The following table lists cipher suites that are shipped with the appliance for a specific version of SGOS.
For additional information, refer to the "Managing X.509 Certificates" chapter in the SGOS Administration Guide.
Notes:
Cipher Name on the Appliance | Hex Value | IANA Name | Strength | Key Size in Bits |
Shipped with Versions | |
---|---|---|---|---|---|---|
AES128-SHA256 | 0x003C | TLS_RSA_WITH_AES_128_CBC_SHA256 | High | 128 | 6.5 to 7.x | |
AES256-SHA256 | 0x003D | TLS_RSA_WITH_AES_256_CBC_SHA256 | High | 256 | 6.6 to 7.x | |
AES128-SHA | 0x002F | TLS_RSA_WITH_AES_128_CBC_SHA | Medium | 128 | 6.5 to 7.x | |
AES256-SHA | 0x0035 | TLS_RSA_WITH_AES_256_CBC_SHA | High | 256 | 6.5 to 7.x | |
DHE-RSA-AES128-SHA | 0x0033 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | High | 128 | 6.5 to 7.x | |
DHE-RSA-AES256-SHA | 0x0039 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | High | 256 | 6.5 to 7.x | |
DES-CBC3-SHA | 0x000A | TLS_RSA_WITH_3DES_EDE_CBC_SHA | High | 168 | 6.5 to 7.x | |
RC4-SHA | 0x0005 | TLS_RSA_WITH_RC4_128_SHA | Medium | 128 | 6.5 to 7.x | |
RC4-MD5 | 0x0004 | TLS_RSA_WITH_RC4_128_MD5 | Medium | 128 | 6.5 to 7.x | |
DES-CBC-SHA | 0x0009 | TLS_RSA_WITH_DES_CBC_SHA | Low | 56 | 6.5 to 7.1 | |
EXP-DES-CBC-SHA | 0x0008 | TLS_RSA_EXPORT_WITH_DES40_CBC_SHA | Export | 40 | 6.5 to 7.1 | |
EXP-RC4-MD5 | 0x0003 | TLS_RSA_EXPORT_WITH_RC4_40_MD5 | Export | 40 | 6.5 to 7.1 | |
EXP-RC2-CBC-MD5 | 0x0006 | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | Export | 40 | 6.5 to 7.1 | |
AES128-GCM-SHA256 | 0x009C | TLS_RSA_WITH_AES_128_GCM_SHA256 | High | 128 | 6.7 to 7.x | |
AES256-GCM-SHA384 | 0x009D | TLS_RSA_WITH_AES_256_GCM_SHA384 | High | 256 |
6.5.10.6+, 6.6.5.13+, |
|
TLS_AES_256_GCM_SHA384 | 0x1302 | TLS_AES_256_GCM_SHA384 | High | 256 | 7.2, 7.3 | |
TLS_CHACHA20_POLY1305_SHA256 | 0x1303 | TLS_CHACHA20_POLY1305_SHA256 | High | 256 | 7.2, 7.3 | |
TLS_AES_128_GCM_SHA256 | 0x1301 | TLS_AES_128_GCM_SHA256 | High | 128 | 7.2, 7.3 | |
TLS_AES_128_CCM_8_SHA256 | 0x1305 | TLS_AES_128_CCM_8_SHA256 | High | 128 | 7.2, 7.3 | |
TLS_AES_128_CCM_SHA256 | 0x1304 | TLS_AES_128_CCM_SHA256 | High | 128 | 7.2, 7.3 | |
The appliance supports HTTPS interception in forward proxy mode when sites use the following DHE-DSS ciphers. These ciphers are available in upstream connections in forward proxy mode: | ||||||
DHE-DSS-AES128-SHA | 0x0032 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA | Medium | 128 | 6.5 to 7.x | |
DHE-DSS-AES128-SHA256 | 0x0040 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | Medium | 128 | 6.5 to 7.x | |
DHE-DSS-AES256-SHA | 0x0038 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA | High | 256 | 6.5 to 7.x | |
DHE-DSS-AES256-SHA256 | 0x006A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | High | 256 | 6.5 to 7.x | |
DHE-DSS-DES-CBC-SHA | 0x0012 | TLS_DHE_DSS_WITH_DES_CBC_SHA | Low | 56 | 6.5 to 7.1 | |
DHE-DSS-DES-CBC3-SHA | 0x0013 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | Medium | 168 | 6.5 to 7.1 | |
EXP-DHE-DSS-DES-CBC-SHA | 0x0011 | TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | Export | 40 | 6.5 to 7.x | |
DHE-DSS-AES256-GCM-SHA384 | 0x00A3 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA384 | High | 256 | 6.6.5.13 to 7.x | |
DHE-DSS-AES128-GCM-SHA256 | 0x00A2 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | Medium | 128 | 6.6.5.13 to 7.x | |
DHE-RSA-AES128-GCM-SHA256 | 0x009E | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | High | 128 | 6.5.10.6+, 6.6.5.13+, 6.7 to 7.x |
|
DHE-RSA-AES256-GCM-SHA384 | 0x009F | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | High | 256 | 6.5.10.6+, 6.6.5.13+, 6.7 to 7.x |
|
The appliance supports HTTPS interception in forward proxy mode when sites use the following ECDHE ciphers. The following variants of ECDHE-RSA are available in upstream connections in forward proxy mode: | ||||||
ECDHE-RSA-AES128-SHA | 0xC013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | High | 128 | 6.5.6.1+, 6.6.5.13+ (also in reverse proxy mode), 6.7 to 7.x |
|
ECDHE-RSA-AES256-SHA | 0xC014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | High | 256 | 6.5.6.1+, 6.6.5.13+ (also in reverse proxy mode), 6.7 to 7.x |
|
ECDHE-RSA-AES128-SHA256 | 0xC027 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | High | 128 | 6.5.6.1+, 6.6.5.13+ (also in reverse proxy mode), 6.7 to 7.x |
|
ECDHE-RSA-AES128-GCM-SHA256 | 0xC02F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | High | 128 | 6.5.6.1+, 6.6.5.13+ (also in reverse proxy mode), 6.7 to 7.x |
|
ECDHE-RSA-RC4-SHA | 0xC011 | TLS_ECDHE_RSA_WITH_RC4_128_SHA | High | 256 | 6.5.6.1+, 6.6.5.13+ (also in reverse proxy mode), 6.7 to 7.x |
|
The appliance supports HTTPS interception in forward proxy mode when sites use the following ECDHE ciphers. The following variants of ECDHE-DSA are available in upstream connections in forward proxy mode: | ||||||
ECDHE-ECDSA-AES128-SHA256 | 0xC023 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | High | 128 | 6.5.7.1 to 7.x |
|
ECDHE-ECDSA-AES128-GCM-SHA256 | 0xC02B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | High | 128 | 6.5.7.1+, 6.6.5.13+, 6.7 to 7.x |
|
ECDHE-ECDSA-RC4-SHA | 0xC007 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | High | 128 | 6.5.7.1 to 7.x |
|
ECDHE-ECDSA-AES128-SHA | 0xC009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | High | 128 | 6.5.7.1 to 7.x |
|
ECDHE-ECDSA-AES256-SHA | 0xC00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | High | 256 | 6.5.7.1 to 7.x | |
The appliance supports HTTPS interception in forward proxy mode when sites use the following SHA384 ciphers. The following variants of ECDHE-ECDSA are available in upstream connections in forward proxy mode: | ||||||
ECDHE-ECDSA-AES256-SHA384 | 0xC024 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | High | 256 | 6.5.10.6+, 6.6.5.13+, 6.7 to 7.x |
|
ECDHE-ECDSA-AES256-GCM-SHA384 | 0xC02C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | High | 256 | 6.5.10.6+, 6.6.5.13+, 6.7 to 7.x |
|
ECDHE-RSA-AES256-SHA384 | 0xC028 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | High | 256 | 6.5.10.6+, 6.6.5.13+, 6.7 to 7.x |
|
ECDHE-RSA-AES256-GCM-SHA384 | 0xC030 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | High | 256 | 6.5.10.6+, 6.6.5.13+, 6.7 to 7.x |