EFT Specifications

This topic is intended as a quick reference of EFT specifications. The information is provided in detail in the applicable procedures.

Also below are:

Item

Description

Protocols

FTP/S (SSL/TLS), SFTP (SSH2), HTTP/S, and AS2 (Certain protocols require optional modules and/or EFT Enterprise.)

  • FTP Commands Supported by EFT

  • The FTPS protocol in EFT is compliant with RFC4217, "Securing FTP with TLS."

  • EFT supports SFTP versions 2, 3, 4, and 6. The outbound client defaults to version 4, and it is not configurable through the GUI, but can be configured in advanced properties. The EFT outbound client negotiates the SFTP version with the receiving server during session establishment. That is, if the receiving server only supports version 2, EFT Server will negotiate down and operate at version 2.

  • SFTP hashing algorithms supported: For both FIPS and non-FIPS ciphers and algorithms, refer to SFTP FIPS.

SSH version

EFT v7.4.13 uses OpenSSH v7.9

SSL version

EFT v7.4.1 - 7.4.10 use OpenSSL v1.0.2k

EFT v7.4.11 - v7.4.12 use OpenSSL v1.0.2p

EFT v7.4.13 and later use OpenSSL v1.0.2q

SSL Certificate Key lengths supported

Key lengths supported: 1024, 2048, 3072, and 4096 bits

EFT-created SSL certificates

x.509 base-64 standard DER encoded

Allowed OpenSSL ciphers for inbound transfers (HTTPS and FTPS)

Refer to the Server > Security tab for available ciphers.

Authentication types

Built-in, AD/NTLM, LDAP, ODBC, RADIUS, RSA SecurID®

Log formats

W3C, Microsoft IIS, and NCSA

OpenPGP version

EFT  uses IP*Works! OpenPGP components for secure OpenPGP messaging and advanced encryption/decryption (http://cdn.nsoftware.com/help/IGB/cpp/) and is RFC 4880 compliant.

FIPS

EFT uses the OpenSSL FIPS Object Module https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747

PCI DSS

EFT facilitates compliance with PCI DSS version 3.x.

AS2 module

EFT uses /n software's IP*Works EDI Engine, in compliance with RFC4130. The maximum inbound file size for AS2 transfers is 20GB; there is no limit on outbound file size.

Safe Operating Limits

The following is a list of EFT object types and their maximum safe operating limits. These limits were derived from numerous quality assurance tests conducted on server hardware that meets our recommended system requirements.

It may be possible to exceed these safe operational limits to a significant degree if the underlying hardware is improved; however, as objects increase, and depending on their composition and configuration, risk of adverse performance will also increase.

Globalscape will attempt to support, but cannot guarantee remedial action to hangs, crashes, or slow operations that are or appear to be a by-product of exceeding maximum safe operating limits as defined here.

If you find yourself exceeding these limits, we recommend reaching out to us. Sometimes we can recommend configurations that achieve your same business goals in a more streamlined fashion. For example, crafting a single generic event rule for handling a file upload from multiple partners, rather than one rule per partner.

Item Description

Server Groups

4

Server objects

10

Sites

25 per Server object

Settings Templates

10 per Site

users per Server object

500,000 across all Sites and Settings Templates

users per Site

500,000 across all Sites and Settings Templates

users per Settings Template

500,000 across all Sites and Settings Templates

users per Permission Group

500,000 across all Sites and Settings Templates

administration accounts

50

Permissions (VFS)

See VFS entries

Folders (VFS)

See VFS entries

VFS entries

100,000

Permission Groups

100

objects viewable from the Web Transfer Client/ Workspaces

1,000 files and folders (total)

object uploads from the Web Transfer Client/ Workspaces

100 files and folders (total) at a time

characters in a directory path

255 (limitation includes the drive letter, colon, backslash, directories, subdirectories, filename, and extension)

Event Rules

1,000 per Server object

Commands

1,000 per Server object

AWE tasks

1,000 per Server object

Number of entries in a report

1,000 per Server object

EFT and AWE Encryption Algorithms

The table below lists the encryption algorithms available in EFT and the Advanced Workflow Engine (AWE). It is up to you to determine which settings to use in your environment.

EFT            

SSL/TLS

Protocol Version

Encryption

Message Authentication Code (MAC) – Hashing algorithm

Key Exchange

Authentication

Cipher Suite Version

  • TLSv1.2

  • TLSv1.1

  • TLSv1.0

  • SSLv3

  • AESGCM (256)

  • AES (256)

  • Camellia (256)

  • AESGCM (128)

  • AES (128)

  • SEED (128)

  • Camellia (128)

  • IDEA (128)

  • RC4 (128)

  • 3DES (128)

  • EFT uses the OpenSSL FIPS Object Module

  • AHEAD

  • SHA384

  • SHA1

  • SHA256

  • MD5

  • ECDH

  • DH/DSS

  • DH

  • DH/RSA

  • ECDH/RSA

  • ECDH/ECDSA

  • RSA

  • Key lengths supported: 1024, 2048, 3072, and 4096 bits

  • RSA

  • ECDSA

  • DH

  • DSS

  • None

  • ECDH

  • TLSv1.2

  • SSLv3

SFTP

Protocol Version

Ciphers – Encryption Algorithm

Message Authentication Code (MAC) – Hashing algorithm

KEX – Key Exchange Algorithms

 

 

SFTP versions 2, 3, 4, and 6.

  • twofish256-cbc

  • aes256-cbc

  • aes256-ctr

  • twofish-cbc

  • 3des-cbc

  • aes128-cbc

  • aes128-ctr

  • cast128-cbc

  • blowfish-cbc

  • hmac-sha2-512

  • hmac-sha2-256

  • hmac-sha1

  • hmac-md5

  • hmac-sha1-96

  • hmac-md5-96

  • diffie-hellman-group16-sha512

  • diffie-hellman-group14-sha256

  • diffie-hellman-group-exchange-sha256

  • diffie-hellman-group14-sha1

  • diffie-hellman-group-exchange-sha1

  • diffie-hellman-group1-sha1

 

 

PGP

Protocol Version

Ciphers – Encryption Algorithms

Message Authentication Code (MAC) – Hashing algorithm

 

 

 

EFT uses IP*Works! OpenPGP v9 PGP libraries

  • AES256

  • AES192

  • AES128

  • Twofish

  • 3-DES

  • CAST 5

  • IDEA

  • SHA512

  • SHA384

  • SHA256

  • MD5

  • SHA1

  • RIPEMD-160

 

 

 
AWE v10            

SSL/TLS

Protocol Version

Encryption

Message Authentication Code (MAC) – Hashing algorithm

Key Exchange

Authentication

Cipher Suite Version

  • TLSv1.2

  • TLSv1.1

  • TLSv1.0

  • SSLv3

  • AES (256) - CBC

  • AES (128) - CBC

  • RC4 (128)

  • 3DES (128) – EDE - CBC

  • RC4 (128)

  • RC4 (56)

  • RC4 (40)

  • RC2 (40) - CBC

  • DES - CBC

  • DES (40) - CBC

  • SHA256

  • SHA1

  • MD5

  • DH/DSS

  • DH

  • DH/RSA

  • RSA

  • RSA

  • DSS

  • None

  • TLSv1.2

  • SSLv3

SFTP

 

Ciphers – Encryption Algorithm

Message Authentication Code (MAC) – Hashing algorithm

KEX – Key Exchange Algorithms

 

 

 

  • 3des-cbc

  • 3des-ctr

  • blowfish-cbc

  • blowfish-ctr

  • twofish256-cbc

  • twofish192-cbc

  • twofish128-cbc

  • twofish256-ctr

  • twofish192-ctr

  • twofish128-ctr

  • aes256-cbc

  • aes192-cbc

  • aes128-cbc

  • aes256-ctr

  • aes192-ctr

  • aes128-ctr

  • serpent256-cbc

  • serpent192-cbc

  • serpent128-cbc

  • serpent256-ctr

  • serpent192-ctr

  • serpent128-ctr

  • arcfour256

  • arcfour128

  • arcfour

  • IDEA-cbc

  • IDEA-ctr

  • cast128-cbc

  • cast128-ctr

  • DES

  • hmac-sha256

  • hmac-sha256-96

  • hmac-sha1

  • hmac-sha1-96

  • hmac-md5

  • hmac-md5-96

  • hmac-RIPEMD160

  • hmac-RIPEMD

  • hmac-RIPEMD_openssh

  • umac128

  • umac96

  • umac64

  • umac32

  • diffie-hellman-group-exchange-sha1

  • diffie-hellman-group1-sha1

  • diffie-hellman-group14-sha1

  • diffie-hellman-group-exchange-sha256

  • rsa1024-sha1

  • rsa2048-sha256

  • gss-group-exchange-sha1

  • gss-group1-sha1

  • gss-group14-sha1