FTP/S (SSL/TLS), SFTP (SSH2), HTTP/S, and AS2 (Certain protocols require optional modules and/or EFT Enterprise.)

• FTP Commands Supported by EFT

• The FTPS protocol in EFT is compliant with RFC4217, "Securing FTP with TLS."

• EFT supports SFTP versions 2, 3, 4, and 6. The outbound client defaults to version 4, and it is not configurable through the GUI, but can be configured in advanced properties. The EFT outbound client negotiates the SFTP version with the receiving server during session establishment. That is, if the receiving server only supports version 2, EFT Server will negotiate down and operate at version 2.

• SFTP hashing algorithms supported: For both FIPS and non-FIPS ciphers and algorithms, refer to SFTP FIPS.

EFT v8.0 and later use v8.1.0.0_openssh library, including OpenSSH DLLs for FIPS
EFT's SFTP library implementation is based on the latest (8.1) version of OpenSSH portable: https://github.com/PowerShell/openssh-portable, which is a fork of https://github.com/openssh/openssh-portable, which in turn is a fork of the canonical OpenSSH. EFT will be updated once the fork that EFT is using is updated to 8.2, 8.3, or newer version. Also note that the EFT implementation contains some modified OpenSSH files, modified via use of a Fedora patch, for purposes of FIPS certification when FIPS mode is enabled.

EFT v8.0.6 and later use OpenSSL v1.1.1k; EFT v8.0.4 and later use OpenSSL v1.0.2u (dated December 20, 2019), SSL.dll and SSLfips.dll; EFT v8.0.0 - v8.0.3 use OpenSSL v1.0.2t; TLSv1.2 is set by default. For best security, clear versions that you do not need enabled; do not enable SSLv3 ciphersuites (See FIPS description below.)

EFT uses the FIPS Object Module; https://csrc.nist.gov/publications/detail/fips/140/2/final; https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2839; (In addition to the validations of the OpenSSL FIPS Object Module 2.0 obtained directly by OpenSSL, third-party vendors have obtained additional "re-brand" validations of the same cryptographic module. #2939 is referenced to show all of the algorithms covered.)

• OpenSSL v1.0.2 is FIPS-certified, but does not support TLS 1.3. EFT uses v1.0.2 for SFTP in FIPS and non-FIPS mode because SFTP doesn't care about TLS version

  OpenSSL v1.1.1 has no FIPS module, but supports TLS 1.3; EFT uses it in non-FIPS mode to support TLS 1.3

Key lengths supported: 1024, 2048, 3072, and 4096 bits

x.509 base-64 standard DER encoded

Refer to the Server > Security tab for available ciphers.

Built-in, AD/NTLM, LDAP, ODBC, RADIUS, RSA SecurID®

W3C, Microsoft IIS, and NCSA

EFTv8.0.5 uses IP*Works! OpenPGP2020 v20.0 build 7525 components for secure OpenPGP messaging and advanced encryption/decryption (http://cdn.nsoftware.com/help/IGB/cpp/) and is RFC 4880 compliant.

EFT facilitates compliance with PCI DSS version 3.x.

EFT uses /n software's EDI Integrator library components, which are in the core of an application called RSSBus. RSSBus is Drummond Certified and in compliance with RFC4130. (EFT itself is not Drummond certified.) The maximum inbound file size for AS2 transfers is 20GB; there is no limit on outbound file size.

EFT v8 uses Automate Desktop v10.7.100 Build 4 Task Builder and actions

EFT supports RFC3507, sections 3.2 and 4.9. EFT supports: draft-stecher-icap-subid-00 section 4.5 and 4.6.