Encryption technology

Overview

Encryption types

Certificates

Properties

Overview

Information is necessary to be provided to security teams regarding the type of encryption that Login Enterprise utilizes in our products. Requests for security details must be substantiated before you implement new software solutions in a production environment.

Encryption types

Login Enterprise utilizes the following types of encryption throughout the software.

Network communications with the following components occur over encrypted TCP / IP using SSL.

  • Management Console
  • Launchers
  • Engine

Protocols and ciphers are used for encrypted communication over HTTPS.

  • SSL Protocols
    • TLSv1.2
    • TLSv1.3
  • Cipher Suite
    • EECDH+ECDSA+AESGCM
    • EECDH+aRSA+AESGCM
    • EECDH+ECDSA+SHA256
    • EECDH+aRSA+SHA256
    • EECDH+ECDSA+SHA384
    • EECDH+ECDSA+SHA256
    • EECDH+aRSA+SHA384
    • EDH+aRSA+AESGCM
    • EDH+aRSA+SHA256
    • EDH+aRSA:EECDH
  • Disabled Ciphers
    • aNULL, eNULL, MEDIUM, LOW, 3DES, MD5, EXP, PSK, SRP, DSS, RC4, SEED

Passwords are stored utilizing AES-256-bit encryption and are FIPS compliant.

AES operational mode is the .NET core default mode CBC.

For more information, see the SymmetricAlgorithm.Mode Property.

Certificates

Login Enterprise makes use of the Debian certificate requirements. For each certificate to work correctly there are a number of allowed Ciphers:

Allowed ciphers:

  • EECDH+ECDSA+AESGCM
  • EECDH+aRSA+AESGCM
  • EECDH+ECDSA+SHA256
  • EECDH+aRSA+SHA256
  • EECDH+ECDSA+SHA384
  • EECDH+ECDSA+SHA256
  • EECDH+aRSA+SHA384
  • EDH+aRSA+AESGCM
  • EDH+aRSA+SHA256
  • EDH+aRSA:EECDH

Disallowed ciphers:

  • !aNULL
  • !eNULL
  • !MEDIUM
  • !LOW
  • !3DES
  • !MD5
  • !EXP
  • !PSK
  • !SRP
  • !DSS
  • !RC4
  • !SEED

For more information, see the Cryptography and SSL/TTLS toolkit.

Properties

Login PI 3.0 and greater / Login Enterprise