S&E Transport layer encryption
Table of contents:
Supported encryption protocols
Protocol |
Supported |
SSL any version |
No |
TLS1.0 |
No |
TLS1.1 |
No |
TLS1.2 |
Yes |
TLS1.3 |
Yes |
Supported TLS cipher suites
UI
Endpoint: https://signencrypt.bosch-iot-suite.com/
TLS Version |
Cipher Suite Name (IANA/RFC) |
KeyExch. |
Authenticator |
Encryption |
Bits |
Remark |
TLSv1.2 |
TLS_ ECDHE_ ECDSA_ WITH_ AES_ 128_ GCM_ SHA256 |
ECDHE |
ECDSA |
AES GCM |
128 |
Recommended |
TLSv1.2 |
TLS_ ECDHE_ ECDSA_ WITH_ AES_ 256_ GCM_ SHA384 |
ECDHE |
ECDSA |
AES GCM |
256 |
Recommended |
TLSv1.2 |
TLS_ ECDHE_ RSA_ WITH_ AES_ 128_ GCM_ SHA256 |
ECDHE |
RSA |
AES GCM |
128 |
Secure |
TLSv1.2 |
TLS_ ECDHE_ RSA_ WITH_ AES_ 256_ GCM_ SHA384 |
ECDHE |
RSA |
AES GCM |
256 |
Secure |
TLSv1.2 |
TLS_ ECDHE_ ECDSA_ WITH_ AES_ 128_ CBC_ SHA256 |
ECDHE |
ECDSA |
AES CBC |
128 |
Weak |
TLSv1.2 |
TLS_ ECDHE_ RSA_ WITH_ AES_ 128_ CBC_ SHA256 |
ECDHE |
RSA |
AES CBC |
128 |
Weak |
TLSv1.2 |
TLS_ ECDHE_ ECDSA_ WITH_ AES_ 256_ CBC_ SHA384 |
ECDHE |
ECDSA |
AES CBC |
256 |
Weak |
TLSv1.2 |
TLS_ ECDHE_ RSA_ WITH_ AES_ 256_ CBC_ SHA384 |
ECDHE |
RSA |
AES CBC |
256 |
Weak |
TLSv1.2 |
TLS_ RSA_ WITH_ AES_ 128_ GCM_ SHA256 |
RSA |
RSA |
AES GCM |
128 |
Weak |
TLSv1.2 |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
RSA |
RSA |
AES CBC |
128 |
Weak |
TLSv1.2 |
TLS_ RSA_ WITH_ AES_ 256_ GCM_ SHA384 |
RSA |
RSA |
AES GCM |
256 |
Weak |
TLSv1.2 |
TLS_ RSA_ WITH_ AES_ 256_ CBC_ SHA256 |
RSA |
RSA |
AES CBC |
256 |
Weak |
API
Endpoint: https://signencrypt.eu1.bosch-iot-rollouts.com/api
TLS Version |
Cipher Suite Name (IANA/RFC) |
KeyExch. |
Authenticator |
Encryption |
Bits |
Remark |
TLSv1.3 |
TLS_AES_128_GCM_SHA256 |
PFS |
- |
AES GCM |
128 |
Recommended |
TLSv1.3 |
TLS_AES_256_GCM_SHA384 |
PFS |
- |
AES GCM |
256 |
Recommended |
TLSv1.3 |
TLS_CHACHA20_POLY1305_SHA256 |
PFS |
- |
ChaCha20 |
256 |
Recommended |
TLSv1.3, TLSv1.2 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
ECDHE 256 |
ECDSA |
AES GCM |
256 |
Recommended |
TLSv1.3, TLSv1.2 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
ECDHE 256 |
RSA |
AES GCM |
256 |
Secure |
TLSv1.3, TLSv1.2 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
ECDHE 256 |
RSA |
AES GCM |
128 |
Secure |
TLSv1.3, TLSv1.2 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
ECDHE 256 |
RSA |
AES GCM |
256 |
Secure |
Secure ciphers are considered state-of-the-art. Recommended ciphers also provide Perfect Forward Secrecy (PFS) and should be preferred. Weak ciphers are only offered to provide support for older operations systems, browsers, or applications. However, they are old and should be avoided. Furthermore, they are deprecated and will not be offered in the near future.