Filter by Category

SHA-2 and TLS Security for AS2 Transfers

2016 is a pivotal year for organizations to upgrade the security used to protect their AS2 data transfers. In order to be compliant with the latest security standards, you need to be using a modern AS2 solution.

The End of SHA-1

SHA-1 (Secure Hash Algorithm) is a cryptographic hash algorithm created by the NSA and published in 1995. SHA-1 takes a message of any length and produces a 160-bit message digest. The message digest verifies the integrity of the message by comparing the hash that was calculated before and after message transmission. For example, the hash of a transmitted file is compared against the hash of the file before it was sent. If the hash values are the same, the file was not tampered with. If the hash values are different, the file was altered during transmission. In 2005, attacks have demonstrated the security in SHA-1 is weaker than intended, and a more secure SHA-2 standard was created. SHA-2 is actually a family of hash functions with hash values of 224, 256, 384, or 512 bits. Due to the stronger hash algorithms in SHA-2, Federal agencies have been directed to stop using SHA-1 and must use SHA-2. 2016 is the year software vendors are completing their migration to SHA-2. Google Chrome has begun displaying warning messages for SHA-1 certificates with expiration dates past January 1, 2016, and Microsoft instructed Certificate Authorities to stop issuing SHA-1 certificates earlier this year. Major organizations, like UPS, are requiring their AS2 trading partners to use SHA-2.

TLS

Transport Layer Security is a protocol that encrypts communications between client applications and servers. TLS is the successor to the Secure Sockets Layer (SSL) protocol version 3.0, and uses more advanced methods for message authentication, better alerting for problem certificates, and more robust cipher suites. After the POODLE vulnerability was discovered in late 2014, companies that are still using SSL instead of TLS are leaving themselves open to man-in-the-middle exploits. Google and Mozilla have already phased out the support of SSL 3.0 in Chrome and Firefox, and trading partners are demanding companies support TLS for AS2 transfers.

SHA-2 and TLS migration

GoAnywhere MFT fully supports SHA-2 and TLS for AS2 transfers. GoAnywhere is certified by the Drummond Group to validate our AS2 solution follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and ensures your transfers fully meet the latest security standards. For more information on AS2 support in GoAnywhere MFT, visit the pages on our AS2 Client and AS2 Server.

Latest Posts


Should You Use a File Sharing App?

November 12, 2019

Should You Use a File Sharing App?File sharing apps like Dropbox and Google Drive certainly have their appeal. They are user-friendly, often free, and do the job of getting information from one user…


File Transfers: Do Them the Right Way

November 7, 2019

File Transfer Done Right When it comes to transferring information such as patient files or legal files from point A to point B, you’ve got options. Lots of options. However, not all file transfers…


7 Essential Resources on PCI DSS Security

November 5, 2019

Note from the Editor: This article was originally published in February 2017. It has been updated with resources current to PCI DSS version 3.2.1. Did you know that 80% of…


How Can an EDI Solution Simplify Business Processes?

November 1, 2019

What is EDI? Electronic Data Interchange (EDI) is a flat file format or technology that B2B trading partners use to send and receive business transactions. It’s a straightforward and secure…


We're Emotional - About Ranking #1 in Info-Tech's Newest Report

October 30, 2019

We’ve Caught the Feels We’re emotional, it’s true. Info-Tech's latest results are in for their Managed File Transfer Emotional Footprint Report! Out of nearly 40 vendors evaluated and 580…