Categories
Prioritise Stronger Encryption Connection Over Weaker Encryption Connection
Organization Name (Required - If you are an Oracle Partner, please provide the organization you are logging the idea on behalf of):
Standard Life
Description (Required):
Oracle HCM BI SFTP client is connecting to the on-premises server with an insecure encryption standard.
The standard is a key exchange algorithm called diffie-hellman-group14-sha1. There are known vulnerabilities with the SHA1, so our internal security standards classify it as “Not Approved”, which is in-line with the industry as a whole.
Instead, Oracle SFTP needs to support one of these algorithms, which all use SHA2+ and not SHA1:
diffie-hellman-group18-sha512
diffie-hellman-group17-sha512
diffie-hellman-group16-sha512
diffie-hellman-group14-sha256
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
rsa2048-sha256
Use Case and Business Need (Required):
Oracle HCM BI SFTP server configuration should have prioritisation of encryption algorithm in following order -
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
diffie-hellman-group-exchange-sha1
Currently, the prioritisation seems to be in following order -
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
Enhancement Request / Service Request:
SR 3-28524533651