This section contains the following topics:
Open Format Cookie Encryption Algorithms
Digital Signing and Private Key Algorithms
Back Channel Communication Algorithms
Backend Communication Algorithms (SPS Server)
Java SDK Encryption Algorithms
Federation System Crypto Algorithm
Internal Key Encryption Algorithms
SSL Key Algorithms for the Apache Web Server and Administrative UI
The open format cookie supports the following options for password-based encryptions:
PBE/SHA1/AES/CBC/PKCS12PBE-1000-128
PBE/SHA1/AES/CBC/PKCS12PBE-1000-192
PBE/SHA1/AES/CBC/PKCS12PBE-1000-256
PBE/SHA256/AES/CBC/PKCS12PBE-1000-128
PBE/SHA256/AES/CBC/PKCS12PBE-1000-192
PBE/SHA256/AES/CBC/PKCS12PBE-1000-256
PBE/SHA1/3DES_EDE/CBC/PKCS12PBE-1000-3
PBE/SHA256/3DES_EDE/CBC/PKCS12PBE-1000-3
AES128/CBC/PKCS5Padding
AES192/CBC/PKCS5Padding
AES256/CBC/PKCS5Padding
3DES_EDE/CBC/PKCS5Padding
CA SiteMinder® Federation Standalone uses the following algorithms for partnership signing options.
RSA-V15, RSA-OEAP
3DES, AES-128, AES-256
CA SiteMinder® Federation Standalone uses the following algorithms for Private Key generation (Certificate/Keys):
RSA
MD5withRSA, SHA1withRSA, SHA256withRSA & SHA512withRSA
For back channel communication used for HTTP-Artifact single sign-on and SAML 2.0 Single Logout, CA SiteMinder® Federation Standalone supports the following ciphers, depending upon FipsMode:
RSA_With_RC4_SHA
RSA_With_RC4_MD5
RSA_With_AES_128_CBC_SHA
RSA_With_AES_256_CBC_SHA
RSA_With_AES_128_CBC_SHA
RSA_With_AES_256_CBC_SHA
For Backend Communication (SPS-backend server), following ciphers are being supported depending upon FipsMode of the setup. These are defined in <fedroot>\secure-proxy\proxy-engine\conf\server.conf.
ciphers="-RSA_With_Null_SHA,+RSA_With_Null_MD5,-RSA_With_RC4_SHA,+RSA_With_RC4_MD5,+RSA_With_RC2_CBC_MD5,+RSA_With_DES_CBC_SHA,+RSA_With_DES_CBC_MD5,+RSA_With_3DES_EDE_CBC_MD5,+RSA_Export_With_RC4_40_MD5,-RSA_Export_With_DES_40_CBC_SHA,+RSA_Export_With_RC2_40_CBC_MD5,-DH_RSA_With_DES_CBC_SHA,-DH_RSA_With_3DES_EDE_CBC_SHA,-DH_RSA_Export_With_DES_40_CBC_SHA,-DH_DSS_With_DES_CBC_SHA,-DH_DSS_Export_With_DES_40_CBC_SHA,-DH_Anon_With_RC4_MD5,-DH_Anon_With_DES_CBC_SHA,-DH_Anon_With_3DES_EDE_CBC_SHA,-DH_Anon_Export_With_DES_40_CBC_SHA,-DH_Anon_Export_With_RC4_40_MD5,-DHE_RSA_With_DES_CBC_SHA,-DHE_RSA_Export_With_DES_40_CBC_SHA,-DHE_DSS_With_DES_CBC_SHA,-DHE_DSS_Export_With_DES_40_CBC_SHA,-Null_With_Null_Null"
fipsciphers="+DHE_DSS_With_AES_256_CBC_SHA, +DHE_RSA_With_AES_256_CBC_SHA, +RSA_With_AES_256_CBC_SHA, +DH_DSS_With_AES_256_CBC_SHA, +DH_RSA_With_AES_256_CBC_SHA, +DHE_DSS_With_AES_128_CBC_SHA, +DHE_RSA_With_AES_128_CBC_SHA, +RSA_With_AES_128_CBC_SHA, +DH_DSS_With_AES_128_CBC_SHA, +DH_RSA_With_AES_128_CBC_SHA, +DHE_DSS_With_3DES_EDE_CBC_SHA, +DHE_RSA_With_3DES_EDE
The CA SiteMinder® Federation Standalone Java SDK supports the following encryption algorithms:
"AES/CBC/PKCS5Padding"
"PBE/SHA1/AES/CBC/PKCS12PBE-5-128"
AES_128
CA SiteMinder® Federation Standalone uses the following internal key encryption/decryption algorithms, depending on the FIPS mode of operation:
AES_128
RC2
CA SiteMinder® Federation Standalone uses the following algorithms for the embedded Apache web server SSL communication:
SHA1withRSA
DES-EDE3-CBC
CA SiteMinder® Federation Standalone uses the following algorithm for SSL communication to the Administrative UI:
aes-128-cbc
|
Copyright © 2014 CA.
All rights reserved.
|
|