Approved Algorithms

Please do not remove any algorithms you are currently using until after Saturday, June 6th, 2026; doing so now may interrupt your data transmission services.

For actions that can be performed prior to Saturday, June 6th, 2026, please confirm at least one of each of the below algorithms (KEX, ciphers, and MACs) are included in your configurations.

1. Server Host Key Algorithm:

- Server Host Key: RSA (2048-bit, displayed as ssh-rsa 2048)
- Signature Method: rsa-sha2-512 (RSA with SHA-512 hashing)
The SHA256 fingerprint is solely for key verification and unrelated to signature strength.

2. Key Exchange (KEX) Algorithms:

- curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group14-sha256
Deprecated: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1

3. Ciphers (Encryption Algorithms):

- aes256-gcm@openssh.com
- aes128-gcm@openssh.com
- aes256-ctr
- aes192-ctr
- aes128-ctr
Deprecated: 3des-cbc, arcfour, blowfish-cbc, aes-cbc variants

4. MACs (Message Authentication Codes):

- hmac-sha2-512-etm@openssh.com
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-512
- hmac-sha2-256
- hmac-sha256
Deprecated: hmac-md5, hmac-sha1, non-ETM variants

First Horizon Bank. Member FDIC.