Login
    Contenu x
    SSL Cipher Suites
    • 06 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    SSL Cipher Suites

    • Mis à jour le 06 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    SSL cipher suites can be used with SOAP, RADIUS, and SEAL communicator modules. OneSpan Authentication Server Appliance supports SSL cipher suites defined under the security level labels Very High, High, Medium, and Low.

    SEAL, SOAP and RADIUS/EAP will accept TLSv1 (and later) connections.

    The security levels are applied to the following communication protocols:

    • SOAP
    • SEAL
    • RADIUS (RADIUS / EAP-TTLS and RADIUS / PEAP only)
         
    Table: Cryptographic protocols supported in different cipher suite security levels
    SSL cipher suite security levelCryptographic protocol support
    SSLv3TLSv1TLSv1.1TLSv1.2TLSv1.3
    Very High
    High
    Medium
    Low

    Configuring security levels for SSL cipher suites

    You can configure the SSL cipher suite security level for communicator modules that are enabled with SSL/TLS.

    To configure the SSL cipher suite security level

    1. In the Configuration Tool, select Authentication Server and select the communicator module: SEAL Communicator, SOAP Communicator, or RADIUS Communicator.
    2. Specify the SSL cipher suite security level.
    3. Click Save.

    Blocked cipher suites

    The OneSpan Authentication Server communication interfaces, when configured to use SSL/TLS, will actively block certain cipher suites. All OneSpan Authentication Server components actively block the suites to which the criteria listed below apply. This also includes custom cipher suites, i.e. if the criteria also apply to custom-defined cipher suites, the OneSpan Authentication Server components will also actively block these suites.

    Criteria for cipher suites to be blocked:

    • All cipher suites which do not offer encryption
    • All cipher suites which do not offer authentication
    • All export encryption algorithms
    • Cipher suites defined by OpenSSL as low encryption
    • All cipher suites which use MD5 as hashing algorithm
    • All cipher suites that use pre-shared keys

    Cipher suites in OneSpan Authentication Server Administration Web Interface

    The following cipher suites are accepted by the OneSpan Authentication Server Administration Web Interface:

         
    Table: Cipher suites in Administration Web Interface
    Cipher suiteCryptographic protocol(s)Key exchangeAuthenticationEncryptionMAC algorithm
    TLS_AES_256_GCM_SHA384TLSv1.3anyanyAESGCM(256)AEAD
    TLS_CHACHA20_POLY1305_SHA256TLSv1.3anyanyCHACHA20/ POLY1305(256)AEAD
    TLS_AES_128_GCM_SHA256TLSv1.3anyanyAESGCM(128)AEAD
    ECDHE-RSA-AES256-GCM-SHA384TLSv1.2ECDHRSAAESGCM(256)AEAD
    DHE-RSA-AES256-GCM-SHA384TLSv1.2DHRSAAESGCM(256)AEAD
    ECDHE-RSA-CHACHA20-POLY1305TLSv1.2ECDHRSACHACHA20/ POLY1305(256)AEAD
    DHE-RSA-CHACHA20-POLY1305TLSv1.2DHRSACHACHA20/ POLY1305(256)AEAD
    ECDHE-RSA-AES128-GCM-SHA256TLSv1.2ECDHRSAAESGCM(128)AEAD
    DHE-RSA-AES128-GCM-SHA256TLSv1.2DHRSAAESGCM(128)AEAD
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle