For incoming HTTPS connections
|
Insecure Ciphers (changed in 12.1.9) |
||
|---|---|---|---|
Protocol |
Version |
Disallow |
Allow |
TLS |
1.3 |
no yes |
no yes |
TLS |
1.2 |
yes |
yes |
TLS |
1.1 |
no |
yes |
TLS |
1.0 |
no |
yes no |
SSL |
3 |
no |
no |
SSL |
2 |
no |
no |
Ciphers |
Insecure Ciphers |
||||||
|---|---|---|---|---|---|---|---|
Hexcode |
Cipher Suite Name (OpenSSL) |
KeyExchange |
Encryption |
Bits |
Cipher Suite Name (IANA/RFC) |
Disallow |
Allow |
xc030 |
ECDHE-RSA-AES256-GCM-SHA384 |
ECDH 253 |
AESGCM |
256 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
yes |
yes |
xcca8 |
ECDHE-RSA-CHACHA20-POLY1305 |
ECDH 253 |
ChaCha20 |
256 |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
||
xc02f |
ECDHE-RSA-AES128-GCM-SHA256 |
ECDH 253 |
AESGCM |
128 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
||
xc028 |
ECDHE-RSA-AES256-SHA384 |
ECDH 253 |
AES |
256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
||
xc014 |
ECDHE-RSA-AES256-SHA |
ECDH 253 |
AES |
256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
||
x9f |
DHE-RSA-AES256-GCM-SHA384 |
DH 2048 |
AESGCM |
256 |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
||
x6b |
DHE-RSA-AES256-SHA256 |
DH 2048 |
AES |
256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
||
x39 |
DHE-RSA-AES256-SHA |
DH 2048 |
AES |
256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
||
x9d |
AES256-GCM-SHA384 |
RSA |
AESGCM |
256 |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
||
x3d |
AES256-SHA256 |
RSA |
AES |
256 |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
||
x35 |
AES256-SHA |
RSA |
AES |
256 |
TLS_RSA_WITH_AES_256_CBC_SHA |
||
xc027 |
ECDHE-RSA-AES128-SHA256 |
ECDH 253 |
AES |
128 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
||
xc013 |
ECDHE-RSA-AES128-SHA |
ECDH 253 |
AES |
128 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
||
x9e |
DHE-RSA-AES128-GCM-SHA256 |
DH 2048 |
AESGCM |
128 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
||
x67 |
DHE-RSA-AES128-SHA256 |
DH 2048 |
AES |
128 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
||
x33 |
DHE-RSA-AES128-SHA |
DH 2048 |
AES |
128 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
||
x9c |
AES128-GCM-SHA256 |
RSA |
AESGCM |
128 |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
||
256 |
AES128-SHA256 |
RSA |
AES |
128 |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
||
x2f |
AES128-SHA |
RSA |
AES |
128 |
TLS_RSA_WITH_AES_128_CBC_SHA |
||
Browser Compatibility |
Insecure Ciphers |
|
|---|---|---|
Disallow |
Allow |
|
Android |
as of 4.4.2 |
yes |
Chrome |
as of 49 / XP SP3 |
|
as of 65 / Win 7 |
||
Firefox |
as of 31.3.0 ESR / Win 7 |
|
as of 47 / Win 7 |
||
as of 49 / XP SP3 |
||
IE |
as of 11 |
|
Edge |
as of 13 |
|
Safari |
as of 7 / iOS 7.1 |
|
as of 6 / iOS 6.0.1 |
||
S/MIME
In S/MIME encryption, the SEPPmail Secure E-Mail Gateway can be used for content encryption (session key)
•Triple DES
•AES-128 CBC
•AES-192 CBC
•AES-256 CBC
(if applicable, please also refer to IETF RFC 3565) with S/MIME encryption.
Key encryption can also be done through the padding procedure (RSA-OAEP) (see IETF RFC 3447).
The following hash algorithms are available for the S/MIME signature
•SHA-1
•SHA-256
•SHA-512
(please also refer to IETF RFC 5754). The paddling procedure RSA-PSS (see IETF RFC 4056) can also be an option here.
Key lengths of up to 4096 bit are currently possible.
OpenPGP
For OpenPGP, both PGP Inline as well as PGP/MIME are available with the following ciphers
•--personal-cipher-preferences 'AES256 TWOFISH AES192 AES'
•--personal-digest-preferences 'SHA512 SHA384 SHA256'
as priority. However, the procedure actually used depends on the key material provided by the communication partner.
