IBM Sterling Ideas

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed.

IBM is transforming its request for enhancement (RFE) process. The purpose of the transformation is to provide a more consistent experience for you to submit requests and to enable IBM product owners to respond to your requests more quickly. For more information click here.

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Support of Diffie Hellman Algorithm- Swithcing from SHA1 to SHA2

Tyco Electronics wants to switch over to SHA2 to trade with its partners. However the product doesn't support this feature.

Not having SHA2 support in SSH handshake is preventing them to trade with their critical partners as some of their partners are enforcing Strict SHA2 support during SSH handshake. This is impacting the business with critical partners in a big way.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jun 14 2018
  • Delivered
How will this idea be used?

This is going to used by various other customers whose partners expects stricter SSH handshake

What is your industry? Electronics
What is the idea priority? High
  • Attach files
  • Admin
    Ryan Wood commented
    20 Sep, 2018 11:52am

    There were large architecture changes required to support these ciphers. This is subject to change, however, It is our intent to back-port this stack update in an upcoming 526x FixPack (Likely 5264) by the end of the year. 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    20 Sep, 2018 07:00am

    Thank you very much Mr. Ryan for the update;

    Like I conveyed earlier, We are on SI 525 and we are unlikely to upgrade to SI 6.0 at the moment. We might plan to upgrade to 526 may be in next year, I am not sure at the moment.

    Do you have any plan to back port these features to SI 526 and SI525 releases ? If yes, in which Fix pack this is expected.

    Kind Regards,


  • Admin
    Ryan Wood commented
    20 Sep, 2018 12:04am

    Please review the 6.0 documentation as cipher support has been upgraded. Review the following documentation

    You cannot configure the SSH Key Exchange algorithms to be used with SFTP in the Sterling B2B Integrator UI. To select strong SSH Key Exchange algorithms, specify the values to be used in SSHKeyExchangeAlgList in the file. For example, SSHKeyExchangeAlgList=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1. You can verify the algorithm used in the SFTP Client Begin Session service status report.

    Sterling B2B Integrator also supports the following key exchange algorithms:
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    7 Aug, 2018 11:24am

    diffie-hellman-group-exchange-sha256 key exchange mechanism is what we are critically interested in and any other associated key exchange mechanisms which supports SHA2 is most welcome.


    We would prefer this at the earliest due to the criticality of losing partner who are strictly enforcing SHA2 key exchange mechanisms to communicate with us using SFTP.


    We also request IBM to add support for SHA256 ciphers as well.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    10 Jul, 2018 01:36pm

    Dear Mr. Ryan,

    We had requested for SHA2 support in SSH Handshake in IBM B2B Integrator product. I also created an RFE for this. As per below email I understand it as IBM is planning this feature in future releases. I do not understand which release this feature is being planned. Just to let you know, we are on 5.2.5 release and we do not have immediate plan for upgrading to new release; at-least for the next couple of months.

    As per my knowledge the current version of Maverick jars (used for SSH functionalities) does support SHA2 handshake, that way I guess with minimal effort this feature can be provided in the current release.

    Not having SHA2 support in SSH handshake is preventing our customers to trade with some critical partners as some of their partners are enforcing strict SHA2 support during SSH handshake. This is impacting our business with critical partners in a big way. I would request you to expedite this feature implementation and provide this in the current release we are on. This will help our business in a big way.

    Thank you very much for your understanding

    Kind Regards,

  • Admin
    Ryan Wood commented
    22 Jun, 2018 03:59pm

    Hello, thank you for particiapting in the 'Request for Enhancement' community. Your input is valued. We agree with this request and have short term plans to deliver this functionality. Fundamentally there are some stack updates required in the product before we can offer these new algorithms, however that work is well under way. Please check back here for updates and/or notify your sales account team.

    All the best,

    Ryan Wood

    Offering Manager

    Watson Customer Engagement

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    15 Jun, 2018 09:20pm

    Several of our important partners are upgrading security standards and will not be allowing lesser algorithm than SHA2 for SSH handshake. We have been informed that we will not be able to communicate with these trading partners when the grace period runs out.

    Tyco Electronics is looking to have the capability to choose to use SHA2 when directing traffic to different partners as required. We are looking at a critical business impact if the flexibility is not available soon.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    14 Jun, 2018 02:13pm

    Please add SHA2 support for SSH handshake as many of our partners are strictly enforcing SHA2 handshake during SSH handshake.