The following table lists cipher suites that are shipped with the appliance for a specific version of SGOS.
For additional information, refer to the "Managing X.509 Certificates" chapter in the SGOS Administration Guide.
Notes:
Cipher Name on the Appliance | Hex Value | IANA Name | Strength |
Key Size |
Shipped with 6.5.x | Shipped with 6.6.x | Shipped with 6.7.x | Shipped with 7.1.x | Shipped with 7.2.x |
---|---|---|---|---|---|---|---|---|---|
AES128-SHA256 | 0x003C | TLS_RSA_WITH_AES_128_CBC_SHA256 | High | 128 | x | x | x | x | x |
AES256-SHA256 | 0x003D | TLS_RSA_WITH_AES_256_CBC_SHA256 | High | 256 | x | x | x | x | |
AES128-SHA | 0x002F | TLS_RSA_WITH_AES_128_CBC_SHA | Medium | 128 | x | x | x | x | x |
AES256-SHA | 0x0035 | TLS_RSA_WITH_AES_256_CBC_SHA | High | 256 | x | x | x | x | x |
DHE-RSA-AES128-SHA | 0x0033 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | High | 128 | x | x | x | x | x |
DHE-RSA-AES256-SHA | 0x0039 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | High | 256 | x | x | x | x | x |
DES-CBC3-SHA | 0x000A | TLS_RSA_WITH_3DES_EDE_CBC_SHA | High | 168 | x | x | x | x | x |
RC4-SHA | 0x0005 | TLS_RSA_WITH_RC4_128_SHA | Medium | 128 | x | x | x | x | x |
RC4-MD5 | 0x0004 | TLS_RSA_WITH_RC4_128_MD5 | Medium | 128 | x | x | x | x | x |
DES-CBC-SHA | 0x0009 | TLS_RSA_WITH_DES_CBC_SHA | Low | 56 | x | x | x | x | |
EXP-DES-CBC-SHA | 0x0008 | TLS_RSA_EXPORT_WITH_DES40_CBC_SHA | Export | 40 | x | x | x | x | |
EXP-RC4-MD5 | 0x0003 | TLS_RSA_EXPORT_WITH_RC4_40_MD5 | Export | 40 | x | x | x | x | |
EXP-RC2-CBC-MD5 | 0x0006 | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | Export | 40 | x | x | x | x | |
AES128-GCM-SHA256 | 0x009C | TLS_RSA_WITH_AES_128_GCM_SHA256 | High | 128 | x | x | x | ||
AES256-GCM-SHA384 | 0x009D | TLS_RSA_WITH_AES_256_GCM_SHA384 | High | 256 | 6.5.10.6 | 6.6.5.13 | x | x | x |
TLS_AES_256_GCM_SHA384 | 0x1302 | TLS_AES_256_GCM_SHA384 | High | 256 |
|
x | |||
TLS_CHACHA20_POLY1305_SHA256 | 0x1303 | TLS_CHACHA20_POLY1305_SHA256 | High | 256 |
|
x | |||
TLS_AES_128_GCM_SHA256 | 0x1301 | TLS_AES_128_GCM_SHA256 | High | 128 |
|
x | |||
TLS_AES_128_CCM_8_SHA256 | 0x1305 | TLS_AES_128_CCM_8_SHA256 | High | 128 |
|
x | |||
TLS_AES_128_CCM_SHA256 | 0x1304 | TLS_AES_128_CCM_SHA256 | High | 128 |
|
x | |||
The appliance supports HTTPS interception in forward proxy mode when sites use the following DHE-DSS ciphers. These ciphers are available in upstream connections in forward proxy mode: | |||||||||
DHE-DSS-AES128-SHA | 0x0032 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA | Medium | 128 | x | x | x | x | x |
DHE-DSS-AES128-SHA256 | 0x0040 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | Medium | 128 | x | x | x | x | x |
DHE-DSS-AES256-SHA | 0x0038 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA | High | 256 | x | x | x | x | x |
DHE-DSS-AES256-SHA256 | 0x006A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | High | 256 | x | x | x | x | x |
DHE-DSS-DES-CBC-SHA | 0x0012 | TLS_DHE_DSS_WITH_DES_CBC_SHA | Low | 56 | x | x | x | x | |
DHE-DSS-DES-CBC3-SHA | 0x0013 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | Medium | 168 | x | x | x | x | x |
EXP-DHE-DSS-DES-CBC-SHA | 0x0011 | TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | Export | 40 | x | x | x | x | |
DHE-DSS-AES256-GCM-SHA384 | 0x00A3 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA384 | High | 256 | 6.6.5.13 |
x | x | x | |
DHE-DSS-AES128-GCM-SHA256 | 0x00A2 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | Medium | 128 | 6.6.5.13 |
x | x | x | |
DHE-RSA-AES128-GCM-SHA256 | 0x009E | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | High | 128 | 6.5.10.6 | 6.6.5.13 |
x | x | x |
DHE-RSA-AES256-GCM-SHA384 | 0x009F | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | High | 256 | 6.5.10.6 | 6.6.5.13 |
x | x | x |
The appliance supports HTTPS interception in forward proxy mode when sites use the following ECDHE ciphers. The following variants of ECDHE-RSA are available in upstream connections in forward proxy mode: | |||||||||
ECDHE-RSA-AES128-SHA | 0xC013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | High | 128 | 6.5.6.1 |
Also in reverse proxy mode. |
x | x | x |
ECDHE-RSA-AES256-SHA | 0xC014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | High | 256 | 6.5.6.1 |
Also in reverse proxy mode. |
x | x | x |
ECDHE-RSA-AES128-SHA256 | 0xC027 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | High | 128 | 6.5.6.1 |
6.6.5.13 Also in reverse proxy mode. |
x | x | x |
ECDHE-RSA-AES128-GCM-SHA256 | 0xC02F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | High | 128 | 6.5.6.1 |
6.6.5.13 Also in reverse proxy mode. |
x | x | x |
ECDHE-RSA-RC4-SHA | 0xC011 | TLS_ECDHE_RSA_WITH_RC4_128_SHA | High | 256 | 6.5.6.1 |
6.6.5.13 Also in reverse proxy mode. |
x | x | x |
The appliance supports HTTPS interception in forward proxy mode when sites use the following ECDHE ciphers. The following variants of ECDHE-DSA are available in upstream connections in forward proxy mode: | |||||||||
ECDHE-ECDSA-AES128-SHA256 | 0xC023 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | High | 128 | 6.5.7.1 |
x | x | x | x |
ECDHE-ECDSA-AES128-GCM-SHA256 | 0xC02B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | High | 128 | 6.5.7.1 |
6.6.5.13 |
x | x | x |
ECDHE-ECDSA-RC4-SHA | 0xC007 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | High | 128 | 6.5.7.1 |
x | x | x | x |
ECDHE-ECDSA-AES128-SHA | 0xC009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | High | 128 | 6.5.7.1 |
x | x | x | x |
ECDHE-ECDSA-AES256-SHA | 0xC00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | High | 256 | 6.5.7.1 | x | x | x | x |
The appliance supports HTTPS interception in forward proxy mode when sites use the following SHA384 ciphers. The following variants of ECDHE-ECDSA are available in upstream connections in forward proxy mode: | |||||||||
ECDHE-ECDSA-AES256-SHA384 | 0xC024 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | High | 256 | 6.5.10.6 | 6.6.5.13 | x | x | x |
ECDHE-ECDSA-AES256-GCM-SHA384 | 0xC02C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | High | 256 | 6.5.10.6 | 6.6.5.13 | x | x | x |
ECDHE-RSA-AES256-SHA384 | 0xC028 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | High | 256 | 6.5.10.6 | 6.6.5.13 | x | x | x |
ECDHE-RSA-AES256-GCM-SHA384 | 0xC030 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | High | 256 | 6.5.10.6 | 6.6.5.13 | x | x | x |