Security levels and supported security ciphers

You can use connections based on the Transport Layer Security (TLS), which is the successor of the Secure Sockets Layer (SSL) protocol, to ensure safer communications.

Version

This information about security settings applies to the current release only.

SSL certificates

The system uses a certificate to authenticate SSL connections. For more information about managing certificates, see Managing certificates for secure communications.

TLS or SSL connections and security levels

Note: The terms TLS and SSL are often used interchangeably in the industry.

The system uses TLS or SSL connections to control access to interfaces such as the management GUI, the service assistant GUI, the key server, CIMOM, and RESTful API. TLS or SSL connections use security ciphers to help control access.

You can use security ciphers that are supported by different levels of TLS or SSL. Each level supports ciphers that provide differing strengths of encryption. You can set the security level to 5, 6, or 7 to be compliant with the NIST 800-52 standard. Security level 7 allows only the cipher suite TLS_AES_256_GCM_SHA384, which the NIST recommends for Federal Information Processing Standards (FIPS) mode.

SSL protocol levels 2 to 4 do not support the TLS 1.3 protocol and the cipher suites approved by the NIST 800-52 standard. Currently, the TLS or SSL security level 7 is the maximum level supported and TLS or SSL security level 2 is the lowest security level supported.

SSL protocols and ciphers supported at each security level

Table 1 displays the protocols that are supported at security level 7.

Table 1. Protocols supported at level 7
Protocol level	Is it supported?
TLS 1.3	Yes
TLS 1.2	No
TLS 1.1	No
TLS 1.0	No
SSL 3 and earlier	No

Table 2 displays Java™ SSL ciphers that are supported at security level 7.

Table 2. Java SSL ciphers supported at security level 7
Java SSL ciphers
TLS_AES_256_GCM_SHA384

Table 3 displays OpenSSL security ciphers that are supported by security level 7.

Table 3. OpenSSL ciphers supported at level 7 (`chsecurity -sslprotocol 7`)
Cipher	Bulk encryption algorithm	Hashing algorithm
AES-256-GCM-SHA384	AES-256-GCM	SHA384

Table 4 displays the protocols that are supported at security level 6.

Table 4. Protocols supported at level 6
Protocol level	Is it supported?
TLS 1.3	Yes
TLS 1.2	No
TLS 1.1	No
TLS 1.0	No
SSL 3 and earlier	No

Table 5 displays Java SSL ciphers that are supported at security level 6.

Table 5. Java SSL ciphers supported at security level 6
Java SSL ciphers
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_SHA256

Table 6 displays OpenSSL security ciphers that are supported by security level 6.

Table 6. OpenSSL ciphers supported at level 6 (`chsecurity -sslprotocol 6`)
Cipher	Bulk encryption algorithm	Hashing algorithm
AES-256-GCM-SHA384	AES-256-GCM	SHA384
CHACHA20-POLY1305-SHA256	CHACHA20-POLY1305	SHA256
AES-128-GCM-SHA256	AES-128-GCM	SHA256
AES-128-CCM-8-SHA256	AES-128-CCM-8	SHA256
AES-128-CCM-SHA256	AES-128-CCM	SHA256

Table 7 displays the protocols that are supported at security level 5.

Table 7. Protocols supported at level 5
Protocol level	Is it supported?
TLS 1.3	Yes
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3 and earlier	No

Table 8 displays Java SSL ciphers that are supported at security level 5.

Table 8. Java SSL ciphers supported at security level 5
Java SSL ciphers
For TLS 1.3
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_SHA256
For TLS 1.2 The security level 5 supports all the Java SSL ciphers supported at the security level 3. A few additional TLS 1.2 specific Java SSL ciphers supported at level 5 are:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

Table 9 and Table 10 displays OpenSSL security ciphers that are supported by security level 5.

Table 9. OpenSSL ciphers supported at level 5 for TLS 1.3 (`chsecurity -sslprotocol 5`)
Cipher	Bulk encryption algorithm	Hashing algorithm
AES-256-GCM-SHA384	AES-256-GCM	SHA384
CHACHA20-POLY1305-SHA256	CHACHA20-POLY1305	SHA256
AES-128-GCM-SHA256	AES-128-GCM	SHA256
AES-128-CCM-8-SHA256	AES-128-CCM-8	SHA256
AES-128-CCM-SHA256	AES-128-CCM	SHA256

Table 10. OpenSSL ciphers supported at level 5 for TLS 1.2 (`chsecurity -sslprotocol 5`)
Cipher	Kx	Au	Enc	Mac
ECDHE-RSA-AES256-GCM-SHA384	ECDH	RSA	AESGCM(256)	AEAD
ECDHE-ECDSA-AES256-GCM-SHA384	ECDH	ECDSA	AESGCM(256)	AEAD
ECDHE-RSA-AES256-SHA384	ECDH	RSA	AES(256)	SHA384
ECDHE-ECDSA-AES256-SHA384	ECDH	ECDSA	AES(256)	SHA384
DHE-RSA-AES256-GCM-SHA384	DH	RSA	AESGCM(256)	AEAD
DHE-RSA-AES256-SHA256	DH	RSA	AES(256)	SHA256
AES256-GCM-SHA384	RSA	RSA	AESGCM(256)	AEAD
AES256-SHA256	RSA	RSA	AES(256)	SHA256
ECDHE-RSA-AES128-GCM-SHA256	ECDH	RSA	AESGCM(128)	AEAD
ECDHE-ECDSA-AES128-GCM-SHA256	ECDH	ECDSA	AESGCM(128)	AEAD
ECDHE-RSA-AES128-SHA256	ECDH	RSA	AES(128)	SHA256
ECDHE-ECDSA-AES128-SHA256	ECDH	ECDSA	AES(128)	SHA256
DHE-RSA-AES128-GCM-SHA256	DH	RSA	AESGCM(128)	AEAD
DHE-RSA-AES128-SHA256	DH	RSA	AES(128)	SHA256
AES128-GCM-SHA256	RSA	RSA	AESGCM(128)	AEAD
AES128-SHA256	RSA	RSA	AES(128)	SHA256

Table 11 displays the protocols that are supported at security level 4.

Table 11. Protocols supported at level 4
Protocol level	Is it supported?
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3 and earlier	No

Table 12 displays Java SSL ciphers that are supported at security level 4.

Table 12. Java SSL ciphers supported at security level 4
Java SSL ciphers
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256

Table 13 displays OpenSSL security ciphers that are supported by security level 4.

Table 13. OpenSSL ciphers supported at level 4 (`chsecurity -sslprotocol 4`)
Cipher	Kx	Au	Enc	Mac
ECDHE-ECDSA-AES256-GCM-SHA384	ECDH	ECDSA	AESGCM(256)	AEAD
DHE-DSS-AES256-GCM-SHA384	DH	DSS	AESGCM(256)	AEAD
ECDHE-ECDSA-AES128-GCM-SHA256	ECDH	ECDSA	AESGCM(128)	AEAD
DHE-DSS-AES128-GCM-SHA256	DH	DSS	AESGCM(128)	AEAD

Table 14 displays the protocols that are supported at security level 3.

Table 14. Protocols supported at level 3
Protocol level	Is it supported?
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3 and earlier	No

Table 15 displays Java SSL ciphers that are supported at security level 3.

Table 15. Java SSL ciphers supported at security level 3
Java SSL ciphers
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_256_GCM_SHA384
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256

Table 16 displays OpenSSL security ciphers that are supported by security level 3.

Table 16. OpenSSL ciphers supported at level 3 (`chsecurity -sslprotocol 3`)
Cipher	Kx	Au	Enc	Mac
ECDHE-RSA-AES256-GCM-SHA384	ECDH	RSA	AESGCM(256)	AEAD
ECDHE-ECDSA-AES256-GCM-SHA384	ECDH	ECDSA	AESGCM(256)	AEAD
ECDHE-RSA-AES256-SHA384	ECDH	RSA	AES(256)	SHA384
ECDHE-ECDSA-AES256-SHA384	ECDH	ECDSA	AES(256)	SHA384
DHE-DSS-AES256-GCM-SHA384	DH	DSS	AESGCM(256)	AEAD
DHE-RSA-AES256-GCM-SHA384	DH	RSA	AESGCM(256)	AEAD
DHE-RSA-AES256-SHA256	DH	RSA	AES(256)	SHA256
ECDH-RSA-AES256-GCM-SHA384 E	ECDH/RSA	ECDH	AESGCM(256)	AEAD
ECDH-ECDSA-AES256-GCM-SHA384	ECDH/ECDSA	ECDH	AESGCM(256)	AEAD
ECDH-RSA-AES256-SHA384	ECDH/RSA	ECDH	AES(256)	SHA384
ECDH-ECDSA-AES256-SHA384	ECDH/ECDSA	ECDH	AES(256)	SHA384
AES256-GCM-SHA384	RSA	RSA	AESGCM(256)	AEAD
AES256-SHA256	RSA	RSA	AES(256)	SHA256
ECDHE-RSA-AES128-GCM-SHA256	ECDH	RSA	AESGCM(128)	AEAD
ECDHE-ECDSA-AES128-GCM-SHA256	ECDH	ECDSA	AESGCM(128)	AEAD
ECDHE-RSA-AES128-SHA256	ECDH	RSA	AES(128)	SHA256
ECDHE-ECDSA-AES128-SHA256	ECDH	ECDSA	AES(128)	SHA256
DHE-DSS-AES128-GCM-SHA256	DH	DSS	AESGCM(128)	AEAD
DHE-RSA-AES128-GCM-SHA256	DH	RSA	AESGCM(128)	AEAD
DHE-RSA-AES128-SHA256	DH	RSA	AES(128)	SHA256
DHE-DSS-AES128-SHA256	DH	DSS	AES(128)	SHA256
ECDH-RSA-AES128-GCM-SHA256	ECDH/RSA	ECDH	AESGCM(128)	AEAD
ECDH-ECDSA-AES128-GCM-SHA256	ECDH/ECDSA	ECDH	AESGCM(128)	AEAD
ECDH-RSA-AES128-SHA256	ECDH/RSA	ECDH	AES(128)	SHA256
ECDH-ECDSA-AES128-SHA256	ECDH/ECDSA	ECDH	AES(128)	SHA256
AES128-GCM-SHA256	RSA	RSA	AESGCM(128)	AEAD
AES128-SHA256	RSA	RSA	AES(128)	SHA256

Table 17 displays the protocols that are supported at security level 2.

Table 17. Protocols supported at level 2
Protocol level	Is it supported?
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3 and earlier	No

Table 18 displays Java SSL ciphers that are supported at security level 2.

Table 18. Java SSL ciphers supported at level 2
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_256_GCM_SHA384
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA

Table 19 displays OpenSSL security ciphers that are supported by security level 2.

Table 19. OpenSSL ciphers supported at level 2 (`chsecurity -sslprotocol 2`)
Cipher	Kx	Au	Enc	Mac
ECDHE-RSA-AES256-GCM-SHA384	ECDH	RSA	AESGCM(256)	AEAD
ECDHE-ECDSA-AES256-GCM-SHA384	ECDH	ECDSA	AESGCM(256)	AEAD
ECDHE-RSA-AES256-SHA384	ECDH	RSA	AES(256)	SHA384
ECDHE-ECDSA-AES256-SHA384	ECDH	ECDSA	AES(256)	SHA384
DHE-DSS-AES256-GCM-SHA384	DH	DSS	AESGCM(256)	AEAD
DHE-RSA-AES256-GCM-SHA384	DH	RSA	AESGCM(256)	AEAD
DHE-RSA-AES256-SHA256	DH	RSA	AES(256)	SHA256
ECDH-RSA-AES256-GCM-SHA384 E	ECDH/RSA	ECDH	AESGCM(256)	AEAD
ECDH-ECDSA-AES256-GCM-SHA384	ECDH/ECDSA	ECDH	AESGCM(256)	AEAD
ECDH-RSA-AES256-SHA384	ECDH/RSA	ECDH	AES(256)	SHA384
ECDH-ECDSA-AES256-SHA384	ECDH/ECDSA	ECDH	AES(256)	SHA384
AES256-GCM-SHA384	RSA	RSA	AESGCM(256)	AEAD
AES256-SHA256	RSA	RSA	AES(256)	SHA256
AES256-SHA	RSA	RSA	AES(256)	SHA1
ECDHE-RSA-AES128-GCM-SHA256	ECDH	RSA	AESGCM(128)	AEAD
ECDHE-ECDSA-AES128-GCM-SHA256	ECDH	ECDSA	AESGCM(128)	AEAD
ECDHE-RSA-AES128-SHA256	ECDH	RSA	AES(128)	SHA256
ECDHE-ECDSA-AES128-SHA256	ECDH	ECDSA	AES(128)	SHA256
DHE-DSS-AES128-GCM-SHA256	DH	DSS	AESGCM(128)	AEAD
DHE-RSA-AES128-GCM-SHA256	DH	RSA	AESGCM(128)	AEAD
DHE-RSA-AES128-SHA256	DH	RSA	AES(128)	SHA256
DHE-DSS-AES128-SHA256	DH	DSS	AES(128)	SHA256
ECDH-RSA-AES128-GCM-SHA256	ECDH/RSA	ECDH	AESGCM(128)	AEAD
ECDH-ECDSA-AES128-GCM-SHA256	ECDH/ECDSA	ECDH	AESGCM(128)	AEAD
ECDH-RSA-AES128-SHA256	ECDH/RSA	ECDH	AES(128)	SHA256
ECDH-ECDSA-AES128-SHA256	ECDH/ECDSA	ECDH	AES(128)	SHA256
AES128-GCM-SHA256	RSA	RSA	AESGCM(128)	AEAD
AES128-SHA256	RSA	RSA	AES(128)	SHA256
AES128-SHA	RSA	RSA	AES(128)	SHA1
DES-CBC3-SHA	RSA	RSA	3DES(168)	SHA1

TCP and UDP ports

You can use firewall protections that restrict Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports. You can use external network communications to connect to these ports. Table 20 lists all supported ports and describes how they can be used.

Table 20. TCP and UDP ports that are supported
Service	Traffic direction	Protocol	Port	Service type
Email (SMTP) notification and inventory reports	Outbound	TCP	25	Optional
SNMP event notification	Outbound	UDP	162	Optional
Syslog event notification	Outbound	TCP UDP	6514 (TCP) 514 (UDP)	Optional
IPv4 DHCP (Node service address)	Outbound	UDP	68	Optional
IPv6 DHCP (Node service address)	Outbound	UDP	547	Optional
Network time server (NTP)	Outbound	UDP	123	Optional
SSH for command-line interface (CLI) access	Inbound	TCP	22	Mandatory
HTTP to HTTPS redirect for GUI access	Inbound	TCP	80	Optional
HTTPS redirect for GUI access	Inbound	TCP	443	Mandatory
HTTP to HTTPS redirect for GUI access	Inbound	TCP	8080	Optional
HTTPS for GUI access	Inbound	TCP	8443	Mandatory
CIMOM (HTTPS)	Inbound	TCP	5989	Optional
CIMOM SLPD	Inbound	UDP	427	Optional
Remote user authentication service - HTTP	Outbound	TCP	16310	Optional
Remote user authentication service - HTTPS	Outbound	TCP	16311	Optional
Remote user authentication service - Lightweight Directory Access Protocol (LDAP)	Outbound	TCP	389	Optional
iSCSI	Inbound	TCP	3260	Optional
iSCSI iSNS	Outbound	TCP	3260	Optional
IP Partnership management IP communication	Inbound	TCP	3260	Optional
IP Partnership management IP communication	Outbound	TCP	3260	Optional
IP Partnership data path connections	Inbound	TCP	3265	Optional
IP Partnership data path connections	Outbound	TCP	3265	Optional
VASA Provider	Inbound	TCP	8440	Optional

Table 21. SSH algorithms supported at each security level
Security level	Key Exchange	Cipher Suite	MAC Algorithm	Host Key Algorithms
1	curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1	aes256-ctr aes192-ctr aes128-ctr chacha20-poly1305@openssh.com aes256-gcm@openssh.com aes128-gcm@openssh.com aes256-cbc aes192-cbc aes128-cbc	hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-sha1	rsa-sha2-256 rsa-sha2-512 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com ssh-rsa ssh-rsa-cert-v01@openssh.com
2	curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1	aes256-ctr aes192-ctr aes128-ctr chacha20-poly1305@openssh.com aes256-gcm@openssh.com aes128-gcm@openssh.com	hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-sha1	rsa-sha2-256 rsa-sha2-512 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com ssh-rsa ssh-rsa-cert-v01@openssh.com
3	curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256	aes256-ctr aes192-ctr aes128-ctr chacha20-poly1305@openssh.com aes256-gcm@openssh.com aes128-gcm@openssh.com	hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com	rsa-sha2-256 rsa-sha2-512 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com ssh-rsa ssh-rsa-cert-v01@openssh.com
4	curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521	aes256-ctr aes192-ctr aes128-ctr aes256-gcm@openssh.com aes128-gcm@openssh.com	hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com	rsa-sha2-256 rsa-sha2-512 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com

Restriction: The 3-site-orchestrator does not support SSH protocol level 4.

Interoperability

At SSL security level 4, Google Chrome Version 63.0.3239.132 and higher and Mozilla Firefox Version 52.7.2 and later are known to work with the management GUI. IBM® SDK, Java Technology Edition, Version 8 update 1.8.0_161 and later is known to work with the IP quorum application.