Cipher Suites
The Multicloud Defense Gateway supports a set of default and user-selectable cipher suites. The default set are PFS cipher suites that are always selected. The user-selectable set are Diffie-Hellman and PKCS (RSA) cipher suites that can be selected by the user. The combined set of cipher suites (default and user-selected) are used by the gateway for establishing a secure front-end encrypted session. The client will send an ordered list of preferred cipher suites. The gateway will respond with a cipher suite chosen from the ordered set submitted by the client and the set available by the gateway. If the client allows the server to define the order, then the cpher suite chosen is from the ordered set available by the gateway and the set submitted by the client.
The following is an ordered list of cipher suites supported by the gateway and available in a decryption profile:
Category |
Cipher Suite |
Key Exchange |
Cipher |
Hash |
Default |
---|---|---|---|---|---|
PFS |
ECDHE-RSA-AES256-GCM-SHA384 |
ECDHE-RSA |
AES256-GCM |
SHA384 |
✅ |
PFS |
ECDHE-RSA-AES256-CBC-SHA384 |
ECDHE-RSA |
AES256-CBC |
SHA384 |
✅ |
Diffie-Hellman |
DH-RSA-AES256-GCM-SHA384 |
DH-RSA |
AES256-GCM |
SHA384 |
|
PFS |
DHE-RSA-AES256-GCM-SHA384 |
DHE-RSA |
AES256-GCM |
SHA384 |
✅ |
PFS |
DHE-RSA-AES256-CBC-SHA256 |
DHE-RSA |
AES256-CBC |
SHA384 |
✅ |
PFS |
DHE-RSA-AES256-CBC-SHA |
DHE-RSA |
AES256-CBC |
SHA |
✅ |
Diffie-Hellman |
DH-RSA-AES256-SHA256 |
DH-RSA |
AES256-CBC |
SHA256 |
|
Diffie-Hellman |
DH-RSA-AES256-SHA |
DH-RSA |
AES256-CBC |
SHA160 |
|
PKCS (RSA) |
AES256-GCM-SHA384 |
PKCS-RSA |
AES256-GCM |
SHA384 |
|
PKCS (RSA) |
AES256-SHA256 |
PKCS-RSA |
AES256-CBC |
SHA256 |
|
PKCS (RSA) |
AES256-SHA |
PKCS-RSA |
AES256-CBC |
SHA160 |
|
PFS |
ECDHE-RSA-AES128-GCM-SHA256 |
ECDHE-RSA |
AES128-GCM |
SHA256 |
✅ |
PFS |
ECDHE-RSA-AES128-CBC-SHA256 |
ECDHE-RSA |
AES128-CBC |
SHA256 |
✅ |
Diffie-Hellman |
DH-RSA-AES128-GCM-SHA256 |
DH-RSA |
AES128-GCM |
SHA256 |
|
PFS |
DHE-RSA-AES128-GCM-SHA256 |
DHE-RSA |
AES128-GCM |
SHA256 |
✅ |
PFS |
DHE-RSA-AES128-CBC-SHA256 |
DHE-RSA |
AES128-CBC |
SHA256 |
✅ |
Diffie-Hellman |
DH-RSA-AES128-SHA256 |
DH-RSA |
AES128-CBC |
SHA256 |
|
Diffie-Hellman |
DH-RSA-AES128-SHA |
DH-RSA |
AES128-CBC |
SHA160 |
|
PKCS (RSA) |
AES128-GCM-SHA256 |
PKCS-RSA |
AES128-GCM |
SHA256 |
|
PKCS (RSA) |
AES128-SHA256 |
PKCS-RSA |
AES128-CBC |
SHA256 |
|
PKCS (RSA) |
AES128-SHA |
PKCS-RSA |
AES128-CBC |
SHA160 |
|
PFS |
ECDHE-RSA-DES-CBC3-SHA |
ECDHE-RSA |
DES-CBC3 |
SHA |
✅ |
PFS |
ECDHE-RSA-RC4-SHA |
ECDHE-RSA |
RC4 |
SHA |
✅ |
PKCS (RSA) |
RC4-SHA |
PKCS-RSA |
RC4 |
SHA160 |
|
PKCS (RSA) |
RC4-MD5 |
PKCS-RSA |
RC4 |
SHA160 |