Which cipher is used with TLS 1.2 in ITMS 7.6 HF7 or later?


Article ID: 150696


Updated On:


Management Platform (Formerly known as Notification Server)


What Cipher Suite we are using with TLS 1.2 in ITMS 7.6? 

In ITMS 8.0 seems to be that we use: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256


Do we use the same one in ITMS 7.6?


ITMS 7.6, 8.0



The cipher usage depends on Windows version, the later version the more sophisticated algorithms are available.

SMA (Symantec Management Agent) does not select algorithm set and does not restrict algorithms usage, we’re relying on SCHANNEL to select the algorithm, client and server negotiate on the algorithm during SSL handshake. If some algorithm is disabled on the machine then it will not be used. You can use the same IISCrypto (https://www.nartac.com/Products/IISCrypto) to disable or enable the algorithms on the machine or modify the registry where it all configured directly.

The answer about 7.6 would be – yes, 7.x and 8.x agent most likely select the same algorithm when running on the same client machine and connecting to the same server.

For example with Windows 7, The following cipher suites are enabled and in this priority order by default by the Microsoft Schannel Provider: (LINK)