15 December,18 at 12:23 AM
1. Login to Admin Portal
2. Navigate to Settings > Customization > Advanced Configuration, add the following keys to reconfigure the values. Note that I provided the default set of values and pared down of values which addresses security vulnerability in our QA testing. Customer can add/remove the values as needed.
a) Key: Cps.NativeSshEncryptionAlgorithms
Default set of values when the above key is not added (these have some unsecured types) : aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,arcfour256,arcfour128,arcfour,cast128-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
Additional for pared down of values to address security vulnerability: aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
b) Key: Cps.NativeSshMacAlgorithms
Default set of values when the above key is not added (these have some unsecured types) : hmac-sha1,hmac-md5,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256-96,hmac-sha2-512-96,hmac-ripemd160-96
Additional for pared down of values to address security vulnerability:
hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160
3. After the keys are added, restart the Connectors.
Note: This feature is only available in 18.9 or newer.