TLS1.2 Cipher Suite list for LDAPS config on PAM 3.0.2 and 3.2.x
Article ID: 101627
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
There had been product limitation on SSL/TLS protocol to configure LDAPS(LDAP over ssl) from PAM 2.8.x and below versions which only allow TLS 1.0 protocol. Since PAM 3.0.2 released, TLS1.2 with extended cipher suite has been added for LDAPS connection and this article will show all cipher suite list sending from PAM 3.0.2 or later version.
Can TLS 1.2 protocol be used for LDAPS connection on PAM 3.0.2?
Can TLS 1.2 protocol be used for LDAPS connection on PAM 3.0.2?
Environment
PAM 3.0.2
PAM 3.2.1
Windows 2016
PAM 3.2.1
Windows 2016
Resolution
PAM 3.0.2 or later is allowing LDAPS connection with TLS 1.2 protocol using below listed cipher suite.
--
Version: TLS 1.2 (0x0303)
Cipher Suites (82 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 (0x00a7)
Cipher Suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256 (0x00a6)
Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 (0x006d)
Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)
Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)
Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256 (0x006c)
Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)
Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034)
Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)
Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)
Cipher Suite: TLS_RSA_WITH_NULL_SHA256 (0x003b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006)
Cipher Suite: TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010)
Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
Cipher Suite: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001)
Cipher Suite: TLS_ECDH_RSA_WITH_NULL_SHA (0xc00b)
Cipher Suite: TLS_ECDH_anon_WITH_NULL_SHA (0xc015)
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
Cipher Suite: TLS_KRB5_WITH_3DES_EDE_CBC_SHA (0x001f)
Cipher Suite: TLS_KRB5_WITH_3DES_EDE_CBC_MD5 (0x0023)
Cipher Suite: TLS_KRB5_WITH_DES_CBC_SHA (0x001e)
Cipher Suite: TLS_KRB5_WITH_DES_CBC_MD5 (0x0022)
Cipher Suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA (0x0026)
Cipher Suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 (0x0029)
--
--
Version: TLS 1.2 (0x0303)
Cipher Suites (82 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 (0x00a7)
Cipher Suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256 (0x00a6)
Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 (0x006d)
Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)
Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)
Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256 (0x006c)
Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)
Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034)
Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)
Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)
Cipher Suite: TLS_RSA_WITH_NULL_SHA256 (0x003b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006)
Cipher Suite: TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010)
Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
Cipher Suite: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001)
Cipher Suite: TLS_ECDH_RSA_WITH_NULL_SHA (0xc00b)
Cipher Suite: TLS_ECDH_anon_WITH_NULL_SHA (0xc015)
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
Cipher Suite: TLS_KRB5_WITH_3DES_EDE_CBC_SHA (0x001f)
Cipher Suite: TLS_KRB5_WITH_3DES_EDE_CBC_MD5 (0x0023)
Cipher Suite: TLS_KRB5_WITH_DES_CBC_SHA (0x001e)
Cipher Suite: TLS_KRB5_WITH_DES_CBC_MD5 (0x0022)
Cipher Suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA (0x0026)
Cipher Suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 (0x0029)
--
Feedback
Yes
No
Powered by
