Supported TLS Cipher Suites
A cipher suite is a set/combination of lower-level
algorithms that an TLS connection uses to do authentication, key exchange, and
stream encryption. The following table lists the set of cipher suites that are
supported by the SOAP server to secure an TLS connection with provisioning
clients. The cipher suites are listed and selected for use in the order of key
strength, from highest to lowest. This ensures that during the handshake
protocol of an TLS connection, cipher suite negotiation selects the most secure
suite possible from the list of cipher suites the client wishes to support, and
if necessary, back off to the next most secure, and so on down the list.
Note:
Cipher suites containing anonymous DH ciphers, low bit-size ciphers (currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites), export-crippled ciphers (including 40 and 56 bits algorithms), or the MD5 hash algorithm are not supported due to their algorithms having known security vulnerabilities.Table 3-3 TLS Supported Cipher Suites
| Cipher Suite | Key Exchange | Signing/Authentication | Encryption (Bits) | MAC (Hash) Algorithms |
|---|---|---|---|---|
| AES256-SHA | RSA | RSA | AES (256) | SHA-1 |
| DES-CBC3-SHA | RSA | RSA | 3DES (168) | SHA-1 |
| AES128-SHA | RSA | RSA | AES (128) | SHA-1 |
| KRB5-RC4-SHA | KRB5 | KRB5 | RC4 (128) | SHA-1 |
| RC4-SHA | RSA | RSA | RC4 (128) | SHA-1 |
| KRB5-DES-CBC3-SHA | KRB5 | KRB5 | 3DES (168) | SHA-1 |