TLS1.2 Cipher Suite list for LDAPS config on PAM 3.0.2 and 3.2.x
book
Article ID: 101627
calendar_today
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Show More
Show Less
Issue/Introduction
There had been product limitation on SSL/TLS protocol to configure LDAPS(LDAP over ssl) from PAM 2.8.x and below versions which only allow TLS 1.0 protocol. Since PAM 3.0.2 released, TLS1.2 with extended cipher suite has been added for LDAPS connection and this article will show all cipher suite list sending from PAM 3.0.2 or later version. Can TLS 1.2 protocol be used for LDAPS connection on PAM 3.0.2?
Environment
PAM 3.0.2 PAM 3.2.1 Windows 2016
Resolution
PAM 3.0.2 or later is allowing LDAPS connection with TLS 1.2 protocol using below listed cipher suite. -- Version: TLS 1.2 (0x0303) Cipher Suites (82 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026) Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e) Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003) Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 (0x00a7) Cipher Suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256 (0x00a6) Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 (0x006d) Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019) Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a) Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256 (0x006c) Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018) Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034) Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b) Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009) Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012) Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a) Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014) Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011) Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019) Cipher Suite: TLS_RSA_WITH_NULL_SHA256 (0x003b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006) Cipher Suite: TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010) Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002) Cipher Suite: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001) Cipher Suite: TLS_ECDH_RSA_WITH_NULL_SHA (0xc00b) Cipher Suite: TLS_ECDH_anon_WITH_NULL_SHA (0xc015) Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001) Cipher Suite: TLS_KRB5_WITH_3DES_EDE_CBC_SHA (0x001f) Cipher Suite: TLS_KRB5_WITH_3DES_EDE_CBC_MD5 (0x0023) Cipher Suite: TLS_KRB5_WITH_DES_CBC_SHA (0x001e) Cipher Suite: TLS_KRB5_WITH_DES_CBC_MD5 (0x0022) Cipher Suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA (0x0026) Cipher Suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 (0x0029) --
Feedback
thumb_up
Yes
thumb_down
No