的安全政策 AWS Transfer Family - AWS Transfer Family
密碼編譯演算法TransferSecurityPolicy-2024 年 1 月TransferSecurityPolicy-2023 年 5 月TransferSecurityPolicy-2022 年 3 月TransferSecurityPolicy-2020 年 6 月TransferSecurityPolicy-2018 年 11 月TransferSecurityPolicy-FIPS-2024 年 1 月TransferSecurityPolicy-FIPS-2023 年 5 月TransferSecurityPolicy-FIPS-2020 年 6 月發佈 Quantum 安全政策

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

的安全政策 AWS Transfer Family

中的伺服器安全政策 AWS Transfer Family 可讓您限制與伺服器相關聯的一組密碼編譯演算法 (訊息驗證碼 (MACs)、金鑰交換 (KEXs) 和密碼套件)。如需支援的密碼編譯演算法清單,請參閱 密碼編譯演算法。如需支援與伺服器主機金鑰和服務受管使用者金鑰搭配使用的金鑰演算法清單,請參閱 使用者和伺服器金鑰支援的演算法

注意

我們強烈建議將您的伺服器更新為最新的安全政策。我們最新的安全政策為預設值。任何使用 CloudFormation 和 建立 Transfer Family 伺服器的客戶都會自動指派最新的政策。如果您擔心用戶端相容性,請明確陳述您希望在建立或更新伺服器時使用的安全政策,而不是使用預設政策,這些政策可能會變更。

若要變更伺服器的安全政策,請參閱 編輯安全政策

如需 Transfer Family 中安全性的詳細資訊,請參閱部落格文章:Transfer Family 如何協助您建置安全、合規的受管檔案傳輸解決方案。

注意

TransferSecurityPolicy-2024-01 是使用主控台、 API或 建立伺服器時連接至伺服器的預設安全政策CLI。

密碼編譯演算法

對於主機金鑰,我們支援下列演算法:

  • rsa-sha-256

  • rsa-sha-512

  • ecdsa-sha2-nistp256

  • ecdsa-sha2-nistp384

  • ecdsa-sha2-nistp512

  • ssh-ed25519

此外,2018 和 2020 安全政策允許 ssh-rsa

注意

請務必了解RSA金鑰類型 — 永遠是 ssh-rsa— 與RSA主機金鑰演算法之間的區別,而主機金鑰演算法可以是任何支援的演算法。

以下是每個安全政策支援的密碼編譯演算法清單。

注意

在下表和政策中,請注意下列演算法類型的使用方式。

  • SFTP 伺服器僅在 SshCiphersSshKexsSshMacs區段中使用演算法。

  • FTPS 伺服器僅在 TlsCiphers區段中使用演算法。

  • FTP 伺服器,因為它們不使用加密,所以請勿使用任何這些演算法。

安全政策 2024-01 2023-05 2022-03 2020-06 FIPS-2024 年 1 月 FIPS-2023 年 5 月 FIPS-2020 年 6 月 2018-11

SshCiphers

aes128-ctr

 

aes128-gcm@openssh.com

aes192-ctr

aes256-ctr

aes256-gcm@openssh.com

chacha20-poly1305@openssh.com

 

SshKexs

curve25519-sha256

 

 

curve25519-sha256@libssh.org

 

 

diffie-hellman-group14 軸1

 

 

 

diffie-hellman-group14-sha256

diffie-hellman-group16-sha512

diffie-hellman-group18-sha512

diffie-hellman-group-exchange-sha256

ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org
ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org
ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org

ecdh-sha2-nistp256

 

ecdh-sha2-nistp384

 

ecdh-sha2-nistp521

 

x25519-kyber-512r3-sha256-d00@amazon.com

SshMacs

hmac-sha1

 

 

 

hmac-sha1-etm@openssh.com

 

 

 

hmac-sha2-256

hmac-sha2-256-etm@openssh.com

hmac-sha2-512

hmac-sha2-512-etm@openssh.com

umac-128-etm@openssh.com

 

 

umac-128@openssh.com

 

 

umac-64-etm@openssh.com

 

 

 

umac-64@openssh.com

 

 

 

TlsCiphers

TLS_ECDHE_ECDSA_WITHAES_128_CBC_SHA256

TLS_ECDHE_ECDSA_WITHAES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITHAES_256_CBC_SHA384

TLS_ECDHE_ECDSA_WITHAES_256_GCM_SHA384

TLS_ECDHE_RSA_WITHAES_128_CBC_SHA256

TLS_ECDHE_RSA_WITHAES_128_GCM_SHA256

TLS_ECDHE_RSA_WITHAES_256_CBC_SHA384

TLS_ECDHE_RSA_WITHAES_256_GCM_SHA384

TLS_RSA_WITHAES_128_CBC_SHA256

 

 

 

 

 

TLS_RSA_WITHAES_256_CBC_SHA256

 

 

 

 

 

TransferSecurityPolicy-2024 年 1 月

下列顯示 TransferSecurityPolicy-2024-01 安全政策。

{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-2024-01",
        "SshCiphers": [
            "aes128-gcm@openssh.com",
            "aes256-gcm@openssh.com",
            "aes128-ctr",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
            "x25519-kyber-512r3-sha256-d00@amazon.com",
            "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
            "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy-2023 年 5 月

以下顯示 TransferSecurityPolicy-2023-05 安全政策。

{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-2023-05",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-512-etm@openssh.com",
            "hmac-sha2-256-etm@openssh.com"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy-2022 年 3 月

下列顯示 TransferSecurityPolicy-2022-03 安全政策。

{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2022-03",
    "SshCiphers": [
      "aes256-gcm@openssh.com",
      "aes128-gcm@openssh.com",
      "aes256-ctr",
      "aes192-ctr"
    ],
    "SshKexs": [
      "curve25519-sha256",
      "curve25519-sha256@libssh.org",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group-exchange-sha256"
    ],
    "SshMacs": [
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512",
      "hmac-sha2-256"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}

TransferSecurityPolicy-2020 年 6 月

以下顯示 TransferSecurityPolicy-2020-06 安全政策。

{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2020-06",
    "SshCiphers": [
      "chacha20-poly1305@openssh.com",
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256"
    ],
    "SshMacs": [
      "umac-128-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "umac-128@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}

TransferSecurityPolicy-2018 年 11 月

以下顯示 TransferSecurityPolicy-2018-11 安全政策。

{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2018-11",
    "SshCiphers": [
      "chacha20-poly1305@openssh.com",
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "curve25519-sha256",
      "curve25519-sha256@libssh.org",
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256",
      "diffie-hellman-group14-sha1"
    ],
    "SshMacs": [
      "umac-64-etm@openssh.com",
      "umac-128-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha1-etm@openssh.com",
      "umac-64@openssh.com",
      "umac-128@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512",
      "hmac-sha1"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
      "TLS_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_RSA_WITH_AES_256_CBC_SHA256"
    ]
  }
}

TransferSecurityPolicy-FIPS-2024 年 1 月

下列顯示 TransferSecurityPolicy-FIPS-2024-01 安全政策。

注意

FIPS 服務端點和 TransferSecurityPolicy-FIPS-2024-01 安全政策僅適用於某些 AWS 區域。如需詳細資訊,請參閱 AWS 一般參考 中的 AWS Transfer Family 端點和配額

{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2024-01",
        "SshCiphers": [
            "aes128-gcm@openssh.com",
            "aes256-gcm@openssh.com",
            "aes128-ctr",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
            "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
            "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy-FIPS-2023 年 5 月

的FIPS憑證詳細資訊 AWS Transfer Family 請參閱 https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all

以下顯示 TransferSecurityPolicy-FIPS-2023-05 安全政策。

注意

FIPS 服務端點和 TransferSecurityPolicy-FIPS-2023-05 安全政策僅適用於某些 AWS 區域。如需詳細資訊,請參閱 AWS 一般參考 中的 AWS Transfer Family 端點和配額

{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2023-05",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy-FIPS-2020 年 6 月

的FIPS憑證詳細資訊 AWS Transfer Family 請參閱 https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all

下列顯示 TransferSecurityPolicy-FIPS-2020-06 安全政策。

注意

FIPS 服務端點和 TransferSecurityPolicy-FIPS-2020-06 安全政策僅適用於某些 AWS 區域。如需詳細資訊,請參閱 AWS 一般參考 中的 AWS Transfer Family 端點和配額

{
  "SecurityPolicy": {
    "Fips": true,
    "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2020-06",
    "SshCiphers": [
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256"
    ],
    "SshMacs": [
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}

發佈 Quantum 安全政策

此表列出 Transfer Family 後量子安全政策的演算法。這些政策會在 中詳細說明搭配 使用混合後量子金鑰交換 AWS Transfer Family

政策清單遵循資料表。

安全政策 TransferSecurityPolicy-PQ-SSH-Experimental-2023-04 TransferSecurityPolicy-PQSSH-FIPS-Experimental-2023-04

SSH ciphers

aes128-ctr

 

aes128-gcm@openssh.com

aes192-ctr

aes256-ctr

aes256-gcm@openssh.com

KEXs
ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org

ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org

ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org

x25519-kyber-512r3-sha256-d00@amazon.com

 

diffie-hellman-group14-sha256

  

diffie-hellman-group16-sha512

diffie-hellman-group18-sha512

ecdh-sha2-nistp384

 

ecdh-sha2-nistp521

 

diffie-hellman-group-exchange-sha256

ecdh-sha2-nistp256

 

curve25519-sha256@libssh.org

 

curve25519-sha256

 

MACs

hmac-sha2-256-etm@openssh.com

hmac-sha2-256

hmac-sha2-512-etm@openssh.com

hmac-sha2-512

TLS ciphers

TLS_ECDHE_ECDSA_WITHAES_128_CBC_SHA256

TLS_ECDHE_ECDSA_WITHAES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITHAES_256_CBC_SHA384

TLS_ECDHE_ECDSA_WITHAES_256_GCM_SHA384

TLS_ECDHE_RSA_WITHAES_128_CBC_SHA256

TLS_ECDHE_RSA_WITHAES_128_GCM_SHA256

TLS_ECDHE_RSA_WITHAES_256_CBC_SHA384

TLS_ECDHE_RSA_WITHAES_256_GCM_SHA384

TransferSecurityPolicy-PQ-SSH-Experimental-2023-04

下列顯示 TransferSecurityPolicy-PQ-SSH-Experimental-2023-04 安全政策。

{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-PQ-SSH-Experimental-2023-04",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
            "x25519-kyber-512r3-sha256-d00@amazon.com",
            "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
            "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-512-etm@openssh.com",
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512",
            "hmac-sha2-256"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}

TransferSecurityPolicy-PQSSH-FIPS-Experimental-2023-04

以下顯示 TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04 安全政策。

{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr",
            "aes128-ctr"
        ],
        "SshKexs": [
            "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
            "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
            "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "diffie-hellman-group-exchange-sha256",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group14-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-512-etm@openssh.com",
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512",
            "hmac-sha2-256"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}