TPP Supported SSH Protocols and Ciphers

When working with TPP to communicate with other systems using SSH you may run into the error "Failed to negotiate a transport component". Below is an example of this error:


The protocols that TPP supports are as follows from 17.1:

  • AES128CBC
  • AES128CTR
  • AES192CBC
  • AES192CTR
  • AES256CBC
  • AES256CTR
  • TripleDESCBC
  • TripleDESCTR


  • hmac-ripemd160
  • hmac-sha1
  • hmac-sha2-256
  • hmac-sha2-384
  • hmac-sha2-512

Key Algorithms

  • ssh-rsa
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521

Note: we no longer support ssh-dss

Key Exchange Algorithms

  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512

Some of these items are not available when running in FIPS mode (eg. Ripemd160)

Was this article helpful?
0 out of 0 found this helpful