If there is support for older browsers and/or applications, please select one of the following encryption profiles.

 

Profile A

  • Protocol: TLS v1.2
  • Encryption: AES with 128 bit GCM mode
  • Random function: TLS PRF with SHA-256
  • Authentication: ECDSA-256 with SHA-256 on P-256 curve
  • Key exchange: via ECDH and P-256 curve

 

Depending on the user equipment and infrastructure, your service may not be available with Profile A. An RFC-compliant of TLS can be a suitable alternative if it is using the following parameters:

 

Profile B

  • Protocol: TLS v1.2
  • Encryption: AES with 128 bit CBC mode
  • Random function: TLS PRF with SHA-256
  • Authentication: 509 certificates with 2,048 bit RSA signatures and SHA-256
  • Key exchange: DH group 14 (2048-bit MODP group)
  • Integrity: SHA-256

 

Deviations from this profile, for example through the use of GCM instead of CBC or the use of Perfect Forward Secrecy (PFS) are not only possible, but desirable.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.