Cipher suites
Cipher suites are combinations of cryptographic parameters that define the security algorithms and key sizes.
- GIM agent
- SSH
- S-TAP agents (both Windows and Linux®)
- Guardium inspection core (that is, the Guardium sniffer)
my.example.com> show ssl_configuration
TLS 1.2/OpenSSL 1.x Ciphers
(1) [X] AES128-SHA
(2) [X] AES256-SHA
(3) [ ] AES256-SHA256
TLS 1.3/OpenSSL 3.x Cipher Suites
(4) [X] TLS_AES_128_GCM_SHA256
(5) [X] TLS_AES_256_GCM_SHA384
(6) [X] TLS_CHACHA20_POLY1305_SHA256
(7) [ ] TLS_AES_128_CCM_SHA256
(8) [ ] TLS_AES_128_CCM_8_SHA256
ok
To change the SSL ciphers, use the store ssl_configuration CLI command.
For more information, see the store ssl_configuration command in Configuration and control CLI commands.
For a list of the ports that Guardium uses, see Guardium port requirements.
Hashing user passwords
Guardium uses the following cipher to hash user passwords:
PBKDF2-SHA512 cipher
GUI encryption ciphers
To view and manage the ciphers that are used between clients and servers in the Guardium GUI, use the show ssl_gui_ciphers CLI command. For example,
my.example.com> show ssl_gui_ciphers
1. SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2. SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA256
3. SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA384
4. SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
5. SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
6. SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
7. SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
8. SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
9. SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384
10. SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
11. SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
12. SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
13. SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
14. SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15. SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16. SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
17. SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
18. SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19. SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA
20. SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA
21. SSL_ECDH_RSA_WITH_AES_128_CBC_SHA
ok
For more information about the ssl_gui_ciphers commands, see delete ssl_gui_ciphers and restore ssl_gui_ciphers in Configuration and control CLI commands.
File backup cipher
Guardium uses the following cipher to encrypt and decrypt files and backups:
- aes256
MySQL encryption ciphers
MySQL encrypts data at rest by using AES_ENCRYPT() and AES_DECRYPT(), which are considered to be the most cryptographically secure encryption functions that are currently available in MySQL. SHA-2, DES, and AES functions require MySQL to be configured with SSL support.