© Copyright Lenovo 2016
Table 3.
Acceptable Protocols and Algorithms (continued)
Protocol/Function Strict Mode Algorithm
HTTPS
TLS 1.2 only
See "Acceptable Cipher Suites" on
page
IKE
Key Exchange
DH Group 24
Encryption
3DES, AES‐128‐CBC
Integrity
HMAC‐SHA1
IPSec
AH
HMAC‐SHA1
ESP
3DES, AES‐128‐CBC, HMAC‐SHA1 3DES, AES‐128‐CBC,
LDAP
LDAP does not comply with NIST
SP 800‐131A specification. When in
strict mode, LDAP is disabled.
However, it can be enabled, if
required.
OSPF
OSPF does not comply with NIST SP
800‐131A specification. When in
strict mode, OSPF is disabled. How‐
ever, it can be enabled, if required.
RADIUS
RADIUS does not comply with
NIST SP 800‐131A specification.
When in strict mode, RADIUS is dis‐
abled. However, it can be enabled, if
required.
Random Number
NIST SP 800‐90A AES CTR DRBG
Generator
Secure NTP
Secure NTP does not comply with
NIST SP 800‐131A specification.
When in strict mode, secure NTP is
disabled. However, it can be
enabled, if required.
SLP
SHA‐256 or higher
RSA/DSA 2048 or higher
SNMP
SNMPv3 only
AES‐128‐CFB‐128/SHA1
Note: Following algorithms are
acceptable if you choose to support
old SNMPv3 factory default users:
AES‐128‐CFB/SHA1
DES/MD5
AES‐128‐CFB‐128/SHA1
61;
Compatibility Mode Algorithm
TLS 1.0, 1.1, 1.2
See "Acceptable Cipher Suites"
on page
61;
DH group 1, 2, 5, 14, 24
3DES, AES‐128‐CBC
HMAC‐SHA1, HMAC‐MD5
HMAC‐SHA1, HMAC‐MD5
HMAC‐SHA1, HMAC‐MD5
Acceptable
Acceptable
Acceptable
NIST SP 800‐90A AES CTR
DRBG
Acceptable
SNMPv1, SNMPv2, SNMPv3
DES/MD5,
AES‐128‐CFB‐128/SHA1
Chapter 1: Switch Administration
59