Algorithmes cryptographiques TransferSecurityPolicy-2024-01 TransferSecurityPolicy-2023-05 TransferSecurityPolicy-03 TransferSecurityPolicy-2020-06 TransferSecurityPolicy-2018-11 TransferSecurityPolicy- FIPS -2024-01 TransferSecurityPolicy- FIPS -2023-05 TransferSecurityPolicy- FIPS -2020-06 Politiques de sécurité post-Quantum

Politiques de sécurité pour AWS Transfer Family

Les politiques de sécurité du serveur vous AWS Transfer Family permettent de limiter l'ensemble des algorithmes cryptographiques (codes d'authentification des messages (MACs), échanges de clés (KEXs) et suites de chiffrement) associés à votre serveur. Pour obtenir la liste des algorithmes cryptographiques pris en charge, consultezAlgorithmes cryptographiques. Pour obtenir la liste des algorithmes clés pris en charge à utiliser avec les clés d'hôte du serveur et les clés utilisateur gérées par les services, consultez. Algorithmes pris en charge pour les clés utilisateur et serveur

Note

Nous vous recommandons vivement de mettre vos serveurs à jour conformément à notre politique de sécurité la plus récente. Notre dernière politique de sécurité est celle par défaut. Tout client qui crée un serveur Transfer Family en utilisant CloudFormation et acceptant la politique de sécurité par défaut se verra automatiquement attribuer la dernière politique. Si la compatibilité des clients vous préoccupe, veuillez indiquer clairement la politique de sécurité que vous souhaitez utiliser lors de la création ou de la mise à jour d'un serveur plutôt que d'utiliser la politique par défaut, qui est sujette à modification.

Pour modifier la politique de sécurité d'un serveur, consultezModifier la politique de sécurité.

Pour plus d'informations sur la sécurité dans Transfer Family, consultez le billet de blog intitulé Comment Transfer Family peut vous aider à créer une solution de transfert de fichiers géré sécurisée et conforme.

Note

TransferSecurityPolicy-2024-01est la politique de sécurité par défaut attachée à votre serveur lorsque vous créez un serveur à l'aide de la consoleAPI, ouCLI.

Algorithmes cryptographiques

Pour les clés d'hôte, nous prenons en charge les algorithmes suivants :

rsa-sha-256
rsa-sha-512
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp512
ssh-ed25519

De plus, les politiques de sécurité de 2018 et 2020 le permettentssh-rsa.

Note

Il est important de comprendre la distinction entre le type de RSA clé (qui est toujours le cas) ssh-rsa et l'algorithme de clé RSA hôte, qui peut être n'importe lequel des algorithmes pris en charge.

Vous trouverez ci-dessous une liste des algorithmes cryptographiques pris en charge pour chaque politique de sécurité.

Note

Dans le tableau et les politiques suivants, notez l'utilisation suivante des types d'algorithmes.

SFTPles serveurs n'utilisent des algorithmes que dans les SshMacssections SshCiphersSshKexs, et.
FTPSles serveurs utilisent uniquement les algorithmes de la TlsCipherssection.
FTPles serveurs, puisqu'ils n'utilisent pas de cryptage, n'utilisent aucun de ces algorithmes.

Politique de sécurité	2024-01	2023-05	05.03	2020-06	FIPS-2024-01	FIPS-2023-05	FIPS-2020-06	2018-11
SshCiphers
aes128-CTR	♦			♦	♦		♦	♦
aes128-gcm@openssh.com	♦	♦	♦	♦	♦	♦	♦	♦
aes192-ctr	♦	♦	♦	♦	♦	♦	♦	♦
aes256-ctr	♦	♦	♦	♦	♦	♦	♦	♦
aes256-gcm@openssh.com	♦	♦	♦	♦	♦	♦	♦	♦
chacha20-poly1305@openssh.com				♦				♦
SshKexs
curve25519-sha256	♦	♦	♦					♦
curve25519-sha256@libssh.org	♦	♦	♦					♦
diffie-hellman-group14 sha1								♦
diffie-hellman-group14-sha256				♦			♦	♦
diffie-hellman-group16 sha-512	♦	♦	♦	♦	♦	♦	♦	♦
diffie-hellman-group18-sha512	♦	♦	♦	♦	♦	♦	♦	♦
diffie-hellman-group-exchange-sha256		♦	♦	♦		♦	♦	♦
ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org	♦				♦
ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org	♦				♦
ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org	♦				♦
ecdh-sha2-nistp255	♦			♦	♦		♦	♦
ecdh-sha2-nistp384	♦			♦	♦		♦	♦
ecdh-sha2-nistp521	♦			♦	♦		♦	♦
x25519-kyber-512r3-sha256-d00@amazon.com	♦
SshMacs
hmac-sha1								♦
hmac-sha1-etm@openssh.com								♦
hmac-sha2-256			♦	♦			♦	♦
hmac-sha2-256-etm@openssh.com	♦	♦	♦	♦	♦	♦	♦	♦
hmac-sha2-512			♦	♦			♦	♦
hmac-sha2-512-etm@openssh.com	♦	♦	♦	♦	♦	♦	♦	♦
umac-128-etm@openssh.com				♦				♦
umac-128@openssh.com				♦				♦
umac-64-etm@openssh.com								♦
umac-64@openssh.com								♦
TlsCiphers
TLS_ ECDHE _ _ ECDSA WITH _ AES CBC _128_ _ SHA256	♦	♦	♦	♦	♦	♦	♦	♦
TLS_ ECDHE _ _ ECDSA WITH _ AES GCM _128_ _ SHA256	♦	♦	♦	♦	♦	♦	♦	♦
TLS_ ECDHE _ _ ECDSA WITH _ AES CBC _256_ _ SHA384	♦	♦	♦	♦	♦	♦	♦	♦
TLS_ ECDHE _ _ ECDSA WITH _ AES GCM _256_ _ SHA384	♦	♦	♦	♦	♦	♦	♦	♦
TLS_ ECDHE _ _ RSA WITH _ AES CBC _128_ _ SHA256	♦	♦	♦	♦	♦	♦	♦	♦
TLS_ ECDHE _ _ RSA WITH _ AES GCM _128_ _ SHA256	♦	♦	♦	♦	♦	♦	♦	♦
TLS_ ECDHE _ _ RSA WITH _ AES CBC _256_ _ SHA384	♦	♦	♦	♦	♦	♦	♦	♦
TLS_ ECDHE _ _ RSA WITH _ AES GCM _256_ _ SHA384	♦	♦	♦	♦	♦	♦	♦	♦
TLS_ _ RSA WITH _ AES CBC _128_ _ SHA256								♦
TLS_ _ RSA WITH _ AES CBC _256_ _ SHA256								♦

TransferSecurityPolicy-2024-01

Voici la politique de sécurité TransferSecurityPolicy -2024-01.


{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-2024-01",
        "SshCiphers": [
            "aes128-gcm@openssh.com",
            "aes256-gcm@openssh.com",
            "aes128-ctr",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
            "x25519-kyber-512r3-sha256-d00@amazon.com",
            "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
            "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy-2023-05

Voici la politique de sécurité TransferSecurityPolicy -2023-05.


{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-2023-05",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-512-etm@openssh.com",
            "hmac-sha2-256-etm@openssh.com"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy-03

Ce qui suit montre la politique de sécurité TransferSecurityPolicy -03.03.


{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2022-03",
    "SshCiphers": [
      "aes256-gcm@openssh.com",
      "aes128-gcm@openssh.com",
      "aes256-ctr",
      "aes192-ctr"
    ],
    "SshKexs": [
      "curve25519-sha256",
      "curve25519-sha256@libssh.org",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group-exchange-sha256"
    ],
    "SshMacs": [
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512",
      "hmac-sha2-256"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}

TransferSecurityPolicy-2020-06

Voici la politique de sécurité TransferSecurityPolicy -2020-06.


{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2020-06",
    "SshCiphers": [
      "chacha20-poly1305@openssh.com",
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256"
    ],
    "SshMacs": [
      "umac-128-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "umac-128@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}

TransferSecurityPolicy-2018-11

Voici la politique de sécurité TransferSecurityPolicy -2018-11.


{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2018-11",
    "SshCiphers": [
      "chacha20-poly1305@openssh.com",
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "curve25519-sha256",
      "curve25519-sha256@libssh.org",
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256",
      "diffie-hellman-group14-sha1"
    ],
    "SshMacs": [
      "umac-64-etm@openssh.com",
      "umac-128-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha1-etm@openssh.com",
      "umac-64@openssh.com",
      "umac-128@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512",
      "hmac-sha1"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
      "TLS_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_RSA_WITH_AES_256_CBC_SHA256"
    ]
  }
}

TransferSecurityPolicy- FIPS -2024-01

Ce qui suit montre la politique de TransferSecurityPolicy sécurité - FIPS -2024-01.

Note

Le point FIPS de terminaison du service et la politique de sécurité TransferSecurityPolicy - FIPS -2024-01 ne sont disponibles que dans certaines régions. AWS Pour plus d’informations, consultez Points de terminaison et quotas AWS Transfer Family dans le document Références générales AWS.


{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2024-01",
        "SshCiphers": [
            "aes128-gcm@openssh.com",
            "aes256-gcm@openssh.com",
            "aes128-ctr",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
            "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
            "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy- FIPS -2023-05

Les détails de la FIPS AWS Transfer Family certification sont disponibles sur https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all

Ce qui suit montre la politique de TransferSecurityPolicy sécurité - FIPS -2023-05.

Note

Le point FIPS de terminaison du service et la politique de sécurité TransferSecurityPolicy - FIPS -2023-05 ne sont disponibles que dans certaines régions. AWS Pour plus d’informations, consultez Points de terminaison et quotas AWS Transfer Family dans le document Références générales AWS.


{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2023-05",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy- FIPS -2020-06

Les détails de la FIPS AWS Transfer Family certification sont disponibles sur https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all

Ce qui suit montre la politique de TransferSecurityPolicy sécurité - FIPS -2020-06.

Note

Le point FIPS de terminaison du service et la politique de sécurité TransferSecurityPolicy - FIPS -2020-06 ne sont disponibles que dans certaines régions. AWS Pour plus d’informations, consultez Points de terminaison et quotas AWS Transfer Family dans le document Références générales AWS.


{
  "SecurityPolicy": {
    "Fips": true,
    "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2020-06",
    "SshCiphers": [
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256"
    ],
    "SshMacs": [
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}

Politiques de sécurité post-Quantum

Ce tableau répertorie les algorithmes utilisés pour les politiques de sécurité post-quantique de Transfer Family. Ces politiques sont décrites en détail dansUtilisation de l'échange de clés post-quantique hybride avec AWS Transfer Family.

Les listes de politiques suivent le tableau.

Politique de sécurité	TransferSecurityPolicy-PQ- -Expérimental-2023-04 SSH	TransferSecurityPolicy-PQ- SSH - -Expérimental-2023-04 FIPS
SSH ciphers
aes128-CTR		♦
aes128-gcm@openssh.com	♦	♦
aes192-ctr	♦	♦
aes256-ctr	♦	♦
aes256-gcm@openssh.com	♦	♦
KEXs
ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org	♦	♦
ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org	♦	♦
ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org	♦	♦
x25519-kyber-512r3-sha256-d00@amazon.com	♦
diffie-hellman-group14-sha256		♦
diffie-hellman-group16 sha-512	♦	♦
diffie-hellman-group18-sha512	♦	♦
ecdh-sha2-nistp384		♦
ecdh-sha2-nistp521		♦
diffie-hellman-group-exchange-sha256	♦	♦
ecdh-sha2-nistp255		♦
curve25519-sha256@libssh.org	♦
curve25519-sha256	♦
MACs
hmac-sha2-256-etm@openssh.com	♦	♦
hmac-sha2-256	♦	♦
hmac-sha2-512-etm@openssh.com	♦	♦
hmac-sha2-512	♦	♦
TLS ciphers
TLS_ ECDHE _ _ ECDSA WITH _ AES CBC _128_ _ SHA256	♦	♦
TLS_ ECDHE _ _ ECDSA WITH _ AES GCM _128_ _ SHA256	♦	♦
TLS_ ECDHE _ _ ECDSA WITH _ AES CBC _256_ _ SHA384	♦	♦
TLS_ ECDHE _ _ ECDSA WITH _ AES GCM _256_ _ SHA384	♦	♦
TLS_ ECDHE _ _ RSA WITH _ AES CBC _128_ _ SHA256	♦	♦
TLS_ ECDHE _ _ RSA WITH _ AES GCM _128_ _ SHA256	♦	♦
TLS_ ECDHE _ _ RSA WITH _ AES CBC _256_ _ SHA384	♦	♦
TLS_ ECDHE _ _ RSA WITH _ AES GCM _256_ _ SHA384	♦	♦

TransferSecurityPolicy-PQ- -Expérimental-2023-04 SSH

Voici la politique de sécurité TransferSecurityPolicy-PQ-SSH-Experimental -2023-04.


{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-PQ-SSH-Experimental-2023-04",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
            "x25519-kyber-512r3-sha256-d00@amazon.com",
            "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
            "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-512-etm@openssh.com",
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512",
            "hmac-sha2-256"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy-PQ- SSH - -Expérimental-2023-04 FIPS

Ce qui suit montre la politique de sécurité TransferSecurityPolicy-PQ-SSH-FIPS -Experimental-2023-04.


{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr",
            "aes128-ctr"
        ],
        "SshKexs": [
            "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
            "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
            "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "diffie-hellman-group-exchange-sha256",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group14-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-512-etm@openssh.com",
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512",
            "hmac-sha2-256"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

Avertissement JavaScript est désactivé ou n'est pas disponible dans votre navigateur.

Pour que vous puissiez utiliser la documentation AWS, Javascript doit être activé. Vous trouverez des instructions sur les pages d'aide de votre navigateur.

Conventions de rédaction

Sécurité

Politiques de sécurité post-quantique