If the symmetric key is known by a 3rd party, the strength of symmetric encryption is irrelevant.
Weaknesses in TLS and ssh are not around the symmetric ciphers. They are around the handshakes that establish the symmetric key. I consider ssh key exchange weaker than TLS because it doesn’t use a PKI. The public-private key pairs never expire and are under end user control, as are the algorithms for symmetric key exchange. Further, there’s no equivalent of “certificate validation.” But that’s a general weakness. Look at the IBM Z Security Portal for information about z/OS ssh, just as you would for any other vulnerabilities. Regards, Alan Altmark IBM > On Apr 14, 2020, at 5:11 AM, Joe Monk <joemon...@gmail.com> wrote: > > SFTP is FTP over SSH. FTP/S is FTP over SSL. > > SSH can use AES256-CBC ciphers. Why do you consider it insecure? > > Joe > >> On Tue, Apr 14, 2020 at 3:57 AM Peter <dbajava...@gmail.com> wrote: >> >> Hello >> >> If am correct SFTP doesn't follow TLS and has it own cryptography >> algorithm. >> >> Are there any known vulnerability for SFTP in redhat ? Or there any extra >> layer of security that can hardened on sftp apart from certificate based >> logon ? >> >> Peter >> >> ---------------------------------------------------------------------- >> For LINUX-390 subscribe / signoff / archive access instructions, >> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or >> visit >> https://urldefense.proofpoint.com/v2/url?u=http-3A__www2.marist.edu_htbin_wlvindex-3FLINUX-2D390&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=XX3LPhXj6Fv4hkzdpbonTd1gcy88ea-vqLQGEWWoD4M&m=Hu40JiisouNgB2GUAmlHyOPrevBppZmOD7n2tUCSHzk&s=c-Af5JAKgc2avGZLKv34Du7jLyY7BwKKj5gRsDlk6k8&e= >> > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > https://urldefense.proofpoint.com/v2/url?u=http-3A__www2.marist.edu_htbin_wlvindex-3FLINUX-2D390&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=XX3LPhXj6Fv4hkzdpbonTd1gcy88ea-vqLQGEWWoD4M&m=Hu40JiisouNgB2GUAmlHyOPrevBppZmOD7n2tUCSHzk&s=c-Af5JAKgc2avGZLKv34Du7jLyY7BwKKj5gRsDlk6k8&e= > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
