...
Step 1 | Edit the UDMG Server configuration file and set the AllowLegacyCiphers parameter to true: [sftp] | ||
---|---|---|---|
Step 2 | Restart the UDMG Server service. The legacy ciphers are now globally allowed but not used by default. | ||
Step 3 | Login to UDMG Admin UI and navigate to Management > Partners | ||
Step 4 | Select the partner rebex from Tutorial - Creating an SFTP Partner | ||
Step 5 | With a specific tool or with the verbose mode of sftp client, check what are the algorithm that the remote partner is supporting for cipher algorithms. For example, with a linux sftp (OpenSSH_7.4p1):
This shows that several algorithms are supported for each category and especially the legacy cipher 'aes128-cbc'. | ||
Step 6 | On the UDMG Server panel, click on the Configuration tab. The gray dot on the tab shows that configuration is still the default, all available algorithms are supported by the server and proposed to the clients.
| ||
Step 7 | Click Save and Confirm. | ||
Step 8 | The partner configuration is updated, The green dot on the tab shows that the configuration is customized. | ||
Perform a file download, for instance here with the command line client.
By checking the result after the completion with the get command, the transfer info metadata shows which encryption algorithm was configured on the client side (udmg_sftp_config_ciphers) and which algorithms were negotiated with the server (udmg_sftp_read_algos and udmg_sftp_write_algos. This confirm that the legacy cipher was used. This is also displayed on the Admin UI Transfer Details: |
...