-
|
Hi there, the software at times is being triggered as vulnerable because of its ability to use SHA1 algorithms, Is anybody familiar with what exactly needs to be disabled were to remediate something like this? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
Hi, we need to support old hash algorithms for compatibility with old clients but you can disable the use of these algorithms if you don't have compatibility problems, they are all configurable, take a look here. If you can share your vulnerability report I can give a more precise answer but I guess this was already discussed in the past |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for this, what is the exact location of this configuration file ? |
Beta Was this translation helpful? Give feedback.
-
On Linux |
Beta Was this translation helpful? Give feedback.
-
|
Appreciate the feedback and the help, don't want to mess this up so want to ask, what exactly is the format of those line items, and is the area I should be focused on specifically the "Kex_algorithms" section? The default in the config file is as per below, so what would a "configured" output of this look like if you can give me an example, please? "kex_algorithms": [], |
Beta Was this translation helpful? Give feedback.
-
From the linked doc
so I suppose you want something like this: the configuration file is in json format by default. You need to restart the SFTPGo service to apply the change |
Beta Was this translation helpful? Give feedback.
Hi,
we need to support old hash algorithms for compatibility with old clients but you can disable the use of these algorithms if you don't have compatibility problems, they are all configurable, take a look here.
If you can share your vulnerability report I can give a more precise answer but I guess this was already discussed in the past
#661
#368
#646