Symptom
Is Diffie-Hellman-group1-sha1 KEX protocol compatible with SAP/SuccessFactors SFTP?
Environment
SAP SuccessFactors HXM Suite
Resolution
No, it is not compatible.
The Diffie-Hellman-group1-sha1 KEX for SFTP is disabled by default to protect against the LOGJAM attack. Enabling the Diffie-Hellman-group1-sha1" KEX (with the LOGJAM vulnerability) will cause EFT to be non-compliant in PCI DSS v3.1 compliance scans.
We can't override the protection and enable the Diffie-Hellman-group1-sha1 KEX for SFTP to allow client compatibility (at the expense of being vulnerable to the LOGJAM attack and being non-compliant with PCI DSS v3.1 and later).
Keywords
Diffie-Hellman-group1-sha1 KEX, SFTP, FTP protocol, SAP SuccessFactors HXM Suite, sf, sfsf , sf sf, SuccessFactors, SuccessFactor, Success Factor, bizx , KBA , LOD-SF-PLT-SFTP , LOD-SF-PLT-SFTP , Known Error