Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 802
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Ciphers Used with SSL
Some organizations may want to disable the weaker ciphers to prevent SSL connections
with weaker encryption. However, due to U.S. government restrictions on products that
support anything stronger than 40-bit encryption, disabling support for all 40-bit ciphers
effectively restricts access to network browsers that are available only in the United States
(unless the server involved has a special Global Server ID that permits the international
client to "step up" to stronger encryption).
To serve the largest possible range of users, it's a good idea for administrators to enable as
broad a range of SSL cipher suites as possible. That way, when a domestic client or server is
dealing with another domestic server or client, respectively, it will negotiate the use of the
strongest ciphers available. And when an domestic client or server is dealing with an
international server or client, it will negotiate the use of those ciphers that are permitted
under U.S. export regulations.
However, since 40-bit ciphers can be broken relatively quickly, administrators whose user
communities can use stronger ciphers without violating export restrictions should disable
the 40-bit ciphers if they are concerned about access to data by eavesdroppers.
NOTE
•
RC4 with 128-bit encryption and MD5 message authentication
•
RC4 with 40-bit encryption and MD5 message authentication
•
RC2 with 40-bit encryption and MD5 message authentication
•
No encryption, MD5 message authentication only
Cipher Suites With RSA Key Exchange
Table K-1 lists the cipher suites supported by SSL that use the RSA key-exchange
algorithm. Unless otherwise indicated, all ciphers listed in the table are supported by both
SSL 2.0 and SSL 3.0. Cipher suites are listed from strongest to weakest.
802 Red Hat Certificate System Administrator's Guide • September 2005
Red Hat Console does not support all of the cipher suites supported by Red
Hat clients and servers. To ensure that Red Hat Console can control an
SSL-enabled server, the server must enable at least one of the following
cipher suites for SSL 3.0:
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers