IBM Sterling Ideas

formerly Watson Supply Chain

Submit new product ideas for Watson Supply Chain solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed. Order Management, Store Engagement, Watson Order Optimizer, Inventory Visibility, CPQ and Call Center are now part of Watson Supply Chain

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Submit ideas for other Watson Customer Engagement Products:

Watson Marketing
Watson Campaign Automation
Watson Commerce

Request to disable SFTP Weak Encryption and MAC Algorithms

Our B2BI is running in IBM SoftLayer data center, base on the IBM security polices, SFTP/SSH Weak Encryption and MAC Algorithms are not allowed, we need to be able disable the following weak algorithms. The following are the weak algorithms and vulnerability ID.

Medium - [22/tcp/ssh] - SSH Weak Algorithms Supported
Vuln ID 381945 - Nessus Plugin ID 90317
The following weak server-to-client encryption algorithms are supported : arcfour arcfour128 arcfour256 The following weak client-to-server encryption algorithms are supported : arcfour arcfour128 arcfour256

Low - [22/tcp/ssh] - SSH Weak MAC Algorithms Enabled
Vuln ID 353707 - Nessus Plugin ID 71049
The following client-to-server Message Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96 The following server-to-client Message Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96

Support suggested to use NIST mode, but this limits the SFTP key size to 2048 or higher, but there are partners use 1024 keysize
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Dec 19 2017
  • Already exists
How will this idea be used?
What is your industry?
What is the idea priority? High
DeveloperWorks ID DW_ID95901
Link to original RFE
  • Attach files
  • Admin
    Ryan Wood commented
    February 13, 2018 21:52

    Thank you for participating in the idea community. We can confirm that this has been delivered. 

    Please see the following blog:

    In IBM B2B Integrator it is now possible to restrict the use of specific Ciphers, MAC(Message Authentication Code algorithm), and Key exchange algorithm in both the client and server side of the SFTP protocol:

    You can add the parameters to for example: