When a customer uses an unsupported cipher in his environment, the following entry in Deep Security event or logs shows:
Unsupported Cipher ... cipher = xxxx
To avoid getting the same message in the logs, know the supported ciphers in Deep Security.
When you activate the SSL configuration by importing the server's SSL certificate in an agent, the DPI engine will see an unencrypted plain text data. The list of rules, however, matches the pattern on the SSL stream, and not on the unencrypted plain text data. This is the reason why certain rules do not work when SSL certificate is imported in an agent.
Since not all customers would perform the scenario above, Recommendation Scan will still suggest rules based on the patch level of a host. If you have enabled SSL inspection and the rules are recommended at the same time, it will not cause any real harm. The engine will not be able to see the SSL data but only the unencrypted stream of data.
Deep Security Agent 10.0 up to Update 15 supports these TLS 1.2 cipher suites:
Deep Security Agent 10.0 Update 16 and later updates support these TLS 1.2 cipher suites, out-of-box:
Deep Security Agent 10.0 Update 16 and later updates support these TLS 1.2 cipher suites, if strong cipher suites are enabled:
For more details, refer to Deep Security Help Center article: Supported cipher suites for agent-manager communication.