To protect communications links, CA Directory can use SSL encryption. The supported encryption techniques are listed below.
To list supported cipher suites, use the following console command:
get ciphers
This command lists the cipher suites supported by CA Directory. Each row in the list describes one supported cipher.
For example, the following row in the output describes the DHE-RSA-AES128-SHA cipher suite:
DHE-RSA-AES128-SHA |
SSLv3 |
Kx=DH(2048) |
Au=RSA |
Enc=AES(128) |
Mac=SHA1 |
Cipher Suite |
Protocol |
Key exchange |
Authentication |
Symmetric encryption |
Hash |
The following table lists the key exchange algorithms supported by CA Directory:
Exchange |
Description of Algorithm |
Key Size Limit |
DHE_DSS |
Ephemeral DH with DSS signatures |
DH = 2048 bits |
DHE_DSS_EXPORT |
Ephemeral DH with DSS signatures |
DH = 512 bits |
DHE_RSA |
Ephemeral DH with RSA signatures |
DH = 2048 bits |
DHE_RSA_EXPORT |
Ephemeral DH with RSA signatures |
DH = 512 bits |
DH_anon |
Anonymous DH, no signatures |
DH = 2048 bits |
DH_anon_EXPORT |
Anonymous DH, no signatures |
DH = 512 bits |
DH_DSS |
DH with DSS-based certificates |
DH = 2048 bits |
DH_DSS_EXPORT |
DH with DSS-based certificates |
DH = 512 bits |
DH_RSA |
DH with RSA-based certificates |
DH = 2048 bits |
DH_RSA_EXPORT |
DH with RSA-based certificates |
DH = 512 bits |
RSA |
RSA key exchange |
RSA = 2048 bits |
RSA_EXPORT |
RSA key exchange |
RSA = 512 bits |
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |