Symptom
Information is necessary to be provided to security teams regarding the type of encryption that Login Enterprise utilizes in our products.
Cause
Security requests must be substantiated before implementation of a new software solution into a production environment.
Resolution
Login Enterprise utilizes the following types of encryption throughout the software.
Network communications with the following components occur over encrypted TCP / IP using SSL.
- Management Console
- Launchers
- Engine
Protocols and ciphers used for encrypted communication over HTTPS.
- SSL Protocols
- TLSv1.2
- TLSv1.3
- Cipher Suite
- EECDH+ECDSA+AESGCM
- EECDH+aRSA+AESGCM
- EECDH+ECDSA+SHA256
- EECDH+aRSA+SHA256
- EECDH+ECDSA+SHA384
- EECDH+ECDSA+SHA256
- EECDH+aRSA+SHA384
- EDH+aRSA+AESGCM
- EDH+aRSA+SHA256
- EDH+aRSA:EECDH
- Disabled Ciphers
- aNULL, eNULL, MEDIUM, LOW, 3DES, MD5, EXP, PSK, SRP, DSS, RC4, SEED
Passwords are stored utilizing AES-256 bit encryption and is FIPS compliant.
AES operational mode is the .NET core default mode CBC.
Certificates
Login Enterprise makes use of the Debian certificate requirements. For each certificate to work correctly there are a number of allowed Ciphers:
Allowed ciphers:
- EECDH+ECDSA+AESGCM
- EECDH+aRSA+AESGCM
- EECDH+ECDSA+SHA256
- EECDH+aRSA+SHA256
- EECDH+ECDSA+SHA384
- EECDH+ECDSA+SHA256
- EECDH+aRSA+SHA384
- EDH+aRSA+AESGCM
- EDH+aRSA+SHA256
- EDH+aRSA:EECDH
Disallowed ciphers:
- !aNULL
- !eNULL
- !MEDIUM
- !LOW
- !3DES
- !MD5
- !EXP
- !PSK
- !SRP
- !DSS
- !RC4
- !SEED
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html for more info.
Comments
0 comments
Please sign in to leave a comment.