FTP/S (SSL/TLS), SFTP (SSH2), HTTP/S, and AS2 (Certain protocols other than FTP require optional modules.)

• FTP Commands Supported by EFT

• The FTPS protocol in EFT is compliant with RFC4217, "Securing FTP with TLS."

• EFT supports SFTP versions 2, 3, 4, and 6. The outbound client defaults to version 4, and it is not configurable through the GUI, but can be configured in advanced properties. The EFT outbound client negotiates the SFTP version with the receiving server during session establishment. That is, if the receiving server only supports version 2, EFT Server will negotiate down and operate at version 2.

• SFTP hashing algorithms supported: For both FIPS and non-FIPS ciphers and algorithms, refer to SFTP FIPS.

EFT v8.0 and later use v8.1.0.0_openssh library, including OpenSSH DLLs for FIPS
The EFT SFTP library implementation is based on the latest (8.1) version of OpenSSH portable: https://github.com/PowerShell/openssh-portable, which is a fork of https://github.com/openssh/openssh-portable, which in turn is a fork of the canonical OpenSSH. EFT will be updated once the fork that EFT is using is updated to 8.2, 8.3, or newer version. Also note that the EFT implementation contains some modified OpenSSH files, modified via use of a Fedora patch, for purposes of FIPS certification when FIPS mode is enabled.

• EFT v8.1.0.14 uses OpenSSL v1.1.1t for SAML; everything else SSL-related (except FIPS) uses OpenSSL v1.1.1o;

• EFT v8.0.6 - 8.0.7 use OpenSSL v1.1.1k;

• EFT v8.0.4 - 8.0.5 use OpenSSL v1.0.2u (dated December 20, 2019), SSL.dll and SSLfips.dll;

• EFT v8.0.0 - v8.0.3 use OpenSSL v1.0.2t; TLSv1.2 is set by default.

For best security, clear versions that you do not need enabled; do not enable SSLv3 ciphersuites

Refer to FIPS below for the OpenSSL version used for FIPS.

EFT uses the FIPS Object Module; (In addition to the validations of the OpenSSL FIPS Object Module 2.0 obtained directly by OpenSSL, third-party vendors have obtained additional "re-brand" validations of the same cryptographic module.)

• OpenSSL v1.0.2 is FIPS-certified, but does not support TLS 1.3. EFT uses v1.0.2 for SFTP in FIPS and non-FIPS mode because SFTP doesn't care about TLS version

  OpenSSL v1.1.1 has no FIPS module, but supports TLS 1.3; EFT uses it in non-FIPS mode to support TLS 1.3

Key lengths supported: 1024, 2048, 3072, and 4096 bits

x.509 base-64 standard DER encoded

Refer to the Server > Security tab for available ciphers.

Built-in, AD/NTLM, LDAP, ODBC, RADIUS, RSA SecurID®

W3C, Microsoft IIS, and NCSA

EFTv8.10.5 uses IPWorks OpenPGP 2020 v20.0.8136 from /n Software for secure OpenPGP messaging and advanced encryption and decryption (http://cdn.nsoftware.com/help/IGB/cpp/) and is RFC 4880 compliant.

EFT facilitates compliance with PCI DSS version 3.x.

EFT uses /n software's EDI Integrator library components, which are in the core of an application called RSSBus. RSSBus is Drummond Certified and in compliance with RFC4130. (EFT itself is not Drummond certified.) The maximum inbound file size for AS2 transfers is 20GB; there is no limit on outbound file size.

EFT v8 uses Automate Desktop v10.7.100 Build 4 Task Builder and actions

• EFT supports RFC3507, sections 3.2 and 4.9. EFT supports: draft-stecher-icap-subid-00 section 4.5 and 4.6.

• Microsoft .NET Framework 4.0