Treasury Software 2018 fully supports the upgraded requirements as specified by Wells Fargo.
The full list of SSH Key Exchange Algorithms supported by Treasury Software 2018 include:
- diffie-hellman-group1-sha1
- diffie-hellman-group14-sha1
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group-exchange-sha1
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
Please note that during testing, both Wells Fargo and Treasury Software both support SHA1 - and this may be the negotiated algorithm at which it connects.
How does algorithm negotiation work?
1. Treasury Software sends a list of supported algorithms to Wells Fargo (this includes both SHA1 and SHA256);
2. Wells Fargo sends a list of all cross-supported algorithms (all of the algorithms it supports that are on Treasury Software's list);
3. Treasury Software picks one to use.
As Treasury Software supports both SHA1 and SHA256, and during the Wells Fargo transition period, when they support both SHA1 and SHA256, there isn't a reason for Treasury Software not to pick SHA1. Yes, the connection may be made at SHA1.
Once Wells Fargo fully migrates to SHA256 and restricts its list to SHA256, Treasury Software will of course have to choose SHA256.
Key sizes:
Contrary to the initial publication notes, you can use 1024 or 2048 bit keys with SHA256.
We hope this clarifies any issues in testing of your updates of Wells Fargo Secure Application File Exchange Transmission (SAFE-T) protocols.