Cipher suites

A cipher suite is a defined set of cryptographic algorithms used to establish a secure connection over HTTPS.

When accessing the Web GUI or performing secure communications with a tape library, cipher suites play a critical role in protecting data in transit.

Components of a Cipher Suite

Each cipher suite typically includes:

  • Key Exchange Algorithm: Establishes a shared secret between client and server (e.g., ECDHE).
  • Authentication Algorithm: Verifies the identity of the server (e.g., RSA or ECDSA).
  • Encryption Algorithm: Encrypts the data being transmitted (e.g., AES-256-GCM).
  • Message Authentication Code (MAC): Ensures data integrity (e.g., SHA-384).

Role in Secure Communication

Cipher suites are used during the TLS handshake to:

  • Authenticate the server (and optionally the client).
  • Securely exchange encryption keys.
  • Encrypt the session data.
  • Verify the integrity of messages.

The strength and method of encryption depend on the specific cipher suite selected during the handshake. Stronger suites offer better protection against modern threats.

Supported Cipher suites

The tape library uses a predefined set of cipher suites for HTTPS communication. Administrators cannot manually restrict or customize the number or types of cipher suites allowed. This ensures compatibility and simplifies configuration.

Table 1. Tape library Cipher Suites listed in strength order
Protocol version Cipher suites
TLSv1.2 only

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256