Which cipher is used with TLS 1.2 in ITMS 7.6 HF7 or later?

book

Article ID: 150696

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

What Cipher Suite we are using with TLS 1.2 in ITMS 7.6? 

In ITMS 8.0 seems to be that we use: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256

 

Do we use the same one in ITMS 7.6?

Environment

ITMS 7.6, 8.0

Resolution

Response:

The cipher usage depends on Windows version, the later version the more sophisticated algorithms are available.

SMA (Symantec Management Agent) does not select algorithm set and does not restrict algorithms usage, we’re relying on SCHANNEL to select the algorithm, client and server negotiate on the algorithm during SSL handshake. If some algorithm is disabled on the machine then it will not be used. You can use the same IISCrypto (https://www.nartac.com/Products/IISCrypto) to disable or enable the algorithms on the machine or modify the registry where it all configured directly.

The answer about 7.6 would be – yes, 7.x and 8.x agent most likely select the same algorithm when running on the same client machine and connecting to the same server.

For example with Windows 7, The following cipher suites are enabled and in this priority order by default by the Microsoft Schannel Provider: (LINK)

Attachments