TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Supported IDP SSL Ciphers

An SSL cipher comprises encryption cipher, authentication method, and compression. Junos OS supports all OPENSSL supported ciphers that do not involve the use of temporary private keys. For authentication, NULL, MD5, and SHA-1 authentication methods are supported.

Note: Compression and SSLv2 ciphers are not supported. Currently, most SSL servers automatically upgrade to a TLS cipher when an SSLv2 cipher is received in a client “hello” message. Check your browser to see how strong the ciphers can be and which ones your browser supports. (If the cipher is not in the list of supported ciphers, the session is ignored for deep packet inspection.)

Table 1 shows the encryption algorithms supported by the SRX Series devices.

Table 1: Supported Encryption Algorithms

Cipher	Exportable	Type	Key Material	Expanded Key Material	Effective Key Bits	IV Size
NULL	No	Stream	0	0	0	N/A
DES-CBC-SHA	No	Block	8	8	56	8
DES-CBC3-SHA	No	Block	24	24	168	8
AES128-SHA	No	Block	16	16	128	16
AES256-SHA	No	Block	32	32	256	16

For more information on encryption algorithms, see VPN Overview. Table 2 shows the supported SSL ciphers.

Table 2: Supported SSL Ciphers

Cipher Suites

Value

TLS_RSA_WITH_NULL_MD5

TLS_RSA_WITH_NULL_SHA

TLS_RSA_WITH_DES_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

0x0001

0x0002

0x0009

0x000A

0x002F

0x0035

Note: RC4 and IDEA ciphers are not supported because of license and OPENSSL library availability.

TechLibrary

Related Documentation

Supported IDP SSL Ciphers

Related Documentation

Published: 2012-06-29