本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS Transfer Family 伺服器的安全性原則
中的伺服器安全性原則可 AWS Transfer Family 讓您限制與伺服器相關聯的一組加密演算法 (訊息驗證碼 (MAC)、金鑰交換 (KEX) 和密碼套件)。如需支援的加密演算法清單,請參閱加密算法。如需與伺服器主機金鑰和服務管理的使用者金鑰搭配使用的支援金鑰演算法清單,請參閱支援的使用者和伺服器金鑰演算法。
注意
我們強烈建議您將伺服器更新為我們最新的安全政策。我們最新的安全性原則為預設值。任何使用 CloudFormation並接受預設安全性原則建立 Transfer Family 伺服器的客戶,都會自動指派最新策略。如果您擔心客戶端的兼容性,請確認說明您在創建或更新服務器時希望使用哪種安全策略,而不是使用默認策略,這可能會更改。
若要變更伺服器的安全性原則,請參閱編輯安全性原則。
如需 Transfer Family 中安全性的詳細資訊,請參閱部落格文章:Transfer Family 如何協助您建置安全、合規的受管理檔案傳輸解決方案
主題
- 加密算法
- TransferSecurityPolicy-2024-01
- TransferSecurityPolicy-2023-05
- TransferSecurityPolicy-2022-03
- TransferSecurityPolicy-06 和限制 TransferSecurityPolicy
- TransferSecurityPolicy限制 TransferSecurityPolicy
- TransferSecurityPolicy-FIPS-2024-01 /-FIPS-2024-05 TransferSecurityPolicy
- TransferSecurityPolicy-FIPS-05
- TransferSecurityPolicy-飛機
- 後量子安全性原則
注意
TransferSecurityPolicy-2024-01
是使用主控台、API 或 CLI 建立伺服器時,附加到伺服器的預設安全性原則。
加密算法
對於主機金鑰,我們支援下列演算法:
-
rsa-sha2-256
-
rsa-sha2-512
-
ecdsa-sha2-nistp256
-
ecdsa-sha2-nistp384
-
ecdsa-sha2-nistp521
-
ssh-ed25519
此外,下列安全性原則允許ssh-rsa
:
-
TransferSecurityPolicy-2018-11
-
TransferSecurityPolicy-2020-06
-
TransferSecurityPolicy-飛機
-
TransferSecurityPolicy-FIPS-05
-
TransferSecurityPolicy-FIPS-01
-
TransferSecurityPolicy-P-SSH-菲普斯-實驗 -2023-04
注意
請務必瞭解 RSA 金鑰類型 (永遠ssh-rsa
是) 和 RSA 主機金鑰演算法 (可以是任何支援的演算法) 之間的區別。
以下是每個安全性原則所支援的密碼編譯演算法清單。
注意
在下表和原則中,請注意下列演算法類型的使用方式。
-
SFTP 伺服器僅使用、和SshMacs區段SshCiphers中SshKexs的演算法。
-
FTPS 伺服器僅使用TlsCiphers本節中的演算法。
-
FTP 伺服器不使用加密,因此請勿使用任何這些演算法。
-
FIPS-2024-05 和 FIPS-2024-01 安全性原則是相同的,不同的是 FIPS-2024-05 不支援
ssh-rsa
演算法。 -
Transfer Family 推出了新的限制政策,parallel 現有政策密切相似:
-
TransferSecurityPolicy限制 2018-11 和 TransferSecurityPolicy -2018-11 安全性原則是相同的,只是受限制的原則不支援密碼。
chacha20-poly1305@openssh.com
-
TransferSecurityPolicy限制 2020-06 和 TransferSecurityPolicy -2020-06 安全性原則是相同的,只是受限制的原則不支援密碼。
chacha20-poly1305@openssh.com
* 在下表中,
chacha20-poly1305@openssh.com
密碼僅包含在非限制策略中, -
安全政策 | 2024-01 | 2023-05 | 2022-03 |
2020-06 限制 |
FIPS-2024-05 FIPS-2024-01 |
菲的同位 | FIT |
2018-11 限制 |
---|---|---|---|---|---|---|---|---|
SshCiphers |
||||||||
中心 |
♦ |
|
♦ |
♦ |
♦ |
♦ |
||
aes128-gcm@openssh.com |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
中心 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
中心 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
aes256-gcm@openssh.com |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
chacha20-poly1305@openssh.com |
|
♦* |
♦* |
|||||
SshKexs |
||||||||
曲線 |
♦ |
♦ |
♦ |
|
|
♦ |
||
curve25519-sha256@libssh.org |
♦ |
♦ |
♦ |
|
|
♦ |
||
diffie-hellman-group十四人 |
|
|
|
♦ |
||||
diffie-hellman-group14-SHA256 |
|
♦ |
♦ |
♦ |
||||
diffie-hellman-group |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
diffie-hellman-group沙 512 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
diffie-hellman-group-exchange-sha256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
|
ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org | ♦ | ♦ | ||||||
ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org | ♦ | ♦ | ||||||
ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org | ♦ | ♦ | ||||||
埃克德什-沙 2-尼斯特 P256 |
♦ |
|
♦ |
♦ |
♦ |
♦ |
||
埃克德什-沙 2-尼斯特 P384 |
♦ |
|
♦ |
♦ |
♦ |
♦ |
||
埃克德什-沙 2-尼斯特 P521 |
♦ |
|
♦ |
♦ |
♦ |
♦ |
||
x25519-kyber-512r3-sha256-d00@amazon.com | ♦ | |||||||
SshMacs |
||||||||
哈馬克沙 1 |
|
|
|
♦ |
||||
hmac-sha1-etm@openssh.com |
|
|
|
♦ |
||||
哈馬克沙 2-256 |
♦ |
♦ |
♦ |
♦ |
||||
hmac-sha2-256-etm@openssh.com |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
哈馬克沙 2-512 |
♦ |
♦ |
♦ |
♦ |
||||
hmac-sha2-512-etm@openssh.com |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
umac-128-etm@openssh.com |
|
♦ |
|
♦ |
||||
umac-128@openssh.com |
|
♦ |
|
♦ |
||||
umac-64-etm@openssh.com |
|
|
|
♦ |
||||
umac-64@openssh.com |
|
|
|
♦ |
||||
TlsCiphers |
||||||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
♦ |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
|
|
|
|
|
♦ |
||
TLS_RSA_WITH_AES_256_CBC_SHA256 |
|
|
|
|
|
♦ |
TransferSecurityPolicy-2024-01
以下顯示了 TransferSecurityPolicy -2024-01 安全性原則。
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2024-01", "SshCiphers": [ "aes128-gcm@openssh.com", "aes256-gcm@openssh.com", "aes128-ctr", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "x25519-kyber-512r3-sha256-d00@amazon.com", "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "curve25519-sha256", "curve25519-sha256@libssh.org", "diffie-hellman-group18-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolicy-2023-05
以下顯示了 TransferSecurityPolicy -2023-05 安全性原則。
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2023-05", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "curve25519-sha256", "curve25519-sha256@libssh.org", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolicy-2022-03
以下顯示了 TransferSecurityPolicy -2022-03 安全性原則。
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2022-03", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "curve25519-sha256", "curve25519-sha256@libssh.org", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512", "hmac-sha2-256" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolicy-06 和限制 TransferSecurityPolicy
下面顯示了 TransferSecurityPolicy -2020 年 06 月的安全性原則。
注意
TransferSecurityPolicy限制 2020-06 和 TransferSecurityPolicy -2020-06 安全性原則是相同的,只是受限制的原則不支援密碼。chacha20-poly1305@openssh.com
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2020-06", "SshCiphers": [ "chacha20-poly1305@openssh.com", //Not included in TransferSecurityPolicy-Restricted-2020-06 "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com" ], "SshKexs": [ "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256" ], "SshMacs": [ "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolicy限制 TransferSecurityPolicy
下面顯示了 TransferSecurityPolicy -2018-11 安全性原則。
注意
TransferSecurityPolicy限制 2018-11 和 TransferSecurityPolicy -2018-11 安全性原則是相同的,只是受限制的原則不支援密碼。chacha20-poly1305@openssh.com
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-2018-11", "SshCiphers": [ "chacha20-poly1305@openssh.com", //Not included in TransferSecurityPolicy-Restricted-2018-11 "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com" ], "SshKexs": [ "curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1" ], "SshMacs": [ "umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256" ] } }
TransferSecurityPolicy-FIPS-2024-01 /-FIPS-2024-05 TransferSecurityPolicy
下面顯示了 TransferSecurityPolicy安全性原則。 TransferSecurityPolicy
注意
FIPS 服務端點以及 TransferSecurityPolicy安全性原則僅在某些 TransferSecurityPolicy地區提供。 AWS 如需詳細資訊,請參閱 AWS 一般參考 中的 AWS Transfer Family 端點和配額。
這兩個安全策略之間的唯一區別是 TransferSecurityPolicy-FIPS-2024-01 支持該ssh-rsa
算法,而-FIPS-2024-05 不支持。 TransferSecurityPolicy
{ "SecurityPolicy": { "Fips": true, "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2024-01", "SshCiphers": [ "aes128-gcm@openssh.com", "aes256-gcm@openssh.com", "aes128-ctr", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group18-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolicy-FIPS-05
的 FIPS 認證詳細資訊可在 AWS Transfer Family 以下位置找到:https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all
下面顯示了 TransferSecurityPolicy安全性原則。
注意
FIPS 服務端點和 TransferSecurityPolicy-FIPS-2023-05 安全性原則僅適用於某些地區。 AWS 如需詳細資訊,請參閱 AWS 一般參考 中的 AWS Transfer Family 端點和配額。
{ "SecurityPolicy": { "Fips": true, "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2023-05", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolicy-飛機
的 FIPS 認證詳細資訊可在 AWS Transfer Family 以下位置找到:https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all
以下顯示了 TransferSecurityPolicy安全性原則。
注意
FIPS 服務端點和 TransferSecurityPolicy-FIPS-2020-06 安全性原則僅適用於某些地區。 AWS 如需詳細資訊,請參閱 AWS 一般參考 中的 AWS Transfer Family 端點和配額。
{ "SecurityPolicy": { "Fips": true, "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2020-06", "SshCiphers": [ "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com" ], "SshKexs": [ "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256" ], "SshMacs": [ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
後量子安全性原則
下表列出 Transfer Family 列後量子安全性原則的演算法。這些政策在中詳細描述。使用混合式後量子金鑰交換 AWS Transfer Family
政策清單會跟隨下表格。
安全政策 | TransferSecurityPolicy-P-聚氨酸鈉-實驗 -2023-04 | TransferSecurityPolicy-P-SSH-菲普斯-實驗 -2023-04 |
---|---|---|
SSH ciphers |
||
中心 |
|
♦ |
aes128-gcm@openssh.com |
♦ |
♦ |
中心 |
♦ |
♦ |
中心 |
♦ |
♦ |
aes256-gcm@openssh.com |
♦ |
♦ |
KEXs |
||
ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org |
♦ |
♦ |
ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org |
♦ |
♦ |
ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org |
♦ |
♦ |
x25519-kyber-512r3-sha256-d00@amazon.com |
♦ |
|
diffie-hellman-group14-SHA256 |
♦ | |
diffie-hellman-group |
♦ |
♦ |
diffie-hellman-group沙 512 |
♦ |
♦ |
埃克德什-沙 2-尼斯特 P384 |
|
♦ |
埃克德什-沙 2-尼斯特 P521 |
|
♦ |
diffie-hellman-group-exchange-sha256 |
♦ |
♦ |
埃克德什-沙 2-尼斯特 P256 |
|
♦ |
curve25519-sha256@libssh.org |
♦ |
|
曲線 |
♦ |
|
MACs |
||
hmac-sha2-256-etm@openssh.com |
♦ |
♦ |
哈馬克沙 2-256 |
♦ |
♦ |
hmac-sha2-512-etm@openssh.com |
♦ |
♦ |
哈馬克沙 2-512 |
♦ |
♦ |
TLS ciphers |
||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
♦ |
♦ |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
♦ |
♦ |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
♦ |
♦ |
TransferSecurityPolicy-P-聚氨酸鈉-實驗 -2023-04
下面顯示了 TransferSecurityPolicy-PQ-SSH 實驗 -2023-04 安全性原則。
{ "SecurityPolicy": { "Fips": false, "SecurityPolicyName": "TransferSecurityPolicy-PQ-SSH-Experimental-2023-04", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr" ], "SshKexs": [ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "x25519-kyber-512r3-sha256-d00@amazon.com", "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", "curve25519-sha256", "curve25519-sha256@libssh.org", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group-exchange-sha256" ], "SshMacs": [ "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512", "hmac-sha2-256" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }
TransferSecurityPolicy-P-SSH-菲普斯-實驗 -2023-04
下面顯示了-PQ-SSH-菲 TransferSecurityPolicy普斯實驗 -2023-04 安全策略。
{ "SecurityPolicy": { "Fips": true, "SecurityPolicyName": "TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04", "SshCiphers": [ "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr", "aes128-ctr" ], "SshKexs": [ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256" ], "SshMacs": [ "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512", "hmac-sha2-256" ], "TlsCiphers": [ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" ] } }