Cipher Suites Shipped With the ProxySG and ASG Appliances

Article Id: 170130

Status: Published

Updated On: 07-05-2020 11:26

Legacy Id: TECH247556

Products:

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction:

The following table lists cipher suites that are shipped with the appliance for a specific version of SGOS.

For additional information, refer to the "Managing X.509 Certificates" chapter in the SGOS Administration Guide.

Resolution:

Notes:

In the Strength column, "Export" refers to the 1990s-era cryptography export restrictions that limited key length to 40 bytes. Those restrictions are no longer in force, but the Export strength category remains in OpenSSL. These ciphers are thus supported on the appliance for historical reasons.
In the Shipped with columns, "x" means that the cipher is available in all releases of the specified version.
In the Shipped with columns, a specific release (such as "6.6.5.13") means that the cipher is available starting in that release.

Cipher Name on the Appliance	Hex Value	IANA Name	Strength	Key Size (in bits)	Shipped with 6.5.x	Shipped with 6.6.x	Shipped with 6.7.x	Shipped with 7.1.x	Shipped with 7.2.x
AES128-SHA256	0x003C	TLS_RSA_WITH_AES_128_CBC_SHA256	High	128	x	x	x	x	x
AES256-SHA256	0x003D	TLS_RSA_WITH_AES_256_CBC_SHA256	High	256		x	x	x	x
AES128-SHA	0x002F	TLS_RSA_WITH_AES_128_CBC_SHA	Medium	128	x	x	x	x	x
AES256-SHA	0x0035	TLS_RSA_WITH_AES_256_CBC_SHA	High	256	x	x	x	x	x
DHE-RSA-AES128-SHA	0x0033	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	High	128	x	x	x	x	x
DHE-RSA-AES256-SHA	0x0039	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	High	256	x	x	x	x	x
DES-CBC3-SHA	0x000A	TLS_RSA_WITH_3DES_EDE_CBC_SHA	High	168	x	x	x	x	x
RC4-SHA	0x0005	TLS_RSA_WITH_RC4_128_SHA	Medium	128	x	x	x	x	x
RC4-MD5	0x0004	TLS_RSA_WITH_RC4_128_MD5	Medium	128	x	x	x	x	x
DES-CBC-SHA	0x0009	TLS_RSA_WITH_DES_CBC_SHA	Low	56	x	x	x	x
EXP-DES-CBC-SHA	0x0008	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	Export	40	x	x	x	x
EXP-RC4-MD5	0x0003	TLS_RSA_EXPORT_WITH_RC4_40_MD5	Export	40	x	x	x	x
EXP-RC2-CBC-MD5	0x0006	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	Export	40	x	x	x	x
AES128-GCM-SHA256	0x009C	TLS_RSA_WITH_AES_128_GCM_SHA256	High	128			x	x	x
AES256-GCM-SHA384	0x009D	TLS_RSA_WITH_AES_256_GCM_SHA384	High	256	6.5.10.6	6.6.5.13	x	x	x
TLS_AES_256_GCM_SHA384	0x1302	TLS_AES_256_GCM_SHA384	High	256					x
TLS_CHACHA20_POLY1305_SHA256	0x1303	TLS_CHACHA20_POLY1305_SHA256	High	256					x
TLS_AES_128_GCM_SHA256	0x1301	TLS_AES_128_GCM_SHA256	High	128					x
TLS_AES_128_CCM_8_SHA256	0x1305	TLS_AES_128_CCM_8_SHA256	High	128					x
TLS_AES_128_CCM_SHA256	0x1304	TLS_AES_128_CCM_SHA256	High	128					x
The appliance supports HTTPS interception in forward proxy mode when sites use the following DHE-DSS ciphers. These ciphers are available in upstream connections in forward proxy mode:
DHE-DSS-AES128-SHA	0x0032	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	Medium	128	x	x	x	x	x
DHE-DSS-AES128-SHA256	0x0040	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	Medium	128	x	x	x	x	x
DHE-DSS-AES256-SHA	0x0038	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	High	256	x	x	x	x	x
DHE-DSS-AES256-SHA256	0x006A	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	High	256	x	x	x	x	x
DHE-DSS-DES-CBC-SHA	0x0012	TLS_DHE_DSS_WITH_DES_CBC_SHA	Low	56	x	x	x	x
DHE-DSS-DES-CBC3-SHA	0x0013	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	High	168	x	x	x	x	x
EXP-DHE-DSS-DES-CBC-SHA	0x0011	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	Export	40	x	x	x	x
DHE-DSS-AES256-GCM-SHA384	0x00A3	TLS_DHE_DSS_WITH_AES_128_GCM_SHA384	High	256		6.6.5.13	x	x	x
DHE-DSS-AES128-GCM-SHA256	0x00A2	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256	Medium	128		6.6.5.13	x	x	x
DHE-RSA-AES128-GCM-SHA256	0x009E	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256	High	128	6.5.10.6	6.6.5.13	x	x	x
DHE-RSA-AES256-GCM-SHA384	0x009F	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384	High	256	6.5.10.6	6.6.5.13	x	x	x
The appliance supports HTTPS interception in forward proxy mode when sites use the following ECDHE ciphers. The following variants of ECDHE-RSA are available in upstream connections in forward proxy mode:
ECDHE-RSA-AES128-SHA	0xC013	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	High	128	6.5.6.1	6.6.5.13 Also in reverse proxy mode.	x	x	x
ECDHE-RSA-AES256-SHA	0xC014	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	High	256	6.5.6.1	6.6.5.13 Also in reverse proxy mode.	x	x	x
ECDHE-RSA-AES128-SHA256	0xC027	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	High	128	6.5.6.1	6.6.5.13 Also in reverse proxy mode.	x	x	x
ECDHE-RSA-AES128-GCM-SHA256	0xC02F	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	High	128	6.5.6.1	6.6.5.13 Also in reverse proxy mode.	x	x	x
ECDHE-RSA-RC4-SHA	0xC011	TLS_ECDHE_RSA_WITH_RC4_128_SHA	High	256	6.5.6.1	6.6.5.13 Also in reverse proxy mode.	x	x	x
The appliance supports HTTPS interception in forward proxy mode when sites use the following ECDHE ciphers. The following variants of ECDHE-DSA are available in upstream connections in forward proxy mode:
ECDHE-ECDSA-AES128-SHA256	0xC023	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256	High	128	6.5.7.1	x	x	x	x
ECDHE-ECDSA-AES128-GCM-SHA256	0xC02B	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	High	128	6.5.7.1	6.6.5.13	x	x	x
ECDHE-ECDSA-RC4-SHA	0xC007	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	High	128	6.5.7.1	x	x	x	x
ECDHE-ECDSA-AES128-SHA	0xC009	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	High	128	6.5.7.1	x	x	x	x
ECDHE-ECDSA-AES256-SHA	0xC00A	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	High	256	6.5.7.1	x	x	x	x
The appliance supports HTTPS interception in forward proxy mode when sites use the following SHA384 ciphers. The following variants of ECDHE-ECDSA are available in upstream connections in forward proxy mode:
ECDHE-ECDSA-AES256-SHA384	0xC024	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384	High	256	6.5.10.6	6.6.5.13	x	x	x
ECDHE-ECDSA-AES256-GCM-SHA384	0xC02C	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	High	256	6.5.10.6	6.6.5.13	x	x	x
ECDHE-RSA-AES256-SHA384	0xC028	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	High	256	6.5.10.6	6.6.5.13	x	x	x
ECDHE-RSA-AES256-GCM-SHA384	0xC030	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	High	256	6.5.10.6	6.6.5.13	x	x	x