For whatever reason I never not get their reply, otherwise I would of replied.
Here's the thing about SBB, unless you explicitly disable a cipher/hmac/kex/etc its most likely allowed by default.
I installed FileCOPA on a VM to show you what I mean, Using the the default configuration with no changes
Below is the handshake info sent from the FileCOPA server to the client.
Cipher list:
3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,des-cbc,arcfour128,arcfour256
MAC list:
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@openssh.com,hmac-sha256@ssh.com,hmac-sha256-96@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,aes128-gcm,aes256-gcm
Now the FileCOPA server is indicating to the client that it supports (via the MAC) aes128-gsm and aes256-gsm, now because gsm ciphers are implicit this also means the cipher is supported too, the way this is handled could also be a bug in SBB too but I am not sure.
But based on this logic SBB comes to the conclusion that aes128-gsm and aes256-gsm are in fact supported.
|