TLS Cipher Updates

The following ciphers may be selected for the cipher-list attribute in the tls-profile configuration element.

TLS 1.0 and TLS 1.1 are not supported in release S-Cz10.0.0.

• TLS_AES_128_GCM_SHA256
• TLS_AES_256_GCM_SHA384
• TLS_AES_128_CCM_SHA256
• TLS_CHACHA20_POLY1305_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

In addition to these options, you may select DEFAULT, which includes all of the ciphers in this list.

Unsupported TLS Ciphers

Support for the following ciphers, which were available in S-Cz9.3.0 GA but removed in S-Cz9.3.0p3, are not supported in this release:

• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_AES_128_CCM_8_SHA256
• TLS_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_NULL_SHA256
• TLS_RSA_WITH_NULL_SHA
• TLS_RSA_WITH_NULL_MD5

IKE Cipher Updates

In the context of IKE negotiations, the Enterprise SBC offers the following ciphers with key lengths of 128, 192, and 256:

• ENCR-AES-CCM_12
• ENCR_AES-CCM_8
• ENCR-AES-CCM_16
• ENCR_AES_CBC
• ENCR_AES_CTR