Appendix a. default ssl cipher suites, Ssl version 2 cipher suites – Zilog EZ80F91AZA User Manual

UM020107-1211

ZTP Network Security SSL Plug-In

User Manual

63

Appendix A. Default SSL Cipher Suites

This appendix identifies the subset of the cipher suites defined in the SSL version 2, SSL
version 3 and TLS version 1 specifications, which are supported by the ZTP Network
Security SSL Plug-In.

In general, an SSL cipher suite is comprised of the following components:

•

A key exchange algorithm used to establish a shared secret between the client and
server

•

A cipher algorithm used for encrypting and decrypting data through the SSL layer

•

A digest algorithm (known as a hash) used to compute a Message Authentication
Code which allows the recipient of an SSL data record to verify that the data sent by
the peer was not altered in transit



By using various combinations of algorithms for these components, a large number of
cipher suites can be supported, subject to the implementation limitations discussed in this
appendix.

SSL Version 2 Cipher Suites

The SSL Version 2 specification limits the choice of key exchange algorithm and hash
function to RSA and MD5, respectively. Therefore, the SSL2 cipher suite is determined by
the choice of cipher algorithm (and corresponding symmetric key size). Because this
implementation does not support the RC2 or IDEA ciphers, cipher suites using these algo-
rithms cannot be supported.

Table 8 shows the cipher suites defined in the SSL Version 2 specification, and indicates
which are supported by the ZTP Network Security SSL Plug-In.

Table 8. SSLv2 Cipher Suites

Cipher Suite Mnemonic

Supported?

SSL_CK_RC4_128_WITH_MD5

Yes

SSL_CK_RC4_128_EXPORT40_WITH_MD5

Yes

SSL_CK_RC2_128_CBC_WITH_MD5

No

SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5

No

SSL_CK_IDEA_128_CBC_WITH_MD5

No

SSL_CK_DES_64_CBC_WITH_MD5

Yes

SSL_CK_DES_192_CBC_WITH_MD5

Yes