Cipher Suites for SSL Proxy
Read this topic to understand more about cipher suites supports and managing digital certificates for SSL proxy.
About Cipher Suites
This topic includes the following sections:
SSL/TLS communication relies on cryptographic algorithms called cipher suites—to authenticate endpoints, negotiate keys, and encrypt traffic. On Junos firewalls, SSL initiation, SSL termination, and SSL proxy features use these cipher suites during the handshake process.
A cipher suite is a defined set of cryptographic algorithms used during an SSL/TLS session. It ensures secure negotiation of shared secret keys, confidentiality and integrity of data in transit
Cipher suite specifies:
- Key exchange method (used to establish shared secret keys)
- Encryption algorithm (used to encrypt traffic)
- Authentication method
- Optional compression method
An SSL/TLS session can only be established if both communicating peers support the same cipher suite.
Junos OS supports both RSA and ECDSA (Elliptic Curve Digital Signature Algorithm) cipher suites,
ECDSA Ciphers Support
- Overview
- Sample Configuration
- ECDSA Cipher Suite Support for SSL Proxy
- Supported Elliptic Curve (EC) Groups
Overview
SSL inspection initiation profiles support ECDSA ciphers and ECDSA‑based server certificate authentication, in addition to existing RSA‑based authentication. Previously, SSL inspection initiation profiles supported only RSA based server authentication. When a server presented an ECDSA certificate, SSL inspection could not establish a session because ECDSA-based server authentication was not supported. With this enhancement, you can use both RSA and ECDSA certificates in SSL inspection (non proxy). This enhancement offers flexibility to select ECC or RSA certificates according to your encryption and authentication requirements.
You can enable ECDSA cipher suites in SSL initiation and SSL termination profiles when operating in non-proxy mode. These profiles support the following ECDSA-based cipher suites
- ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- ECDHE_ECDSA_WITH_CHACHA20_POLY1305
To use these cipher suites, the profile must be loaded with a certificate that contains an ECC-capable public key.
Adding ECC-based certificates in addition to RSA certificates allows the device to select the most appropriate authentication and encryption method depending on server support.
Note: If an SSL initiation profile is configured with an ECC certificate but the server supports only RSA-based authentication, the session fails with a no shared cipher error.
Sample Configuration
SSL Initiation Profile
user@host# set services ssl initiation profile <profile-name> custom-ciphers
tls12-ecdhe-ecdsa-aes-256-gcm-sha384 ECDHE,ECDSA, 256 bit aes/gcm, sha384 hash
tls12-ecdhe-ecdsa-aes-256-cbc-sha ECDHE,ECDSA, 256 bit aes/cbc, sha hash |
tls12-ecdhe-ecdsa-aes-256-cbc-sha384 ECDHE,ECDSA, 256 bit aes/cbc, sha384 hash |
tls12-ecdhe-ecdsa-aes-128-gcm-sha256 ECDHE,ECDSA, 128 bit aes/gcm, sha256 hash |
tls12-ecdhe-ecdsa-aes-128-cbc-sha ECDHE,ECDSA, 128 bit aes/cbc, sha hash |
tls12-ecdhe-ecdsa-aes-128-cbc-sha256 ECDHE,ECDSA, 128 bit aes/cbc, sha256 hash |
tls12-ecdhe-ecdsa-chacha20-poly1305-sha256 ECDHE,ECDSA, chacha_poly, sha256 hash |
SSL Termination Profile
user@host# set services ssl termination profile <profile-name> custom-ciphers
tls12-ecdhe-ecdsa-aes-256-cbc-sha ECDHE,ECDSA, 256 bit aes/cbc, sha hash |
tls12-ecdhe-ecdsa-aes-256-cbc-sha384 ECDHE,ECDSA, 256 bit aes/cbc, sha384 hash |
tls12-ecdhe-ecdsa-aes-128-gcm-sha256 ECDHE,ECDSA, 128 bit aes/gcm, sha256 hash |
tls12-ecdhe-ecdsa-aes-128-cbc-sha ECDHE,ECDSA, 128 bit aes/cbc, sha hash |
tls12-ecdhe-ecdsa-aes-128-cbc-sha256 ECDHE,ECDSA, 128 bit aes/cbc, sha256 hash |
tls12-ecdhe-ecdsa-chacha20-poly1305-sha256 ECDHE,ECDSA, chacha_poly, sha256 hash |
ECDSA Cipher Suite Support for SSL Proxy
SRX devices support ECDSA cipher suites for SSL forward proxy and reverse proxy operations. ECDSA is an elliptic-curve variant of the Digital Signature Algorithm (DSA) and offers strong security with smaller key sizes.
To use ECDSA certificates in SSL proxy:
- Install ECC-capable certificates that use the P-256 curve (required).
- Include an ECDSA certificate in the root CA configuration.
- You may include one RSA and one ECDSA certificate simultaneously.
- This enables the proxy to negotiate RSA or ECC‑based key exchange depending on the client/server capabilities.
- For reverse proxy, include the ECDSA certificate for the server certificate. No restriction on the number of ECDSA or RSA certificate inclusion.
A trusted CA certificate can either be an RSA-based certificate and an ECDSA-based certificate. All PKI features supported for RSA certificates—such as CRL handling, certificate caching, and certificate chains—are supported for ECDSA certificates as well.
Supported Elliptic Curve (EC) Groups
Elliptic Curve groups are used during the TLS handshake for key exchange. ECC provides strong security with reduced computational overhead.
We support the following EC groups in SSL initiation, SSL termination, and SSL proxy profiles:
- P-256
- P-384
- P-512
These curves are enabled by default, with preference in the following priority order:
- P‑256
- P‑384
- P‑521
Both the client and server must support the same EC group to successfully establish a secure TLS session.
Configuring these EC groups ensures better compatibility and allows SRX devices to use the most secure curve supported by both endpoints.
Supported Cipher Suites
SSL Cipher List displays a list of supported ciphers. NULL ciphers are excluded.
| SSL Cipher | Key Exchange Algorithm | Data Encryption | Message Integrity |
Preferred Ciphers Category |
|---|---|---|---|---|
|
ECDHE-ECDSA-AES-256-GCM- SHA384 |
ECDHE/DSA key exchange |
256-bit AES/GCM |
SHA384 hash |
Strong |
|
ECDHE-ECDSA-AES-128-GCM-SHA256 |
ECDHE/DSA key exchange |
128-bit AES/GCM |
SHA256 hash |
Strong |
|
ECDHE-ECDSA-AES-256-CBC- SHA384 |
ECDHE/DSA key exchange |
256-bit AES/CBC |
SHA384 hash |
Strong |
|
ECDHE-ECDSA-AES-128-CBC-SHA256 |
ECDHE/DSA key exchange |
128-bit AES/CBC |
SHA256 hash |
Strong |
|
ECDHE-ECDSA-AES-256-CBC-SHA |
ECDHE/DSA key exchange |
256-bit AES/CBC |
SHA hash |
Strong |
|
ECDHE-ECDSA-AES-128-CBC-SHA |
ECDHE/DSA key exchange |
128-bit AES/CBC |
SHA hash |
Strong |
|
ECDHE-RSA-AES256-GCM-SHA384 |
ECDHE/RSA key exchange |
256-bit AES/GCM |
SHA384 hash |
Strong |
|
ECDHE-RSA-AES256-CBC-SHA384 |
ECDHE/RSA key exchange |
256-bit AES/CBC |
SHA384 hash |
Strong |
|
ECDHE-RSA-AES256-CBC-SHA |
ECDHE/RSA key exchange |
256-bit AES/CBC |
SHA hash |
Strong |
|
ECDHE-RSA-AES128-GCM-SHA256 |
ECDHE/RSA key exchange |
128-bit AES/GCM |
SHA256 hash |
Strong |
|
ECDHE-RSA-AES128-CBC-SHA256 |
ECDHE/RSA key exchange |
128-bit AES/CBC |
SHA256 hash |
Strong |
|
ECDHE-RSA-AES128-CBC-SHA |
ECDHE/RSA key exchange |
128-bit AES/CBC |
SHA hash |
Strong |
|
RSA-AES256-GCM-SHA384 |
ECDHE/RSA key exchange |
256-bit AES/GCM |
SHA384 hash |
Strong |
|
RSA-AES256-CBC-SHA256 |
ECDHE/RSA key exchange |
256-bit AES/CBC |
SHA256 hash |
Strong |
|
RSA-AES128-GCM-SHA256 |
ECDHE/RSA key exchange |
128-bit AES/GCM |
SHA256 hash |
Strong |
|
RSA-AES128-CBC-SHA256 |
ECDHE/RSA key exchange |
128-bit AES/CBC |
SHA256 hash |
Medium |
|
RSA-AES128-CBC-SHA |
RSA key exchange |
128-bit AES/CBC |
SHA hash |
Weak |
|
RSA-AES256-CBC-SHA |
RSA key exchange |
256-bit AES/CBC |
SHA hash |
Weak |
SSL proxy supports TLS version 1.3 and it provides improved security and better performance. Following table displays a list of TLS 1.3 supported ciphers.
| TLS Cipher | Key Exchange Algorithm | Data Encryption | Message Integrity |
|---|---|---|---|
|
TLS_AES_256_GCM_SHA384 |
Any |
256-bit AES/GCM |
SHA384 hash |
|
TLS_AES_128_GCM_SHA256 |
Any |
128-bit AES/GCM |
SHA256 hash |
|
TLS_CHACHA20_POLY1305_SHA256 |
Any |
256-bit CHACHA20_POLY1305 |
SHA256 hash |
|
TLS_AES_128_CCM_SHA256 |
Any |
128-bit AES/CCM |
SHA256 hash |
|
TLS_AES_128_CCM_8_SHA256 |
Any |
128-bit AES/CCM |
SHA256 hash |
Note the following:
-
Supported SSL ciphers for HTTPS firewall authentication are RSA-AES-128-CBC-SHA, and RSA-AES-256-CBC-SHA.
-
Cipher suites that have “export” in the title are intended for use outside of the United States and might have encryption algorithms with limited key sizes. Export ciphers are not enabled by default. You need to either configure the export ciphers to enable or install a domestic package.
-
ECDHE-based cipher suits support the perfect forward secrecy feature in SSL proxy. Perfect forward secrecy is a specific key agreement protocols which ensures that all transactions sent over the Internet are secure. Perfect forward secrecy generates a unique session key for every session initiated by user. This ensures that the compromise of a single session key has no impact on data other than that exchanged in the specific session protected by that particular key.
Deprecated Cipher Suites
Following table provides the list of the deprecated ciphers.
| SSL Cipher | Key Exchange Algorithm | Data Encryption | Message Integrity |
Preferred Ciphers Category |
|---|---|---|---|---|
|
ECDHE-ECDSA-3DES-EDE-CBC-SHA |
ECDHE/DSA key exchange |
3DES EDE/CBC |
SHA hash |
Strong |
|
ECDHE-RSA-DES-CBC3-SHA |
ECDHE/RSA key exchange |
DES CBC |
SHA hash |
Medium |
|
RSA-RC4-128-MD5 |
RSA key exchange |
128-bit RC4 |
Message Digest 5 (MD5) hash |
Medium |
|
RSA-RC4-128-SHA |
RSA key exchange |
128-bit RC4 |
Secure Hash Algorithm (SHA) hash |
Medium |
|
RSA-EXPORT-1024-RC4-56-MD5 |
RSA 1024 bit export |
56-bit RC4 |
MD5 hash |
Weak |
|
RSA-EXPORT-1024-RC4-56-SHA |
RSA 1024 bit export |
56-bit RC4 |
SHA hash |
Weak |
|
RSA-EXPORT-RC4-40-MD5 |
RSA-export |
40-bit RC4 |
MD5 hash |
Weak |
|
RSA-EXPORT-DES40-CBC-SHA |
RSA-export |
40-bit DES/CBC |
SHA hash |
Weak |
|
RSA-EXPORT-1024-DES-CBC-SHA |
RSA 1024 bit export |
DES/CBC |
SHA hash |
Weak |
|
RSA-3DES-EDE-CBC-SHA |
RSA key exchange |
3DES EDE/CBC |
SHA hash |
Weak |
|
RSA-DES-CBC-SHA |
RSA key exchange |
DES CBC |
SHA hash |
Weak |
Configure Cipher Suites for SSL Proxy
You can use following options in SSL proxy profile configuration to set cipher suites:
-
Preferred Ciphers—Preferred ciphers allow you to define an SSL cipher with acceptable key strength: strong, medium, or weak.
If you do not want to use one of the three categories, you can select ciphers from each of the categories to form a custom cipher set. Custom ciphers allow you to define your own cipher list. To configure custom ciphers, you must set preferred-ciphers to custom. Example:
user@host# set services ssl proxy profile profile-name preferred-ciphers custom
-
Custom Ciphers—Custom ciphers allow you to define your own cipher list. Example:
user@host# set services ssl proxy profile profile-name custom-ciphers ecdhe-ecdsa-with-aes-256-cbc-sha384
user@host# set services ssl proxy profile profile-name custom-ciphers ecdhe-ecdsa-with-aes-128-cbc-sha256
Similarly, you can use other custom ciphers such as tls13-with-aes-256-gcm-sha384, tls13-with-aes-128-gcm-sha256, tls13-with-chacha20-poly1305-sha256, tls13-with-aes-128-ccm-sha256, tls13-with-aes-128-ccm8-sha256.
Key Size Support (2048/4096‑bit RSA)
Junos OS supports RSA server certificates up to 4096 bits. Earlier releases supported only up to 2048‑bit certificates due to cryptographic hardware limitations. With newer platforms and software releases, support for 4096‑bit RSA keys is now available for SSL/TLS server certificates
Platform-Specific RSA Certificate Behavior provides the details of RSA keys supported on Junos OS security device.
On selected devices, you must enablie allow-strong-certificate
knob in SSL proxy profile actions section to use RSA certificates with key size
4096 bits.
SSL Forward Proxy Profile
proxy {
profile sslfp-proxy-profile {
trusted-ca all;
root-ca ssl-inspect-ca;
actions {
allow-strong-certificate;
}
}
}
SSL Reverse Proxy Profile
proxy {
profile server-protection-profile {
server-certificate ssl-server-protection;
actions {
allow-strong-certificate;
}
}
}
Platform-Specific RSA Certificate Behavior
Use Server certificates with key size 4096 bits and Feature Explorer to confirm platform and release support for specific features.
Use the following table to review platform-specific behavior for your platform:
|
Platform |
Difference |
|---|---|
|
SRX Series |
SRX300, SRX320, SRX400, and SRX440 supports RSA key size of 4096 bits. The support is available only when
|
|
SRX Series |
SRX300, SRX320, SRX340, SRX345, SRX400, SRX440, SRX550, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800 supports RSA key size of 512 bits, 1024 bits, 2048 bits, 4096 bits. |
See Also
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.