DOCSLIB.ORG

K97098157: SSL Ciphers Supported on BIG-IP Platforms (14.X)

K97098157: SSL Ciphers Supported on BIG-IP Platforms (14.X)

K97098157: SSL ciphers supported on BIG-IP platforms (14.x) Non-Diagnostic Original Publication Date: Aug 10, 2018 Update Date: Feb 13, 2021 Topic This article applies to the SSL stack used by the Traffic Management Microkernel (TMM). Description This article applies to BIG-IP 14.x. For information about other versions, refer to the following articles: K86554600: SSL ciphers supported on BIG-IP platforms (15.x) K13163: SSL ciphers supported on BIG-IP platforms (11.x - 13.x) K11444: SSL ciphers supported on BIG-IP platforms (10.x) SSL profiles support cipher suites that are optimized to offload processor-intensive public key encryption to a hardware accelerator. The BIG-IP system supports ciphers that address most SSL connections. However, not all cipher suites are hardware accelerated. When using a cipher that is not supported by the hardware accelerator, the system performs the public key encryption operation in software, resulting in higher CPU utilization on the BIG-IP system. For more information about the hardware accelerated cipher suites used on various platforms, refer to K13213: SSL algorithms that are hardware accelerated (11.x - 15.x). To view the current cipher list for the specific version and hotfix level that your system is running, run the following command from the command line: tmm --clientciphers ALL:EXPORT:SSLv2:SSLv3:NULL Note: TLS 1.3 handles the key exchange and authentication algorithms separately and are no longer defined in the cipher suite. For BIG-IP TLS 1.3 support, refer to K10251520: BIG-IP support for TLS 1.3. Supported ciphers The SSL ciphers that BIG-IP systems support vary across BIG-IP versions. The following table lists the SSL ciphers supported by the BIG-IP system's SSL stack in BIG-IP 14.1.0.1 through 14.1.2.7. Key Cipher suite (hex value) Bits Protocols Authentication Cipher exchange ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE RSA AES-GCM (0xc02f) TLS1, TLS1.1, TLS1. ECDHE-RSA-AES128-CBC-SHA (0xc013) 128 2 ECDHE RSA AES ECDHE-RSA-AES128-SHA256 (0xc027) 128 TLS1.2 ECDHE RSA AES ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE RSA AES-GCM (0xc030) TLS1, TLS1.1, TLS1. ECDHE-RSA-AES256-CBC-SHA (0xc014) 256 ECDHE RSA AES 2 ECDHE-RSA-AES256-SHA384 (0xc028) 256 TLS1.2 ECDHE RSA AES ECDHE-RSA-CHACHA20-POLY1305- CHACHA20- 256 TLS1.2 ECDHE RSA SHA256 (0xcca8) POLY1305 ECDH-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDH RSA AES-GCM (0xc031) ECDH-RSA-AES128-SHA256 (0xc029) 128 TLS1.2 ECDH RSA AES TLS1, TLS1.1, TLS1. ECDH-RSA-AES128-SHA (0xc00e) 128 ECDH RSA AES 2 ECDH-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDH RSA AES-GCM (0xc032) ECDH-RSA-AES256-SHA384 (0xc02a) 256 TLS1.2 ECDH RSA AES TLS1, TLS1.1, TLS1. ECDH-RSA-AES256-SHA (0xc00f) 256 ECDH RSA AES 2 AES128-GCM-SHA256 (0x9c) 128 TLS1.2 RSA RSA AES-GCM TLS1, TLS1.1, TLS1. AES128-SHA (0x2f) 128 RSA RSA AES 2, DTLS1 AES128-SHA256 (0x3c) 128 TLS1.2 RSA RSA AES AES256-GCM-SHA384 (0x9d) 256 TLS1.2 RSA RSA AES-GCM TLS1, TLS1.1, TLS1. AES256-SHA (0x35) 256 RSA RSA AES 2, DTLS1 AES256-SHA256 (0x3d) 256 TLS1.2 RSA RSA AES TLS1, TLS1.1, TLS1. CAMELLIA128-SHA (0x41) 128 RSA RSA CAMELLIA 2 TLS1, TLS1.1, TLS1. CAMELLIA256-SHA (0x84) 256 RSA RSA CAMELLIA 2 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE ECDSA AES-GCM (0xc02b) TLS1, TLS1.1, TLS1. ECDHE-ECDSA-AES128-SHA (0xc009) 128 ECDHE ECDSA AES 2 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 ECDHE ECDSA AES (0xc023) ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE ECDSA AES-GCM (0xc02c) TLS1, TLS1.1, TLS1. ECDHE-ECDSA-AES256-SHA (0xc00a) 256 ECDHE ECDSA AES 2 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 ECDHE ECDSA AES (0xc024) ECDHE-ECDSA-CHACHA20-POLY1305- CHACHA20- 256 TLS1.2 ECDHE ECDSA SHA256 (0xcca9) POLY1305 ECDH-ECDSA-AES128-GCM-SHA256 128 TLS1.2 ECDH ECDSA AES-GCM (0xc02d) TLS1, TLS1.1, TLS1. ECDH-ECDSA-AES128-SHA (0xc004) 128 ECDH ECDSA AES 2 ECDH-ECDSA-AES128-SHA256 (0xc025) 128 TLS1.2 ECDH ECDSA AES ECDH-ECDSA-AES256-GCM-SHA384 256 TLS1.2 ECDH ECDSA AES-GCM (0xc02e) TLS1, TLS1.1, TLS1. ECDH-ECDSA-AES256-SHA (0xc005) 256 ECDH ECDSA AES 2 ECDH-ECDSA-AES256-SHA384 (0xc026) 256 TLS1.2 ECDH ECDSA AES DHE-RSA-AES128-GCM-SHA256 (0x9e) 128 TLS1.2 EDH RSA AES-GCM TLS1, TLS1.1, TLS1. DHE-RSA-AES128-SHA (0x33) 128 EDH RSA AES 2, DTLS1 DHE-RSA-AES128-SHA256 (0x67) 128 TLS1.2 EDH RSA AES DHE-RSA-AES256-GCM-SHA384 (0x9f) 256 TLS1.2 EDH RSA AES-GCM TLS1, TLS1.1, TLS1. DHE-RSA-AES256-SHA (0x39) 256 EDH RSA AES 2, DTLS1 DHE-RSA-AES256-SHA256 (0x6b) 256 TLS1.2 EDH RSA AES TLS1, TLS1.1, TLS1. DHE-RSA-CAMELLIA128-SHA (0x45) 128 EDH RSA CAMELLIA 2 TLS1, TLS1.1, TLS1. DHE-RSA-CAMELLIA256-SHA (0x88) 256 EDH RSA CAMELLIA 2 DHE-DSS-AES128-GCM-SHA256 (0xa2) 128 TLS1.2 DHE DSS AES-GCM TLS1, TLS1.1, TLS1. DHE-DSS-AES128-SHA (0x32) 128 DHE DSS AES 2, DTLS1 DHE-DSS-AES128-SHA256 (0x40) 128 TLS1.2 DHE DSS AES DHE-DSS-AES256-GCM-SHA384 (0xa3) 256 TLS1.2 DHE DSS AES-GCM TLS1, TLS1.1, TLS1. DHE-DSS-AES256-SHA (0x38) 256 DHE DSS AES 2, DTLS1 DHE-DSS-AES256-SHA256 (0x6a) 256 TLS1.2 DHE DSS AES TLS1, TLS1.1, TLS1. DHE-DSS-CAMELLIA128-SHA (0x44) 128 DHE DSS CAMELLIA 2 TLS1, TLS1.1, TLS1. DHE-DSS-CAMELLIA256-SHA (0x87) 256 DHE DSS CAMELLIA 2 ADH-AES128-GCM-SHA256 (0xa6) 128 TLS1.2 ADH None AES-GCM ADH-AES128-SHA (0x34) 128 TLS1 ADH None AES ADH-AES256-GCM-SHA384 (0xa7) 256 TLS1.2 ADH None AES-GCM ADH-AES256-SHA (0x3a) 256 TLS1 ADH None AES TLS1, TLS1.1, TLS1. ECDHE-RSA-DES-CBC3-SHA (0xc012) 168 ECDHE RSA DES 2 TLS1, TLS1.1, TLS1. ECDH-RSA-DES-CBC3-SHA (0xc00d) 168 ECDH RSA DES 2 TLS1, TLS1.1, TLS1. DES-CBC3-SHA (0xa) 168 RSA RSA DES 2, DTLS1 TLS1, TLS1.1, TLS1. ECDHE-ECDSA-DES-CBC3-SHA (0xc008) 168 ECDHE ECDSA DES 2 TLS1, TLS1.1, TLS1. ECDH-ECDSA-DES-CBC3-SHA (0xc003) 168 ECDH ECDSA DES 2 TLS1, TLS1.1, TLS1. DHE-RSA-DES-CBC3-SHA (0x16) 168 EDH RSA DES 2, DTLS1 ADH-DES-CBC3-SHA (0x1b) 168 TLS1 ADH None DES TLS1, TLS1.1, TLS1. DHE-RSA-DES-CBC-SHA (0x15) 64 EDH RSA DES 2, DTLS1 DES-CBC-SHA (0x9) 64 TLS1, TLS1.1, DTLS1 RSA RSA DES ADH-DES-CBC-SHA (0x1a) 64 TLS1 ADH None DES TLS1, TLS1.1, TLS1. RC4-SHA (0x5) 128 RSA RSA RC4 2 TLS1, TLS1.1, TLS1. RC4-MD5 (0x4) 128 RSA RSA RC4 2 ADH-RC4-MD5 (0x18) 128 TLS1 RSA RSA RC4 TLS13-AES128-GCM-SHA256 (0x1301) 128 TLS1.3 N/A N/A AES-GCM TLS13-AES256-GCM-SHA384 (0x1302) 256 TLS1.3 N/A N/A AES-GCM TLS13-CHACHA20-POLY1305-SHA256 CHACHA20- 256 TLS1.3 N/A N/A (0x1303) POLY1305 #EXP1024-DES-CBC-SHA (0x62) 56 TLS1, SSL3, DTLS1 RSA RSA DES #EXP-DES-CBC-SHA (0x8) 40 TLS1, SSL3, DTLS1 RSA RSA DES #EXP1024-RC4-SHA (0x64) 56 TLS1, SSL3 RSA RSA RC4 #EXP-RC4-MD5 (0x3) 40 TLS1, SSL3 RSA RSA RC4 #AES128-SHA (0x2f) 128 SSL3 RSA RSA AES #AES256-SHA (0x35) 256 SSL3 RSA RSA AES #DHE-RSA-AES128-SHA (0x33) 128 SSL3 EDH RSA AES #DHE-RSA-AES256-SHA (0x39) 256 SSL3 EDH RSA AES #DHE-DSS-AES128-SHA (0x32) 128 SSL3 DHE DSS AES #DHE-DSS-AES256-SHA (0x38) 256 SSL3 DHE DSS AES #ADH-AES128-SHA (0x34) 128 SSL3 ADH None AES #ADH-AES256-SHA (0x3a) 256 SSL3 ADH None AES #DES-CBC3-SHA (0xa) 168 SSL3 RSA RSA DES #DHE-RSA-DES-CBC3-SHA (0x16) 168 SSL3 EDH RSA DES #ADH-DES-CBC3-SHA (0x1b) 168 SSL3 ADH None DES #DHE-RSA-DES-CBC-SHA (0x15) 64 SSL3 EDH RSA DES #DES-CBC-SHA (0x9) 64 SSL3 RSA RSA DES #ADH-DES-CBC-SHA (0x1a) 64 SSL3 ADH None DES #RC4-SHA (0x5) 128 SSL3 RSA RSA RC4 #RC4-MD5 (0x4) 128 SSL3 RSA RSA RC4 #ADH-RC4-MD5 (0x18) 128 SSL3 ADH None RC4 TLS1.2, TLS1.1, #NULL-SHA (0x2) 0 RSA RSA NULL TLS1, SSL3 TLS1.2, TLS1.1, #NULL-MD5 (0x1) 0 RSA RSA NULL TLS1, SSL3 # Note: These ciphers require explicit enabling. BIG-IP 14.1.0 The following table lists the SSL ciphers supported by the BIG-IP system's SSL stack in BIG-IP 14.1.0. Key Cipher suite (hex value) Bits Protocols Authentication Cipher exchange ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE RSA AES-GCM (0xc02f) TLS1, TLS1.1, TLS1. ECDHE-RSA-AES128-CBC-SHA (0xc013) 128 ECDHE RSA AES 2 ECDHE-RSA-AES128-SHA256 (0xc027) 128 TLS1.2 ECDHE RSA AES ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE RSA AES-GCM (0xc030) TLS1, TLS1.1, TLS1. ECDHE-RSA-AES256-CBC-SHA (0xc014) 256 ECDHE RSA AES 2 ECDHE-RSA-AES256-SHA384 (0xc028) 256 TLS1.2 ECDHE RSA AES ECDHE-RSA-CHACHA20-POLY1305- CHACHA20- 256 TLS1.2 ECDHE RSA SHA256 (0xcca8) POLY1305 ECDH-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDH RSA AES-GCM (0xc031) ECDH-RSA-AES128-SHA256 (0xc029) 128 TLS1.2 ECDH RSA AES TLS1, TLS1.1, TLS1. ECDH-RSA-AES128-SHA (0xc00e) 128 ECDH RSA AES 2 ECDH-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDH RSA AES-GCM (0xc032) ECDH-RSA-AES256-SHA384 (0xc02a) 256 TLS1.2 ECDH RSA AES TLS1, TLS1.1, TLS1.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    12 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us