000024764 - What level of encryption does ClearTrust use when specifying ANON mode ?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024764
Applies ToClearTrust 5.5.x
RSA Access Manager 6.x
IssueWhat level of encryption does ClearTrust use when specifying ANON mode ?
CauseWhen configuring RSA Access Manager components it is possible to select an encryption type for communication where the options are usually CLEAR, ANON and AUTH.

The default mode for RSA Access Manager (ClearTrust) is "Anonymous SSL".


In this mode, all data exchanged between Access Manager components is encrypted using Secure Sockets Layer (SSL) encryption technology.  Before transmission over the network, the data is encrypted using anonymous SSL. Although the data is encrypted in this mode, neither the client nor the Server is required to present a certificate to authenticate itself.


Anonymous SSL can be used by all interfaces between Access Manager components to secure connections, it uses Diffie-Hellman (D-H) key exchange rather than RSA public/private key exchange which is why it does not make any use of certificates.  Where a man-in-the-middle attack is possible then the stronger level of SSL (AUTH) should be used which uses RSA public/private key technology and requires the creation of keys and certificates.


The particular SSL modes may vary from one component to another, but in all cases RSA Access Manager uses 128-bit encryption for messages sent across the network.


For full details for configuring RSA Access Manager see the appropriate documentation.  Copies are available on RSA SecurCare online:


RSA ClearTrust 5.5.3 Servers Installation and Configuration Guide



RSA Access Manager 6.0 Servers Installation and Configuration Guide



Legacy Article IDa34254