Use the Encryption page of the SSH Tectia Server Configuration
tool to specify which encryption algorithms (ciphers) and message
authentication codes (MAC) are to be used, and how frequently key exchange
should be performed. Also the file used to generate randomness can be
Figure : Defining the encryption settings
Select the ciphers to use for encrypting the session, either by
selecting one from the drop-down menu, or by typing a list of
supported ciphers, separated by commas.
Possible cipher values are the following:
AnyCipher: Any available cipher
(instead of none) can be used.
AnyStdCipher: Allows only standard
ciphers, i.e. those ciphers mentioned in the IETF-SecSh-draft
(excluding none). This is the default
- aes128: Use 128-bit Advanced Encryption Standard encryption.
- aes192: Use 192-bit Advanced Encryption Standard encryption.
- aes256: Use 256-bit Advanced Encryption Standard encryption.
- 3des: Use 3DES encryption.
- blowfish: Use Blowfish encryption.
- twofish: Use Twofish encryption.
- arcfour: Use Arcfour encryption.
- cast: Use CAST-128 encryption.
- seed: Use SEED encryption.
- des: Use DES encryption. DES is generally considered a very
weak cipher, and its use is not recommended. It is offered as a fallback
- none: Do not use encryption. Use this option for testing
In the FIPS mode, the following ciphers are supported:
Select the desired message authentication code (MAC) algorithm
to use for data integrity verification. Select a single value
from the drop-down menu, or type in a list of supported MACs,
separated by commas.
Possible MAC values are the following:
AnyMac: Any available MAC (instead of
none) can be used.
AnyStdMac: Allows only standard MACs,
i.e. those MACs that are mentioned in the IETF-SecSh-draft (excluding
none). This is the default value.
- hmac-sha1: Use the hmac-sha1 MAC.
- hmac-md5: Use the hmac-md5 MAC.
- none: Do not use MAC.
In the FIPS mode, only hmac-sha1 is supported.
Rekey interval (seconds)
Specify the number of seconds after which key exchange is
performed again. A value of
0 (zero) turns rekey
requests off. (However, this does not prevent the client from
The default value is 0 seconds (meaning that rekey requests are
not used). Please note that all clients do not support this
Random seed file
Click the button on the right-hand side of the text field to
change the file to be used as random seed. The Select File
dialog appears, allowing you to specify the desired file. You
can also type the path and filename directly in the text
The default random seed file is
, located in the
SSH Tectia Server can be operated in FIPS mode, using a version of the
cryptographic library that has been validated according to the Federal
Information Processing Standard (FIPS) 140-2. In this mode the cryptographic
operations are performed according to the rules of the FIPS 140-2 standard.
The software uses standard libraries by default - the FIPS 140-2 validated libraries
are available separately. If the FIPS-certified cryptographic library has been
installed, SSH Tectia Server will detect and use it automatically.
For a list of platforms on which the FIPS library has been validated or
tested, see SSH Tectia Client/Server Product Description.
Select the Enable FIPS Mode check box to use the FIPS-certified version
of the SSH cryptographic library.
Note: The system does not actually check whether the FIPS-certified
version of the library has been installed.
[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.