Reference Guide

TLS cipher suites

This appendix contains the following information:

Topics:

• Supported TLS cipher suites

Supported TLS cipher suites

A cipher suite defines a set of technologies to secure your TLS communications:

● Key exchange algorithm (how the secret key used to encrypt the data is communicated from the client to the server).

Examples: RSA key or Diffie-Hellman (DH)

● Authentication method (how hosts can authenticate the identity of remote hosts). Examples: RSA certificate, DSS

certificate, or no authentication

● Encryption cipher (how to encrypt data). Examples: AES (256 or 128 bits)

● Hash algorithm (ensuring data by providing a way to determine if data has been modified). Examples: SHA-2 or SHA-1

The supported cipher suites combine all these items.

The following list gives the OpenSSL names of the TLS cipher suites for the appliance and the associated ports.

Table 5. Default/Supported TLS cipher suites supported on the appliance

Cipher Suites Protocols Ports

TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.2 443, 8443

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2 443, 8443

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2 443, 8443

TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.2 443, 8443

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2 443, 8443

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2 443, 8443

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.2 443, 8443

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2 443, 8443

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2 443, 8443

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.2 443, 8443

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2 443, 8443

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2 443, 8443

TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.2 443, 8443

TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2 443, 8443

TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2 443, 8443

TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.2 443, 8443

TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2 443, 8443

TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2 443, 8443

42 TLS cipher suites