Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Cipher Suites for SSL Proxy

Read this topic to understand more about cipher suites supports and managing digital certificates for SSL proxy.

About Cipher Suites

This topic includes the following sections:

SSL/TLS communication relies on cryptographic algorithms called cipher suites—to authenticate endpoints, negotiate keys, and encrypt traffic. On Junos firewalls, SSL initiation, SSL termination, and SSL proxy features use these cipher suites during the handshake process.

A cipher suite is a defined set of cryptographic algorithms used during an SSL/TLS session. It ensures secure negotiation of shared secret keys, confidentiality and integrity of data in transit

Cipher suite specifies:

  • Key exchange method (used to establish shared secret keys)
  • Encryption algorithm (used to encrypt traffic)
  • Authentication method
  • Optional compression method

An SSL/TLS session can only be established if both communicating peers support the same cipher suite.

Junos OS supports both RSA and ECDSA (Elliptic Curve Digital Signature Algorithm) cipher suites,

ECDSA Ciphers Support

Overview

SSL inspection initiation profiles support ECDSA ciphers and ECDSA‑based server certificate authentication, in addition to existing RSA‑based authentication. Previously, SSL inspection initiation profiles supported only RSA based server authentication. When a server presented an ECDSA certificate, SSL inspection could not establish a session because ECDSA-based server authentication was not supported. With this enhancement, you can use both RSA and ECDSA certificates in SSL inspection (non proxy). This enhancement offers flexibility to select ECC or RSA certificates according to your encryption and authentication requirements.

You can enable ECDSA cipher suites in SSL initiation and SSL termination profiles when operating in non-proxy mode. These profiles support the following ECDSA-based cipher suites

  • ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • ECDHE_ECDSA_WITH_CHACHA20_POLY1305

To use these cipher suites, the profile must be loaded with a certificate that contains an ECC-capable public key.

Adding ECC-based certificates in addition to RSA certificates allows the device to select the most appropriate authentication and encryption method depending on server support.

Note: If an SSL initiation profile is configured with an ECC certificate but the server supports only RSA-based authentication, the session fails with a no shared cipher error.

Sample Configuration

SSL Initiation Profile

SSL Termination Profile

ECDSA Cipher Suite Support for SSL Proxy

SRX devices support ECDSA cipher suites for SSL forward proxy and reverse proxy operations. ECDSA is an elliptic-curve variant of the Digital Signature Algorithm (DSA) and offers strong security with smaller key sizes.

To use ECDSA certificates in SSL proxy:

  1. Install ECC-capable certificates that use the P-256 curve (required).
  2. Include an ECDSA certificate in the root CA configuration.
    • You may include one RSA and one ECDSA certificate simultaneously.
    • This enables the proxy to negotiate RSA or ECC‑based key exchange depending on the client/server capabilities.
  3. For reverse proxy, include the ECDSA certificate for the server certificate. No restriction on the number of ECDSA or RSA certificate inclusion.

A trusted CA certificate can either be an RSA-based certificate and an ECDSA-based certificate. All PKI features supported for RSA certificates—such as CRL handling, certificate caching, and certificate chains—are supported for ECDSA certificates as well.

Supported Elliptic Curve (EC) Groups

Elliptic Curve groups are used during the TLS handshake for key exchange. ECC provides strong security with reduced computational overhead.

We support the following EC groups in SSL initiation, SSL termination, and SSL proxy profiles:

  • P-256
  • P-384
  • P-512

These curves are enabled by default, with preference in the following priority order:

  1. P‑256
  2. P‑384
  3. P‑521
Note:

Both the client and server must support the same EC group to successfully establish a secure TLS session.

Configuring these EC groups ensures better compatibility and allows SRX devices to use the most secure curve supported by both endpoints.

Supported Cipher Suites

SSL Cipher List displays a list of supported ciphers. NULL ciphers are excluded.

Table 1: Supported SSL Cipher List (Supported from Junos OS Release 18.3R1)
SSL Cipher Key Exchange Algorithm Data Encryption Message Integrity

Preferred Ciphers Category

ECDHE-ECDSA-AES-256-GCM- SHA384

ECDHE/DSA key exchange

256-bit AES/GCM

SHA384 hash

Strong

ECDHE-ECDSA-AES-128-GCM-SHA256

ECDHE/DSA key exchange

128-bit AES/GCM

SHA256 hash

Strong

ECDHE-ECDSA-AES-256-CBC- SHA384

ECDHE/DSA key exchange

256-bit AES/CBC

SHA384 hash

Strong

ECDHE-ECDSA-AES-128-CBC-SHA256

ECDHE/DSA key exchange

128-bit AES/CBC

SHA256 hash

Strong

ECDHE-ECDSA-AES-256-CBC-SHA

ECDHE/DSA key exchange

256-bit AES/CBC

SHA hash

Strong

ECDHE-ECDSA-AES-128-CBC-SHA

ECDHE/DSA key exchange

128-bit AES/CBC

SHA hash

Strong

ECDHE-RSA-AES256-GCM-SHA384

ECDHE/RSA key exchange

256-bit AES/GCM

SHA384 hash

Strong

ECDHE-RSA-AES256-CBC-SHA384

ECDHE/RSA key exchange

256-bit AES/CBC

SHA384 hash

Strong

ECDHE-RSA-AES256-CBC-SHA

ECDHE/RSA key exchange

256-bit AES/CBC

SHA hash

Strong

ECDHE-RSA-AES128-GCM-SHA256

ECDHE/RSA key exchange

128-bit AES/GCM

SHA256 hash

Strong

ECDHE-RSA-AES128-CBC-SHA256

ECDHE/RSA key exchange

128-bit AES/CBC

SHA256 hash

Strong

ECDHE-RSA-AES128-CBC-SHA

ECDHE/RSA key exchange

128-bit AES/CBC

SHA hash

Strong

RSA-AES256-GCM-SHA384

ECDHE/RSA key exchange

256-bit AES/GCM

SHA384 hash

Strong

RSA-AES256-CBC-SHA256

ECDHE/RSA key exchange

256-bit AES/CBC

SHA256 hash

Strong

RSA-AES128-GCM-SHA256

ECDHE/RSA key exchange

128-bit AES/GCM

SHA256 hash

Strong

RSA-AES128-CBC-SHA256

ECDHE/RSA key exchange

128-bit AES/CBC

SHA256 hash

Medium

RSA-AES128-CBC-SHA

RSA key exchange

128-bit AES/CBC

SHA hash

Weak

RSA-AES256-CBC-SHA

RSA key exchange

256-bit AES/CBC

SHA hash

Weak

SSL proxy supports TLS version 1.3 and it provides improved security and better performance. Following table displays a list of TLS 1.3 supported ciphers.

Table 2: TLS 1.3 Supported Cipher List (Supported from Junos OS Release 21.2R1)
TLS Cipher Key Exchange Algorithm Data Encryption Message Integrity

TLS_AES_256_GCM_SHA384

Any

256-bit AES/GCM

SHA384 hash

TLS_AES_128_GCM_SHA256

Any

128-bit AES/GCM

SHA256 hash

TLS_CHACHA20_POLY1305_SHA256

Any

256-bit CHACHA20_POLY1305

SHA256 hash

TLS_AES_128_CCM_SHA256

Any

128-bit AES/CCM

SHA256 hash

TLS_AES_128_CCM_8_SHA256

Any

128-bit AES/CCM

SHA256 hash

Note the following:

  • Supported SSL ciphers for HTTPS firewall authentication are RSA-AES-128-CBC-SHA, and RSA-AES-256-CBC-SHA.

  • Cipher suites that have “export” in the title are intended for use outside of the United States and might have encryption algorithms with limited key sizes. Export ciphers are not enabled by default. You need to either configure the export ciphers to enable or install a domestic package.

  • ECDHE-based cipher suits support the perfect forward secrecy feature in SSL proxy. Perfect forward secrecy is a specific key agreement protocols which ensures that all transactions sent over the Internet are secure. Perfect forward secrecy generates a unique session key for every session initiated by user. This ensures that the compromise of a single session key has no impact on data other than that exchanged in the specific session protected by that particular key.

Deprecated Cipher Suites

Following table provides the list of the deprecated ciphers.

Table 3: List of Deprecated Ciphers (Supported from Junos OS Release 18.3R1)
SSL Cipher Key Exchange Algorithm Data Encryption Message Integrity

Preferred Ciphers Category

ECDHE-ECDSA-3DES-EDE-CBC-SHA

ECDHE/DSA key exchange

3DES EDE/CBC

SHA hash

Strong

ECDHE-RSA-DES-CBC3-SHA

ECDHE/RSA key exchange

DES CBC

SHA hash

Medium

RSA-RC4-128-MD5

RSA key exchange

128-bit RC4

Message Digest 5 (MD5) hash

Medium

RSA-RC4-128-SHA

RSA key exchange

128-bit RC4

Secure Hash Algorithm (SHA) hash

Medium

RSA-EXPORT-1024-RC4-56-MD5

RSA 1024 bit export

56-bit RC4

MD5 hash

Weak

RSA-EXPORT-1024-RC4-56-SHA

RSA 1024 bit export

56-bit RC4

SHA hash

Weak

RSA-EXPORT-RC4-40-MD5

RSA-export

40-bit RC4

MD5 hash

Weak

RSA-EXPORT-DES40-CBC-SHA

RSA-export

40-bit DES/CBC

SHA hash

Weak

RSA-EXPORT-1024-DES-CBC-SHA

RSA 1024 bit export

DES/CBC

SHA hash

Weak

RSA-3DES-EDE-CBC-SHA

RSA key exchange

3DES EDE/CBC

SHA hash

Weak

RSA-DES-CBC-SHA

RSA key exchange

DES CBC

SHA hash

Weak

Configure Cipher Suites for SSL Proxy

You can use following options in SSL proxy profile configuration to set cipher suites:

  • Preferred Ciphers—Preferred ciphers allow you to define an SSL cipher with acceptable key strength: strong, medium, or weak.

    If you do not want to use one of the three categories, you can select ciphers from each of the categories to form a custom cipher set. Custom ciphers allow you to define your own cipher list. To configure custom ciphers, you must set preferred-ciphers to custom. Example:

  • Custom Ciphers—Custom ciphers allow you to define your own cipher list. Example:

    Similarly, you can use other custom ciphers such as tls13-with-aes-256-gcm-sha384, tls13-with-aes-128-gcm-sha256, tls13-with-chacha20-poly1305-sha256, tls13-with-aes-128-ccm-sha256, tls13-with-aes-128-ccm8-sha256.

Key Size Support (2048/4096‑bit RSA)

Junos OS supports RSA server certificates up to 4096 bits. Earlier releases supported only up to 2048‑bit certificates due to cryptographic hardware limitations. With newer platforms and software releases, support for 4096‑bit RSA keys is now available for SSL/TLS server certificates

Platform-Specific RSA Certificate Behavior provides the details of RSA keys supported on Junos OS security device.

On selected devices, you must enablie allow-strong-certificate knob in SSL proxy profile actions section to use RSA certificates with key size 4096 bits.

SSL Forward Proxy Profile

SSL Reverse Proxy Profile

Platform-Specific RSA Certificate Behavior

Use Server certificates with key size 4096 bits and Feature Explorer to confirm platform and release support for specific features.

Use the following table to review platform-specific behavior for your platform:

Platform

Difference

SRX Series

SRX300, SRX320, SRX400, and SRX440 supports RSA key size of 4096 bits. The support is available only when

  • Devices operate in standalone mode.
  • The 'allow-strong-certificate' option is enabled in the SSL proxy profile as shown below:
    [edit]
    user@host# set services ssl proxy profile <profile-name> 
    actions allow-strong-certificate

SRX Series

SRX300, SRX320, SRX340, SRX345, SRX400, SRX440, SRX550, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800 supports RSA key size of 512 bits, 1024 bits, 2048 bits, 4096 bits.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
24.2R1
SSL inspection initiation profiles support ECDSA ciphers and ECDSA‑based server certificate authentication, in addition to existing RSA‑based authentication.
23.4R1
Support for P-256, P-384, P-512 ECC curve types in SSL initiation, SSL termination, and SSL proxy profiles is available.
21.2R1
SSL proxy supports TLS version 1.3 to offer improved security and better performanc.
21.2R1
Support for custom cipher suite configuration for TLS 1.3 is available.
19.4R1
SRX300 and SRX320 devices support RSA certificates with key size 4096 bits
18.4R1
Support for some ciphers in custom ciphers are deprecated.
18.3R1
SRX Series Firewalls support ECDSA cipher suites for SSL proxy. ECDSA is a version of the Digital Signature Algorithm (DSA) and is based on Elliptic-curve cryptography (ECC).