Supported IDP SSL Ciphers

An SSL cipher comprises encryption cipher, authentication method, and compression. Junos OS supports all OPENSSL supported ciphers that do not involve the use of temporary private keys. For authentication, NULL, MD5, and SHA-1 authentication methods are supported.

Note: Compression and SSLv2 ciphers are not supported. Currently, most SSL servers automatically upgrade to a TLS cipher when an SSLv2 cipher is received in a client “hello” message. Check your browser to see how strong the ciphers can be and which ones your browser supports. (If the cipher is not in the list of supported ciphers, the session is ignored for deep packet inspection.)

Table 65 shows the encryption algorithms supported by the SRX Series devices.

Table 65: Supported Encryption Algorithms

CipherExportableTypeKey MaterialExpanded Key MaterialEffective Key BitsIV Size

NULL

No

Stream

0

0

0

N/A

DES-CBC-SHA

No

Block

8

8

56

8

DES-CBC3-SHA

No

Block

24

24

168

8

AES128-SHA

No

Block

16

16

128

16

AES256-SHA

No

Block

32

32

256

16

For more information on encryption algorithms, see VPN Overview. Table 66 shows the supported SSL ciphers.

Table 66: Supported SSL Ciphers

Cipher SuitesValue

TLS_RSA_WITH_NULL_MD5

TLS_RSA_WITH_NULL_SHA

TLS_RSA_WITH_DES_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

0x0001

0x0002

0x0009

0x000A

0x002F

0x0035

Note: RC4 and IDEA ciphers are not supported because of license and OPENSSL library availability.

Related Topics