1. Security Guide
  2. Security Considerations
  3. Secure Protocols

Secure Protocols

SSH Protocol

Secure Shell (SSH) protocol allows secure connections between (remote) devices using public key cryptography (PKC).

Oracle Security Technology Standards-approved SSH cipher suites (key exchange, symmetric encryption, MAC, host key algorithms) are used by Enterprise Back Office products when negotiating connections to customer or third-party SFTP services.

Supported Cipher Suite

The ciphers in the table are supported in the following Enterprise Back Office product suite releases:

  • Reporting and Analytics starting from 20.1.15 release.

  • Inventory Management starting from 9.1.37 release.

New cipher additions in these releases are noted with an asterisk (*).

Category Cipher/Algorithm (Alternate) Names

Key Exchange (KEX)

  • curve25519-sha256 (curve25519-sha256@libssh.org)*

  • curve448-sha512*

  • diffie-hellman-group14-sha256*

  • diffie-hellman-group15-sha512*

  • diffie-hellman-group16-sha512*

  • diffie-hellman-group17-sha512*

  • diffie-hellman-group18-sha512*

  • ecdh-sha2-nistp256

  • ecdh-sha2-nistp384

  • ecdh-sha2-nistp521

  • diffie-hellman-group-exchange-sha256

Server Host Key Algorithms

  • ssh-ed25519 (ssh-ed25519-cert-v01@openssh.com)*

  • ecdsa-sha2-nistp384 (ecdsa-sha2-nistp384-cert-v01@openssh.com)

  • rsa-sha2-512 (rsa-sha2-512-cert-v01@openssh.com)*

  • rsa-sha2-256 (rsa-sha2-256-cert-v01@openssh.com)*

  • ecdsa-sha2-nistp256 (ecdsa-sha2-nistp256-cert-v01@openssh.com)

  • ecdsa-sha2-nistp521 (ecdsa-sha2-nistp521-cert-v01@openssh.com)

Symmetric Encryption

  • chacha20-poly1305@openssh.com*

  • aes256-gcm (aes256-gcm@openssh.com)*

  • aes128-gcm (aes128-gcm@openssh.com)*

  • aes256ctr

  • aes192ctr

  • aes128ctr

Message Authentication Code (MAC)

  • hmac-sha2-512-etm@openssh.com*

  • hmac-sha2-256-etm@openssh.com*

  • hmac-sha2-512*

  • hmac-sha2-256*

Weak, Deprecated Cipher Suites

The table includes weak or deprecated ciphers that were supported in the following Enterprise Back Office product suite releases:

  • Reporting and Analytics releases from 20.1 to 20.1.14

  • Inventory Management releases from 9.1 to 9.1.36

These ciphers will not be supported in future releases.

Category Cipher/Algorithm (Alternate) Names

Key Exchange (KEX)

  • diffie-hellman-group1-sha1

  • diffie-hellman-group14-sha1

  • diffie-hellman-group-exchange-sha1

Server Host Key Algorithms

  • ssh-rsa (ssh-rsa-cert-v01@openssh.com)

  • ssh-dss

Symmetric Encryption

  • aes128-cbc

  • aes192-cbc

  • aes256-cbc

  • blowfish-cbc

  • 3des-cbc

  • 3des-ctr

  • arcfour

  • arcfour128

  • arcfour256

Message Authentication Code (MAC)

  • hmac-md5

  • hmac-sha1-etm@openssh.com

  • hmac-sha1

  • hmac-md5-96

  • hmac-sha1-96

Parent topic: Security Considerations