[Contents] [Prev] [Next] [Index] [Report an Error]

Supported Ciphers

An SSL cipher comprises encryption cipher, authentication method, and compression. JUNOS software supports all OPENSSL supported ciphers that do not involve the use of temporary private keys. For authentication, NULL, MD5, and SHA-1 authentication methods are supported.

Note: Compression and SSLv2 ciphers are not supported. Currently, most SSL servers automatically upgrade to a TLS cipher when an SSLv2 cipher is received in a client “hello” message. Check your browser to see how strong the ciphers can be and which ones your browser supports. (If the cipher is not in the list of supported ciphers, the session is ignored for deep packet inspection.)

Table 110 shows the encryption algorithms supported by the SRX-series devices.

Table 110: Supported Encryption Algorithms

Cipher	Exportable	Type	Key Material	Expanded Key Material	Effective Key Bits	IV Size
NULL	No	Stream	0	0	0	N/A
DES_CBC	No	Block	8	8	56	8
3DES_EDE_CBC	No	Block	24	24	168	8
AES_128_CBC	No	Block	16	16	128	16
AES_256_CBC	No	Block	32	32	256	16

For more information on encryption algorithms, see Encapsulating Security Payload (ESP) Protocol. Table 111 shows the supported SSL ciphers.

Table 111: Supported SSL Ciphers

Version

Cipher Suites

Value

TLS_RSA_WITH_NULL_MD5

TLS_RSA_WITH_NULL_SHA

TLS_RSA_WITH_DES_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

0x0001

0x0002

0x0009

0x000A

0x002F

0x0035

Note: RC4 and IDEA ciphers are not supported because of license and OPENSSL library availability.

[Contents] [Prev] [Next] [Index] [Report an Error]