Supported Protocols, Algorithms, and Ciphers for SSL Decrypt
The supported protocols are as follows:
| SSL 3.0 |
| TLS 1.0 |
| TLS 1.1 |
| TLS 1.2 |
The supported authentication (Au) is as follows:
| RSA |
The supported key exchange (Kx) is as follows:
| RSA |
The supported encryption algorithms (Enc) are as follows:
| NULL |
| RC4 |
| DES |
| 3DES |
| AES (including GCM mode) |
| CAMELLIA |
| SEED |
| IDEA |
The supported compression algorithm is as follows:
| NULL |
The supported digest algorithms are as follows:
| MD5 |
| SHA1 |
| SHA2 |
The supported key sizes are 128, 256, 512, 1024, 2048, and 4096.
The supported TLS extensions are as follows:
| Extended Master Secret, RFC 7627 |
| Encrypt-then-MAC, RFC 7366 |
The following table lists the supported ciphers:
|
Cipher Name |
Kx |
Au |
Enc |
Bits |
Mac |
|
TLS_RSA_WITH_NULL_MD5 |
RSA |
RSA |
NULL |
0 |
MD5 |
|
TLS_RSA_WITH_NULL_SHA |
RSA |
RSA |
NULL |
0 |
SHA |
|
TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
RSA_EXPORT |
RSA_EXPORT |
RC4_40 |
40 |
MD5 |
|
TLS_RSA_WITH_RC4_128_MD5 |
RSA |
RSA |
RC4_128 |
128 |
MD5 |
|
TLS_RSA_WITH_RC4_128_SHA |
RSA |
RSA |
RC4_128 |
128 |
SHA |
|
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
RSA_EXPORT |
RSA_EXPORT |
RC2_CBC_40 |
40 |
MD5 |
|
TLS_RSA_WITH_IDEA_CBC_SHA |
RSA |
RSA |
IDEA_CBC |
128 |
SHA |
|
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA |
RSA_EXPORT |
RSA_EXPORT |
DES40_CBC |
40 |
SHA |
|
TLS_RSA_WITH_DES_CBC_SHA |
RSA |
RSA |
DES_CBC |
56 |
SHA |
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA |
RSA |
RSA |
3DES_EDE_CBC |
168 |
SHA |
|
TLS_RSA_WITH_AES_128_CBC_SHA |
RSA |
RSA |
AES_128_CBC |
128 |
SHA |
|
TLS_RSA_WITH_AES_256_CBC_SHA |
RSA |
RSA |
AES_256_CBC |
256 |
SHA |
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
RSA |
RSA |
CAMELLIA_128_CBC |
128 |
SHA |
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
RSA |
RSA |
CAMELLIA_256_CBC |
256 |
SHA |
|
TLS_RSA_WITH_SEED_CBC_SHA |
RSA |
RSA |
SEED_CBC |
128 |
SHA |
|
TLS_RSA_WITH_NULL_SHA256 |
RSA |
RSA |
NULL |
0 |
SHA256 |
|
TLS_RSA_WITH_AES_128_CBC_SHA256 |
RSA |
RSA |
AES_128_CBC |
128 |
SHA256 |
|
TLS_RSA_WITH_AES_256_CBC_SHA256 |
RSA |
RSA |
AES_256_CBC |
256 |
SHA256 |
|
TLS_RSA_WITH_AES_128_GCM_SHA256 |
RSA |
RSA |
AES_128_GCM |
128 |
SHA256 |
|
TLS_RSA_WITH_AES_256_GCM_SHA384 |
RSA |
RSA |
AES_256_GCM |
256 |
SHA384 |
All algorithms used for SSL Decrypt application are FIPS 140-3 compliant.
All key URLs must point to an RSA private key stored in the PEM or PKCS12 format, as follows:
| http://keyserver.domain.com/path/keyfile.pem |
| https://keyserver.domain.com/path/keyfile.pem |
| ftp://keyserver.domain.com/path/keyfile.pem |
| tftp://keyserver.domain.com/path/keyfile.pem |
| scp://username[:password]@keyserver.domain.com/path/keyfile.pem |
The supported applications are as follows:
| HTTPS |
| FTPS |
| SMTP, IMAP, and POP3 with StartTLS |
