Client applications use the HTTPS protocol to communicate with the StorageGRID Webscale system over a network connection that uses Transport Layer Security (TLS). The StorageGRID Webscale system supports a limited set of hashing and encryption algorithms from the TLS libraries that client applications can use when establishing a TLS session. When you are setting up the communication processes, it is important for you to know which security algorithms the system uses.
The StorageGRID Webscale system supports the following cipher suite security algorithms:
TLS version | Cipher suite | Benefit |
---|---|---|
v1.1 | TLS_RSA_WITH_AES_128_CBC_SHA | Note: TLS v1.1 is deprecated in StorageGRID Webscale 11.1. Support for TLS v1.1 will be removed in a future StorageGRID Webscale release.
|
TLS_RSA_WITH_AES_256_CBC_SHA | ||
v1.2 | TLS_RSA_WITH_AES_128_CBC_SHA | Provide secure encryption and efficient processing of objects. |
TLS_RSA_WITH_AES_256_CBC_SHA | ||
TLS_RSA_WITH_AES_128_GCM_SHA256 | Provide secure encryption and more efficient processing of large objects. | |
TLS_RSA_WITH_AES_256_GCM_SHA384 | ||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | Support perfect forward secrecy. | |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | ||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
The TLS session negotiates the connection, using either AES128 or AES256 based on the client application requirements, and the need to balance performance with encryption security.