Security levels and supported security ciphers

You can use connections based on the Transport Layer Security (TLS), which is the successor of the Secure Sockets Layer (SSL) protocol, to ensure safer communications.

Version

This information about security settings applies to the current release only.

SSL certificates

The system uses a certificate to authenticate SSL connections. For more information about managing certificates, see Creating and managing certificate authority store by using CLI.

TLS or SSL connections and security levels

Note: The terms TLS and SSL are often used interchangeably in the industry.

The system uses TLS or SSL connections to control access to interfaces such as the management GUI, the service assistant GUI, the key server, and RESTful API. TLS or SSL connections use security ciphers to help control access.

You can use security ciphers that are supported by different levels of TLS or SSL. Each level supports ciphers that provide differing strengths of encryption. You can set the security level to 5, 6, or 7 to be compliant with the NIST 800-52 standard. Security level 7 allows only the cipher suite TLS_AES_256_GCM_SHA384, which the NIST recommends for Federal Information Processing Standards (FIPS) mode.

SSL protocol levels 2 to 4 do not support the TLS 1.3 protocol and the cipher suites that are approved by the NIST 800-52 standard. Currently, the TLS or SSL security level 7 is the maximum level that is supported and TLS or SSL security level 2 is the lowest security level supported.

SSL protocols and ciphers supported at each security level

Table 1 displays the protocols that are supported at security level 7.
Table 1. Protocols supported at level 7
Protocol level Is it supported?
TLS 1.3 Yes
TLS 1.2 No
TLS 1.1 No
TLS 1.0 No
SSL 3 and earlier No
Table 2 displays Java™ SSL ciphers that are supported at security level 7.
Table 2. Java SSL ciphers supported at security level 7
Java SSL ciphers
TLS_AES_256_GCM_SHA384
Table 3 displays OpenSSL security ciphers that are supported by security level 7.
Table 3. OpenSSL ciphers supported at level 7 (chsecurity -sslprotocol 7)
Cipher Bulk encryption algorithm Hashing algorithm
AES-256-GCM-SHA384 AES-256-GCM SHA384
Table 4 displays the protocols that are supported at security level 6.
Table 4. Protocols supported at level 6
Protocol level Is it supported?
TLS 1.3 Yes
TLS 1.2 No
TLS 1.1 No
TLS 1.0 No
SSL 3 and earlier No
Table 5 displays Java SSL ciphers that are supported at security level 6.
Table 5. Java SSL ciphers supported at security level 6
Java SSL ciphers
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_SHA256
Table 6 displays OpenSSL security ciphers that are supported by security level 6.
Table 6. OpenSSL ciphers supported at level 6 (chsecurity -sslprotocol 6)
Cipher Bulk encryption algorithm Hashing algorithm
AES-256-GCM-SHA384 AES-256-GCM SHA384
CHACHA20-POLY1305-SHA256 CHACHA20-POLY1305 SHA256
AES-128-GCM-SHA256 AES-128-GCM SHA256
AES-128-CCM-8-SHA256 AES-128-CCM-8 SHA256
AES-128-CCM-SHA256 AES-128-CCM SHA256
Table 7 displays the protocols that are supported at security level 5.
Table 7. Protocols supported at level 5
Protocol level Is it supported?
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 and earlier No
Table 8 displays Java SSL ciphers that are supported at security level 5.
Table 8. Java SSL ciphers supported at security level 5
Java SSL ciphers
For TLS 1.3
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_SHA256
For TLS 1.2
The security level 5 supports all the Java SSL ciphers that are supported at the security level 3. A few more TLS 1.2 specific Java SSL ciphers that are supported at level 5 are:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Table 9 and Table 10 displays OpenSSL security ciphers that are supported by security level 5.
Table 9. OpenSSL ciphers supported at level 5 for TLS 1.3 (chsecurity -sslprotocol 5)
Cipher Bulk encryption algorithm Hashing algorithm
AES-256-GCM-SHA384 AES-256-GCM SHA384
CHACHA20-POLY1305-SHA256 CHACHA20-POLY1305 SHA256
AES-128-GCM-SHA256 AES-128-GCM SHA256
AES-128-CCM-8-SHA256 AES-128-CCM-8 SHA256
AES-128-CCM-SHA256 AES-128-CCM SHA256
Table 10. OpenSSL ciphers supported at level 5 for TLS 1.2 (chsecurity -sslprotocol 5)
Cipher Kx Au Enc Mac
ECDHE-RSA-AES256-GCM-SHA384 ECDH RSA AESGCM(256) AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 ECDH ECDSA AESGCM(256) AEAD
ECDHE-RSA-AES256-SHA384 ECDH RSA AES(256) SHA384
ECDHE-ECDSA-AES256-SHA384 ECDH ECDSA AES(256) SHA384
DHE-RSA-AES256-GCM-SHA384 DH RSA AESGCM(256) AEAD
DHE-RSA-AES256-SHA256 DH RSA AES(256) SHA256
AES256-GCM-SHA384 RSA RSA AESGCM(256) AEAD
AES256-SHA256 RSA RSA AES(256) SHA256
ECDHE-RSA-AES128-GCM-SHA256 ECDH RSA AESGCM(128) AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 ECDH ECDSA AESGCM(128) AEAD
ECDHE-RSA-AES128-SHA256 ECDH RSA AES(128) SHA256
ECDHE-ECDSA-AES128-SHA256 ECDH ECDSA AES(128) SHA256
DHE-RSA-AES128-GCM-SHA256 DH RSA AESGCM(128) AEAD
DHE-RSA-AES128-SHA256 DH RSA AES(128) SHA256
AES128-GCM-SHA256 RSA RSA AESGCM(128) AEAD
AES128-SHA256 RSA RSA AES(128) SHA256
Table 11 displays the protocols that are supported at security level 4.
Table 11. Protocols supported at level 4
Protocol level Is it supported?
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 and earlier No
Table 12 displays Java SSL ciphers that are supported at security level 4.
Table 12. Java SSL ciphers supported at security level 4
Java SSL ciphers
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
Table 13 displays OpenSSL security ciphers that are supported by security level 4.
Table 13. OpenSSL ciphers supported at level 4 (chsecurity -sslprotocol 4)
Cipher Kx Au Enc Mac
ECDHE-ECDSA-AES256-GCM-SHA384 ECDH ECDSA AESGCM(256) AEAD
DHE-DSS-AES256-GCM-SHA384 DH DSS AESGCM(256) AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 ECDH ECDSA AESGCM(128) AEAD
DHE-DSS-AES128-GCM-SHA256 DH DSS AESGCM(128) AEAD
Table 14 displays the protocols that are supported at security level 3.
Table 14. Protocols supported at level 3
Protocol level Is it supported?
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 and earlier No
Table 15 displays Java SSL ciphers that are supported at security level 3.
Table 15. Java SSL ciphers supported at security level 3
Java SSL ciphers
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_256_GCM_SHA384
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
Table 16 displays OpenSSL security ciphers that are supported by security level 3.
Table 16. OpenSSL ciphers supported at level 3 (chsecurity -sslprotocol 3)
Cipher Kx Au Enc Mac
ECDHE-RSA-AES256-GCM-SHA384 ECDH RSA AESGCM(256) AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 ECDH ECDSA AESGCM(256) AEAD
ECDHE-RSA-AES256-SHA384 ECDH RSA AES(256) SHA384
ECDHE-ECDSA-AES256-SHA384 ECDH ECDSA AES(256) SHA384
DHE-DSS-AES256-GCM-SHA384 DH DSS AESGCM(256) AEAD
DHE-RSA-AES256-GCM-SHA384 DH RSA AESGCM(256) AEAD
DHE-RSA-AES256-SHA256 DH RSA AES(256) SHA256
ECDH-RSA-AES256-GCM-SHA384 E ECDH/RSA ECDH AESGCM(256) AEAD
ECDH-ECDSA-AES256-GCM-SHA384 ECDH/ECDSA ECDH AESGCM(256) AEAD
ECDH-RSA-AES256-SHA384 ECDH/RSA ECDH AES(256) SHA384
ECDH-ECDSA-AES256-SHA384 ECDH/ECDSA ECDH AES(256) SHA384
AES256-GCM-SHA384 RSA RSA AESGCM(256) AEAD
AES256-SHA256 RSA RSA AES(256) SHA256
ECDHE-RSA-AES128-GCM-SHA256 ECDH RSA AESGCM(128) AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 ECDH ECDSA AESGCM(128) AEAD
ECDHE-RSA-AES128-SHA256 ECDH RSA AES(128) SHA256
ECDHE-ECDSA-AES128-SHA256 ECDH ECDSA AES(128) SHA256
DHE-DSS-AES128-GCM-SHA256 DH DSS AESGCM(128) AEAD
DHE-RSA-AES128-GCM-SHA256 DH RSA AESGCM(128) AEAD
DHE-RSA-AES128-SHA256 DH RSA AES(128) SHA256
DHE-DSS-AES128-SHA256 DH DSS AES(128) SHA256
ECDH-RSA-AES128-GCM-SHA256 ECDH/RSA ECDH AESGCM(128) AEAD
ECDH-ECDSA-AES128-GCM-SHA256 ECDH/ECDSA ECDH AESGCM(128) AEAD
ECDH-RSA-AES128-SHA256 ECDH/RSA ECDH AES(128) SHA256
ECDH-ECDSA-AES128-SHA256 ECDH/ECDSA ECDH AES(128) SHA256
AES128-GCM-SHA256 RSA RSA AESGCM(128) AEAD
AES128-SHA256 RSA RSA AES(128) SHA256
Table 17 displays the protocols that are supported at security level 2.
Table 17. Protocols supported at level 2
Protocol level Is it supported?
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 and earlier No
Table 18 displays Java SSL ciphers that are supported at security level 2.
Table 18. Java SSL ciphers supported at level 2
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_256_GCM_SHA384
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_RSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
Table 19 displays OpenSSL security ciphers that are supported by security level 2.
Table 19. OpenSSL ciphers supported at level 2 (chsecurity -sslprotocol 2)
Cipher Kx Au Enc Mac
ECDHE-RSA-AES256-GCM-SHA384 ECDH RSA AESGCM(256) AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 ECDH ECDSA AESGCM(256) AEAD
ECDHE-RSA-AES256-SHA384 ECDH RSA AES(256) SHA384
ECDHE-ECDSA-AES256-SHA384 ECDH ECDSA AES(256) SHA384
DHE-DSS-AES256-GCM-SHA384 DH DSS AESGCM(256) AEAD
DHE-RSA-AES256-GCM-SHA384 DH RSA AESGCM(256) AEAD
DHE-RSA-AES256-SHA256 DH RSA AES(256) SHA256
ECDH-RSA-AES256-GCM-SHA384 E ECDH/RSA ECDH AESGCM(256) AEAD
ECDH-ECDSA-AES256-GCM-SHA384 ECDH/ECDSA ECDH AESGCM(256) AEAD
ECDH-RSA-AES256-SHA384 ECDH/RSA ECDH AES(256) SHA384
ECDH-ECDSA-AES256-SHA384 ECDH/ECDSA ECDH AES(256) SHA384
AES256-GCM-SHA384 RSA RSA AESGCM(256) AEAD
AES256-SHA256 RSA RSA AES(256) SHA256
AES256-SHA RSA RSA AES(256) SHA1
ECDHE-RSA-AES128-GCM-SHA256 ECDH RSA AESGCM(128) AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 ECDH ECDSA AESGCM(128) AEAD
ECDHE-RSA-AES128-SHA256 ECDH RSA AES(128) SHA256
ECDHE-ECDSA-AES128-SHA256 ECDH ECDSA AES(128) SHA256
DHE-DSS-AES128-GCM-SHA256 DH DSS AESGCM(128) AEAD
DHE-RSA-AES128-GCM-SHA256 DH RSA AESGCM(128) AEAD
DHE-RSA-AES128-SHA256 DH RSA AES(128) SHA256
DHE-DSS-AES128-SHA256 DH DSS AES(128) SHA256
ECDH-RSA-AES128-GCM-SHA256 ECDH/RSA ECDH AESGCM(128) AEAD
ECDH-ECDSA-AES128-GCM-SHA256 ECDH/ECDSA ECDH AESGCM(128) AEAD
ECDH-RSA-AES128-SHA256 ECDH/RSA ECDH AES(128) SHA256
ECDH-ECDSA-AES128-SHA256 ECDH/ECDSA ECDH AES(128) SHA256
AES128-GCM-SHA256 RSA RSA AESGCM(128) AEAD
AES128-SHA256 RSA RSA AES(128) SHA256
AES128-SHA RSA RSA AES(128) SHA1
DES-CBC3-SHA RSA RSA 3DES(168) SHA1

TCP and UDP ports

You can use firewall protections that restrict Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports. You can use external network communications to connect to these ports. Table 20 lists all supported ports and describes how they can be used.
Table 20. TCP and UDP ports that are supported
Service Traffic direction Protocol Port Service type
Email (SMTP) notification and inventory reports Outbound TCP 25 Optional
SNMP event notification Outbound UDP 162 Optional
Syslog event notification Outbound
TCP
UDP
6514 (TCP)
514 (UDP)
Optional
IPv4 DHCP (Node service address) Outbound UDP 68 Optional
IPv6 DHCP (Node service address) Outbound UDP 547 Optional
Network time server (NTP) Outbound UDP 123 Optional
SSH for command-line interface (CLI) access Inbound TCP 22 Mandatory
HTTP to HTTPS redirect for GUI access Inbound TCP 80 Optional
HTTPS redirect for GUI access Inbound TCP 443 Mandatory
HTTP to HTTPS redirect for GUI access Inbound TCP 8080 Optional
HTTPS for GUI access Inbound TCP 8443 Mandatory
Remote user authentication service - HTTP Outbound TCP 16310 Optional
Remote user authentication service - HTTPS Outbound TCP 16311 Optional
Remote user authentication service - Lightweight Directory Access Protocol (LDAP) Outbound TCP 389 Optional
iSCSI Inbound TCP 3260 Optional
iSCSI iSNS Outbound TCP 3260 Optional
IP Partnership management IP communication Inbound TCP 3260 Optional
IP Partnership management IP communication Outbound TCP 3260 Optional
Long-distance partnerships by using TCP data path connections Inbound TCP 3265 Optional
Long-distance partnerships by using TCP data path connections Outbound TCP 3265 Optional
Ethernet Clustering data path connections Inbound TCP 21455 Optional
Ethernet Clustering data path connections Outbound TCP 21456 Optional
Short-distance partnerships by using RDMA data path connections Inbound TCP 3265 Optional
Short-distance partnerships by using RDMA data path connections Outbound TCP 3265 Optional
VASA Provider Inbound TCP 8440 Optional
RESTful API (HTTPS) Inbound TCP 7443 Optional
Note: The management GUI is accessed by using an HTTPS connection. For convenience, port 80 is left open but redirects all requests to use an HTTPS connection. The web server for the management GUI runs as a non-privileged process for more security, and requires these settings:
  • Port 80 to be redirected to port 8080.
  • Port 443 to be redirected to port 8443.
Table 21. SSH algorithms supported at each security level
Security level Key Exchange Cipher Suite MAC Algorithm Host Key Algorithms
1
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha1

aes256-ctr

aes192-ctr

aes128-ctr

chacha20-poly1305@openssh.com

aes256-gcm@openssh.com

aes128-gcm@openssh.com

aes256-cbc

aes192-cbc

aes128-cbc

hmac-sha2-256

hmac-sha2-512

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

hmac-sha1

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-rsa

ssh-rsa-cert-v01@openssh.com

2
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1

aes256-ctr

aes192-ctr

aes128-ctr

chacha20-poly1305@openssh.com

aes256-gcm@openssh.com

aes128-gcm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

hmac-sha1

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-rsa

ssh-rsa-cert-v01@openssh.com

3
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256

aes256-ctr

aes192-ctr

aes128-ctr

chacha20-poly1305@openssh.com

aes256-gcm@openssh.com

aes128-gcm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-rsa

ssh-rsa-cert-v01@openssh.com

4
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

aes256-ctr

aes192-ctr

aes128-ctr

aes256-gcm@openssh.com

aes128-gcm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

rsa-sha2-256

rsa-sha2-512

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521-cert-v01@openssh.com

Restriction: The 3-site-orchestrator does not support SSH protocol level 4.

Interoperability

At SSL security level 4, Google Chrome Version 63.0.3239.132 and higher and Mozilla Firefox Version 52.7.2 and later are known to work with the management GUI. IBM® SDK, Java Technology Edition, Version 8 update 1.8.0_161 and later is known to work with the IP quorum application.