安全層次和支援的安全密碼
您可以使用安全 Socket (SSL) 連線來改善跨系統通訊。
版本
本文中的安全設定相關資訊適用於現行版本。較舊的程式碼版本可能支援其他密碼,但因為安全漏洞,已不再支援。
SSL 憑證
系統會產生自簽憑證來鑑別 SSL 連線。在製造過程中,每個節點會產生起始自簽安全憑證。在配置新系統時,或使用者請求重新產生憑證時,將會產生新憑證。
系統通常包含 2 到 8 個節點,這些節點在系統中全部都共用此憑證。有新的節點新增至系統時,將會提供現行憑證的副本給該節點。如果從系統中卸下節點(或在硬體故障之後更換),移除的節點可能會保留憑證副本,並儲存在節點啟動磁碟機上。
您可以在卸下或更換硬體後產生新憑證,以提高安全性(避免可能損害較舊的憑證)。產生憑證時,系統會使用 2048 位元 RSA 金鑰和 SHA-256 雜湊.
SSL 連線和安全層次
在存取管理 GUI、服務助理 GUI、金鑰伺服器和 CIMON 時,系統會使用 SSL 連線來控制存取。SSL 連線使用安全密碼來協助控制存取。
您可以使用不同層次的 SSL 所支援的安全密碼。每個層次支援的密碼提供不同的加密強度。您可以將安全層次設為層次 4,以符合 NIST 800-131a 標準。您可以將安全層次設為層次 2,並使用雜湊演算法 SHA-1 進行訊息鑑別。
您可以將安全層次設為層次 1,但某些可用的加密演算法並未經過 NIST 800-131a 和 FIPS 140-2 核准。安全層次 4 是最高支援層次。SSL 安全層次 1 是目前支援的最低安全層次。
不再支援安全層次 0。
SSL 層次及這些層次支援的安全密碼
SSL 層次 | 是否支援? |
---|---|
TLS 1.2 | 是 |
TLS 1.1 | 否 |
TLS 1.0 | 否 |
SSL 3 和更早的版本 | 否 |
Java SSL 密碼 |
---|
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
密碼 | Kx | Au | Enc | Mac |
---|---|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
SSL 層次 | 是否支援? |
---|---|
TLS 1.2 | 是 |
TLS 1.1 | 否 |
TLS 1.0 | 否 |
SSL 3 和更早的版本 | 否 |
Java SSL 密碼 |
---|
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_RSA_WITH_AES_256_CBC_SHA256 |
SSL_RSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
SSL_RSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_RSA_WITH_AES_128_CBC_SHA256 |
SSL_RSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
密碼 | Kx | Au | Enc | Mac |
---|---|---|---|---|
ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
AES128-SHA256 | RSA | RSA | AES(128) | SHA256 |
SSL 層次 | 是否支援? |
---|---|
TLS 1.2 | 是 |
TLS 1.1 | 否 |
TLS 1.0 | 否 |
SSL 3 和更早的版本 | 否 |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_RSA_WITH_AES_256_CBC_SHA256 |
SSL_RSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
SSL_RSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_RSA_WITH_AES_128_CBC_SHA256 |
SSL_RSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA |
SSL_RSA_WITH_AES_128_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA |
密碼 | Kx | Au | Enc | Mac |
---|---|---|---|---|
ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
AES256-SHA | RSA | RSA | AES(256) | SHA1 |
ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
AES128-SHA256 | RSA | RSA | AES(128) | SHA256 |
AES128-SHA | RSA | RSA | AES(128) | SHA1 |
DES-CBC3-SHA | RSA | RSA | 3DES(168) | SHA1 |
SSL 層次 | 是否支援? |
---|---|
TLS 1.2 | 是 |
TLS 1.1 | 是 |
TLS 1.0 | 否 |
SSL 3 和更早的版本 | 否 |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_RSA_WITH_AES_256_CBC_SHA256 |
SSL_RSA_WITH_AES_256_GCM_SHA384 |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 |
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA |
SSL_RSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_RSA_WITH_AES_256_CBC_SHA |
SSL_DHE_DSS_WITH_AES_256_CBC_SHA |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_RSA_WITH_AES_128_CBC_SHA256 |
SSL_RSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 |
SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256 |
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 |
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA |
SSL_RSA_WITH_AES_128_CBC_SHA |
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA |
SSL_DHE_RSA_WITH_AES_128_CBC_SHA |
SSL_DHE_DSS_WITH_AES_128_CBC_SHA |
SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA |
SSL_RSA_WITH_3DES_EDE_CBC_SHA |
SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
密碼 | Kx | Au | Enc | Mac |
---|---|---|---|---|
ECDHE-RSA-AES256-GCM-SHA384 | ECDH | RSA | AESGCM(256) | AEAD |
ECDHE-ECDSA-AES256-GCM-SHA384 | ECDH | ECDSA | AESGCM(256) | AEAD |
ECDHE-RSA-AES256-SHA384 | ECDH | RSA | AES(256) | SHA384 |
ECDHE-ECDSA-AES256-SHA384 | ECDH | ECDSA | AES(256) | SHA384 |
ECDHE-RSA-AES256-SHA | ECDH | RSA | AES(256) | SHA1 |
ECDHE-ECDSA-AES256-SHA | ECDH | ECDSA | AES(256) | SHA1 |
DHE-DSS-AES256-GCM-SHA384 | DH | DSS | AESGCM(256) | AEAD |
DHE-RSA-AES256-GCM-SHA384 | DH | RSA | AESGCM(256) | AEAD |
DHE-RSA-AES256-SHA256 | DH | RSA | AES(256) | SHA256 |
DHE-DSS-AES256-SHA256 | DH | DSS | AES(256) | SHA256 |
DHE-RSA-AES256-SHA | DH | RSA | AES(256) | SHA1 |
DHE-DSS-AES256-SHA | DH | DSS | AES(256) | SHA1 |
DHE-RSA-CAMELLIA256-SHA | DH | RSA | Camellia(256) | SHA1 |
DHE-DSS-CAMELLIA256-SHA | DH | DSS | Camellia(256) | SHA1 |
ECDH-RSA-AES256-GCM-SHA384 E | ECDH/RSA | ECDH | AESGCM(256) | AEAD |
ECDH-ECDSA-AES256-GCM-SHA384 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD |
ECDH-RSA-AES256-SHA384 | ECDH/RSA | ECDH | AES(256) | SHA384 |
ECDH-ECDSA-AES256-SHA384 | ECDH/ECDSA | ECDH | AES(256) | SHA384 |
ECDH-RSA-AES256-SHA | ECDH/RSA | ECDH | AES(256) | SHA1 |
ECDH-ECDSA-AES256-SHA | ECDH/ECDSA | ECDH | AES(256) | SHA1 |
AES256-GCM-SHA384 | RSA | RSA | AESGCM(256) | AEAD |
AES256-SHA256 | RSA | RSA | AES(256) | SHA256 |
AES256-SHA | RSA | RSA | AES(256) | SHA1 |
CAMELLIA256-SHA | RSA | RSA | Camellia(256) | SHA1 |
PSK-AES256-CBC-SHA | PSK | PSK | AES(256) | SHA1 |
ECDHE-RSA-AES128-GCM-SHA256 | ECDH | RSA | AESGCM(128) | AEAD |
ECDHE-ECDSA-AES128-GCM-SHA256 | ECDH | ECDSA | AESGCM(128) | AEAD |
ECDHE-RSA-AES128-SHA256 | ECDH | RSA | AES(128) | SHA256 |
ECDHE-ECDSA-AES128-SHA256 | ECDH | ECDSA | AES(128) | SHA256 |
ECDHE-RSA-AES128-SHA | ECDH | RSA | AES(128) | SHA1 |
ECDHE-ECDSA-AES128-SHA | ECDH | ECDSA | AES(128) | SHA1 |
DHE-DSS-AES128-GCM-SHA256 | DH | DSS | AESGCM(128) | AEAD |
DHE-RSA-AES128-GCM-SHA256 | DH | RSA | AESGCM(128) | AEAD |
DHE-RSA-AES128-SHA256 | DH | RSA | AES(128) | SHA256 |
DHE-DSS-AES128-SHA256 | DH | DSS | AES(128) | SHA256 |
DHE-RSA-AES128-SHA | DH | RSA | AES(128) | SHA1 |
DHE-DSS-AES128-SHA | DH | DSS | AES(128) | SHA1 |
ECDHE-RSA-DES-CBC3-SHA | ECDH | RSA | 3DES(168) | SHA1 |
ECDHE-ECDSA-DES-CBC3-SHA | ECDH | ECDSA | 3DES(168) | SHA1 |
DHE-RSA-SEED-SHA | DH | RSA | SEED(128) | SHA1 |
DHE-DSS-SEED-SHA | DH | DSS | SEED(128) | SHA1 |
DHE-RSA-CAMELLIA128-SHA | DH | RSA | Camellia(128) | SHA1 |
DHE-DSS-CAMELLIA128-SHA | DH | DSS | Camellia(128) | SHA1 |
EDH-RSA-DES-CBC3-SHA | DH | RSA | 3DES(168) | SHA1 |
EDH-DSS-DES-CBC3-SHA | DH | DSS | 3DES(168) | SHA1 |
ECDH-RSA-AES128-GCM-SHA256 | ECDH/RSA | ECDH | AESGCM(128) | AEAD |
ECDH-ECDSA-AES128-GCM-SHA256 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD |
ECDH-RSA-AES128-SHA256 | ECDH/RSA | ECDH | AES(128) | SHA256 |
ECDH-ECDSA-AES128-SHA256 | ECDH/ECDSA | ECDH | AES(128) | SHA256 |
ECDH-RSA-AES128-SHA | ECDH/RSA | ECDH | AES(128) | SHA1 |
ECDH-ECDSA-AES128-SHA | ECDH/ECDSA | ECDH | AES(128) | SHA1 |
ECDH-RSA-DES-CBC3-SHA | ECDH/RSA | ECDH | 3DES(168) | SHA1 |
ECDH-ECDSA-DES-CBC3-SHA | ECDH/ECDSA | ECDH | 3DES(168) | SHA1 |
AES128-GCM-SHA256 | RSA | RSA | AESGCM(128) | AEAD |
AES128-SHA | RSA | RSA | AES(128) | SHA1 |
SEED-SHA | RSA | RSA | SEED(128) | SHA1 |
CAMELLIA128-SHA | RSA | RSA | Camellia(128) | SHA1 |
DES-CBC3-SHA | RSA | RSA | AES(168) | SHA256 |
PSK-AES128-CBC-SHA | PSK | PSK | AES(128) | SHA1 |
PSK-3DES-EDE-CBC-SHA | PSK | PSK | 3DES(168) | SHA1 |
KRB5-DES-CBC3-SHA | KRB5 | KRB5 | 3DES(168) | SHA1 |
TCP 和 UDP 埠
服務 | 資料流量方向 | 通訊協定 | 埠 | 服務類型 |
---|---|---|---|---|
電子郵件 (SMTP) 通知和庫存報告 | 出埠 | TCP | 25 | 選用 |
SNMP 事件通知 | 出埠 | UDP | 162 | 選用 |
Syslog 事件通知 | 出埠 | UDP | 514 | 選用 |
IPv4 DHCP(節點服務位址) | 出埠 | UDP | 68 | 選用 |
IPv6 DHCP(節點服務位址) | 出埠 | UDP | 547 | 選用 |
網路時間伺服器 (NTP) | 出埠 | UDP | 123 | 選用 |
用來存取指令行介面 (CLI) 的 SSH | Inbound | TCP | 22 | 必要 |
用於 GUI 存取的 HTTP 到 HTTPS 重新導向 | Inbound | TCP | 80 | 選用 |
用於 GUI 存取的 HTTPS 重新導向 | Inbound | TCP | 443 | 必要 |
用於 GUI 存取的 HTTP 到 HTTPS 重新導向 | Inbound | TCP | 8080 | 選用 |
用於 GUI 存取的 HTTPS | Inbound | TCP | 8443 | 必要 |
CIMOM (HTTPS) | Inbound | TCP | 5989 | 選用 |
CIMOM SLPD | Inbound | UDP | 427 | 選用 |
遠端使用者鑑別服務 - HTTP | 出埠 | TCP | 16310 | 選用 |
遠端使用者鑑別服務 - HTTPS | 出埠 | TCP | 16311 | 選用 |
遠端使用者鑑別服務 - 輕量型目錄存取通訊協定 (LDAP) | 出埠 | TCP | 389 | 選用 |
iSCSI | Inbound | TCP | 3260 | 選用 |
iSCSI iSNS | 出埠 | TCP | 3260 | 選用 |
IP 夥伴關係管理 IP 通訊 | Inbound | TCP | 3260 | 選用 |
IP 夥伴關係管理 IP 通訊 | 出埠 | TCP | 3260 | 選用 |
IP 夥伴關係資料路徑連線 | Inbound | TCP | 3265 | 選用 |
IP 夥伴關係資料路徑連線 | 出埠 | TCP | 3265 | 選用 |
安全金鑰演算法
- hmac-sha2-256
- hmac-sha2-512
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-512-etm@openssh.com
- hmac-sha1
- curve25519-sha256
- curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group14-sha256
- diffie-hellman-group14-sha1
- diffie-hellman-group1-sha1
- diffie-hellman-group-exchange-sha1
- curve25519-sha256
- curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group14-sha256
- diffie-hellman-group14-sha1
交互作業能力
在 SSL 安全層次 4,已知 Google Chrome 63.0.3239.132 版以及更新版本,還有 Mozilla Firefox 52.7.2 版以及更新版本,可以與管理 GUI 一起使用。IBM® SDK Java Technology Edition 第 8 版 Update 1.8.0_161 以及更新版本,已知可以與 IP 仲裁應用程式一起使用。