Table of contents:
Supported encryption protocols
Protocol | Supported |
|---|---|
SSL any version | No |
TLS1.0 | No |
TLS1.1 | No |
TLS1.2 | Yes |
TLS1.3 | Yes |
Supported TLS cipher suites
UI
Endpoint: https://signencrypt.bosch-iot-suite.com/
TLS Version | Cipher Suite Name (IANA/RFC) | KeyExch. | Authenticator | Encryption | Bits | Remark |
|---|---|---|---|---|---|---|
TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE | ECDSA | AES GCM | 128 | Recommended |
TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE | ECDSA | AES GCM | 256 | Recommended |
TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE | RSA | AES GCM | 128 | Secure |
TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE | RSA | AES GCM | 256 | Secure |
TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE | ECDSA | AES CBC | 128 | Weak |
TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE | RSA | AES CBC | 128 | Weak |
TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ECDHE | ECDSA | AES CBC | 256 | Weak |
TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE | RSA | AES CBC | 256 | Weak |
TLSv1.2 | TLS_RSA_WITH_AES_128_GCM_SHA256 | RSA | RSA | AES GCM | 128 | Weak |
TLSv1.2 | TLS_RSA_WITH_AES_128_CBC_SHA256 | RSA | RSA | AES CBC | 128 | Weak |
TLSv1.2 | TLS_RSA_WITH_AES_256_GCM_SHA384 | RSA | RSA | AES GCM | 256 | Weak |
TLSv1.2 | TLS_RSA_WITH_AES_256_CBC_SHA256 | RSA | RSA | AES CBC | 256 | Weak |
API
Endpoint: https://signencrypt.eu1.bosch-iot-rollouts.com/api
TLS Version | Cipher Suite Name (IANA/RFC) | KeyExch. | Authenticator | Encryption | Bits | Remark |
|---|---|---|---|---|---|---|
TLSv1.3 | TLS_AES_128_GCM_SHA256 | PFS | - | AES GCM | 128 | Recommended |
TLSv1.3 | TLS_AES_256_GCM_SHA384 | PFS | - | AES GCM | 256 | Recommended |
TLSv1.3 | TLS_CHACHA20_POLY1305_SHA256 | PFS | - | ChaCha20 | 256 | Recommended |
TLSv1.3, TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE 256 | ECDSA | AES GCM | 256 | Recommended |
TLSv1.3, TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE 256 | RSA | AES GCM | 256 | Secure |
TLSv1.3, TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE 256 | RSA | AES GCM | 128 | Secure |
TLSv1.3, TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE 256 | RSA | AES GCM | 256 | Secure |
Secure ciphers are considered state-of-the-art. Recommended ciphers also provide Perfect Forward Secrecy (PFS) and should be preferred. Weak ciphers are only offered to provide support for older operations systems, browsers, or applications. However, they are old and should be avoided. Furthermore, they are deprecated and will not be offered in the near future.