• TLS cipher suites

    PDF

    TLS cipher suites

    Supported TLS cipher suites

    A cipher suite defines a set of technologies to secure your TLS communications:

    • Key exchange algorithm (how the secret key used to encrypt the data is communicated from the client to the server). Examples: RSA key or Diffie-Hellman (DH)
    • Authentication method (how hosts can authenticate the identity of remote hosts). Examples: RSA certificate, DSS certificate, or no authentication
    • Encryption cipher (how to encrypt data). Examples: AES (256 or 128 bits)
    • Hash algorithm (ensuring data by providing a way to determine if data has been modified). Examples: SHA-2 or SHA-1

    The supported cipher suites combine all these items.

    The following list gives the OpenSSL names of the TLS cipher suites for the storage system and the associated ports.

    Table 1. Default/Supported TLS cipher suites supported on the storage system
    Cipher Suites
    Protocols
    Ports
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLSv1, TLSv1.1, TLSv1.2
    443, 8443, 8444
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    TLSv1, TLSv1.1, TLSv1.2
    443, 8443, 8444
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    TLSv1.2
    443, 8443, 8444
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    TLSv1.2
    443, 8443, 8444
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLSv1.2
    443, 8443, 8444
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLSv1.2
    443, 8443, 8444
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLSv1, TLSv1.1, TLSv1.2
    443, 8443, 8444
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLSv1, TLSv1.1, TLSv1.2
    443, 8443, 8444
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLSv1.2
    443, 8443, 8444
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    TLSv1.2
    443, 8443, 8444
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLSv1.2
    443, 8443, 8444
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLSv1.2
    443, 8443, 8444
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLSv1, TLSv1.1, TLSv1.2
    5989
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    TLSv1.2
    5989
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    TLSv1.2
    5989
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLSv1, TLSv1.1, TLSv1.2
    5989
    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLSv1.2
    5989
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLSv1, TLSv1.1, TLSv1.2
    5989
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLSv1.2
    5989