THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT v7.2.1 and later
DISCUSSION
Support of the Diffie-Hellman-group1-sha1" KEX (with the LOGJAM vulnerability) will cause EFT to be non-compliant in PCI DSS v3.1 compliance scans.
To avoid this, create and set the registry setting below: to false.
Create the following registry entry:
32-bit:
HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 7.2
64-bit:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GlobalSCAPE Inc.\EFT Server 7.2
Type: bool
Value name: SFTPEnableGroup1Kex
Default Value: false
Cached: yes
Backup/Restore: yes