A cipher suite defines a set of technologies to secure your TLS communications:
Key exchange algorithm (how the secret key used to encrypt the data is communicated from the client to the server). Examples: RSA key or Diffie-Hellman (DH)
Authentication method (how hosts can authenticate the identity of remote hosts). Examples: RSA certificate, DSS certificate, or no authentication
Encryption cipher (how to encrypt data). Examples: AES (256 or 128 bits) or 3DES (168 bits)
Hash algorithm (ensuring data by providing a way to determine if data has been modified). Examples: SHA-2 or SHA-1
The following lists give the OpenSSL names of the TLS cipher suites for the different VNX components and their associated ports.
NOTE:The cipher suites are listed alphabetically for readability only. The order does not represent the strength level.
The following restriction applies:
Some cipher suites will not be accepted by VNX for file because of certificate size (if the certificate presented by the Data Mover has a 2048-bit key, ciphers with a smaller key will be rejected).
Table 1. Default/Supported TLS cipher suites on VNX2 Control Station
Cipher Suites
Protocols
Ports
AES128-SHA
TLSv1, TLSv1.1, TLSv1.2
443
AES256-SHA
TLSv1, TLSv1.1, TLSv1.2
443
CAMELLIA128-SHA
TLSv1, TLSv1.1, TLSv1.2
443
CAMELLIA256-SHA
TLSv1, TLSv1.1, TLSv1.2
443
DES-CBC3-SHA
TLSv1, TLSv1.1, TLSv1.2
443
AES128-SHA
TLSv1, TLSv1.1, TLSv1.2
5989
AES256-SHA
TLSv1, TLSv1.1, TLSv1.2
5989
DES-CBC3-SHA
TLSv1, TLSv1.1, TLSv1.2
5989
Table 2. Default/Supported TLS cipher suites on VNX2 Storage Processor
Cipher Suites
Protocols
Ports
AES128-SHA
TLSv1, TLSv1.1, TLSv1.2
443
AES256-SHA
TLSv1, TLSv1.1, TLSv1.2
443
DES-CBC3-SHA
TLSv1, TLSv1.1, TLSv1.2
443
Table 3. Default/Supported TLS cipher suites on VNX2 Data Mover
Cipher Suites
Protocols
Ports
AECDH-AES128-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
AECDH-AES256-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
AECDH-DES-CBC3-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
AES128-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
AES256-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
CAMELLIA128-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
CAMELLIA256-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
DES-CBC3-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
DHE-RSA-AES128-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
DHE-RSA-AES128-SHA256 (CBC)
TLSv1.2
989, 990, 5080
DHE-RSA-AES128-SHA256 (GCM)
TLSv1.2
989, 990, 5080
DHE-RSA-AES256-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
DHE-RSA-AES256-SHA256
TLSv1.2
989, 990, 5080
DHE-RSA-AES256-SHA384
TLSv1.2
989, 990, 5080
DHE-RSA-CAMELLIA128-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
DHE-RSA-CAMELLIA256-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
ECDHE-RSA-AES128-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
ECDHE-RSA-AES128-SHA256 (CBC)
TLSv1.2
989, 990, 5080
ECDHE-RSA-AES128-SHA256 (GCM)
TLSv1.2
989, 990, 5080
ECDHE-RSA-AES256-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
ECDHE-RSA-AES256-SHA384 (CBC)
TLSv1.2
989, 990, 5080
ECDHE-RSA-AES256-SHA384 (GCM)
TLSv1.2
989, 990, 5080
ECDHE-RSA-DES-CBC3-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
EDH-RSA-DES-CBC3-SHA
TLSv1, TLSv1.1, TLSv1.2
989, 990, 5080
RSA-AES128-SHA256 (CBC)
TLSv1.2
989, 990, 5080
RSA-AES128-SHA256 (GCM)
TLSv1.2
989, 990, 5080
RSA-AES256-SHA256
TLSv1.2
989, 990, 5080
RSA-AES256-SHA384
TLSv1.2
989, 990, 5080
NOTE:Instances where cipher suites do not indicate the Key Exchange or Authentication entry use RSA.
If required, the Data Mover cipher parameter can be changed from the default setting either through Unisphere or through VNX CLI for File commands,
server_ftp and
server_http. For more information about setting the Data Mover cipher parameter, refer to the Unisphere online help or the
VNX Command Line Interface Reference for File.
Table 4. Default/Supported TLS cipher suites on VNX2 related to Replication
Cipher Suites
Protocols
Ports
ADH-AES128-SHA
TLSV1, TLSV1.1, TLSv1.2
5085
ADH-AES128-SHA256
TLSv1.2
5085
ADH-AES128-GCM-SHA256
TLSv1.2
5085
ADH-AES256-SHA
TLSV1, TLSV1.1, TLSv1.2
5085
ADH-AES256-SHA256
TLSv1.2
5085
ADH-AES256-GCM-SHA384
TLSv1.2
5085
ADH-CAMELIA128-SHA
TLSV1, TLSV1.1, TLSv1.2
5085
ADH-CAMELIA256-SHA
TLSV1, TLSV1.1, TLSv1.2
5085
ADH-DES-CBC3-SHA
TLSV1, TLSV1.1, TLSv1.2
5085
Table 5. Default/Supported TLS cipher suites on VNX1 Control Station
Cipher Suites
Protocols
Ports
AES128-SHA
TLSv1
443
AES256-SHA
TLSv1
443
DES-CBC3-SHA
TLSv1
443
DHE-RSA-AES128-SHA
TLSv1
443
DHE-RSA-AES256-SHA
TLSv1
443
EDH-RSA-DES-CBC3-SHA
TLSv1
443
AES128-SHA
TLSv1, TLSv1.1
5989
AES256-SHA
TLSv1, TLSv1.1
5989
DES-CBC3-SHA
TLSv1, TLSv1.1
5989
Table 6. Default/Supported TLS cipher suites on VNX1 Storage Processor
Cipher Suites
Protocols
Ports
AES128-SHA
TLSv1, TLSv1.1
443
AES256-SHA
TLSv1, TLSv1.1
443
DES-CBC3-SHA
TLSv1, TLSv1.1
443
Table 7. Default/Supported TLS cipher suites on VNX1 Data Mover
Cipher Suites
Protocols
Ports
AES128-SHA
TLSv1
990, 5080
AES256-SHA
TLSv1
990, 5080
CAMELLIA128-SHA
TLSv1
990, 5080
CAMELLIA256-SHA
TLSv1
990, 5080
DES-CBC-SHA
TLSv1
990, 5080
DES-CBC3-SHA
TLSv1
990, 5080
DHE-RSA-AES128-SHA
TLSv1
990, 5080
DHE-RSA-AES256-SHA
TLSv1
990, 5080
DHE-RSA-CAMELLIA128-SHA
TLSv1
990, 5080
DHE-RSA-CAMELLIA256-SHA
TLSv1
990, 5080
EDH-RSA-DES-CBC-SHA
TLSv1
990, 5080
EDH-RSA-DES-CBC3-SHA
TLSv1
990, 5080
Table 8. Default/Supported TLS cipher suites on VNX1 related to Replication
Cipher Suites
Protocols
Ports
ADH-AES128-SHA
TLSv1
5085
ADH-AES256-SHA
TLSv1
5085
ADH-CAMELLIA128-SHA
TLSv1
5085
ADH-CAMELLIA256SHA
TLSv1
5085
ADH-DES-CBC3-SHA
TLSv1
5085
ADH-DES-CBC-SHA
TLSv1
5085
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\