Start of change

Cipher suite considerations when upgrading to TLS V1.2

The TLS V1.2 protocol has introduced several stronger cipher suites versus those that are supported in earlier TLS and SSL protocols. These new cipher specifications include those that support ephemeral Elliptic Curve key exchange, AES-GCM mode encryption, and SHA-256 and SHA-384 based message integrity algorithms:
  • C02B - TLS_ECDHE_ECDSA_WITH_AES_128_ GCM_SHA256
  • C02C - TLS_ECDHE_ECDSA_WITH_AES_256_ GCM_SHA384
  • C02F - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • C030 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
When upgrading a System SSL application to support TLS V1.2, the configured cipher specification list should be examined closely to ensure that appropriate strong cipher suites are configured. Every organization has different requirements for securing connections depending upon the data that is being protected. These organizational requirements should play a very important role when configuring the cipher specification list within System SSL applications. The following should be considered when configuring cipher specifications assuming the appropriate support by the remote peer:
  • AES based ciphers are more secure than the corresponding 3DES, DES, and RC4 based ciphers. AES-GCM ciphers are more secure than AES-CBC ciphers.
  • Cipher specifications that use NULL encryption should only be used in cases where it is intentionally desired to have message integrity protection without encrypting the traffic. These cases tend to be very rare and should be reviewed very carefully.
  • Cipher specifications that use SHA-256 or stronger message integrity are preferred over those that use SHA (SHA-1) and MD5.
  • Cipher specifications that use ephemeral Diffie-Hellman key exchange (DHE and ECDHE) are more secure than their fixed counterparts (DH and ECDH). However, the ephemeral Diffie-Hellman key exchange ciphers require significantly more CPU cycles. If your application generates large numbers of TLS handshakes, be aware that the use of DHE and ECDHE cipher suites can cause unusually high CPU consumption.
  • Cipher suite 0000 (TLS_NULL_WITH_NULL_NULL) should not be used as it does not provide message integrity or encrypt traffic/payload data.
If using the default System SSL cipher specification list, ensure that those default ciphers are appropriate for your application. If the application has specified its own cipher specification list, it should be specified in order from strongest to weakest. If FIPS mode is enabled in the application, the allowed cipher suites are further limited. For more information about supported cipher specifications, see Table 2 and Table 3.
End of change