Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

List of supported ciphers in Deep Security

    • Updated:
    • 14 Jul 2017
    • Product/Version:
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Amazon AMI 32-bit
    • Amazon AMI 64-bit
    • CentOS 5.4 32-bit
    • CentOS 5.4 64-bit
    • CentOS 5.5 32-bit
    • CentOS 5.5 64-bit
    • CentOS 5.6 32-bit
    • CentOS 5.6 64-bit
    • CentOS 5.7 32-bit
    • CentOS 5.7 64-bit
    • CentOS 5.8 32-bit
    • CentOS 5.8 64-bit
    • CentOS 6 32-bit
    • CentOS 6 64-bit
    • CentOS 6.1 32-bit
    • CentOS 6.1 64-bit
    • CentOS 6.2 32-bit
    • CentOS 6.2 64-bit
    • HPUX 11.x
    • IBM AIX 5.3
    • IBM AIX 6.1
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE 10
    • Linux - SuSE 10 64-bit
    • Linux - SuSE 11
    • Linux - SuSE 11 64-bit
    • Oracle Linux 5 32-bit
    • Oracle Linux 5 64-bit
    • Oracle Linux 6 32-bit
    • Oracle Linux 6 64-bit
    • Oracle Solaris 11 SPARC
    • Oracle Solaris 11 x86
    • Ubuntu 10.04 64-bit
    • Ubuntu 12.04 64-bit
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • VMware ESX 4.0
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 4.0
    • VMware ESXi 4.1
    • VMware ESXi 5.0
    • VMware ESXi 5.1
    • VMware ESXi 5.5
    • VMware vCenter 5.0
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 Server Core
    • Windows 2008 Server Foundation
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Datacenter
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Server R2 with Hyper-V(TM)
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Foundation R2
    • Windows 2012 Standard R2
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows 8.1 32-bit
    • Windows 8.1 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit
    • Windows XP SP2 32-bit
    • Windows XP SP3 32-bit
Summary

When a customer uses an unsupported cipher in his environment, the following entry in Deep Security event or logs shows:

Unsupported Cipher ... cipher = xxxx

To avoid getting the same message in the logs, know the supported ciphers in Deep Security.

Details
Public

When you activate the SSL configuration by importing the server's SSL certificate in an agent, the DPI engine will see an unencrypted plain text data. The list of rules, however, matches the pattern on the SSL stream, and not on the unencrypted plain text data. This is the reason why certain rules do not work when SSL certificate is imported in an agent.

Since not all customers would perform the scenario above, Recommendation Scan will still suggest rules based on the patch level of a host. If you have enabled SSL inspection and the rules are recommended at the same time, it will not cause any real harm. The engine will not be able to see the SSL data but only the unencrypted stream of data.

Deep Security only supports the following ciphers:

#define SSL_NULL_WITH_NULL_NULL 0 // { 0x00, 0x00 }
#define SSL_RSA_WITH_NULL_MD5 1 // { 0x00, 0x01 }
#define SSL_RSA_WITH_NULL_SHA 2 // { 0x00, 0x02 }
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 3 // { 0x00, 0x03 }
#define SSL_RSA_WITH_RC4_128_MD5 4 // { 0x00, 0x04 }
#define SSL_RSA_WITH_RC4_128_SHA 5 // { 0x00, 0x05 }
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 6 // { 0x00, 0x06 }
#define SSL_RSA_WITH_IDEA_CBC_SHA 7 // { 0x00, 0x07 }
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 8 // { 0x00, 0x08 }
#define SSL_RSA_WITH_DES_CBC_SHA 9 // { 0x00, 0x09 }
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 10 // { 0x00, 0x0A }
#define TLS_RSA_WITH_AES_128_CBC_SHA 47 // { 0x00, 0x2F }
#define TLS_RSA_WITH_AES_256_CBC_SHA 53 // { 0x00, 0x35 }
#define TLS_RSA_WITH_3DES_EDE_CBC_RMD160 124 // { 0x00, 0x7C };
#define TLS_RSA_WITH_AES_128_CBC_RMD160 125 // { 0x00, 0x7D };
#define TLS_RSA_WITH_AES_256_CBC_RMD160 126 // { 0x00, 0x7E };
#define TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 96 // { 0x00, 0x60 };
#define TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 97 // { 0x00, 0x61 };
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 98 // { 0x00, 0x62 };
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 100 // { 0x00, 0x64 };

For more cipher values, refer to this article: Transport Layer Security (TLS) Parameters.

If you want to prevent issues or events in Deep Security, you may do any of the following:

  • Disable the unsupported cipher in their environment.
  • Create Bypass firewall rules to bypass the DPI checking.
Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1105304
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.