Which ciphers are used with TLS 1.2 in ITMS 8.x?
search cancel

Which ciphers are used with TLS 1.2 in ITMS 8.x?

book

Article ID: 150696

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Question:

What Cipher Suites are used with TLS 1.2 in ITMS 8.x? 

ITMS 8.0 seems to be using: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256

Environment

ITMS 8.x

Resolution

Response:

The cipher usage depends on the Windows OS version, the later version the more sophisticated algorithms are available.

SMA (Symantec Management Agent) does not select the algorithm set and does not restrict the algorithm's usage, we’re relying on SCHANNEL to select the algorithm, then the client and server negotiate on the algorithm during the SSL handshake. If an algorithm is disabled in the OS then it will not be used by ITMS. You can use IISCrypto (https://www.nartac.com/Products/IISCrypto) to disable or enable the algorithms in the OS or modify the registry where it is configured directly as shown here:

Enabling TLS 1.2 for the ITMS Management Platform Environment

An example of the Windows 10 cipher suites enabled by default and their specified priority by Microsoft's Schannel Provider is shown in:

https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-10-v1903