AS2 configurations - AWS Transfer Family

AS2 configurations

This topic describes the supported configurations, features, and capabilities for transfers that use the Applicability Statement 2 (AS2) protocol, including the accepted ciphers and digests.

Signing, encryption, compression, MDN

For both inbound and outbound transfers, the following items are either required or optional:

  • Encryption – Required (for HTTP transport, which is the only transport method currently supported). Unencrypted messages are only accepted if forwarded by a TLS-terminating proxy such as an Application Load Balancer (ALB) and the X-Forwarded-Proto: https header is present.

  • Signing – Optional

  • Compression – Optional (the only currently supported compression algorithm is ZLIB)

  • Message Disposition Notice (MDN) – Optional

Ciphers

The following ciphers are supported for both inbound and outbound transfers:

  • AES128_CBC

  • AES192_CBC

  • AES256_CBC

  • 3DES (for backward compatibility only)

Digests

The following digests are supported:

  • Inbound signing and MDN – SHA1, SHA256, SHA384, SHA512

  • Outbound signing and MDN – SHA1, SHA256, SHA384, SHA512

MDN

For MDN responses, certain types are supported, as follows:

  • Inbound transfers – Synchronous and asynchronous

  • Outbound transfers – Synchronous only

  • Simple Mail Transfer Protocol (SMTP) (email MDN) – Not supported

Transports

  • Inbound transfers – HTTP is the only currently supported transport, and you must specify it explicitly.

    Note

    If you need to use HTTPS for inbound transfers, you can terminate TLS on an Application Load Balancer or a Network Load Balancer. This is described in Receive AS2 messages over HTTPS.

  • Outbound transfers – If you provide an HTTP URL, you must also specify an encryption algorithm. If you provide an HTTPS URL, you have the option of specifying NONE for your encryption algorithm.