Continuing from our TLS enhancements introduced in Cerberus FTP Server 12.11, we are adding new key exchange and cipher options as shown in the screenshot below:

SSH Security Defaults

SSH Security Defaults

Key Exchange Algorithms

Version 13 adds Edwards Curves (x25519 and x448) to the supported list of KEXs. Cerberus supports both the final and the libssh versions:

  • curve25519-sha256
  • curve448-sha512


Version 13 also adds additional Ciphers in both the final and openssh versions:

  • AEAD_AES_128_GCM
  • AEAD_AES_256_GCM

ChaCha20 is not yet FIPS approved and so will not be available if FIPS Mode is enabled.


In addition to the SSH options, Edwards certificates and keys (ed25519 and ed448) are now supported for both TLS & SSH.

Coming Soon

Additional support for CSR and self-signed certificate/key generation as well as multiple SSH host keys will be available in an upcoming release.


These are just some of the new features that are now available in the Cerberus FTP Server 13.0 Professional and Enterprise editions. To learn more about all of the new features in Cerberus FTP Server 13.0, check out our release notes.

As always, we would love to hear your feedback on how the upgrade to OpenSSL impacts your setup and users.