What TLS ciphers does the WSS Agent use connecting to Cloud SWG?

What encryption type does the WSS Agent use connecting to Cloud SWG?

What are the WSS agent security settings when connecting to Cloud SWG?

WSS Agent.

Windows or MacOS host.

With default Windows environments, we typically select the strongest cipher suite advertised by the agent host and typically see 

• Transport Layer Security (TLS) for the communication channel
• RSA for authentication
• Diffie-Hellman Ephemeral (DHE) for the key exchange
• Advanced Encryption Standard with 256bit key in Cipher Block Chaining mode (AES 256 CBC) for encryption
• Secure Hash Algorithm 1 (SHA) for hashing

This corresponds to the TLS_DHE_RSA_WITH_AES_256_CBC_SHA Cipher Suite. If the client advertises less secure cipher sets, the server may respond with a different setting but still using the most secure of the advertised ciphers.

A PCAP can be obtained from the agent host, where the UDP 443 protocol must be decoded as OpenVPN. Once done, the messages will be decoded as OpenVPN and the TLS handshake visible.