What level of encryption is used by Applications Manager?
Release : 9.3x
Component :CA Automic Applications Manager
Applications Manager passwords are encrypted using AES as described in the last paragraph in the doc link below:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/applications-manager/9-3-5/Administration_Guide/Applications_Manager_Security.html
Login passwords are encrypted using AES (Advanced Encryption Standard also known as Rijndael, which is a block cipher adopted as an encryption standard by the US government) instead of a proprietary algorithm.
Additionally, Applications Manager's processes are a Java process so the Master to Agent connections using an encryption which is decided by Java and Java's java.security file. Please refer to Oracle for more information about the java.security file. Basically when an Agent tries to connect to the master, the java process negotiate which each other and then use the more secure encryption. To better understand this, you will have to enable debug on the Agent and/or Master.
Below is an example snippet from one of the Agent logs at start up. Its shows the Agent sending a handshake to the master, and then the encryption type is logged in bold. To make sure the list of encryptions available to be used is the most secure, you will generally need to make sure Java on both master/agent is the latest compatible version and that any unsecure or unwanted encryptions is disabled via the java.security file:
xx:xx:xx:xxx AgentService: .AgentService: createSocket Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx AgentService: .AgentSocketManager: addRmiSocket Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx AgentService:: .B: Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx AgentService: .AgentSocketManager: sendHandshake Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xx HandshakeCompletedNotify-Thread: .AgentService: using SSL cipher suite: TLS_AES_128_GCM_SHA256
xx:xx:xx:xxx AgentService:: .AgentSocketManager: sendHandshake completed Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx AgentService:: .AgentService: connected to Master Socket[addr=xxxxx,port=xxxx,localport=xxxx]
You can see the encryption above to be listed as TLS_AES_128_GCM_SHA256.