Filter by Category

SHA-2 and TLS Security for AS2 Transfers

SHA-2 and TLS for AS2

SHA-2 and TLS Security for AS2 Transfers

It’s crucial for organizations to take the time to upgrade the security used to protect their AS2 data transfers. In order to be compliant with the latest security standards, you need to be using a modern AS2 solution.

Related Reading: AS2 Protocol Software for Client & Server Transfers

The Story of SHA-1

SHA-1 (Secure Hash Algorithm) is a cryptographic hash algorithm created by the NSA and published in 1995. SHA-1 takes a message of any length and produces a 160-bit message digest. The message digest verifies the integrity of the message by comparing the hash that was calculated before and after message transmission.

For example, the hash of a transmitted file is compared against the hash of the file before it was sent. If the hash values are the same, the file was not tampered with. If the hash values are different, the file was altered during transmission.

Over the years, attacks demonstrated that the security in SHA-1 is weaker than originally intended, thus a more secure SHA-2 standard was created.

What’s Up with SHA-2

SHA-2 is a family of hash functions with hash values of 224, 256, 384, or 512 bits. It was first published by the National Institute of Standards and Technology (NIST) as a U.S. federal standard (FIPS).

Due to the stronger hash algorithms in SHA-2, Federal agencies utilize it after being directed to stop using SHA-1. In fact, as of 2016, vendors widespread completed their migration to SHA-2 and many major organizations, like UPS, require their AS2 trading partners to use SHA-2.

TLS

Transport Layer Security (TLS) is a protocol that encrypts communications between client applications and servers. TLS is the successor to the Secure Sockets Layer (SSL) protocol version 3.0. It uses more advanced methods for message authentication, better alerting for problem certificates, and more robust cipher suites.

After the POODLE vulnerability was discovered in late 2014, companies that are still using SSL instead of TLS are leaving themselves open to man-in-the-middle exploits. The most recent version of SSL (3.0) has not been updated since 1996 and many modern web browsers no longer support it. Additionally, trading partners are demanding companies support TLS for AS2 transfers.

Related Reading: What is SSL, TLS, and HTTPS?

SHA-2 and TLS migration

Achieve SHA-2 and TLS Security for AS2 Transfers with GoAnywhere MFT

GoAnywhere MFT fully supports SHA-2 and TLS for AS2 transfers. GoAnywhere is certified by the Drummond Group to validate our AS2 solution follows the RFC 4130 standard and is interoperable with other certified products.

Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and ensures your transfers fully meet the latest security standards. For more information on AS2 support in GoAnywhere MFT, visit our AS2 Client and AS2 Server resources.

AS2-Certified Software for Managed File Transfer

As a Drummond-approved solution, GoAnywhere MFT can meet your AS2 needs. See a live customized demo of our secure file transfer software to see firsthand how GoAnywhere simplifies and supports the data you exchange with your trading partners.

Related Posts


Still Using SHA-1 to Secure File Transfers? It’s Time to Say Goodbye

Organizations still using SHA-1 to authenticate file transfers should abandon the protocol after Google's public announcement of a SHA-1 collision.


GoAnywhere MFT Now Drummond Certified for AS2

Exciting news! GoAnywhere MFT is now Drummond Certified. In response to customer requests, GoAnywhere can now help customers meet AS2 trading partner requirements.


What is SSL, TLS, and HTTPS?

SSL, TLS, and HTTPS are a trio intertwined in their ability to help keep important data safe on the Internet. Read more about them in our blog.


Which is Better: AS2 vs. SFTP?

AS2 and SFTP are two secure protocols you can use to protect data in transit. How do AS2 vs. SFTP differ, and which is better for your file transfer needs?


What's the Difference Between AS2, AS3, and AS4?

Leveraging AS2, AS3 and AS4 protocols and their distinct advantages and differences is easier with a managed file transfer (MFT) solution like GoAnywhere.