The SSL Visibility Appliances support a broad list of options for ciphers, HMACS, Host Key Algorithms, Key Exchange Algorithms, and Public Key Auth Accepted Algorithms.

SSL Visibility allows the following ciphers:

• chacha20-poly1305@openssh.com
• aes128-gcm@openssh.com
• aes256-gcm@openssh.com
• aes128-ctr
• aes192-ctr
• aes256-ctr

The following HMACS are supported on the SSL Visibility:

• hmac-sha2-256-etm@openssh.com
• hmac-sha2-512-etm@openssh.com
• hmac-sha2-256 hmac-sha2-512
• hmac-sha1-etm@openssh.com
• hmac-sha1

SSL Visibility supports these Host Key Algorithms:

• ssh-ed25519
• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• rsa-sha2-512 rsa-sha2-256
• ssh-rsa

The Key Exchange Algorithms support on SSL Visibility are:

• curve25519-sha256
• curve25519-sha256@libssh.org
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521
• diffie-hellman-group-exchange-sha256
• diffie-hellman-group14-sha256
• diffie-hellman-group16-sha512
• diffie-hellman-group18-sha512
• diffie-hellman-group14-sha

The Public Key Auth Accepted Algorithms the SSL Visibility accepts are:

• ssh-ed25519
• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• rsa-sha2-512
• rsa-sha2-256
• ssh-rsa

Over time, some ciphers, HMACs, Host Key Algorithms, Key Exchange Algorithms, and Public Key Auth Accepted Algorithms may become deprecated.  In this case you may want to remove them from the options SSL Visibility software supports.  This can be done and is documented in the following Knowledge Base Article.

Disabling ciphers