Create TLS Cryptography Suite Set elements

TLS Cryptography Suite Set elements define which cryptographic algorithms are allowed for encrypting TLS traffic.

The default NIST (SP 800-52) Compatible SSL Cryptographic Algorithms element allows SSL cryptographic algorithms that are compatible with the following standard: NIST SP 800-52 Rev. 1 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. If the default cryptographic algorithms meet your needs, there is no need to create a custom TLS Cryptography Suite Set element.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Administration.
  2. Browse to Certificates > Other Elements > TLS Cryptography Suite Sets.
  3. Right-click TLS Cryptography Suite Sets, then select New TLS Cryptography Suite Set.
  4. In the Name field, enter a unique name.
  5. Select one or more cryptographic algorithms.
    • Algorithms in the Common section are compatible with SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.
    • Algorithms in the TLS 1.2 Only section are only compatible with TLS 1.2.
  6. Click OK.

TLS Cryptography Suite Set Properties dialog box

Use this dialog box to view the properties of the default TLS Cryptography Suite Set element. Advanced users can create custom TLS Cryptography Suite Set elements if they have a specific reason to do so.

Option Definition
Name Specifies the name of the element.
Comment Adds a comment to the element.
Common Select one or more SSL cryptographic algorithms.
Note: SSL cryptographic algorithms in the Common section are compatible with SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS 1.2 Only Select one or more SSL cryptographic algorithms.
Note: SSL cryptographic algorithms in the TLS 1.2 Only section are only compatible with TLS 1.2.
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384