Setting FTP and SFTP Ciphers and Hashes

You can set the supported ciphers and hashes by editing the web.xml file.

1. To view a list of the ciphers that TIBCO MFT Internet Server supports in your environment, navigate to your web server’s standard out log, stdout.log located in the MFTIS_Install/server/logs directory.
   Note: On Windows installations that have not set up the automatic start, the standard out messages are written to your MFT server command prompt window being used as your console. If you are using a UNIX system, the message is written to the catalina.out log.
   1. Start the MFT FTP or SSH servers if they are not already running.
      For information on starting and stopping the MFT FTP/SSH servers, see TIBCO Managed File Transfer Internet Server User's' Guide.
   2. Go to your web server standard output log and open it with any available text editor.
   3. Search for one of the following text strings:

      i. FTP Server – supported ciphers
      ii. SSH Server – supported ciphers
      iii. SSH Server – supported hash

2. By default, TIBCO MFT Internet Server supports all ciphers contained in the log file. Once you have viewed the supported ciphers listed in your log file, you can limit which ciphers or hash algorithms are used by TIBCO MFT Internet Server by performing the following steps:
   1. Stop your application server.
   2. Navigate to this directory: MFTIS_Install/server/webapps/cfcc/WEB-INF/.
   3. Open the web.xml file using any available text editor.
   4. At the top of the file, you will see the following parameters sections:

      <context-param>
                      <param-name>TLSCipherSuite</param-name>
                      <param-value/>
              </context-param>
              
              <context-param>
                      <param-name>SSHCipherSuite</param-name>
                      <param-value/>
              </context-param>
      
              <context-param>
                      <param-name>SSHDigestSuite</param-name>
                      <param-value/>
              </context-param>
      

      The following example limits the ciphers and hash algorithms that will be used by TIBCO MFT Internet Server. Multiple ciphers and hash algorithms can defined by separating each ciphers or hash algorithms with a comma:

      <context-param>
                      <param-name>TLSCipherSuite</param-name>
                      <param-value>SSL_RSA_WITH_AES_128_CBC_SHA, 
      SSL_RSA_WITH_AES_256_CBC_SHA</param-value>
              </context-param>
              
              <context-param>
                      <param-name>SSHCipherSuite</param-name>
                      <param-value>aes192-cbc,aes256-cbc</param-value>
              </context-param>
      
              <context-param>
                      <param-name>SSHDigestSuite</param-name>
                      <param-value>hmac-sha1</param-value>
              </context-param>
      

3. Restart your application server.