configuration for both the client and the server is the following:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
The following key exchange (KEX) algorithms are recognized:
Key exchange (KEX) | Default | Comment |
---|---|---|
diffie-hellman-group1-sha1 | – | Not recommended |
diffie-hellman-group14-sha1 | ✔ | |
diffie-hellman-group-exchange-sha1 | ✔ | |
diffie-hellman-group-exchange-sha256 | ✔ |
The default SPS configuration for both the client and the server is the following:
aes128-ctr,aes192-ctr,aes256-ctr
The following cipher algorithms are recognized:
Cipher algorithm | Default | Comment |
---|---|---|
3des-cbc | – | Not recommended |
blowfish-cbc | – | Not recommended |
twofish256-cbc | – | Not recommended |
twofish-cbc | – | Not recommended |
twofish192-cbc | – | Not recommended |
twofish128-cbc | – | Not recommended |
aes256-cbc | – | Not recommended |
aes192-cbc | – | Not recommended |
aes128-cbc | – | Not recommended |
aes256-ctr | ✔ | |
aes192-ctr | ✔ | |
aes128-ctr | ✔ | |
serpent256-cbc | – | Not recommended |
serpent192-cbc | – | Not recommended |
serpent128-cbc | – | Not recommended |
arcfour | – | Not recommended |
idea-cbc | – | Not recommended |
cast128-cbc | – | Not recommended |
none | – | Means no cipher algorithm; not recommended |
The default SPS configuration for both the client and the server is the following:
hmac-sha2-256,hmac-sha2-512
The following MAC algorithms are recognized:
MAC | Default |
---|---|
hmac-sha1 | – |
hmac-sha1-96 | – |
hmac-md5 | – |
hmac-md5-96 | – |
hmac-sha2-256 | ✔ |
hmac-sha2-512 | ✔ |
The default SPS configuration for both the client and the server is the following:
none
The following SSH compression algorithms are recognized:
SSH compression algorithm | Default | Comment |
---|---|---|
zlib | – | |
none | ✔ | Means no compression |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center