IBM Sterling Ideas

formerly Watson Supply Chain

Submit new product ideas for Watson Supply Chain solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed. Order Management, Store Engagement, Watson Order Optimizer, Inventory Visibility, CPQ and Call Center are now part of Watson Supply Chain

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Submit ideas for other Watson Customer Engagement Products:

Watson Marketing
Watson Campaign Automation
Watson Commerce

Support of Diffie Hellman Algorithm- Swithcing from SHA1 to SHA2

Tyco Electronics wants to switch over to SHA2 to trade with its partners. However the product doesn't support this feature.

Not having SHA2 support in SSH handshake is preventing them to trade with their critical partners as some of their partners are enforcing Strict SHA2 support during SSH handshake. This is impacting the business with critical partners in a big way.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jun 14 2018
  • Delivered
How will this idea be used?

This is going to used by various other customers whose partners expects stricter SSH handshake

What is your industry? Electronics
What is the idea priority? High
DeveloperWorks ID
RTC ID
Link to original RFE
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    June 14, 2018 14:13

    Please add SHA2 support for SSH handshake as many of our partners are strictly enforcing SHA2 handshake during SSH handshake.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    June 15, 2018 21:20

    Several of our important partners are upgrading security standards and will not be allowing lesser algorithm than SHA2 for SSH handshake. We have been informed that we will not be able to communicate with these trading partners when the grace period runs out.

    Tyco Electronics is looking to have the capability to choose to use SHA2 when directing traffic to different partners as required. We are looking at a critical business impact if the flexibility is not available soon.

  • Admin
    Ryan Wood commented
    June 22, 2018 15:59

    Hello, thank you for particiapting in the 'Request for Enhancement' community. Your input is valued. We agree with this request and have short term plans to deliver this functionality. Fundamentally there are some stack updates required in the product before we can offer these new algorithms, however that work is well under way. Please check back here for updates and/or notify your sales account team.


    All the best,

    Ryan Wood

    Offering Manager

    Watson Customer Engagement

    woodry@us.ibm.com

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 10, 2018 13:36

    Dear Mr. Ryan,

    We had requested for SHA2 support in SSH Handshake in IBM B2B Integrator product. I also created an RFE for this. As per below email I understand it as IBM is planning this feature in future releases. I do not understand which release this feature is being planned. Just to let you know, we are on 5.2.5 release and we do not have immediate plan for upgrading to new release; at-least for the next couple of months.

    As per my knowledge the current version of Maverick jars (used for SSH functionalities) does support SHA2 handshake, that way I guess with minimal effort this feature can be provided in the current release.

    Not having SHA2 support in SSH handshake is preventing our customers to trade with some critical partners as some of their partners are enforcing strict SHA2 support during SSH handshake. This is impacting our business with critical partners in a big way. I would request you to expedite this feature implementation and provide this in the current release we are on. This will help our business in a big way.

    Thank you very much for your understanding

    Kind Regards,
    Harish

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 07, 2018 11:24

    diffie-hellman-group-exchange-sha256 key exchange mechanism is what we are critically interested in and any other associated key exchange mechanisms which supports SHA2 is most welcome.

     

    We would prefer this at the earliest due to the criticality of losing partner who are strictly enforcing SHA2 key exchange mechanisms to communicate with us using SFTP.

     

    We also request IBM to add support for SHA256 ciphers as well.

  • Admin
    Ryan Wood commented
    September 20, 2018 00:04

    Please review the 6.0 documentation as cipher support has been upgraded. Review the following documentation

    https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/integrating/integrating/integrator/SFTP_Client_Begin_Session_svc.html

    You cannot configure the SSH Key Exchange algorithms to be used with SFTP in the Sterling B2B Integrator UI. To select strong SSH Key Exchange algorithms, specify the values to be used in SSHKeyExchangeAlgList in the security.properties file. For example, SSHKeyExchangeAlgList=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1. You can verify the algorithm used in the SFTP Client Begin Session service status report.

    Sterling B2B Integrator also supports the following key exchange algorithms:
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    September 20, 2018 07:00

    Thank you very much Mr. Ryan for the update;

    Like I conveyed earlier, We are on SI 525 and we are unlikely to upgrade to SI 6.0 at the moment. We might plan to upgrade to 526 may be in next year, I am not sure at the moment.

    Do you have any plan to back port these features to SI 526 and SI525 releases ? If yes, in which Fix pack this is expected.

    Kind Regards,

    Harish

  • Admin
    Ryan Wood commented
    September 20, 2018 11:52

    There were large architecture changes required to support these ciphers. This is subject to change, however, It is our intent to back-port this stack update in an upcoming 526x FixPack (Likely 5264) by the end of the year.