Previous Topic: Hashing Formats for the DSA Console Password

Next Topic: US Government Standards

Encryption Formats for SSL

To protect communications links, CA Directory can use SSL encryption. The supported encryption techniques are listed below.

Supported Cipher Suites

To list supported cipher suites, use the following console command:

get ciphers

This command lists the cipher suites supported by CA Directory. Each row in the list describes one supported cipher.

For example, the following row in the output describes the DHE-RSA-AES128-SHA cipher suite:

DHE-RSA-AES128-SHA 
SSLv3 
Kx=DH(2048) 
Au=RSA 
Enc=AES(128) 
Mac=SHA1

­

Cipher Suite

­

Protocol

­

Key exchange

­

Authentication

­

Symmetric encryption

­

Hash

Supported Key Exchange Algorithms

The following table lists the key exchange algorithms supported by CA Directory:

Exchange

Description of Algorithm

Key Size Limit

DHE_DSS

Ephemeral DH with DSS signatures

DH = 2048 bits

DHE_DSS_EXPORT

Ephemeral DH with DSS signatures

DH = 512 bits

DHE_RSA

Ephemeral DH with RSA signatures

DH = 2048 bits

DHE_RSA_EXPORT

Ephemeral DH with RSA signatures

DH = 512 bits

DH_anon

Anonymous DH, no signatures

DH = 2048 bits

DH_anon_EXPORT

Anonymous DH, no signatures

DH = 512 bits

DH_DSS

DH with DSS-based certificates

DH = 2048 bits

DH_DSS_EXPORT

DH with DSS-based certificates

DH = 512 bits

DH_RSA

DH with RSA-based certificates

DH = 2048 bits

DH_RSA_EXPORT

DH with RSA-based certificates

DH = 512 bits

RSA

RSA key exchange

RSA = 2048 bits

RSA_EXPORT

RSA key exchange

RSA = 512 bits


Copyright © 2009 CA. All rights reserved. Email CA about this topic