SSL/TLS versions and cipher suites
An SSL cipher is an algorithm that performs encryption and decryption. It transforms plain text into a coded set of data (cipher text) that is not reversible without a key. During the SSL handshake phase of the connection, the client sends a list of the ciphers it supports. FortiADC examines the client cipher list in the order it is specified, chooses the first cipher that matches a cipher specified in the virtual server configuration, and responds to the client. If none of the ciphers offered by the client are in the cipher suite list for the virtual server, the SSL handshake fails.
To see the list of ciphers supported by the browser you are using, go to a link maintained by the Leibniz University of Hannover Distributed Computing & Security (DCSec) Research Group:
https://cc.dcsec.uni-hannover.de/
FortiADC SLB profiles support a specific list of RSA ciphers, PFS ciphers, ECDHE ciphers, ECDSA ciphers, and eNull ciphers.
Cipher suites with RSA key exchange lists supported RSA ciphers.
Abbreviation | Cipher Suite | Protocol | Kx | Au | Enc | MAC |
---|---|---|---|---|---|---|
AES256-GCM-SHA384 | TLS_RSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | RSA | RSA | AESGCM(256) | AEAD |
AES256-SHA256 | TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS 1.2 | RSA | RSA | AES(256) | SHA |
AES256-SHA | TLS_RSA_WITH_AES_256_CBC_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
RSA | RSA | AES(256) | SHA |
AES128-GCM-SHA256 | TLS_RSA_WITH_AES_128_GCM_SHA256 | TLS 1.2 | RSA | RSA | AESGCM(128) | AEAD |
AES128-SHA256 | TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS 1.2 | RSA | RSA | AES(128) | SHA |
AES128-SHA | TLS_RSA_WITH_AES_128_CBC_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
RSA | RSA | AES(128) | SHA |
RC4-SHA | SSL_RSA_WITH_RC4_128_SHA | SSL 3.0 | RSA | RSA | RC4 | SHA |
TLS_RSA_WITH_RC4_128_SHA | TLS 1.2, 1.1, 1.0 | RSA | RSA | RC4 | SHA | |
RC4-MD5 | SSL_RSA_WITH_RC4_128_MD5 | SSL 3.0 | RSA | RSA | RC4 | MD5 |
TLS_RSA_WITH_RC4_128_MD5 | TLS 1.2, 1.1, 1.0 | RSA | RSA | RC4 | MD5 | |
DES-CBC3-SHA | SSL_RSA_WITH_3DES_EDE_CBC_SHA | SSL 3.0 | RSA | RSA | DES-CBC3 | SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS 1.2, 1.1, 1.0 | RSA | RSA | DES-CBC3 | SHA |
With RSA ciphers, the server's public RSA key is part of the server certificate and is typically very long lived. It is not uncommon for the same public key to be used for months or years. This creates a potential problem: if an SSL server's private key were to be leaked or stolen, all connections made in the past using that key would be vulnerable. If someone has recorded your SSL connections, they can use the stolen private key to decrypt them.
Cipher suites with DHE/EDH key exchange lists supported Perfect Forward Secrecy (PFS) ciphers with DHE/EDH key exchange. With PFS, a fresh public key is created for every single connection.That means that an adversary would need to break the key for each connection individually to read the communication.
Abbreviation | Cipher Suite | Protocol | Kx | Au | Enc | MAC |
---|---|---|---|---|---|---|
DHE-RSA-AES256-GCM-SHA384 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | DH | RSA | AES256 | SHA384 |
DHE-RSA-AES256-SHA256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | TLS 1.2 | DH | RSA | AES256 | SHA256 |
DHE-RSA-AES256-SHA | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
DH | RSA | AES256 | SHA256 |
DHE-RSA-AES128-GCM-SHA256 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | TLS 1.2 | DH | RSA | AES128 | SHA256 |
DHE-RSA-AES128-SHA256 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | TLS 1.2 | DH | RSA | AES128 | SHA256 |
DHE-RSA-AES128-SHA | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
DH | RSA | AES128 | SHA |
EDH-RSA-DES-CBC3-SHA | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
DH | RSA | 3DES | SHA |
Cipher suites with EDCHE key exchange lists supported PFS ciphers with Elliptic curve Diffie–Hellman Ephemeral key (ECDHE) key exchange. ECDHE is significantly faster than DHE. The supported suites include both the Elliptic Curve Digital Signature Algorithm (ECDSA) and RSA key authentication (Au) algorithms.
Abbreviation | Cipher Suite | Protocol | Kx | Au | Enc | MAC |
---|---|---|---|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | ECDH | ECDSA | AESGCM256 | AEAD |
ECDHE-ECDSA-AES256-SHA384 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | TLSv1.2 | ECDH | ECDSA | AES256 | SHA384 |
ECDHE-ECDSA-AES256-SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
ECDH | ECDSA | AES256 | SHA |
ECDHE-ECDSA-AES128-GCM-SHA256 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | TLSv1.2 | ECDH | ECDSA | AESGCM128 | AEAD |
ECDHE-ECDSA-AES128-SHA256 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | TLSv1.2 | ECDH | ECDSA | AES128 | SHA256 |
ECDHE-ECDSA-AES128-SHA | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
ECDH | ECDSA | AES128 | SHA |
ECDHE-ECDSA-RC4-SHA | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
ECDH | ECDSA | RC4 | SHA |
ECDHE-ECDSA-DES-CBC3-SHA | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | SSL 3.0 TLS 1.2, 1.1, 1.0 |
ECDH | ECDSA | 3DES | SHA |
ECDHE-RSA-AES256-GCM-SHA384 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | ECDH | RSA | AESGCM256 | AEAD |
ECDHE-RSA-AES256-SHA384 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | TLS 1.2 | ECDH | RSA | AES256 | SHA384 |
ECDHE-RSA-AES256-SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | TLS 1.2 | ECDH | RSA | AES256 | SHA |
ECDHE-RSA-AES128-GCM-SHA256 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | TLS 1.2 | ECDH | RSA | AESGCM128 | AEAD |
ECDHE-RSA-AES128-SHA256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | TLS 1.2 | ECDH | RSA | AES128 | SHA256 |
ECDHE-RSA-AES128-SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | SSL 3.0 | ECDH | RSA | AES128 | SHA |
ECDHE-RSA-RC4-SHA | TLS_ECDHE_RSA_WITH_RC4_128_SHA | SSL 3.0 | ECDH | RSA | RC4 | SHA |
ECDHE-RSA-DES-CBC3-SHA | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | SSL 3.0 | ECDH | RSA | 3DES | SHA |
Profiles support TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 for TLSv1.3. They will be set automatically when TLSv1.3 is selected in ssl version. |
In addition, profiles support an eNull cipher option. This option represents all cipher suites that do not apply encryption to the application data (integrity check is still applied). The exact cipher suite used depends on the SSL/TLS version used. As an example, in SSL v3.0, eNULL includes NULL-MD5, NULL-SHA, ECDH-RSA-NULL-SHA, ECDH-ECDSA-NULL-SHA, and some other non-encryption cipher suites.
Finally, profiles support a user-specified cipher list. You can specify a colon-separated list of OpenSSL cipher suite short names. The names are validated against the form of the cipher suite short names published on the OpenSSL website: