Cipher suites
Cipher suites are combinations of cryptographic parameters that define the security algorithms and key sizes.
- GIM agent
- SSH
- S-TAP® agents (both Windows and Linux®)
- Guardium inspection core (that is, the Guardium sniffer)
my.example.com> show ssl_ciphers
The inspection core is using the DEFAULT ciphers: AES256-SHA,AES128-SHA
ok
To change the SSL ciphers, use the store ssl_ciphers CLI command.
For more information, see the store ssl_ciphers command in Configuration and control CLI commands.
For a list of the ports that Guardium uses, see Guardium port requirements.
Hashing user passwords
Guardium uses the following cipher to hash user passwords:
PBKDF2-SHA512 cipher
GUI encryption ciphers
To view and manage the ciphers that are used between clients and servers in the Guardium GUI, use the show ssl_gui_ciphers CLI command. For example,
my.example.com> show ssl_gui_ciphers
1. SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2. SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA256
3. SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA384
4. SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
5. SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
6. SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
7. SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
8. SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
9. SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384
10. SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
11. SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
12. SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
13. SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
14. SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15. SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16. SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
17. SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
18. SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19. SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA
20. SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA
21. SSL_ECDH_RSA_WITH_AES_128_CBC_SHA
ok
For more information about the ssl_gui_ciphers commands, see delete ssl_gui_ciphers and restore ssl_gui_ciphers in Configuration and control CLI commands.
File backup cipher
Guardium uses the following cipher to encrypt and decrypt files and backups:
- aes256
MySQL encryption ciphers
MySQL encrypts data at rest by using AES_ENCRYPT() and AES_DECRYPT(), which are considered to be the most cryptographically secure encryption functions that are currently available in MySQL. SHA-2, DES, and AES functions require MySQL to be configured with SSL support.