Supported FTPS algorithms
Buru SFTP Server supports the following TLS/SSL algorithms for FTPS connections. Unlike SSH algorithms, the selection of FTPS algorithms is not configurable. For FTP/FTPS endpoint configuration, see Enable FTP/FTPS.
- TLS 1.2
- TLS 1.1 (deprecated)
- TLS 1.0 (deprecated)
| RSA certificate, RSA key exchange | Encryption | MAC |
|---|
RSA_WITH_AES_128_GCM_SHA256 | AES/GCM | AEAD |
RSA_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD |
RSA_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 |
RSA_WITH_AES_256_CBC_SHA256 | AES/CBC | SHA-256 |
RSA_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 |
RSA_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 |
RSA_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 |
RSA_WITH_DES_CBC_SHA | DES/CBC | SHA-1 |
RSA_WITH_RC4_128_MD5 | RC4 | MD5 |
RSA_WITH_RC4_128_SHA | RC4 | SHA-1 |
RSA_EXPORT_WITH_RC4_40_MD5 | RC4 | MD5 |
RSA_EXPORT_WITH_RC2_CBC_40_MD5 | RC2/CBC | MD5 |
RSA_EXPORT_WITH_DES40_CBC_SHA | DES/CBC | SHA-1 |
RSA_EXPORT1024_WITH_DES_CBC_SHA | DES/CBC | SHA-1 |
RSA_EXPORT1024_WITH_RC4_56_SHA | RC4 | SHA-1 |
| RSA certificate, ECDHE key exchange | Encryption | MAC |
|---|
ECDHE_RSA_WITH_AES_128_GCM_SHA256 | AES/GCM | AEAD |
ECDHE_RSA_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD |
ECDHE_RSA_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 |
ECDHE_RSA_WITH_AES_256_CBC_SHA384 | AES/CBC | SHA-384 |
ECDHE_RSA_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 |
ECDHE_RSA_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 |
ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 |
ECDHE_RSA_WITH_RC4_128_SHA | RC4 | SHA-1 |
| ECDSA certificate, ECDHE key exchange | Encryption | MAC |
|---|
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | AES/GCM | AEAD |
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD |
ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 |
ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | AES/CBC | SHA-384 |
ECDHE_ECDSA_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 |
ECDHE_ECDSA_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 |
ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 |
ECDHE_ECDSA_WITH_RC4_128_SHA | RC4 | SHA-1 |
| RSA certificate, DHE key exchange | Encryption | MAC |
|---|
DHE_RSA_WITH_AES_128_GCM_SHA256 | AES/GCM | AEAD |
DHE_RSA_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD |
DHE_RSA_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 |
DHE_RSA_WITH_AES_256_CBC_SHA256 | AES/CBC | SHA-256 |
DHE_RSA_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 |
DHE_RSA_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 |
DHE_RSA_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 |
DHE_RSA_WITH_DES_CBC_SHA | DES/CBC | SHA-1 |
DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | DES/CBC | SHA-1 |
| DSS certificate, DHE key exchange | Encryption | MAC |
|---|
DHE_DSS_WITH_AES_128_GCM_SHA256 | AES/GCM | AEAD |
DHE_DSS_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD |
DHE_DSS_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 |
DHE_DSS_WITH_AES_256_CBC_SHA256 | AES/CBC | SHA-256 |
DHE_DSS_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 |
DHE_DSS_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 |
DHE_DSS_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 |
DHE_DSS_WITH_DES_CBC_SHA | DES/CBC | SHA-1 |
DHE_DSS_WITH_RC4_128_SHA | RC4 | SHA-1 |
DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | DES/CBC | SHA-1 |
DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA | DES/CBC | SHA-1 |
DHE_DSS_EXPORT1024_WITH_RC4_56_SHA | RC4 | SHA-1 |
| Anonymous, DHE key exchange (no certificate) | Encryption | MAC |
|---|
DH_anon_WITH_AES_256_CBC_SHA256 | AES/CBC | SHA-256 |
DH_anon_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 |
DH_anon_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 |
DH_anon_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 |
DH_anon_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 |
DH_anon_WITH_DES_CBC_SHA | DES/CBC | SHA-1 |
DH_anon_WITH_RC4_128_MD5 | RC4 | MD5 |
Buru supports the Server Name Indication (SNI) extension and the Renegotiation Indication extension.
Elliptic curves used by ECDHE cipher suites:
| Curve ID | Curve Name |
|---|
NistP256 | NIST P-256 |
NistP384 | NIST P-384 |
NistP521 | NIST P-521 |
BrainpoolP256R1 | Brainpool P-256 R1 |
BrainpoolP384R1 | Brainpool P-384 R1 |
BrainpoolP512R1 | Brainpool P-512 R1 |
Curve25519 | X25519 |
