Info |
---|
Note |
Projector currently uses cipher suites with two different key exchange algorithms - DH (Diffie-Hellman) and RSA. Projector will soon stop supporting cipher suites that use DH keys shorter than 2048 bits. |
Info |
---|
Cipher suites are sets of algorithms used to secure the connection between your application and Projector before any information is sent. One of the several actions performed is the exchange of a cipher key. The key helps one application confirm the identity of the other application. The more complex the key is, the more secure the encryption. Current best practices suggest that a certain type of key called Diffie-Hellman, or DH key, be at least 2048 bits. Therefore, we’ll start requiring cipher suites that use at least a 2048-bit DH key. |
Accepted Cipher Suites
...
To see the list of cipher suites that Projector will accept after we deprecate support for DH keys shorter than 2048 bits:
- Go to this website https://www.ssllabs.com/ssltest/
- Put in www.projectorpsa.com as the Hostname and click Submit
- A Summary appears after a minute or so; check the Cipher Suites section to see the TLS cipher suites we accept in server-preferred order
How can I tell if my app has accepted cipher suites?
The “easy” answer is that depending on your application’s TLS version, you must support at least one of the following cipher suites that we do. However, this information may not be easily available to or known by application developers. Therefore, our recommendation is to run a test against a server we have configured with the security changes already in place. Below Here you will find instructions for conducting this test.
TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
TLS 1.1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
...
You can check some of the below links if you want to know more about cipher suites: