GlobalSCAPE Knowledge Base

Configuring SFTP cipher/mac algorithms for EFT outbound connections in the registry

Karla Marsh
EFT Express (SMB) & Enterprise


  • EFT Enterprise v6.3 and later


EFT currently does not provide the ability to configure the SFTP cipher/mac algorithms for outbound connections in the administration interface. The Site-level SFTP configuration for the inbound protocols in the interface does not affect the outbound settings. The ability to configure algorithms for outbound connections is available via registry settings to enable/disable the various ciphers and macs.

The SFTP registry keys are automatically created by the ClientFTP.dll. The ClientFTP.dll writes to the registry when it finishes a transfer; therefore, you should edit the settings when there are no transfers occurring so that it loads your custom settings, and then it will save your custom settings back to the registry when it finishes the transfer. (Once ClientFTP.dll writes your custom settings to the registry, it will continue to use those settings.) You may have to run an initial outbound transfer after a clean install before the keys are created, or you can create them manually. (Again, do this when there is no outbound activity to avoid overwriting your changes.)

The registry settings reside under:

  • 32-bit Windows: HKLM\SOFTWARE\GlobalSCAPE\TED 6\Settings\SecuritySFTP2\
  • 64-bit Windows: HKLM\SOFTWARE\Wow6432Node\GlobalSCAPE\TED 6\Settings\SecuritySFTP2\

You can verify which ciphers are available by opening the registry and expanding the SecuritySFTP2 node. Setting the DWORD value to 1 enables the algorithm.

In 7.2.1 and later:

In v6.3 to 7.20:

The following snippet from the ClientFTP log file shows the output when only SFTP2_TWOFISH128 and SFTP2_MD5_96 are enabled:

STATUS:> Host key match found in certificate database -- accepted.

STATUS:> First key exchange completed

Negotiated algorithms:

kex alg: diffie-hellman-group14-sha1

host key alg: ssh-rsa

c2s encr alg: twofish128-cbc

s2c encr alg: twofish128-cbc

c2s mac alg: hmac-md5-96

s2c mac alg: hmac-md5-96

Last Modified: 2 Years Ago
Last Modified By: kmarsh
Rated 1 star based on 10 votes.
Article has been viewed 40K times.
Also In This Category