This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
Control-M Managed File Transfer
Control-M Managed File Transfer 9.0.00, 9.0.18, 9.0.19
What ciphers, key exchange algorithms, key types/formats and lengths are supported by Control-M Managed File Transfer when transferring files over encrypted data channels using SFTP (SSH) or FTP over TLS (FTPS)?For AFT 8.0, refer to article 000143479
For AFT 8.2, refer to article 000137186
Control-M Managed File Transfer 9.0.00 supports the following:
For SSH (SFTP),
- MAC algorithms: hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96, hmac-sha-256
- Ciphers: aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, 3des-cbc, 3des-ctr, blowfish-cbc, arcfour256, arcfour128, arcfour
- Key EXchange: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
- Generated keys: type=RSA, sizes = 1024, 2048, 3072, 4096
Note: in JRE 1.8 u121, 3DES has been marked as a Legacy cipher and is thus disabled by default, causing MFT to not be able to use the 3dses-cbc and 3des-ctr ciphers. BMC recommends enabling stronger and more current cipher suites on the remote server to resolve Algorithm negotiation failures.
For FTP over SSL/TLS (FTPS):Since MFT is using the standard Java security provider for SSL (over FTP), the complete list of ciphers, signature algorithms and key exchange algorithms supported can be found in the link:
Please look under “The SunJSSE Provider” section. The Signature Algorithm list is under the “Cipher Suites” section. The current version of Java used by MFT is JDK8, so look under that column.
Customers viewing this solution may find value in the following self-help Connect with Control-M video.