Overview
Information is necessary to be provided to security teams regarding the type of encryption that Login Enterprise utilizes in our products. Requests for security details must be substantiated before you implement new software solutions in a production environment.
Encryption types
Login Enterprise utilizes the following types of encryption throughout the software.
Network communications with the following components occur over encrypted TCP / IP using SSL.
- Management Console
- Launchers
- Engine
Protocols and ciphers are used for encrypted communication over HTTPS.
- SSL Protocols
- TLSv1.2
- TLSv1.3
- Cipher Suite
- EECDH+ECDSA+AESGCM
- EECDH+aRSA+AESGCM
- EECDH+ECDSA+SHA256
- EECDH+aRSA+SHA256
- EECDH+ECDSA+SHA384
- EECDH+ECDSA+SHA256
- EECDH+aRSA+SHA384
- EDH+aRSA+AESGCM
- EDH+aRSA+SHA256
- EDH+aRSA:EECDH
- Disabled Ciphers
- aNULL, eNULL, MEDIUM, LOW, 3DES, MD5, EXP, PSK, SRP, DSS, RC4, SEED
Passwords are stored utilizing AES-256-bit encryption and are FIPS compliant.
AES operational mode is the .NET core default mode CBC.
For more information, see the SymmetricAlgorithm.Mode Property.
Certificates
Login Enterprise makes use of the Debian certificate requirements. For each certificate to work correctly there are a number of allowed Ciphers:
Allowed ciphers:
- EECDH+ECDSA+AESGCM
- EECDH+aRSA+AESGCM
- EECDH+ECDSA+SHA256
- EECDH+aRSA+SHA256
- EECDH+ECDSA+SHA384
- EECDH+ECDSA+SHA256
- EECDH+aRSA+SHA384
- EDH+aRSA+AESGCM
- EDH+aRSA+SHA256
- EDH+aRSA:EECDH
Disallowed ciphers:
- !aNULL
- !eNULL
- !MEDIUM
- !LOW
- !3DES
- !MD5
- !EXP
- !PSK
- !SRP
- !DSS
- !RC4
- !SEED
For more information, see the Cryptography and SSL/TTLS toolkit.