Algorithms per NSP component

TLS server algorithms for client networks

Component

Protocol

Ciphersuites

Signatures

Groups

NSP Web Server

TLSv1.3

TLS_AES_256_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_GCM_SHA256 

rsa_pss_rsae_sha256

rsa_pss_rsae_sha384

rsa_pss_rsae_sha512

secp256r1

secp384r1

secp521r1

x25519

x448

TLSv1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA 

rsa_pss_rsae_sha256

rsa_pss_rsae_sha384

rsa_pss_rsae_sha512

rsa_pkcs1_sha256

rsa_pkcs1_sha384

rsa_pkcs1_sha512

rsa_pkcs1_sha224

NFM-P Web Server for Java Client connection (tcp/8444)

TLSv1.2

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 

rsa_pkcs1_sha1

rsa_pkcs1_sha224

rsa_pkcs1_sha256

secp256r1

secp384r1

secp521r1

TLS client algorithms for mediation networks

Supported TLS client algorithms for gRPC mediation policies.

Protocol

Ciphersuites

Signatures

Groups

TLSv1.3

TLS_AES_128_GCM_SHA256

TLS_AES_256_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA256 

ecdsa_secp256r1_sha256

rsa_pss_rsae_sha256

rsa_pkcs1_sha256

ecdsa_secp384r1_sha384

rsa_pss_rsae_sha384

rsa_pkcs1_sha384

rsa_pss_rsae_sha512

rsa_pkcs1_sha512

rsa_pkcs1_sha1

x25519

secp256r1

secp384r1

secp521r1

TLSv1.2

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA 

TLS_RSA_WITH_AES_256_CBC_SHA

N/A

SSH client algorithms for mediation networks

Supported SSH client algorithms for CLI and NETCONF mediation policies.

Mediation type

Crypto function

Default algorithms (non-FIPS)

Default algorithms (FIPS)

Configurable

Configuration procedure

Classic

Key exchange

curve25519-sha256

curve25519-sha256@libssh.org

curve448-sha512

ecdh-sha2-nistp521

ecdh-sha2-nistp384

ecdh-sha2-nistp256

diffie-hellman-group-exchange-sha256

diffie-hellman-group18-sha512

diffie-hellman-group17-sha512

diffie-hellman-group16-sha512

diffie-hellman-group15-sha512

diffie-hellman-group14-sha256

ecdh-sha2-nistp521

ecdh-sha2-nistp384

ecdh-sha2-nistp256

diffie-hellman-group-exchange-sha256

diffie-hellman-group18-sha512

diffie-hellman-group17-sha512

diffie-hellman-group16-sha512

diffie-hellman-group15-sha512

diffie-hellman-group14-sha256

Yes

NSP System Administrator Guide

Host key

ecdsa-sha2-nistp256-cert-v01@openssh.com

ecdsa-sha2-nistp384-cert-v01@openssh.com

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-ed25519-cert-v01@openssh.com

rsa-sha2-512-cert-v01@openssh.com

rsa-sha2-256-cert-v01@openssh.com

ecdsa-sha2-nistp256

ecdsa-sha2-nistp384

ecdsa-sha2-nistp521

ssh-ed25519

rsa-sha2-512

rsa-sha2-256

ssh-rsa

ecdsa-sha2-nistp256-cert-v01@openssh.com

ecdsa-sha2-nistp384-cert-v01@openssh.com

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-ed25519-cert-v01@openssh.com

rsa-sha2-512-cert-v01@openssh.com

rsa-sha2-256-cert-v01@openssh.com

ecdsa-sha2-nistp256

ecdsa-sha2-nistp384

ecdsa-sha2-nistp521

ssh-ed25519

rsa-sha2-512

rsa-sha2-256

ssh-rsa

Yes

NSP System Administrator Guide

Cipher

chacha20-poly1305@openssh.com

aes128-ctr

aes192-ctr

aes256-ctr

aes128-gcm@openssh.com

aes256-gcm@openssh.com

aes128-cbc

aes192-cbc

aes256-cbc

chacha20-poly1305@openssh.com

aes128-ctr

aes192-ctr

aes256-ctr

aes128-gcm@openssh.com

aes256-gcm@openssh.com

aes128-cbc

aes192-cbc

aes256-cbc

Yes

NSP System Administrator Guide

MAC

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

hmac-sha1-etm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha1

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

hmac-sha1-etm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha1

Yes

NSP System Administrator Guide

Model-driven

Key exchange

ecdh-sha2-nistp521

ecdh-sha2-nistp384

ecdh-sha2-nistp256

diffie-hellman-group-exchange-sha256

diffie-hellman-group-exchange-sha1

diffie-hellman-group14-sha1

diffie-hellman-group14-sha256

diffie-hellman-group15-sha512

diffie-hellman-group16-sha512

diffie-hellman-group17-sha512

diffie-hellman-group18-sha512

diffie-hellman-group1-sha1

N/A

No

N/A

Host key

ecdsa-sha2-nistp256-cert-v01@openssh.com

ecdsa-sha2-nistp384-cert-v01@openssh.com

ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-ed25519-cert-v01@openssh.com

rsa-sha2-512-cert-v01@openssh.com

rsa-sha2-256-cert-v01@openssh.com

ecdsa-sha2-nistp256

ecdsa-sha2-nistp384

ecdsa-sha2-nistp521

ssh-ed25519

rsa-sha2-512

rsa-sha2-256

ssh-rsa

N/A

No

N/A

Cipher

chacha20-poly1305@openssh.com

aes256-ctr

aes192-ctr

aes128-ctr

aes256-gcm@openssh.com

aes128-gcm@openssh.com

aes256-cbc

aes192-cbc

aes128-cbc

N/A

No

N/A

MAC

hmac-sha2-256-etm@openssh.com

hmac-sha2-512-etm@openssh.com

hmac-sha1-etm@openssh.com

hmac-sha2-256

hmac-sha2-512

hmac-sha1

N/A

No

N/A