000034934 - List of supported cipher suites by the RSA Data Protection Manager clients

Document created by RSA Customer Support Employee on Mar 23, 2017Last modified by RSA Customer Support Employee on Mar 23, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034934
Applies ToRSA Product Set: DPM
RSA Product/Service Type: Data Protection Manager Client (key and token, C / C# and Java )
RSA Version/Condition: All
Resolution

Introduction to TLS handshake...


See a [one-way] TLS handshake as a real handshake between two persons:
  • I tend my hand, you hand out yours, we start shaking: TCP connection established.
  • I say "Bonjour" then "Hi", meaning "I speak French, but I can also speak English": TLS Header Record Version is French and TLS Hello Version is English. Determines the TLS protocol version I can talk; eg. SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2.
  • Along with that I ask the following 5 questions:
    • Salut man, ça va bien?
    • Bonjour, comment allez-vous?
    • Hey mate, howza goin?
    • Hello there, how are you doing?
    • Greeting and salutations fellow compadre, how are you feeling on this wonderful day?
Those are the cipher suites I support. Same language, different slangs / algorithms; eg.: ECDHE-RSA-AES256-GCM-SHA384 or ECDHE-RSA-AES256-SHA384, etc.

  • You then respond with "Greetings and salutations yourself. I am feeling extremely fine today, thank you for asking". This is the TLS Server Hello.
  • With your response above, you told me which slang / cipher you want to use (Fine English), along with the Protocol (English). 
Based on that quick introduction, the tables below will show the default TLS Protocol version from the TLS Header record as well as the maximum protocol version a client support. The protocol selected depends on what the server supports, and the highest protocol version supported by both parties will be used.
Same goes for the Cipher Suites. They are listed below in order of precedence, the most desired ones on top of the list, and the least desired ones at the bottom.
For a [one-way] TLS handshake to complete, both the client and the server must agree on a protocol and cipher suite.
 

 


RSA Key Manager / RSA Data Protection Manager C / C# clients


 
Client versionDefault SSL / TLS version
   in header record
Max version supported
   as per Client Hello
Config parameter to change
   the default TLS version
Cipher Suites
   (when using default TLS versions)
Cipher Suite
   (when enforcing TLS 1.2)
1.5.xTLS 1.0TLS 1.0Not possibleTLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
   TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
   TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
   TLS_RSA_WITH_DES_CBC_SHA (0x0009)
   TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063)
   TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA (0x0065)
   TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
   TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
   TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
   TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
 
2.1.x
   2.2.x
   2.5.0.x
SSL 2.0TLS 1.0Not possibleTLS_RSA_WITH_AES_256_CBC_SHA (0x000035)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x00002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
   TLS_RSA_WITH_DES_CBC_SHA (0x000009)
   TLS_RSA_WITH_RC4_128_SHA (0x000005)
   TLS_RSA_WITH_RC4_128_MD5 (0x000004)
   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000008)
   TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x000003)
 
2.7TLS 1.0TLS 1.0Not possibleTLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
   TLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
 
2.7.1TLS 1.0TLS 1.0Not possibleTLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
   TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
   TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
   TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
   TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
   TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
   TLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
 
3.5
   3.5.1
TLS 1.0TLS 1.0Not possibleTLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
   TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
   TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
   TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
   TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
   TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
   TLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
 
3.5.1.2
   3.5.2
   3.5.2.1
TLS 1.1TLS 1.1In the globalSvc section of
   the configuration file, add
    
   tlsVersion=TLSv12
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
   TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
   TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
   TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
   TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
   TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
   TLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
   TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
   TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
   TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
   TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
   TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

    
3.5.2.4
   3.5.2.5
TLS 1.1TLS 1.1In the globalSvc section of
   the configuration file, add
    
   tlsVersion=TLSv12
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
   TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
   TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
   TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
   TLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
   TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
   TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
   TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
   TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

    


RSA Key Manager / RSA Data Protection Manager Java clients


Client versionDefault SSL / TLS version in header recordMax version supported as per Client HelloConfig parameter to use the highest TLS version supportedCipher Suites
   (when using default TLS versions)
Cipher Suite
   (when enforcing TLS 1.2)
1.5.2.2.2TLS 1.0TLS 1.0Not possibleTLS_RSA_WITH_RC4_128_SHA (0x0005)
   TLS_RSA_WITH_RC4_128_MD5 (0x0004)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Same
2.2.xSSL 2.0TLS 1.0Not possible via config file
   Possible using JVM argument:
   -Dhttps.protocols=TLSv1
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x000033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x000016)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x00002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
   SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
2.5.xSSL 2.0TLS 1.0Not possible via config file
   Possible using JVM argument:
   -Dhttps.protocols=TLSv1
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x000033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x000016)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x00002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
   SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
2.7SSL 3.0TLS 1.2Not possible via config file
   Possible using JVM argument:
   -Dhttps.protocols=TLSv1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Same
2.7.1.xSSL 3.0TLS 1.2Not possible via config file
   Possible using JVM argument:
   -Dhttps.protocols=TLSv1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Same
3.5.1.2TLS 1.1TLS 1.1Not possible via config file.
   Possible using JVM argument:
   -Dhttps.protocols=TLSv1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Same
3.5.2.x
   3.5.2.4.x
TLS 1.1TLS 1.1server.tls_version=TLSv1.2TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

    
Same
    
3.5.2.5TLS 1.1TLS 1.1server.tls_version=TLSv1.2TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
   TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
   TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

    
Same
    

Attachments

    Outcomes