Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Projector currently uses cipher suites with two different key exchange algorithms - DH (Diffie-Hellman) and RSA. Projectorwill soon stop supporting cipher suites that use DH keys shorter than 2048 bits.

Cipher suites are sets of algorithms used to secure the connection between your application and Projector before any information is sent. One of the several actions performed is the exchange of a cipher key. The key helps one application confirm the identity of the other application. The more complex the key is, the more secure the encryption. Current best practices suggest that a certain type of key called Diffie-Hellman, or DH key, be at least 2048 bits. Therefore, we’ll start requiring cipher suites that use at least a 2048-bit DH key.  


Accepted Cipher Suites


How can I tell if my app has accepted cipher suites?

The “easy” answer is that depending on your application’s TLS version, you must support at least one of the following cipher suites. However, this information may not be easily available to or known by application developers. Therefore, our recommendation is to run a test against a server we have configured with the security changes already in place. Below you will find instructions for conducting this test.

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)  

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)  

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)


TLS 1.1

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)


If you don't know how to manually check your application's list of cipher suites, you can follow the instructions here to test against one of our end points.


You can check some of the below links if you want to know more about cipher suites:

Or you can opt for the YouTube version which explains the concepts:


  • No labels