Contents

Ciphersuite

Website Visitors:
Contents

A cipher suite is a named combination of authentication, encryption, and message authentication code (MAC) algorithms used to negotiate the security settings for a network connection using the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) network protocol. The structure and use of the cipher suite concept is defined in the documents that define the protocol (RFC 5246 standard for TLS version 1.2). A reference for named cipher suites is provided in RFC 2434, the TLS Cipher Suite Registry.

When a TLS connection is established, a handshaking, known as the TLS Handshake Protocol, occurs. Within this handshake, a client hello (ClientHello) and a server hello (ServerHello) message is passed. (RFC 5246, p. 37) First, the client sends a cipher suite list, a list of the cipher suites that it supports, in order of preference. Then the server replies with the cipher suite that it has selected from the client cipher suite list. (RFC 5246, p. 40) In order to test which TLS ciphers that a server supports an SSL/TLS Scanner may be used.

Select a cipher suite:

  • GOV You can configure the Secure Gateway/Secure Gateway Proxy to use the following government strength cipher suite: RSA_WITH_3DES_EDE_CBC_SHA or {0x00,0x0A}

  • COM You can configure the Secure Gateway/Secure Gateway Proxy to use the following commercial strength cipher suites: RSA_WITH_RC4_128_MD5 or {0x00,0x04}, RSA_WITH_RC4_128_SHA or {0x00,0x05}

  • ALL You can configure the Secure Gateway/Secure Gateway Proxy to use both the commercial and government strength cipher suites. This option is useful when deploying the Secure Gateway/Secure Gateway Proxy in an environment where some client devices support only COM while others support only GOV.

    Note: When the Secure Gateway and a client device support both COM and GOV cipher suites, the Secure Gateway uses the COM cipher suite.

Want to learn more on Citrix Automations and solutions???

Subscribe to get our latest content by email.

If you like our content, please support us by sponsoring on GitHub below: