Filter by Category

SHA-2 and TLS Security for AS2 Transfers

2016 is a pivotal year for organizations to upgrade the security used to protect their AS2 data transfers. In order to be compliant with the latest security standards, you need to be using a modern AS2 solution.

The End of SHA-1

SHA-1 (Secure Hash Algorithm) is a cryptographic hash algorithm created by the NSA and published in 1995. SHA-1 takes a message of any length and produces a 160-bit message digest. The message digest verifies the integrity of the message by comparing the hash that was calculated before and after message transmission. For example, the hash of a transmitted file is compared against the hash of the file before it was sent. If the hash values are the same, the file was not tampered with. If the hash values are different, the file was altered during transmission. In 2005, attacks have demonstrated the security in SHA-1 is weaker than intended, and a more secure SHA-2 standard was created. SHA-2 is actually a family of hash functions with hash values of 224, 256, 384, or 512 bits. Due to the stronger hash algorithms in SHA-2, Federal agencies have been directed to stop using SHA-1 and must use SHA-2. 2016 is the year software vendors are completing their migration to SHA-2. Google Chrome has begun displaying warning messages for SHA-1 certificates with expiration dates past January 1, 2016, and Microsoft instructed Certificate Authorities to stop issuing SHA-1 certificates earlier this year. Major organizations, like UPS, are requiring their AS2 trading partners to use SHA-2.

TLS

Transport Layer Security is a protocol that encrypts communications between client applications and servers. TLS is the successor to the Secure Sockets Layer (SSL) protocol version 3.0, and uses more advanced methods for message authentication, better alerting for problem certificates, and more robust cipher suites. After the POODLE vulnerability was discovered in late 2014, companies that are still using SSL instead of TLS are leaving themselves open to man-in-the-middle exploits. Google and Mozilla have already phased out the support of SSL 3.0 in Chrome and Firefox, and trading partners are demanding companies support TLS for AS2 transfers.

SHA-2 and TLS migration

GoAnywhere MFT fully supports SHA-2 and TLS for AS2 transfers. GoAnywhere is certified by the Drummond Group to validate our AS2 solution follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and ensures your transfers fully meet the latest security standards. For more information on AS2 support in GoAnywhere MFT, visit the pages on our AS2 Client and AS2 Server.

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Which is Better: SFTP vs. FTPS?

September 24, 2018

How do you transfer sensitive files? Business requirements and security standards have increased in recent years across industries and continents, but many organizations have struggled to keep up.…


Tradeshow Recap: VMware 20th Anniversary, Secure File Transfers, and More at VMworld 2018

September 10, 2018

Dazzling booth displays and nerdy Star Wars swag. Informative training sessions. Demos for modern software and hardware. Drones. In-depth industry conversations. Coffee decorated with techy latte…


Are These Users on Your Organization's Security Watch List?

August 31, 2018

Does this story sound familiar? See if you share these trials in your own organization, then request the ebook to learn how to prevent six internal users from putting your network at…


Introducing GoAnywhere MFT for AWS and Azure Cloud File Transfers

August 21, 2018

Are you looking for a solution that automates the movement of files between your on-premises and cloud environments? As cloud computing platforms become more commonplace, organizations are starting…


Getting the Most Out of Your GoAnywhere MFT Trial

August 14, 2018

We know it’s crucial to get a solution up and running quickly during your evaluation period. You want to know if it works, what the benefits are, and how it will impact or improve your business…