About Secure Web Appliance
The Cisco Secure Web Appliance intercepts and monitors Internet traffic and applies policies to help keep your internal network secure from malware, sensitive data loss, productivity loss, and other Internet-based threats.
Supported Ciphers
This section contains the list of supported ciphers (SSL and SSH) for AsyncOS for Secure Web Appliance.
Port 8443 (Management Interface)
TLS 1.0 |
TLS 1.1 |
TLS 1.2 |
---|---|---|
ECDHE-RSA-AES256-SHA - YES |
ECDHE-RSA-AES256-SHA - YES |
ECDHE-RSA-AES256-GCM-SHA384 - YES |
DHE-RSA-AES256-SHA - YES |
DHE-RSA-AES256-SHA - YES |
ECDHE-RSA-AES256-SHA384 - YES |
DHE-RSA-CAMELLIA256-SHA - YES |
DHE-RSA-CAMELLIA256-SHA - YES |
ECDHE-RSA-AES256-SHA - YES |
AES256-SHA - YES |
AES256-SHA - YES |
DHE-RSA-AES256-GCM-SHA384 - YES |
CAMELLIA256-SHA - YES |
CAMELLIA256-SHA - YES |
DHE-RSA-AES256-SHA256 - YES |
ECDHE-RSA-AES128-SHA - YES |
ECDHE-RSA-AES128-SHA - YES |
DHE-RSA-AES256-SHA - YES |
DHE-RSA-AES128-SHA - YES |
DHE-RSA-AES128-SHA - YES |
DHE-RSA-CAMELLIA256-SHA - YES |
DHE-RSA-SEED-SHA - YES |
DHE-RSA-SEED-SHA - YES |
AES256-GCM-SHA384 - YES |
DHE-RSA-CAMELLIA128-SHA - YES |
DHE-RSA-CAMELLIA128-SHA - YES |
AES256-SHA256 - YES |
AES128-SHA - YES |
AES128-SHA - YES |
AES256-SHA - YES |
SEED-SHA - YES |
SEED-SHA - YES |
CAMELLIA256-SHA - YES |
CAMELLIA128-SHA - YES |
CAMELLIA128-SHA - YES |
ECDHE-RSA-AES128-GCM-SHA256 - YES |
RSA-PSK-AES256-CBC-SHA384 - YES |
ECDHE-RSA-AES128-SHA - YES |
|
AES128-SHA - YES |
||
SEED-SHA - YES |
||
CAMELLIA128-SHA - YES |
||
ECDHE-ECDSA-AES256-GCM-SHA384 - YES |
||
ECDHE-ECDSA-AES128-GCM-SHA256 - YES |
||
ECDHE-ECDSA-AES128-SHA256 - YES |
||
DHE-PSK-AES256-GCM-SHA384 - YES |
Port 443 (SSL Port)
TLS 1.0 |
TLS 1.1 |
TLS 1.2 |
TLS 1.3 |
||||
---|---|---|---|---|---|---|---|
DHE-RSA-AES256-SHA - YES |
DHE-RSA-AES256-SHA - YES |
DHE-RSA-AES256-GCM-SHA384 - YES |
|||||
ECDHE-RSA-AES128-SHA - YES |
ECDHE-RSA-AES128-SHA - YES |
DHE-RSA-AES128-GCM-SHA256 - YES |
|||||
ECDHE-ECDSA-AES128-SHA - YES |
ECDHE-ECDSA-AES128-SHA - YES |
DHE-RSA-AES256-SHA256 - YES |
|||||
AES256-SHA - YES |
AES256-SHA - YES |
DHE-RSA-AES128-SHA256 - YES |
|||||
AES128-SHA - YES |
AES128-SHA - YES |
DHE-RSA-AES256-SHA - YES |
|||||
RSA-PSK-AES256-CBC-SHA384 - YES |
DHE-RSA-AES256-CCM - YES |
||||||
PSK-AES256-CBC-SHA384 - YES |
ECDHE-RSA-AES256-GCM-SHA384 - YES |
||||||
DHE-PSK-AES128-CBC-SHA256 - YES |
ECDHE-RSA-AES128-SHA256 - YES |
||||||
AES256-GCM-SHA384 - YES |
|||||||
AES128-GCM-SHA256 - YES |
|||||||
AES256-SHA256 - YES |
|||||||
AES128-SHA256 - YES |
|||||||
AES256-SHA - YES |
|||||||
AES128-SHA - YES |
|||||||
AES256-CCM - YES |
|||||||
AES128-CCM - YES |
|||||||
ECDHE-ECDSA-AES256-GCM-SHA384 - YES |
|||||||
ECDHE-ECDSA-AES128-GCM-SHA256 - YES |
|||||||
ECDHE-ECDSA-AES256-SHA384 - YES |
|||||||
ECDHE-ECDSA-AES128-SHA256 - YES |
|||||||
ECDHE-ECDSA-AES128-SHA - YES |
|||||||
ECDHE-ECDSA-AES256-CCM - YES |
|||||||
ECDHE-ECDSA-AES128-CCM - YES |
|||||||
Default Mode: ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA AES128-SHA DHE-RSA-AES128-SHA |
Default Mode: ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA AES128-SHA DHE-RSA-AES128-SHA ECDHE-PSK-AES128-CBC-SHA256 ECDHE-PSK-AES128-CBC-SHA DHE-PSK-AES128-CBC-SHA256 |
Default Mode: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES128-SHA DHE-RSA-AES128-SHA DHE-PSK-AES256-GCM-SHA384 ECDHE-PSK-CHACHA20-POLY1305 DHE-PSK-AES128-GCM-SHA256 |
Default Mode: TLS_CHACHA20_POLYI305_SHA256 |
||||
|
|
||||||
|
Port 22 (SSH Port)
ssh2-enum-algos:
1. kex_algorithms (8):
|
2. encryption_algorithms (7):
|
3. server_host_key_algorithms (4):
|
4. mac_algorithms (3):
|
5. compression_algorithms (2):
|
Unsupported Ciphers
The following ciphers are not supported from the release SWA15.0 onwards with OpenSSL-1.1.1
TLS_AES_256_GCM_SHA384 |
TLS_CHACHA20_POLY1305_SHA256 |
TLS_AES_128_GCM_SHA256 |
ECDHE-ECDSA-CHACHA20-POLY1305 |
ECDHE-RSA-CHACHA20-POLY1305 |
DHE-RSA-CHACHA20-POLY1305 |
RSA-PSK-AES256-GCM-SHA384 |
DHE-PSK-AES256-GCM-SHA384 |
RSA-PSK-CHACHA20-POLY1305 |
DHE-PSK-CHACHA20-POLY1305 |
ECDHE-PSK-CHACHA20-POLY1305 |
PSK-AES256-GCM-SHA384 |
PSK-CHACHA20-POLY1305 |
RSA-PSK-AES128-GCM-SHA256 |
DHE-PSK-AES128-GCM-SHA256 |
PSK-AES128-GCM-SHA256 |
ECDHE-PSK-AES256-CBC-SHA384 |
RSA-PSK-AES256-CBC-SHA384 |
DHE-PSK-AES256-CBC-SHA384 |
PSK-AES256-CBC-SHA384 |
ECDHE-PSK-AES128-CBC-SHA256 |
ECDHE-PSK-AES128-CBC-SHA |
RSA-PSK-AES128-CBC-SHA256 |
DHE-PSK-AES128-CBC-SHA256 |
RSA-PSK-AES128-CBC-SHA |
DHE-PSK-AES128-CBC-SHA |
PSK-AES128-CBC-SHA256 |
Port 8443 (Management Interface)
SSL V 3.0 |
TLS 1.0 |
---|---|
RC4-MD5 |
RC4-MD5 |
RC4-SHA |
RC4-SHA |