Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
21222324252627282930
Chapter 3: Changes in MES 4.3 21
RSA BSAFE Micro Edition Suite 4.4 Migration Guide
TLS Changes
SSLv3 Deprecated
The SSLv3 protocol has known vulnerabilities and is not secure. In MES 4.3 it is
deprecated. It will be removed in the next release of MES. It should not be used. RSA
strongly recommends using the TLS 1.2, 1.1, or 1.0 protocols instead.
For more information, see RFC 7568 Deprecating Secure Sockets Layer Version 3.0.
SSL Object Control Identifiers Removed
The following SSL object control identifiers used for setting a default temporary key
for an SSL object, which were deprecated in MES 4.2 (and some in MES 4.1), are
removed in MES 4.3:
Cipher Suite Updates
The following cipher suites are removed. Cipher suites with:
Elliptic Curve (EC) Diffie-Hellman (DH) as the key exchange algorithm (using
static keys) with either ECDSA or RSA as the signing algorithm
Anonymous DH or Anonymous ECDH as the key exchange algorithm
RC4 as the encryption algorithm
NULL encryption.
The default cipher list, as specified by
R_SSL_DEFAULT_CIPHER_LIST, has
removed the cipher suites with:
RC4 ciphers
3DES ciphers
non-ephemeral ECDH key exchange.
Although these cipher suites are removed from the default cipher list, they might still
be available to application-specific cipher lists. For more information, see TLS
Operations > Cipher Suites in the RSA BSAFE Micro Edition Suite Developers
Guide.
R_SSL_CTRL_SET_TMP_DH R_SSL_CTRL_SET_TMP_DH_CB
R_SSL_CTRL_SET_TMP_RSA R_SSL_CTRL_SET_TMP_RSA_CB
R_SSL_CTRL_SET_TMP_RSA512 R_SSL_CTRL_SET_TMP_RSA1024.