×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
TrueSight Orchestration Platform 8.2 ... Planning Security planning Configuring secure transport protocol and cipher suites for HTTPS

Cipher suites

The following cipher suites are included with  Platform. They are Federal Information Processing Standard (FIPS) compliant and validated with the installed java.security file settings. Unless you define a different set of cipher suites, these are the cipher suites used for the SSL handshake on an SSL connection.

Cipher
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Was this page helpful? Yes No Submitting... Thank you
Last modified by Shweta Hardikar on Mar 06, 2018
https administration security configuration ssl tls secure_protocol cipher_suite

Comments

  1. Greg Michael

    When will this list be updated? 3DES is no longer considered secure enough, and SSL_RSA... and SSL_DHE... are no longer secure. What about the 256-bit and 384-bit ciphers?

    Sep 09, 2019 02:02
    1. Shweta Hardikar

      Hi Greg,

      Thanks for bringing it our notice. I will work with the team to get it updated soon.

      Sep 10, 2019 12:15
      1. Greg Michael

        @Shweta_Hardikar please reference case #00756690 for updates.

        Effectively, only RSA ciphers using RSA, DH_RSA, and DHE_RSA are currently supported. DSA and ECC signed certificates have not been tested. Diffie-Hellman Ephemeral (DHE) and Elliptic-Curve Diffie-Hellman Ephemeral (ECDHE) ciphers are not supported with v8.2.0.

        CBC ciphers are potentially insecure and are being reported as causing issues.

        Standard Diffie-Hellman (DH) and Elliptic-Curve Diffie-Hellman (ECDH) ciphers are deprecated in TLSv1.3. The TLSv1.3 standard mandates use of Diffie-Hellman Ephemeral (DHE) ciphers.

        Dec 05, 2019 06:26
      1. Greg Michael

        It's now been more than 3 months with no updates...

        Dec 20, 2019 10:55
        1. Shweta Hardikar

          Hi Greg,

          Apologies for the delayed update.

          We've not yet upgraded to TLS v1.3, hence, the Cipher Suites listed here are the ones still included in this version of the platform. As part of the case, you may have received an updated list by the customer engineering team. However, these are still the ones available out-of-the-box. 

          Let me know if this is good. 


          Jan 02, 2020 05:06
          1. Greg Michael

            You've obviously missed the point. Yes, the listed cipher suites are the supported cipher suites. You are continuing to include insecure, potentially insecure, and deprecated suites that should no longer be used. As I noted from case #00756690, "only RSA ciphers using RSA, DH_RSA, and DHE_RSA are currently supported." The list above includes SSL cipher suites, 3DES cipher suites, and all of them use CBC cipher suites, which are being reported as causing issues and are considered to be potentially insecure.

            Jan 02, 2020 10:04
            1. Shweta Hardikar

              Hi Greg,

              I understand your concern, however, the team is working on updating the ciphers for the upcoming release. We will update the doc after the new ciphers are validated.


              Nov 20, 2020 05:56

Log in or register to comment.

Configuring secure transport protocol and cipher suites for HTTPS
Configuring the UI communication channels (Tomcat)
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.