Versions Compared

Old Version 1

changes.mady.by.user Stonebranch

Saved on

compared with

New Version Current

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Cipher Suite Name

Description

AES256-GCM-SHA384

256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.

AES256-SHA

256-bit AES encryption with SHA-1 message digest.

AES128-GCM-SHA256

128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

AES128-SHA

128-bit AES encryption with SHA-1 message digest.

RC4-SHA

128-bit RC4 encryption with SHA-1 message digest.

RC4-MD5

128-bit RC4 encryption with MD5 message digest.

DES-CBC3-SHA

128-bit Triple-DES encryption with SHA-1 message digest.

DES-CBC-SHA
                                     

128-bit DES encryption with SHA-1 message digest.
 

Note
titleNote

As of Universal Agent 6.7.0.0, DES-CBC-SHA is supported only on HP-UX.
 
Additionally, any 7.67.x Agents on HP-UX that accept connections from, or attempt connections to, 7.67.x Agents on other platforms must be configured with at least one currently supported cipher suite besides DES-CBC-SHA. Therefore, those HP-UX Agents cannot be configured only with DES-CBC-SHA in their list of cipher suites.


NULL-SHA256

No encryption and SHA-2 256-bit message digest.

NULL-SHA

No encryption and SHA-1 message digest.

NULL-MD5

No encryption and MD5 message digest.

NULL-NULL

No encryption, no data authentication, SSL is not used; instead, Universal V2 Protocol (UNVv2) is used.

...

  • Universal Broker does not offer NULL-* options for its ciphers list, but it does accept NULL-NULL when no encryption is desired.
  • UCTL Server and UEM Server do not allow NULL-* ciphers to be selected for their control sessions.
  • UDM Manager ignores the NULL-NULL cipher suite.

Starting with 7.67.0.0, the following Diffie-Hellman Ciphers are supported for TSLv1.2 only.

...

Note
titleNote

The ECDHE-ECDSA-AES256-GCM-SHA384 and ECDHE-ECDSA-AES128-GCM-SHA256 ciphers require an ECDSA certificate; A RSA certificate will NOT work for these ciphers. See Creating an ECDSA Certificate

Furthermore, TLSv1.2 only supports the following Elliptic Curves:

  • prime256v1 (same as secp256r1)
  • secp384r1
  • secp521r1

As such, the EC (Elliptic Curve) keys used to sign the ECDSA certificate must be generated using one of the curves in the list above.

...

Cipher Suite Name

Description

AES256-SHA

256-bit AES encryption with SHA-1 message digest

AES128-SHA

128-bit AES encryption with SHA-1 message digest

RC4_SHA

128-bit RC4 encryption with SHA-1 message digest

RC4_MD5

128-bit RC4 encryption with MD5 message digest

DES_CBC3_SHA

128-bit Triple-DES encryption with SHA-1 message digest

DES-CBC-SHA
                                     

128-bit DES encryption with SHA-1 message digest.
 

Note
titleNote

As of Universal Agent 6.7.0.0, DES-CBC-SHA is supported only on HP-UX.
 
Additionally, any 7.67.x Agents on HP-UX that accept connections from, or attempt connections to, 7.67.x Agents on other platforms must be configured with at least one currently supported cipher suite besides DES-CBC-SHA. Therefore, those HP-UX Agents cannot be configured only with DES-CBC-SHA in their list of cipher suites.


...

SSL uses X.509 certificates and public and private keys to identify an entity. An entity may be a person, a program, or a system. A complete description of X.509 certificates is beyond the scope of this documentation. X.509 Certificates provides an overview to help get the reader oriented to the concepts, terminology and benefits.

...