Protocol bridge properties file format

Schema

The following schema describes the ProtocolBridgeProperties.xml file.

See Changes to the sequence group, Changes to the limits group for changes these attributes make to the schema, and Scenarios and examples for limiting the number of file transfers to individual file servers for information on how the changes affect the working of the protocol bridge agent.

<schema targetNamespace="http://wmqfte.ibm.com/ProtocolBridgeProperties" elementFormDefault="qualified"
	xmlns="https://www.w3.org/2001/XMLSchema" xmlns:tns="http://wmqfte.ibm.com/ProtocolBridgeProperties">

	<!--
		Example: ProtocolBridgeProperties.xml
		
		<?xml version="1.0" encoding="UTF-8"?>
		<tns:serverProperties xmlns:tns="http://wmqfte.ibm.com/ProtocolBridgeProperties"
							  xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
							  xsi:schemaLocation="http://wmqfte.ibm.com/ProtocolBridgeProperties
							  ProtocolBridgeProperties.xsd">
			<tns:credentialsFile path="$HOME/ProtocolBridgeCredentials.xml" />				  
		    <tns:defaultServer name="myserver" />
		    <tns:ftpServer name="myserver" host="myhost.hursley.ibm.com" port="1234" platform="windows"
		         		   timeZone="Europe/London" locale="en-GB" fileEncoding="UTF-8"
		        		   listFormat="unix" limitedWrite="false" />
			<tns:sftpServer name="server1" host="myhost.hursley.ibm.com" platform="windows"
		         		    fileEncoding="UTF-8" limitedWrite="false">
		    	<limits maxListFileNames="10" />
		    </tns:sftpServer>
		</tns:serverProperties>
	-->

	<!-- Root element for the document -->
	<element name="serverProperties" type="tns:serverPropertiesType"></element>

	<!--
		A container for all protocol bridge server properties
	-->
	<complexType name="serverPropertiesType">
		<sequence>
			<element name="credentialsFile" type="tns:credentialsFileName" minOccurs="0" maxOccurs="1" />
			<element name="defaultServer" type="tns:serverName" minOccurs="0" maxOccurs="1" />
			<choice minOccurs="0" maxOccurs="unbounded">
				<element name="ftpServer" type="tns:ftpServerType" />
				<element name="sftpServer" type="tns:sftpServerType" />
				<element name="ftpsServer" type="tns:ftpsServerType" />
				<element name="ftpsfgServer" type="tns:ftpsfgServerType" />
				<element name="ftpssfgServer" type="tns:ftpssfgServerType" />
			</choice>
		</sequence>
	</complexType>

	<!--
		A container for a server name
	-->
	<complexType name="serverName">
		<attribute name="name" type="tns:serverNameType" use="required" />
	</complexType>
	
	<!--
		A container for a credentials file name
	-->
	<complexType name="credentialsFileName">
		<attribute name="path" type="string" use="required" />
	</complexType>
	
	<!--
		A container for all the information about an FTP server
	-->
	<complexType name="ftpServerType">
		<sequence>
			<element name="limits" type="tns:generalLimitsType" minOccurs="0" maxOccurs="1"  />
		</sequence>
		<attributeGroup ref="tns:ftpServerAttributes"/>
        <attribute name="passiveMode" type="boolean" use="optional" />		
	</complexType>
	
	<!--
		A container for all the information about an SFG FTP server
	-->
	<complexType name="ftpsfgServerType">
		<sequence>
			<element name="limits" type="tns:generalLimitsType" minOccurs="0" maxOccurs="1"  />
		</sequence>
		<attributeGroup ref="tns:ftpServerAttributes"/>
	</complexType>
	
	<!--
		A container for all the information about an SFTP server
	-->
	<complexType name="sftpServerType">
		<sequence>
			<element name="limits" type="tns:sftpLimitsType" minOccurs="0" maxOccurs="1"  />
		</sequence>
		<attributeGroup ref="tns:sftpServerAttributes"/>
	</complexType>
	
	<!--
		A container for all the information about a FTPS server
	-->
	<complexType name="ftpsServerType">
		<sequence>
			<element name="limits" type="tns:generalLimitsType" minOccurs="0" maxOccurs="1"  />
		</sequence>
		<attributeGroup ref="tns:ftpsServerAttributes"/>
	</complexType>

	<!--
		A container for all the information about a SFG FTPS server
	-->
	<complexType name="ftpssfgServerType">
		<sequence>
			<element name="limits" type="tns:generalLimitsType" minOccurs="0" maxOccurs="1"  />
		</sequence>
		<attributeGroup ref="tns:ftpsServerAttributes"/>
	</complexType>

	
	<!--
		Attributes common to all server types
	-->
	<attributeGroup name="generalServerAttributes">
		<attribute name="name" type="tns:serverNameType" use="required" />
		<attribute name="host" type="string" use="required" />
		<attribute name="port" type="nonNegativeInteger" use="optional" />
		<attribute name="platform" type="tns:platformType" use="required" />
		<attribute name="fileEncoding" type="string" use="required" />
		<attribute name="limitedWrite" type="boolean" use="optional" />
		<attribute name="controlEncoding" type="string" use="optional" />
	</attributeGroup>
	
	<!--
		Attributes common to ftp and ftps server types
	-->
	<attributeGroup name="ftpServerAttributes">
		<attributeGroup ref="tns:generalServerAttributes"/>
		<attribute name="timeZone" type="string" use="required" />
		<attribute name="locale" type="tns:localeType" use="required" />
		<attribute name="listFormat" type="tns:listFormatType" use="optional" />
		<attribute name="listFileRecentDateFormat" type="tns:dateFormatType" use="optional" />		
		<attribute name="listFileOldDateFormat" type="tns:dateFormatType" use="optional" />
		<attribute name="monthShortNames" type="tns:monthShortNamesType" use="optional" />
	</attributeGroup>
	
	<!--
		Attributes common to ftps server types
	-->
	<attributeGroup name="ftpsServerAttributes">
		<attributeGroup ref="tns:ftpServerAttributes"/>
		<attribute name="ftpsType" type="tns:ftpsTypeType" use="optional" />
		<attribute name="trustStore" type="string" use="required" />
		<attribute name="trustStoreType" type="string" use="optional" />
	       <attribute name="keyStore" type="string" use="optional" />
		<attribute name="keyStoreType" type="string" use="optional" />
		<attribute name="ccc" type="boolean" use="optional" />
		<attribute name="protFirst" type="boolean" use="optional" />
		<attribute name="auth" type="string" use="optional" />
		<attribute name="connectTimeout" type="nonNegativeInteger" use="optional"/>
	</attributeGroup>
	
	
	<!--
		A container for limit-type attributes for a server. Limit parameters
		are optional, and if not specified a system default will be used.
	-->
	<complexType name="generalLimitsType">
		<attributeGroup ref="tns:generalLimitAttributes"/>
	</complexType>
	
	<complexType name="sftpLimitsType">
		<attributeGroup ref="tns:generalLimitAttributes"/>
		<attribute name="connectionTimeout" type="nonNegativeInteger" use="optional" />
	</complexType>
	
	<!--
		Attributes for limits common to all server types
	-->
	<attributeGroup name="generalLimitAttributes">
		<attribute name="maxListFileNames" type="positiveInteger" use="optional" />
		<attribute name="maxListDirectoryLevels" type="nonNegativeInteger" use="optional" />
		<attribute name="maxReconnectRetry" type="nonNegativeInteger" use="optional" />
		<attribute name="reconnectWaitPeriod" type="nonNegativeInteger" use="optional" />
		<attribute name="maxSessions" type="positiveInteger" use="optional" />
		<attribute name="socketTimeout" type="nonNegativeInteger" use="optional" />
	</attributeGroup>
		
	<!--
		The type for matching valid server names. Server names must be at least 2 characters in length and 
		are limited to alphanumeric characters and the following characters: ".", "_", "/" and "%".
	-->
	<simpleType name="serverNameType">
        <restriction base="string">
            <pattern value="[0-9a-zA-Z\._/%]{2,}"/>
        </restriction>
    </simpleType>
    
	<!--
		The types of platform supported.
	-->
	<simpleType name="platformType">
		<restriction base="string">
		</restriction>
	</simpleType>
	
	<!--
		The type for matching a locale specification.
	-->
	<simpleType name="localeType">
        <restriction base="string">
            <pattern value="(..)[-_](..)"/>
        </restriction>
    </simpleType>

	<!--
		The types of list format supported (for FTP servers). 
	-->
	<simpleType name="listFormatType">
		<restriction base="string">
		</restriction>
	</simpleType>
	
	<!--
		Date format for FTP client directory listing on an FTP server. This is
		the format to be passed to methods setDefaultDateFormatStr and 
		setRecentDateFormatStr for Java class:
		org.apache.commons.net.ftp.FTPClientConfig
	-->
	<simpleType name="dateFormatType">
		<restriction base="string">
		</restriction>
	</simpleType>
	
	<!--
		A list of language-defined short month names can be specified. These are
		used for translating the directory listing received from the FTP server.
		The format is a string of three character month names separated by "|"
	-->
	<simpleType name="monthShortNamesType">
        <restriction base="string">
            <pattern value="(...\|){11}(...)"/>
        </restriction>
    </simpleType>
    
    <!--
		The enumerations of the allowed FTPS types: "implicit" & "explicit"
		If not specified the default is "explicit"
	-->
	<simpleType name="ftpsTypeType">
        <restriction base="string">
            <enumeration value="explicit"/>
            <enumeration value="implicit"/>
        </restriction>
    </simpleType>
    
    <!--
    	Attribute Group for SFTP Servers
    -->
<attributeGroup name="sftpServerAttributes">
       <attributeGroup ref="tns:generalServerAttributes"/>
       <attribute name="cipherList" type="string" use="optional" />
       <attribute name="keyExchangeCipherList" type="string" use="optional" />
       <attribute name="hostKeyCipherList" type="string" use="optional" />
       <attribute name="MACCipherList" type="string" use="optional" />
       <attribute name="fingerprintHash" type="string" use="optional" />
</attributeGroup>
</schema>

Changes to the sequence group

<!--
	A container for all protocol bridge server properties
-->
<complexType name="serverPropertiesType">
<sequence>
   <element name="credentialsFile" type="tns:credentialsFileName" minOccurs="0" maxOccurs="1" />
   <element name="credentialsKeyFile" type="tns:credentialsKeyFileName" minOccurs="0" maxOccurs="1" />
   <element name="maxActiveDestinationTransfers"
    type="tns:maxActiveDestinationTransfersValue" minOccurs="0" 
    maxOccurs="1" />
   <element name="failTransferWhenCapacityReached" 
   type="tns:failTransferWhenCapacityReachedValue" minOccurs="0"
   maxOccurs="1" />			
   <element name="defaultServer" type="tns:serverName" minOccurs="0" maxOccurs="1" />
   <choice minOccurs="0" maxOccurs="unbounded">
	<element name="ftpServer" type="tns:ftpServerType" />
	<element name="sftpServer" type="tns:sftpServerType" />
	<element name="ftpsServer" type="tns:ftpsServerType" />
	<element name="ftpsfgServer" type="tns:ftpsfgServerType" />
	<element name="ftpssfgServer" type="tns:ftpssfgServerType" />
   </choice>
</sequence>
</complexType>

<!--
	A container for default value for maxActiveDestinationTransfers
-->
<complexType name="maxActiveDestinationTransfersValue">
	<attribute name="value" type="positiveInteger" use="required" />
</complexType>



<!--
	A container for a boolean value to decide to fail a transfer if max capacity is reached
-->
<complexType name="failTransferWhenCapacityReachedValue">	
	<attribute name="value" type="boolean" use="required" />
</complexType>

Changes to the limits group

<!--
Attributes for limits common to all server types
-->
<attributeGroup name="generalLimitAttributes">
  <attribute name="maxListFileNames" type="positiveInteger" 
  use="optional"/>
  <attribute name="maxListDirectoryLevels" type="nonNegativeInteger"
  use="optional"/>
  <attribute name="maxReconnectRetry" type="nonNegativeInteger"
  use="optional" />
  <attribute name="reconnectWaitPeriod" type="nonNegativeInteger"
  use="optional" />
  <attribute name="maxSessions" type="positiveInteger" use="optional" />
  <attribute name="socketTimeout" type="nonNegativeInteger" use="optional" 
  />
  <attribute name="connectionTimeout" type="nonNegativeInteger" 
  use="optional" />
  <attribute name="maxActiveDestinationTransfers" type="nonNegativeInteger" 
  use="optional" />
</attributeGroup>

Example XML file

<tns:serverProperties 
	xmlns:tns="http://wmqfte.ibm.com/ProtocolBridgeProperties"
	xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://wmqfte.ibm.com/ProtocolBridgeProperties  
	ProtocolBridgeProperties.xsd">
	
	<tns:maxActiveDestinationTransfers value="5" />
	<tns:failTransferWhenCapacityReached value="true"/>
	<tns:defaultServer name="guestServer" />
	
	<tns:sftpServer name="guestServer" host="9.202.177.44" port="22" 
	platform="unix" fileEncoding="UTF-8" limitedWrite="false">

	<tns:limits connectionTimeout="60" 
	maxActiveDestinationTransfers="2"/>
	</tns:sftpServer>	
	
	<tns:sftpServer name="nixonServer" host="9.199.145.33" port="22" 
	platform="unix" fileEncoding="UTF-8" limitedWrite="false">		
		
	<tns:limits connectionTimeout="60"/>
	</tns:sftpServer>
	
	<tns:sftpServer name="mySFTPserver" host="Harrison.hursley.ibm.com" 
	port="22" platform="unix" fileEncoding="UTF-8	limitedWrite="false"
	>

	<tns:limits connectionTimeout="60" />
	</tns:sftpServer>	

</tns:serverProperties>

Understanding the ProtocolBridgeProperties.xml file

<serverProperties>

Root element of the XML document

<credentialsFile>

Path to the file containing credentials. The value of this property can contain environment variables. For more information, see Environment variables in MFT properties

<defaultServer>

The protocol file server that acts as the default server for file transfers

<ftpServer>

An FTP file server

<sftpServer>

An SFTP file server

<ftpsServer>

An FTPS file server

<limits>

Container element for attributes that are common to all types of server and for attributes that are specific to a type of server:

General server attributes that apply to all types of protocol file server:

Attribute	Description
name	Required. The name of the protocol file server. Protocol server names must be at least two characters in length, are not case-sensitive, and are limited to alphanumeric characters and the following characters: period (.) underscore (_) forward slash (/) percent sign (%)
host	Required. The host name or IP address of the protocol file server that you want to send files to or receive files from.
port	Optional. The port number of the protocol file server that you want to send files to or receive files from.
platform	Required. The platform of the protocol file server that you want to send files to or receive files from. Specify either UNIX or WINDOWS.Set this property according to how you enter paths on your FTP, FTPS, or SFTP server. For example, if you are running an FTP server on Windows but when you log in to the server, you must enter UNIX-style paths (that is, with forward slashes), set this value to UNIX and not WINDOWS. Servers running on Windows often present a UNIX-style file system.
fileEncoding	Required. Defines the character encoding that is used by the file server. This property is used when you transfer files in text mode so that the correct encoding sequences are changed when the files are moved between platforms. For example, UTF-8.
limitedWrite	Optional. The default mode when writing to a file server is to create a temporary file and then rename that file when the transfer has completed. For a file server that is configured as write only, the file is created directly with its final name. The value of this property can be true or false. The default is false.
controlEncoding	Optional. The control encoding value for control messages being sent to the protocol file server. This property affects the encoding of the file name that is used and must be compatible with the control encoding of the protocol file server. The default is UTF-8.

General attributes that apply to FTP and FTPS servers only:

Attribute	Description
timeZone	Required. The time zone of the protocol file server that you want to send files to or receive files from. For example: America/New_York or Asia/Tokyo.
locale	Required. The language that is used on the protocol file server that you want to send files to or receive files from. For example: en_US or ja_JP
listFormat	Optional. The listing format that defines the format of the file-listed information that is returned from the protocol file server. Use either Windows or UNIX. The default is UNIX.
listFileRecentDateFormat	Optional. The recent date format (less than a year) for FTP client directory listing on an FTP server. This attribute and the listFileOldDateFormat attribute allow you to redefine the expected date formats that are returned by the protocol file server. The default is as defined by the protocol file server.
listFileOldDateFormat	Optional. The old date format (more than a year) for FTP client directory listing on an FTP server. This attribute and the listFileRecentDateFormat attribute allow you to redefine the expected date formats that are returned by the protocol file server. The default is as defined by the protocol file server.
monthShortNames	Optional. A replacement list of month names that are used to decode date information returned from the protocol file server. This property consists of a list of 12 comma-separated names to override the default locale month values. The default is as defined by the protocol file server.

General attributes that apply to FTP servers only:

Attribute	Description
passiveMode	Optional. Controls whether the connection to the FTP server is passive or active. If you set the value of this property to false, the connection is active. If you set the value to true, the connection is passive. The default is false.

General attributes that apply to FTPS servers only:

Attribute	Description
ftpsType	Optional. Specifies whether the explicit or implicit form of the FTPS protocol is used. The default is explicit.
trustStore	Required. The location of the truststore that is used to determine whether the certificate presented by the FTPS server is trusted.
trustStoreType	Optional. The format of the truststore file. The default is JKS.
keyStore	Optional. The location of the keystore that is used to provide certificate information if challenged by the FTPS server. The default is for the protocol bridge to not be able to connect to FTPS servers that are configured to require the authentication of clients.
keyStoreType	Optional. The format of the keystore file. The default is JKS.
ccc	Optional. Selects whether a clear (unencrypted) command channel is used when authentication has completed. The default value is false, which means that the command channel remains encrypted for the entire duration of the FTPS session. This attribute is applicable only when the ftpsType is set to explicit.
protFirst	Optional. Specifies whether the USER/PASS commands are issued to the FTPS server before or after the PBSZ/PROT commands. The default value is false, which means USER/PASS commands are sent first followed by PBSZ/PROT commands. This attribute is applicable only when the ftpsType is set to explicit.
auth	Optional. Specifies the protocol that is specified as part of the AUTH command. A specified protocol will be tried first, then the default is to try TLS, SSL, TLS-C, or TLS-P until the FTPS server does not reject with a 504 reply code. This attribute is applicable only when the ftpsType is set to explicit.

General attributes that apply to SFTP servers only:

Important: The default values for the cipherList and the SFTP server specific attributes have changed from the IBM MQ 9.4.0 release.

You are likely to see the following error message after migration to IBM MQ 9.4.0:

BFGBR0127E: Bridge agent has rejected connection with {0} as its supplied host key does not match the expected value. Host key returned was {1}.

You can take one of the following actions to resolve the error:

1. Change the value of the hostKey attribute of the tns:server element in the ProtocolBridgeCredentials.xml file to the value {1}, provided in error message BFGBR0127E.
2. Specify the values for cipherList, hostKeyCipherList, keyExchangeCipherList, MACCipherList, and fingerprintHash attributes for your SFTP server in the ProtocolBridgeProperties.xml file to pre-IBM MQ 9.4.0 release. The following example sets the values for these attributes to pre-IBM MQ 9.4.0 release:

   
   <tns:sftpServer name='yoursftpserver' fileEncoding='UTF-8' host='yoursftpserver.ibm.com' platform='unix' limitedWrite='false'
      cipherList='aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc'
      hostKeyCipherList='ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521'
   keyExchangeCipherList='ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
      MACCipherList='hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96'
      fingerprintHash='md5'>
       <tns:limits/>
   </tns:sftpServer>

Attribute	Description
connectionTimeout	Optional. The time, in seconds, to wait for a response from the protocol file server to a connection request. A timeout indicates that the protocol file server is not available. The default value is 30 seconds.
cipherList	Optional. Specifies a comma-separated list of ciphers that are used to communicate between the protocol bridge agent and the SFTP server. The ciphers are called in the order that they are specified in this list. The cipher must be available on the server and the client before it can be used. Note that the order of cipher names in the attribute value matters when bridge agent and SFTP Server negotiate a cipher to use for communication. The ciphers that the protocol bridge agent supports are as follows: aes128-ctr aes192-ctr aes256-ctr aes128-gcm aes256-gcm aes128-cbc 3des-ctr 3des-cbc blowfish-cbc aes192-cbc aes256-cbc By default, the list of ciphers used by protocol bridge agents is aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com.
keyExchangeCipherList	Optional. Specifies a comma separated list of cipher names for key exchange. The cipher must be available on the server and the client before it can be used. SSH key exchange (KEX for short) is used by the client (Bridge agent in this case) and SFTP server to exchange information in public that leads to the generation of a secret key shared by the client and server that an observer can’t discover or derive from public information. Note that the order of cipher names in the attribute value matters when bridge agent and SFTP Server negotiate which cipher to use. Supported ciphers: curve25519-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 Default values:curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
hostKeyCipherList	Optional. Specifies a comma separated list of cipher names. The cipher must be available on the server and the client before it can be used. A host key (or public key of the server) uniquely identifies a SFTP server. The host key is specified in ProtocolBridgeCredentials.xml file. During negotiations, the SFTP server sends its host key to bridge agent. The bridge agent then compares the received host key with the one from ProtocolBridgeCredentials.xml file to ensure the bridge agent has connected to right SFTP server. If the keys are different, the connection is ended. A SFTP server can support multiple unique host keys generated using different ciphers. The ciphers list of this attribute determines what algorithm is used for host key generation. Note that the order of cipher names in the attribute value matters when bridge agent and SFTP Server negotiate which cipher to use. Supported ciphers: ssh-ed25519 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-512 rsa-sha2-256 ssh-rsa ssh-dss Default values:ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
MACCipherList	Optional. Specifies a comma separated list of cipher names. The cipher must be available on the server and the client before it can be used. Message Authentication Code (MAC) is used to confirm data integrity and authenticity of message data. It is used to ensure no attacker has altered the message data in middle. The value defines the list of ciphers used for MAC. Note that the order of cipher names in the attribute value matters when bridge agent and SFTP Server negotiate which cipher to use. Supported ciphers: hmac-sha2-256-etm hmac-sha2-512-etm hmac-sha1-etm hmac-sha2-256 hmac-sha2-512 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 Default values:hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-sha1-etm,hmac-sha2-256,hmac-sha2-512,hmac-sha1
fingerprintHash	Optional. Specifies the name of the hashing algorithm used for hostKey. Depending on the algorithm used, the value of host key differs. An SFTP server can support all three hashing algorithms and the client can choose a suitable one; preferably a stronger algorithm. Supported values: md5 sha1 sha256. Default value:sha256

Example of the revised output:

<tns:sftpServer name='elbow' fileEncoding='UTF-8' host='elbow.v6.hursley.ibm.com' platform='unix' limitedWrite='false' 
cipherList= 'aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm'
hostKeyCipherList='ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256'
keyExchangeCipherList= 'curve25519-sha256,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                        diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
                        diffie-hellman-group14-sha256'
MACCipherList='hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-sha1-etm,hmac-sha2-256,hmac-sha2-512,hmac-sha1'
fingerprintHash='sha256'> 
<tns:limits/>
</tns:sftpServer>

General limit attributes that apply to all types of protocol file server:

Attribute	Description
maxListFileNames	Optional. The maximum number of names that are collected when scanning a directory on the protocol file server for file names. The default is 999999999.
maxListDirectoryLevels	Optional. The maximum number of directory levels on the protocol server to recursively scan for file names. The default is 1000.
maxReconnectRetry	Optional. The maximum number of times a protocol server tries to reconnect before the protocol bridge agent stops trying. The default is 2.
reconnectWaitPeriod	Optional. The time period, in seconds, to wait to before attempting to reconnect. The default is 10 seconds.
maxSessions	Optional. The maximum number of sessions for the protocol server. This number must be greater than or equal to the sum of the maximum number of source and destination transfers for the protocol bridge agent. The default is the sum of the values for the agent properties maxSourceTransfers, maxDestinationTransfers, and maxCommandHandlerThreads, plus 1. If these three properties are using their default values of 25, 25, and 5, the maxSessions default is then 56.
socketTimeout	Optional. The socket timeout in seconds. The value of this attribute is used during file streaming. The default is 30 seconds.
maxActiveDestinationTransfers (global property)	Optional. Used to specify the global value, to limit the number of active transfers for each destination *ftp* endpoint. This is a non-zero positive integer with a minimum value of 0 and a maximum value of 1. maxActiveDestinationTransfers requires the use of an AttributeName.
maxActiveDestinationTransfers (individual server level)	Optional. Used to specify the limit of the number of active transfers for each destination *ftp* endpoint. This is a non-negative integer. This property can be utilized by any of the three servers, and if specified, this value overrides the global value of maxActiveDestinationTransfers for that endpoint server. The value of this property cannot exceed the value of maxDestinationTransfers. If you exceed this value, the protocol bridge agent assumes that this value is not set and processes the managed transfers in the standard existing flow. Message BFGSS0088W is logged in the output0.log file. Attention: It is possible to over commit the new maxActiveDestinationTransfers properties. That is, you can have the sum of maxActiveDestinationTransfers for all the endpoints greater than the value of maxDestinationTransfers. You must consider whether this feature is appropriate for your enterprise.
failTransferWhenCapacityReached (global property)	Optional. This is a non-zero positive integer with a minimum value of 0 and a maximum value of 1. failTransferWhenCapacityReached requires the use of an AttributeName. Applies to both maxDestinationTransfers and maxActiveDestinationTransfers and can be used to specify whether to fail a protocol bridge agent transfer in the following cases: When the total number of active transfers for an endpoint server exceeds the maxDestinationTransfers count, the two possible conditions are: failTransferWhenCapacityReached = false Takes the standard existing route of handling the managed transfers. failTransferWhenCapacityReached = true Fails the transfer if the total number of active transfers is greater than maxActiveTransfers When the total number of active transfers for an endpoint server exceeds the maxActiveDestinationTransfers count, the two possible values are: failTransferWhenCapacityReached = false The default value which applies if maxActiveDestinationTransfers is not set. Once the number of active transfers for an endpoint server exceeds the maxActiveDestinationTransfers value, the next managed transfer to that particular endpoint server is rejected and moved to a new state called WaitingForDestinationFileServerCapacity by the protocol bridge agent. Source agents then handle this state in the same way as they currently do for managed transfers that go into a WaitingForDestinationCapacity state; that is, wait for a period of time before contacting the destination agent again. failTransferWhenCapacityReached = true Once the number of active transfers for an endpoint server exceeds maxActiveDestinationTransfers value, the next managed transfer to that particular endpoint server is rejected and marked as failed by the protocol bridge agent.