A cipher suite is a set/combination of lower-level algorithms that an TLS connection uses to do authentication, key exchange, and stream encryption. The following table lists the set of cipher suites that are supported by the SOAP
server to secure an TLS connection with provisioning clients. The cipher suites are listed and selected for use in the order of key strength, from highest to lowest. This ensures that during the handshake protocol of an TLS connection, cipher suite negotiation selects the most secure suite possible from the list of cipher suites the client wishes to support, and if necessary, back off to the next most secure, and so on down the list.
Note: Cipher suites containing anonymous DH ciphers, low bit-size ciphers (currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites), export-crippled ciphers (including 40 and 56 bits algorithms), or the MD5 hash algorithm are not supported due to their algorithms having known security vulnerabilities.
TLS Supported Cipher Suites
| Cipher Suite |
Key Exchange |
Signing/Authentication |
Encryption (Bits) |
MAC (Hash) Algorithms |
| AES256-SHA |
RSA |
RSA |
AES (256) |
SHA-1 |
| DES-CBC3-SHA |
RSA |
RSA |
3DES (168) |
SHA-1 |
| AES128-SHA |
RSA |
RSA |
AES (128) |
SHA-1 |
| KRB5-RC4-SHA |
KRB5 |
KRB5 |
RC4 (128) |
SHA-1 |
| RC4-SHA |
RSA |
RSA |
RC4 (128) |
SHA-1 |
| KRB5-DES-CBC3-SHA |
KRB5 |
KRB5 |
3DES (168) |
SHA-1 |