Supported hashing and encryption algorithms for TLS libraries

Client applications use the HTTPS protocol to communicate with the StorageGRID system over a network connection that uses Transport Layer Security (TLS). The StorageGRID system supports a limited set of hashing and encryption algorithms from the TLS libraries that client applications can use when establishing a TLS session. When you are setting up the communication processes, it is important for you to know which security algorithms the system uses.

The StorageGRID system supports the following cipher suite security algorithms:

TLS version Cipher suite Benefit
v1.1 TLS_RSA_WITH_AES_128_CBC_SHA
Note: TLS v1.1 is deprecated. Support for TLS v1.1 will be removed in a future StorageGRID release.
TLS_RSA_WITH_AES_256_CBC_SHA
v1.2 TLS_RSA_WITH_AES_128_CBC_SHA
Note: Support for CBC ciphers and SHA1 ciphers is deprecated. Support for these ciphers will be removed in a future release.
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256 Provide secure encryption and more efficient processing of large objects.
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Support perfect forward secrecy.
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

The TLS session negotiates the connection, using either AES128 or AES256 based on the client application requirements, and the need to balance performance with encryption security.

Attention: SSLv3 is no longer supported for connections to the Storage Node or API Gateway Node.