- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2017 03:12 AM
Hi team,
We have a Customer that would like to know if we updated the SFTP cyphers since ISE 2.O, they woulf like to use aeS256-ctr and ISE 2.0 does not support it :
Jul 21 09:43:08 lxpr540a sshd[4359]: fatal: no matching cipher found: client aes256-cbc,aes128-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-ctr,aes192-ctr,aes256-ctr
I found this doc but it was not updated since 2.0 : ISE Security Best Practices (Hardening)
the security team refuse to use AES-CBC due to a vulnerability "http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf"
Please could you tell me if we now support AES-CTR for SFTP ?
regards
Christophe
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2017 07:27 AM
Hi,
Based on my research, we currently don't support that cipher. We do have an enhancement request in for it.
Regards,
-Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2017 04:50 AM
There is a bug CSCux88538 that was logged as an enhancement for ISE 1.4 to support the aes-ctr ciphers but that is still open. May be worth logging a support call with Cisco.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2017 07:27 AM
Hi,
Based on my research, we currently don't support that cipher. We do have an enhancement request in for it.
Regards,
-Tim

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2017 10:30 AM
we had same problem when we tried to setup SFTP. Then we have to change the cipher to cbc till the ISE supports .........
