This is a list of SSL ciphers supported by the Passive Capture Application, version 3611 and up:
- DES-CBC-SHA 56 SSL3, TLS1.0
- RC4-MD5 128 SSL3,TLS1.0,TLS1.1,TSL1.2
- RC4-SHA 128 SSL3, TLS1.0, TLS1.2
- AES128-SHA 128 SSL3, TLS1.0,TLS1.1, TLS1.2
- AES256-SHA 256 SSL3, TLS1.0, TLS1.1, TLS1.2
- DES-CBC3-SHA 168 SSL3, TLS1.0, TLS1.1, TLS1.2
- AES128-SHA256 128 TLS1.2
- AES256-SHA256 256 TLS1.2
- AES128-GCM-SHA256 128 TLS1.2
- AES256-GCM-SHA384 256 TLS1.2
Note: The GCM cipher support is in PCA builds 3670/3720 (PCA 9.0.1/9.0.1A) already. However, it is not currently available in builds 3611–3650. This support was added in the PCA Security rollup fixpack rpms for builds 3622 (PCA8.8) and 3652/3702 (PCA 9.0/A).
These are the officially supported SSL Ciphers for the PCA on version 3610 and earlier (without TLSv1.1 and v1.2 support):
- DES-CBC-SHA 56 SSL3, TLS1.0
- RC4-MD5 128 SSL3, TLS1.0
- RC4-SHA 128 SSL3, TLS1.0
- AES128-SHA 128 SSL3, TLS1.0
- AES256-SHA 256 SSL3, TLS1.0
- DES-CBC3-SHA 168 SSL3, TLS1.0
Note: We started supporting TLSv1.0 with PCA version 3328. So if you are planning to have at least TLSv1.0 in your cipher list, it is recommended to have PCA version 3328 or newer.