Table of contents:
Supported encryption protocols
Protocol | Supported |
|---|---|
SSL any version | No |
TLS1.0 | No |
TLS1.1 | No |
TLS1.2 | Yes |
TLS1.3 | Yes |
Supported TLS cipher suites
UI
Endpoint: https://console.eu1.bosch-iot-rollouts.com/
TLS Version | Cipher Suite Name (IANA/RFC) | KeyExch. | Authenticator | Encryption | Bits | Remark |
|---|---|---|---|---|---|---|
TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE | ECDSA | AES GCM | 128 | Recommended |
TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE | ECDSA | AES GCM | 256 | Recommended |
TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE | RSA | AES GCM | 128 | Secure |
TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE | RSA | AES GCM | 256 | Secure |
TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE | ECDSA | AES CBC | 128 | Weak |
TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE | RSA | AES CBC | 128 | Weak |
TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ECDHE | ECDSA | AES CBC | 256 | Weak |
TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE | RSA | AES CBC | 256 | Weak |
TLSv1.2 | TLS_RSA_WITH_AES_128_GCM_SHA256 | RSA | RSA | AES GCM | 128 | Weak |
TLSv1.2 | TLS_RSA_WITH_AES_128_CBC_SHA256 | RSA | RSA | AES CBC | 128 | Weak |
TLSv1.2 | TLS_RSA_WITH_AES_256_GCM_SHA384 | RSA | RSA | AES GCM | 256 | Weak |
TLSv1.2 | TLS_RSA_WITH_AES_256_CBC_SHA256 | RSA | RSA | AES CBC | 256 | Weak |
API
Endpoint: https://signencrypt.eu1.bosch-iot-rollouts.com/api
TLS Version | Cipher Suite Name (IANA/RFC) | KeyExch. | Authenticator | Encryption | Bits | Remark |
|---|---|---|---|---|---|---|
TLSv1.3 | TLS_AES_128_GCM_SHA256 | PFS | - | AES GCM | 128 | Recommended |
TLSv1.3 | TLS_AES_256_GCM_SHA384 | PFS | - | AES GCM | 256 | Recommended |
TLSv1.3 | TLS_CHACHA20_POLY1305_SHA256 | PFS | - | ChaCha20 | 256 | Recommended |
TLSv1.3, TLSv1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE 256 | ECDSA | AES GCM | 256 | Recommended |
TLSv1.3, TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE 256 | RSA | AES GCM | 256 | Secure |
TLSv1.3, TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE 256 | RSA | AES GCM | 128 | Secure |
TLSv1.3, TLSv1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE 256 | RSA | AES GCM | 256 | Secure |
Secure ciphers are considered state-of-the-art. Recommended ciphers also provide Perfect Forward Secrecy (PFS) and should be preferred. Weak ciphers are provided only to support older operating systems, browsers, or applications. However, they are old and should be avoided. Furthermore, they are deprecated and will not be offered in the near future.