Algorithms for SSH/SFTP in Standard Mode and FIPS Mode
- Last Updated: April 10, 2026
- 1 minute read
- MOVEit Automation
- Version 2024.1
- Version 2024
- Documentation
MOVEit Automation supports different sets of cryptographic algorithms depending on whether the application is running with FIPS mode enabled or disabled.
When FIPS mode is enabled, MOVEit Automation restricts cryptographic operations for SSH/SFTP connections to algorithms that comply with FIPS 140‑2 requirements.
The following tables list the cryptographic algorithms available for SSH/SFTP connections in standard mode and FIPS mode.
|
Algorithm |
Standard mode |
FIPS mode |
|---|---|---|
|
curve25519-sha256 |
Y |
N |
|
curve25519-sha256@libssh.org |
Y |
N |
|
diffie-hellman-group-exchange-sha256 |
Y |
Y |
|
diffie-hellman-group14-sha256 |
Y |
N |
|
diffie-hellman-group16-sha512 |
Y |
N |
|
diffie-hellman-group18-sha512 |
Y |
N |
|
ecdh-sha2-nistp256 |
Y |
Y |
|
ecdh-sha2-nistp384 |
Y |
Y |
|
ecdh-sha2-nistp521 |
Y |
Y |
|
diffie-hellman-group-exchange-sha1 |
Y |
Y |
|
diffie-hellman-group14-sha1 |
Y |
Y |
|
diffie-hellman-group1-sha1 |
Y |
Y |
|
gss-group14-sha256 |
Y |
N |
|
gss-group16-sha512 |
Y |
N |
|
gss-nistp256-sha256 |
Y |
N |
|
gss-curve25519-sha256 |
Y |
N |
|
gss-group14-sha1 |
Y |
N |
|
gss-gex-sha1 |
Y |
N |
|
Algorithm |
Standard mode |
FIPS mode |
|---|---|---|
|
aes256-ctr |
Y |
Y |
|
aes256-cbc |
N |
N |
|
aes192-ctr |
Y |
Y |
|
aes192-cbc |
N |
N |
|
aes128-ctr |
Y |
Y |
|
aes128-cbc |
N |
N |
|
3des-ctr |
Y |
N |
|
3des-cbc |
N |
N |
|
cast128-cbc |
N |
N |
|
blowfish-cbc |
N |
N |
|
arcfour |
N |
N |
|
arcfour128 |
N |
N |
|
arcfour256 |
N |
N |
|
aes256-gcm@openssh.com |
Y |
Y |
|
aes128-gcm@openssh.com |
Y |
Y |
|
chacha20-poly1305@openssh.com |
Y |
N |
|
Algorithm |
Standard mode |
FIPS mode |
|---|---|---|
|
hmac-sha1 |
Y |
Y |
|
hmac-md5 |
Y |
N |
|
hmac-sha1-96 |
Y |
Y |
|
hmac-md5-96 |
Y |
N |
|
hmac-sha2-256 |
Y |
Y |
|
hmac-sha2-256-96 |
Y |
Y |
|
hmac-sha2-512 |
Y |
Y |
|
hmac-sha2-512-96 |
Y |
Y |
|
hmac-ripemd160 |
Y |
N |
|
hmac-ripemd160-96 |
Y |
N |
|
hmac-sha2-256-etm@openssh.com |
Y |
Y |
|
hmac-sha2-512-etm@openssh.com |
Y |
Y |
|
hmac-sha2-256-96-etm@openssh.com |
N |
Y |
|
hmac-sha2-512-96-etm@openssh.com |
N |
Y |
|
umac-64@openssh.com |
Y |
N |
|
umac-64-etm@openssh.com |
Y |
N |
|
umac-128@openssh.com |
Y |
N |
|
umac-128-etm@openssh.com |
Y |
N |
|
Algorithm |
Standard mode |
FIPS mode |
|---|---|---|
|
ssh-ed25519 |
Y |
N |
|
ecdsa-sha2-nistp256 |
Y |
Y |
|
ecdsa-sha2-nistp384 |
Y |
Y |
|
ecdsa-sha2-nistp521 |
Y |
Y |
|
rsa-sha2-256 |
Y |
Y |
|
rsa-sha2-512 |
Y |
Y |
|
ssh-rsa |
Y |
Y |
|
ssh-dss |
Y |
Y |
|
x509v3-sign-rsa |
Y |
Y |
|
x509v3-sign-dss |
Y |
Y |
|
Algorithm |
Standard mode |
FIPS mode |
|---|---|---|
|
ssh-rsa |
Y |
Y |
|
rsa-sha2-256 |
Y |
Y |
|
rsa-sha2-512 |
Y |
Y |
|
ssh-dss |
Y |
Y |
|
ecdsa-sha2-nistp256 |
Y |
Y |
|
ecdsa-sha2-nistp384 |
Y |
Y |
|
ecdsa-sha2-nistp521 |
Y |
Y |
|
ssh-ed25519 |
Y |
N |
|
x509v3-sign-rsa |
N |
N |
|
x509v3-sign-dss |
N |
N |