SSL Cipher Strength Details
Available Languages
Updated:March 22, 2018
Document ID:210533
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
Introduction
This document describes how to view the SSL ciphers that are available for use and supported on the Cisco Email Security Appliance (ESA).
SSL Cipher Strength Details
The SSL ciphers that are available for use and supported can be seen at any time by running the following from the CLI: sslconfig > verify
When prompted "Enter the ssl cipher you want to verify", hit return to leave this field blank and display ALL ciphers.
| ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 | Kx=ECDH | Au=RSA | Enc=AESGCM(256) | Mac=AEAD |
| ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 | Kx=ECDH | Au=ECDSA | Enc=AESGCM(256) | Mac=AEAD |
| ECDHE-RSA-AES256-SHA384 | TLSv1.2 | Kx=ECDH | Au=RSA | Enc=AES(256) | Mac=SHA384 |
| ECDHE-ECDSA-AES256-SHA384 | TLSv1.2 | Kx=ECDH | Au=ECDSA | Enc=AES(256) | Mac=SHA384 |
| ECDHE-RSA-AES256-SHA | SSLv3 | Kx=ECDH | Au=RSA | Enc=AES(256) | Mac=SHA1 |
| ECDHE-ECDSA-AES256-SHA | SSLv3 | Kx=ECDH | Au=ECDSA | Enc=AES(256) | Mac=SHA1 |
| SRP-DSS-AES-256-CBC-SHA | SSLv3 | Kx=SRP | Au=DSS | Enc=AES(256) | Mac=SHA1 |
| SRP-RSA-AES-256-CBC-SHA | SSLv3 | Kx=SRP | Au=RSA | Enc=AES(256) | Mac=SHA1 |
| SRP-AES-256-CBC-SHA | SSLv3 | Kx=SRP | Au=SRP | Enc=AES(256) | Mac=SHA1 |
| DHE-DSS-AES256-GCM-SHA384 | TLSv1.2 | Kx=DH | Au=DSS | Enc=AESGCM(256) | Mac=AEAD |
| DHE-RSA-AES256-GCM-SHA384 | TLSv1.2 | Kx=DH | Au=RSA | Enc=AESGCM(256) | Mac=AEAD |
| DHE-RSA-AES256-SHA256 | TLSv1.2 | Kx=DH | Au=RSA | Enc=AES(256) | Mac=SHA256 |
| DHE-DSS-AES256-SHA256 | TLSv1.2 | Kx=DH | Au=DSS | Enc=AES(256) | Mac=SHA256 |
| DHE-RSA-AES256-SHA | SSLv3 | Kx=DH | Au=RSA | Enc=AES(256) | Mac=SHA1 |
| DHE-DSS-AES256-SHA | SSLv3 | Kx=DH | Au=DSS | Enc=AES(256) | Mac=SHA1 |
| DHE-RSA-CAMELLIA256-SHA | SSLv3 | Kx=DH | Au=RSA | Enc=Camellia(256) | Mac=SHA1 |
| DHE-DSS-CAMELLIA256-SHA | SSLv3 | Kx=DH | Au=DSS | Enc=Camellia(256) | Mac=SHA1 |
| AES256-GCM-SHA384 | TLSv1.2 | Kx=RSA | Au=RSA | Enc=AESGCM(256) | Mac=AEAD |
| AES256-SHA256 | TLSv1.2 | Kx=RSA | Au=RSA | Enc=AES(256) | Mac=SHA256 |
| AES256-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=AES(256) | Mac=SHA1 |
| CAMELLIA256-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=Camellia(256) | Mac=SHA1 |
| PSK-AES256-CBC-SHA | SSLv3 | Kx=PSK | Au=PSK | Enc=AES(256) | Mac=SHA1 |
| ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 | Kx=ECDH | Au=RSA | Enc=AESGCM(128) | Mac=AEAD |
| ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 | Kx=ECDH | Au=ECDSA | Enc=AESGCM(128) | Mac=AEAD |
| ECDHE-RSA-AES128-SHA256 | TLSv1.2 | Kx=ECDH | Au=RSA | Enc=AES(128) | Mac=SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | TLSv1.2 | Kx=ECDH | Au=ECDSA | Enc=AES(128) | Mac=SHA256 |
| ECDHE-RSA-AES128-SHA | SSLv3 | Kx=ECDH | Au=RSA | Enc=AES(128) | Mac=SHA1 |
| ECDHE-ECDSA-AES128-SHA | SSLv3 | Kx=ECDH | Au=ECDSA | Enc=AES(128) | Mac=SHA1 |
| SRP-DSS-AES-128-CBC-SHA | SSLv3 | Kx=SRP | Au=DSS | Enc=AES(128) | Mac=SHA1 |
| SRP-RSA-AES-128-CBC-SHA | SSLv3 | Kx=SRP | Au=RSA | Enc=AES(128) | Mac=SHA1 |
| SRP-AES-128-CBC-SHA | SSLv3 | Kx=SRP | Au=SRP | Enc=AES(128) | Mac=SHA1 |
| DHE-DSS-AES128-GCM-SHA256 | TLSv1.2 | Kx=DH | Au=DSS | Enc=AESGCM(128) | Mac=AEAD |
| DHE-RSA-AES128-GCM-SHA256 | TLSv1.2 | Kx=DH | Au=RSA | Enc=AESGCM(128) | Mac=AEAD |
| DHE-RSA-AES128-SHA256 | TLSv1.2 | Kx=DH | Au=RSA | Enc=AES(128) | Mac=SHA256 |
| DHE-DSS-AES128-SHA256 | TLSv1.2 | Kx=DH | Au=DSS | Enc=AES(128) | Mac=SHA256 |
| DHE-RSA-AES128-SHA | SSLv3 | Kx=DH | Au=RSA | Enc=AES(128) | Mac=SHA1 |
| DHE-DSS-AES128-SHA | SSLv3 | Kx=DH | Au=DSS | Enc=AES(128) | Mac=SHA1 |
| DHE-RSA-SEED-SHA | SSLv3 | Kx=DH | Au=RSA | Enc=SEED(128) | Mac=SHA1 |
| DHE-DSS-SEED-SHA | SSLv3 | Kx=DH | Au=DSS | Enc=SEED(128) | Mac=SHA1 |
| DHE-RSA-CAMELLIA128-SHA | SSLv3 | Kx=DH | Au=RSA | Enc=Camellia(128) | Mac=SHA1 |
| DHE-DSS-CAMELLIA128-SHA | SSLv3 | Kx=DH | Au=DSS | Enc=Camellia(128) | Mac=SHA1 |
| AES128-GCM-SHA256 | TLSv1.2 | Kx=RSA | Au=RSA | Enc=AESGCM(128) | Mac=AEAD |
| AES128-SHA256 | TLSv1.2 | Kx=RSA | Au=RSA | Enc=AES(128) | Mac=SHA256 |
| AES128-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=AES(128) | Mac=SHA1 |
| SEED-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=SEED(128) | Mac=SHA1 |
| CAMELLIA128-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=Camellia(128) | Mac=SHA1 |
| IDEA-CBC-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=IDEA(128) | Mac=SHA1 |
| PSK-AES128-CBC-SHA | SSLv3 | Kx=PSK | Au=PSK | Enc=AES(128) | Mac=SHA1 |
| ECDHE-RSA-RC4-SHA | SSLv3 | Kx=ECDH | Au=RSA | Enc=RC4(128) | Mac=SHA1 |
| ECDHE-ECDSA-RC4-SHA | SSLv3 | Kx=ECDH | Au=ECDSA | Enc=RC4(128) | Mac=SHA1 |
| RC4-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=RC4(128) | Mac=SHA1 |
| RC4-MD5 | SSLv3 | Kx=RSA | Au=RSA | Enc=RC4(128) | Mac=MD5 |
| PSK-RC4-SHA | SSLv3 | Kx=PSK | Au=PSK | Enc=RC4(128) | Mac=SHA1 |
| ECDHE-RSA-DES-CBC3-SHA | SSLv3 | Kx=ECDH | Au=RSA | Enc=3DES(168) | Mac=SHA1 |
| ECDHE-ECDSA-DES-CBC3-SHA | SSLv3 | Kx=ECDH | Au=ECDSA | Enc=3DES(168) | Mac=SHA1 |
| SRP-DSS-3DES-EDE-CBC-SHA | SSLv3 | Kx=SRP | Au=DSS | Enc=3DES(168) | Mac=SHA1 |
| SRP-RSA-3DES-EDE-CBC-SHA | SSLv3 | Kx=SRP | Au=RSA | Enc=3DES(168) | Mac=SHA1 |
| SRP-3DES-EDE-CBC-SHA | SSLv3 | Kx=SRP | Au=SRP | Enc=3DES(168) | Mac=SHA1 |
| EDH-RSA-DES-CBC3-SHA | SSLv3 | Kx=DH | Au=RSA | Enc=3DES(168) | Mac=SHA1 |
| EDH-DSS-DES-CBC3-SHA | SSLv3 | Kx=DH | Au=DSS | Enc=3DES(168) | Mac=SHA1 |
| DES-CBC3-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=3DES(168) | Mac=SHA1 |
| PSK-3DES-EDE-CBC-SHA | SSLv3 | Kx=PSK | Au=PSK | Enc=3DES(168) | Mac=SHA1 |
| EDH-RSA-DES-CBC-SHA | SSLv3 | Kx=DH | Au=RSA | Enc=DES(56) | Mac=SHA1 |
| EDH-DSS-DES-CBC-SHA | SSLv3 | Kx=DH | Au=DSS | Enc=DES(56) | Mac=SHA1 |
| DES-CBC-SHA | SSLv3 | Kx=RSA | Au=RSA | Enc=DES(56) | Mac=SHA1 |
How to Verify TLSv1.2 Ciphers
From the sslconfig > verify CLI menu, use "TLSv1.2" when asked which SSL cipher to verify:
Enter the ssl cipher you want to verify.
[]> TLSv1.2
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
NULL-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=None Mac=SHA256
How to Verify SSLv3 Ciphers
From the sslconfig > verify CLI menu, use "SSLv3" when asked which SSL cipher to verify:
Enter the ssl cipher you want to verify.
[]> SSLv3
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-SEED-SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1
ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1
SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1
SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
ADH-DES-CBC-SHA SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-ADH-RC4-MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
ECDHE-RSA-NULL-SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1
ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
How to Verify Low Ciphers
From the sslconfig > verify CLI menu, use "LOW" when asked which SSL cipher to verify:
Enter the ssl cipher you want to verify.
[]> LOW
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
ADH-DES-CBC-SHA SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
How to Verify Medium Ciphers
From the sslconfig > verify CLI menu, use "MEDIUM" when asked which SSL cipher to verify:
Enter the ssl cipher you want to verify.
[]> MEDIUM
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
ADH-SEED-SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1
SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5
RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
How to Verify High Ciphers
From the sslconfig > verify CLI menu, use "HIGH" when asked which SSL cipher to verify:
Enter the ssl cipher you want to verify.
[]> HIGH
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1
SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1
SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
Related Information
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
06-Apr-2017 |
Initial Release |
Contributed by Cisco Engineers
- Robert SherwinTechnical Marketing Engineer
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)