Your browser does not allow storing cookies. We recommend enabling them.


Supported Cryptographic Algorithms, Protocols, and Standards

Tectia client/server solution supports the following cryptographic algorithms and standards.

Table 6.5. Tectia client/server solution supports the following algorithms

Used forAlgorithm
Key exchangeSHA-1:diffie-hellman-group1-sha1
Elliptic curve: ecdh-sha2-nistp256 [a]
ecdh-sha2-nistp384 [a]
ecdh-sha2-nistp521 [a]
Public keyRSA (1024, 2048, 3072, 4096, 5120, 6144, 7168, 8192 bits)
DSA (1024, 2048, 3072 bits)
ECDSA (256, 384, 521 bits) [a]
Data integrityCryptiCore (Badger) (16-byte key)
hmac md5 (16-byte key)
hmac md5-96 (16-byte key)
hmac sha-1 (20-byte key, FIPS PUB 198)
hmac sha-1-96 (20-byte key, FIPS PUB 198)
hmac-sha2-256 (32-byte key, FIPS PUB 180-3)
hmac-sha2-512 (64-byte key, FIPS PUB 180-3)
hmac (28-byte key, FIPS PUB 198)
hmac (16-byte key, FIPS PUB 198)
hmac (32-byte key, FIPS PUB 198)
hmac (48-byte key, FIPS PUB 198)
hmac (64-byte key, FIPS PUB 198)
Session encryption3DES (168-bit key)
AES (128-, 192-, or 256-bit key, CBC or CTR mode)
Arcfour (128-bit key)
Blowfish (128-bit key)
CryptiCore (Rabbit) (128-bit key)
SEED (128-bit key)
Twofish (128-, 192-, or 256-bit key)

[a] Due to issues in the OpenSSL library, this algorithm is not supported in FIPS mode on HP-UX PA-RISC and IBM AIX.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now