Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Projector will soon require integrations using our Web Services to use cipher suites with a minimum 2048 bit DH Key.
Info
Note

Projector currently uses cipher suites with two different key exchange algorithms - DH (Diffie-Hellman) and RSA. Projector will soon stop supporting cipher suites that use DH keys shorter than 2048 bits.

Info

Cipher suites are sets of algorithms used to secure the connection between your application and Projector before any information is sent. One of the several actions performed is the exchange of a cipher key. The key helps one application confirm the identity of the other application. The more complex the key is, the more secure the encryption. Current best practices suggest that a certain type of key called Diffie-Hellman, or DH key, be at least 2048 bits. Therefore, we’ll start requiring cipher suites that use at least a 2048-bit DH key.  


Accepted Cipher Suites

...

To see the list of cipher suites that Projector will accept after we deprecate support for DH keys shorter than 2048 bits:

How can I tell if my app has accepted cipher suites?

The “easy” answer is that depending on your application’s TLS version, you must support at least one of the following cipher suites that we do. However, this information may not be easily available to or known by application developers. Therefore, our recommendation is to run a test against a server we have configured with the security changes already in place. Below Here you will find instructions for conducting this test.

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)  

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)  

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)

TLS 1.1

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)

...

You can check some of the below links if you want to know more about cipher suites: