Forum Discussion
CirrostratusProxy SSL Ciphers
Hi,
I wan to know what exact ciphers from below are supported for proxy ssl feature (running with 11.6.1) -
[root@RHQ-ASM-01:Active:Changes Pending] log tmm --clientciphers DEFAULT
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 159 DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 EDH/RSA
1: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 EDH/RSA
2: 107 DHE-RSA-AES256-SHA256 256 TLS1.2 Native AES SHA256 EDH/RSA
3: 57 DHE-RSA-AES256-SHA 256 TLS1 Native AES SHA EDH/RSA
4: 57 DHE-RSA-AES256-SHA 256 TLS1.1 Native AES SHA EDH/RSA
5: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Native AES SHA EDH/RSA
6: 57 DHE-RSA-AES256-SHA 256 DTLS1 Native AES SHA EDH/RSA
7: 103 DHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 EDH/RSA
8: 51 DHE-RSA-AES128-SHA 128 TLS1 Native AES SHA EDH/RSA
9: 51 DHE-RSA-AES128-SHA 128 TLS1.1 Native AES SHA EDH/RSA
10: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Native AES SHA EDH/RSA
11: 51 DHE-RSA-AES128-SHA 128 DTLS1 Native AES SHA EDH/RSA
12: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA EDH/RSA
13: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA EDH/RSA
14: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA EDH/RSA
15: 22 DHE-RSA-DES-CBC3-SHA 192 DTLS1 Native DES SHA EDH/RSA
16: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
17: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
18: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
19: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
20: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
21: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
22: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
23: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
24: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
25: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
26: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
27: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
28: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
29: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
30: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
31: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
32: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
33: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
34: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
35: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
36: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
37: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
38: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
39: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
40: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
41: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
42: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
43: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
44: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
[root@RHQ-ASM-01:Active:Changes Pending] log
1 Reply
Yann_DesmarestCirrus
Hi,
Proxy SSL does support RSA key exchange. DH, DHE, ECC are not supported
NULL compression is the only compression method supported.
So it looks like the list below should be entirely supported by Proxy SSL :
16: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA 17: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA 18: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 19: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 20: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 21: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 22: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 23: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 24: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 25: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 26: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 27: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 28: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 29: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA 30: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 31: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
