Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Supported IDP SSL Ciphers
An SSL cipher comprises encryption cipher, authentication method, and compression. Junos OS supports all OPENSSL supported ciphers that do not involve the use of temporary private keys. For authentication, NULL, MD5, and SHA-1 authentication methods are supported.
 | Note: Compression and SSLv2 ciphers are not supported. Currently, most SSL servers automatically upgrade to a TLS cipher when an SSLv2 cipher is received in a client “hello” message. Check your browser to see how strong the ciphers can be and which ones your browser supports. (If the cipher is not in the list of supported ciphers, the session is ignored for deep packet inspection.) |
Table 65 shows the encryption algorithms supported by the SRX Series devices.
Table 65: Supported Encryption Algorithms
| Cipher | Exportable | Type | Key Material | Expanded Key Material | Effective Key Bits | IV Size |
NULL | No | Stream | 0 | 0 | 0 | N/A |
DES-CBC-SHA | No | Block | 8 | 8 | 56 | 8 |
DES-CBC3-SHA | No | Block | 24 | 24 | 168 | 8 |
AES128-SHA | No | Block | 16 | 16 | 128 | 16 |
AES256-SHA | No | Block | 32 | 32 | 256 | 16 |
For more information on encryption algorithms, see VPN Overview. Table 66 shows the supported SSL ciphers.
Table 66: Supported SSL Ciphers
| Cipher Suites | Value |
TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA | 0x0001 0x0002 0x0009 0x000A 0x002F 0x0035 |
| Note: RC4 and IDEA ciphers are not supported because of license and OPENSSL library availability. |
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- IDP SSL Overview
- Understanding IDP Internet Key Exchange
- Understanding IDP SSL Server Key Management and Policy Configuration
