Security policies for AWS Transfer Family SFTP connectors
SFTP connector security policies in AWS Transfer Family allow you to limit the set of cryptographic algorithms (message authentication codes (MACs), key exchanges (KEXs), and cipher suites) associated with your SFTP connector. The following is a list of supported cryptographic algorithms for each SFTP connector security policy.
Note
TransferSFTPConnectorSecurityPolicy-2024-03 is the default
security policy that is applied to SFTP connectors.
You can change the security policy for your connector. Select Connectors from the Transfer Family left navigation pane, and select your connector. Then select Edit in the Sftp configuration section. In the Cryptographic algorithm options section, choose any available security policy from the dropdown list in the Security Policy field.
| Security policy | TransferSFTPConnectorSecurityPolicy-FIPS-2024-10 | TransferSFTPConnectorSecurityPolicy-2024-03 | TransferSFTPConnectorSecurityPolicy-2023-07 |
|---|---|---|---|
|
Ciphers |
|||
|
aes128-ctr |
♦ |
||
|
aes128-gcm@openssh.com |
♦ |
♦ |
♦ |
|
aes192-ctr |
♦ |
♦ |
|
|
aes256-ctr |
♦ |
♦ |
|
|
aes256-gcm@openssh.com |
♦ |
♦ |
♦ |
|
Kexs |
|||
|
curve25519-sha256 |
♦ |
♦ |
|
|
curve25519-sha256@libssh.org |
♦ |
♦ |
|
|
diffie-hellman-group14-sha1 |
♦ |
||
|
diffie-hellman-group16-sha512 |
♦ |
♦ |
|
|
diffie-hellman-group18-sha512 |
♦ |
♦ |
|
|
diffie-hellman-group-exchange-sha256 |
♦ |
♦ |
|
| ecdh-sha2-nistp256 |
♦ |
||
| ecdh-sha2-nistp384 |
♦ |
||
| ecdh-sha2-nistp521 |
♦ |
||
|
Macs |
|||
|
hmac-sha2-512-etm@openssh.com |
♦ |
♦ |
|
|
hmac-sha2-256-etm@openssh.com |
♦ |
♦ |
|
| hmac-sha2-512 |
♦ |
♦ |
♦ |
|
hmac-sha2-256 |
♦ |
♦ |
♦ |
|
hmac-sha1 |
♦ |
||
|
hmac-sha1-96 |
♦ |
||
|
Host Key Algorithms |
|||
| rsa-sha2-256 |
♦ |
♦ |
♦ |
| rsa-sha2-512 |
♦ |
♦ |
♦ |
| ecdsa-sha2-nistp256 |
♦ |
♦ |
♦ |
| ecdsa-sha2-nistp384 | ♦ |
♦ |
|
| ecdsa-sha2-nistp521 | ♦ |
♦ |
|
| ssh-rsa |
♦ |
||
