NSA Suite B 192bit Mode

  • Certificates must be ECC using elliptic curve secp384r1
  • Protocol must be TLSV1.2, all others are disabled
  • Cipher algorithm must be AES-256
  • Key exchange algorithm must be ECDH
  • Digital signature algorithm must be ECDSA
  • Hashing algorithm must be SHA384
  • Cipher suites allowed for NSA Suite B 192 bit are
    • TLS_ECDHE_ECDSA_W_AES_256_CBC_SHA384 (C024)
    • TLS_ECDHE_ECDSA_W_AES_256_GCM_SHA384 (C02C)