Dell PowerStore 1000T EMC PowerStore Security Configuration Guide - Page 41

A TLS cipher suites This appendix contains the following information: Topics: • Supported TLS cipher suites Supported TLS cipher suites A cipher suite defines a set of technologies to secure your TLS communications: • Key exchange algorithm (how the secret key used to encrypt the data is communicated from the client to the server). Examples: RSA key or Diffie-Hellman (DH) • Authentication method (how hosts can authenticate the identity of remote hosts). Examples: RSA certificate, DSS certificate, or no authentication • Encryption cipher (how to encrypt data). Examples: AES (256 or 128 bits) • Hash algorithm (ensuring data by providing a way to determine if data has been modified). Examples: SHA-2 or SHA-1 The supported cipher suites combine all these items. The following list gives the OpenSSL names of the TLS cipher suites for the appliance and the associated ports. Table 5. Default/Supported TLS cipher suites supported on the appliance Cipher Suites Protocols TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLSv1.2 Ports 443, 8443 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 443, 8443 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 443, 8443 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLSv1.2 443, 8443 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLSv1.2 443, 8443 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 443, 8443 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLSv1.2 443, 8443 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 443, 8443 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 443, 8443 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLSv1.2 443, 8443 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLSv1.2 443, 8443 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 443, 8443 TLS_RSA_WITH_AES_128_CBC_SHA TLSv1.2 443, 8443 TLS_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 443, 8443 TLS_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 443, 8443 TLS_RSA_WITH_AES_256_CBC_SHA TLSv1.2 443, 8443 TLS_RSA_WITH_AES_256_CBC_SHA256 TLSv1.2 443, 8443 TLS_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 443, 8443 TLS cipher suites 41