Security policies for AWS Transfer Family SFTP connectors - AWS Transfer Family

Security policies for AWS Transfer Family SFTP connectors

SFTP connector security policies in AWS Transfer Family allow you to limit the set of cryptographic algorithms (message authentication codes (MACs), key exchanges (KEXs), and cipher suites) associated with your SFTP connector. The following is a list of supported cryptographic algorithms for each SFTP connector security policy.

Note

TransferSFTPConnectorSecurityPolicy-2024-03 is the default security policy that is applied to SFTP connectors.

Security policy TransferSFTPConnectorSecurityPolicy-2024-03 TransferSFTPConnectorSecurityPolicy-2023-07

Ciphers

aes128-ctr

aes128-gcm@openssh.com

aes192-ctr

aes256-ctr

aes256-gcm@openssh.com

Kexs

curve25519-sha256

curve25519-sha256@libssh.org

diffie-hellman-group14-sha1

diffie-hellman-group16-sha512

diffie-hellman-group18-sha512

diffie-hellman-group-exchange-sha256

Macs

hmac-sha2-512-etm@openssh.com

hmac-sha2-256-etm@openssh.com

hmac-sha2-512

hmac-sha2-256

hmac-sha1

hmac-sha1-96

Host Key Algorithms

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp256

ecdsa-sha2-nistp384

ecdsa-sha2-nistp521

ssh-rsa