Client applications use the HTTPS protocol to communicate with the StorageGRID system over a network connection that uses Transport Layer Security (TLS). The StorageGRID system supports a limited set of hashing and encryption algorithms from the TLS libraries that client applications can use when establishing a TLS session. When you are setting up the communication processes, it is important for you to know which security algorithms the system uses.
The StorageGRID system supports the following cipher suite security algorithms:
TLS version | Cipher suite | Benefit |
---|---|---|
v1.1 | TLS_RSA_WITH_AES_128_CBC_SHA | Note: TLS v1.1 is deprecated. Support for TLS v1.1 will be removed in a future StorageGRID release.
|
TLS_RSA_WITH_AES_256_CBC_SHA | ||
v1.2 | TLS_RSA_WITH_AES_128_CBC_SHA | Note: Support for CBC ciphers and SHA1 ciphers is deprecated. Support for these ciphers will be removed in a future release.
|
TLS_RSA_WITH_AES_256_CBC_SHA | ||
TLS_RSA_WITH_AES_128_GCM_SHA256 | Provide secure encryption and more efficient processing of large objects. | |
TLS_RSA_WITH_AES_256_GCM_SHA384 | ||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | Support perfect forward secrecy. | |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
The TLS session negotiates the connection, using either AES128 or AES256 based on the client application requirements, and the need to balance performance with encryption security.