Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
Politiques de sécurité pour les AWS Transfer Family serveurs
Les politiques de sécurité du serveur vous AWS Transfer Family permettent de limiter l'ensemble des algorithmes cryptographiques (codes d'authentification des messages (MAC), échanges de clés (KEXs) et suites de chiffrement) associés à votre serveur. Pour obtenir la liste des algorithmes cryptographiques pris en charge, consultezAlgorithmes cryptographiques. Pour obtenir la liste des algorithmes clés pris en charge à utiliser avec les clés d'hôte du serveur et les clés utilisateur gérées par les services, consultez. Algorithmes pris en charge pour les clés utilisateur et serveur
Note
Nous vous recommandons vivement de mettre vos serveurs à jour conformément à notre dernière politique de sécurité. Notre dernière politique de sécurité est celle par défaut. Tout client qui crée un serveur Transfer Family en utilisant CloudFormation et acceptant la politique de sécurité par défaut se verra automatiquement attribuer la dernière politique. Si la compatibilité des clients vous préoccupe, veuillez indiquer clairement la politique de sécurité que vous souhaitez utiliser lors de la création ou de la mise à jour d'un serveur plutôt que d'utiliser la politique par défaut, qui est sujette à modification.
Pour modifier la politique de sécurité d'un serveur, consultezModifier la politique de sécurité.
Pour plus d'informations sur la sécurité dans Transfer Family, consultez le billet de blog intitulé Comment Transfer Family peut vous aider à créer une solution de transfert de fichiers géré sécurisée et conforme
Rubriques
- Algorithmes cryptographiques
- TransferSecurityPolitique-2024-01
- TransferSecurityPolitique - 2023-05
- TransferSecurityPolitique-20-03
- TransferSecurityPolitique-2020-06
- TransferSecurityPolitique 2018-11
- TransferSecurityPolitique-FIPS-2024-01/ Politique-FIPS-2024-05 TransferSecurity
- TransferSecurityPolitique - FIPS-2023-05
- TransferSecurityPolitique - FIPS-2020-06
- Politiques de sécurité post-Quantum
Note
TransferSecurityPolicy-2024-01
est la politique de sécurité par défaut attachée à votre serveur lorsque vous créez un serveur à l'aide de la console, de l'API ou de la CLI.
Algorithmes cryptographiques
Pour les clés d'hôte, nous prenons en charge les algorithmes suivants :
-
rsa-sha2-256
-
rsa-sha2-512
-
ecdsa-sha2-nistp256
-
ecdsa-sha2-nistp384
-
ecdsa-sha2-nistp521
-
ssh-ed25519
En outre, les politiques de sécurité suivantes permettent ssh-rsa
:
-
TransferSecurityPolitique 2018-11
-
TransferSecurityPolitique-2020-06
-
TransferSecurityPolitique - FIPS-2020-06
-
TransferSecurityPolitique - FIPS-2023-05
-
TransferSecurityPolitique - FIPS-2024-01
-
TransferSecurityPolicy-PQ-SSH-FIPS-Expérimental-2023-04
Note
Il est important de comprendre la distinction entre le type de clé RSA (qui est toujours le cas) ssh-rsa
et l'algorithme de clé d'hôte RSA, qui peut être n'importe lequel des algorithmes pris en charge.
Vous trouverez ci-dessous une liste des algorithmes cryptographiques pris en charge pour chaque politique de sécurité.
Note
Dans le tableau et les politiques suivants, notez l'utilisation suivante des types d'algorithmes.
-
Les serveurs SFTP utilisent uniquement des algorithmes dans les SshMacssections SshCiphersSshKexs, et.
-
Les serveurs FTPS utilisent uniquement les algorithmes de TlsCipherscette section.
-
Les serveurs FTP, puisqu'ils n'utilisent pas de chiffrement, n'utilisent aucun de ces algorithmes.
-
Les politiques de sécurité FIPS-2024-05 et FIPS-2024-01 sont identiques, sauf que la norme FIPS-2024-05 ne prend pas en charge l'algorithme.
ssh-rsa
Politique de sécurité | 2024-01 | 2023-05 | 05.03 | 2020-06 |
FIPS-2024-05 FIPS-2024-01 |
FIPS-2023-05 | FIPS-2020-06 | 2018-11 |
---|---|---|---|---|---|---|---|---|
SshCiphers |
||||||||
aes128-CTR |
♦ |
|
♦ |
♦ |
♦ |
♦ |
||
aes128-gcm@openssh.com |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
aes192-ctr |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
aes256-ctr |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
aes256-gcm@openssh.com |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
chacha20-poly1305@openssh.com |
|
♦ |
♦ |
|||||
SshKexs |
||||||||
curve25519-sha256 |
♦ |
♦ |
♦ |
|
|
♦ |
||
curve25519-sha256@libssh.org |
♦ |
♦ |
♦ |
|
|
♦ |
||
diffie-hellman-group14-sha1 |
|
|
|
♦ |
||||
diffie-hellman-group14-sha256 |
|
♦ |
♦ |
♦ |
||||
diffie-hellman-group16-sha512 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
diffie-hellman-group18-sha512 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
diffie-hellman-group-exchange-sha256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
||
ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org | ♦ | ♦ | ||||||
ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org | ♦ | ♦ | ||||||
ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org | ♦ | ♦ | ||||||
ecdh-sha2-nistp255 |
♦ |
|
♦ |
♦ |
♦ |
♦ |
||
ecdh-sha2-nistp384 |
♦ |
|
♦ |
♦ |
♦ |
♦ |
||
ecdh-sha2-nistp521 |
♦ |
|
♦ |
♦ |
♦ |
♦ |
||
x25519-kyber-512r3-sha256-d00@amazon.com | ♦ | |||||||
SshMacs |
||||||||
hmac-sha1 |
|
|
|
♦ |
||||
hmac-sha1-etm@openssh.com |
|
|
|
♦ |
||||
hmac-sha2-256 |
♦ |
♦ |
♦ |
♦ |
||||
hmac-sha2-256-etm@openssh.com |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
hmac-sha2-512 |
♦ |
♦ |
♦ |
♦ |
||||
hmac-sha2-512-etm@openssh.com |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
umac-128-etm@openssh.com |
|
♦ |
|
♦ |
||||
umac-128@openssh.com |
|
♦ |
|
♦ |
||||
umac-64-etm@openssh.com |
|
|
|
♦ |
||||
umac-64@openssh.com |
|
|
|
♦ |
||||
TlsCiphers |
||||||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
|
|
|
|
|
♦ |
||
TLS_RSA_WITH_AES_256_CBC_SHA256 |
|
|
|
|
|
♦ |
TransferSecurityPolitique-2024-01
Voici la politique de sécurité TransferSecurityPolicy -2024-01.
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2024-01", "SshCiphers": [ "aes128-gcm@openssh.com", "aes256-gcm@openssh.com", "aes128-ctr", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "x25519-kyber-512r3-sha256-d00@amazon.com", "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "curve25519-sha256", "curve25519-sha256@libssh.org", "diffie-hellman-group18-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolitique - 2023-05
Voici la politique de sécurité TransferSecurityPolicy -2023-05.
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2023-05", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "curve25519-sha256", "curve25519-sha256@libssh.org", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolitique-20-03
Ce qui suit montre la politique de sécurité TransferSecurityPolicy -03.03.
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2022-03", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "curve25519-sha256", "curve25519-sha256@libssh.org", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512", "hmac-sha2-256" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolitique-2020-06
Voici la politique de sécurité TransferSecurityPolicy -2020-06.
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2020-06", "SshCiphers": [ "chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com" ], "SshKexs": [ "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256" ], "SshMacs": [ "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolitique 2018-11
Voici la politique de sécurité TransferSecurityPolicy -2018-11.
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2018-11", "SshCiphers": [ "chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com" ], "SshKexs": [ "curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1" ], "SshMacs": [ "umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256" ] } }
TransferSecurityPolitique-FIPS-2024-01/ Politique-FIPS-2024-05 TransferSecurity
Vous trouverez ci-dessous les politiques de sécurité -FIPS-2024-01 et TransferSecurityPolicy -FIPS-2024-05. TransferSecurityPolicy
Note
Le point de terminaison du service FIPS et les politiques de sécurité TransferSecurityPolicy -FIPS-2024-01 et TransferSecurityPolicy -FIPS-2024-05 ne sont disponibles que dans certaines régions. AWS Pour plus d’informations, consultez Points de terminaison et quotas AWS Transfer Family dans le document Références générales AWS.
La seule différence entre ces deux politiques de sécurité est que TransferSecurityPolicy -FIPS-2024-01 supporte l'ssh-rsa
algorithme, alors que -FIPS-2024-05 ne le fait pas. TransferSecurityPolicy
{ "SecurityPolicy": { "Fips": true, "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2024-01", "SshCiphers": [ "aes128-gcm@openssh.com", "aes256-gcm@openssh.com", "aes128-ctr", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group18-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolitique - FIPS-2023-05
Les détails de la certification FIPS sont AWS Transfer Family disponibles à l'adresse https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all
Voici la politique de sécurité TransferSecurityPolicy -FIPS-2023-05.
Note
Le point de terminaison du service FIPS et la politique de sécurité TransferSecurityPolicy -FIPS-2023-05 ne sont disponibles que dans certaines régions. AWS Pour plus d’informations, consultez Points de terminaison et quotas AWS Transfer Family dans le document Références générales AWS.
{ "SecurityPolicy": { "Fips": true, "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2023-05", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolitique - FIPS-2020-06
Les détails de la certification FIPS sont AWS Transfer Family disponibles à l'adresse https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all
Voici la politique de sécurité TransferSecurityPolicy -FIPS-2020-06.
Note
Le point de terminaison du service FIPS et la politique de sécurité TransferSecurityPolicy -FIPS-2020-06 ne sont disponibles que dans certaines régions. AWS Pour plus d’informations, consultez Points de terminaison et quotas AWS Transfer Family dans le document Références générales AWS.
{ "SecurityPolicy": { "Fips": true, "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2020-06", "SshCiphers": [ "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com" ], "SshKexs": [ "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256" ], "SshMacs": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
Politiques de sécurité post-Quantum
Ce tableau répertorie les algorithmes utilisés pour les politiques de sécurité post-quantique de Transfer Family. Ces politiques sont décrites en détail dansUtilisation de l'échange de clés post-quantique hybride avec AWS Transfer Family.
Les listes de politiques suivent le tableau.
Politique de sécurité | TransferSecurityPolicy-PQ-SSH-Expérimental-2023-04 | TransferSecurityPolicy-PQ-SSH-FIPS-Expérimental-2023-04 |
---|---|---|
SSH ciphers |
||
aes128-CTR |
|
♦ |
aes128-gcm@openssh.com |
♦ |
♦ |
aes192-ctr |
♦ |
♦ |
aes256-ctr |
♦ |
♦ |
aes256-gcm@openssh.com |
♦ |
♦ |
KEXs |
||
ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org |
♦ |
♦ |
ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org |
♦ |
♦ |
ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org |
♦ |
♦ |
x25519-kyber-512r3-sha256-d00@amazon.com |
♦ |
|
diffie-hellman-group14-sha256 |
♦ | |
diffie-hellman-group16-sha512 |
♦ |
♦ |
diffie-hellman-group18-sha512 |
♦ |
♦ |
ecdh-sha2-nistp384 |
|
♦ |
ecdh-sha2-nistp521 |
|
♦ |
diffie-hellman-group-exchange-sha256 |
♦ |
♦ |
ecdh-sha2-nistp255 |
|
♦ |
curve25519-sha256@libssh.org |
♦ |
|
curve25519-sha256 |
♦ |
|
MACs |
||
hmac-sha2-256-etm@openssh.com |
♦ |
♦ |
hmac-sha2-256 |
♦ |
♦ |
hmac-sha2-512-etm@openssh.com |
♦ |
♦ |
hmac-sha2-512 |
♦ |
♦ |
TLS ciphers |
||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
♦ |
♦ |
TransferSecurityPolicy-PQ-SSH-Expérimental-2023-04
Voici la politique de sécurité TransferSecurityPolicy -PQ-SSH-Experimental-2023-04.
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-PQ-SSH-Experimental-2023-04", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "x25519-kyber-512r3-sha256-d00@amazon.com", "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", "curve25519-sha256", "curve25519-sha256@libssh.org", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512", "hmac-sha2-256" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolicy-PQ-SSH-FIPS-Expérimental-2023-04
Ce qui suit montre la politique de sécurité TransferSecurityPolicy -PQ-SSH-FIPS-Experimental-2023-04.
{ "SecurityPolicy": { "Fips": true, "SecurityPolicyName": "TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr", "aes128-ctr" ], "SshKexs": [ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256" ], "SshMacs": [ "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512", "hmac-sha2-256" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }