What Cipher Suite we are using with TLS 1.2 in ITMS 7.6? 

In ITMS 8.0 seems to be that we use: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256

 

Do we use the same one in ITMS 7.6?

Response:

The cipher usage depends on Windows version, the later version the more sophisticated algorithms are available.

SMA (Symantec Management Agent) does not select algorithm set and does not restrict algorithms usage, we’re relying on SCHANNEL to select the algorithm, client and server negotiate on the algorithm during SSL handshake. If some algorithm is disabled on the machine then it will not be used. You can use the same IISCrypto (https://www.nartac.com/Products/IISCrypto) to disable or enable the algorithms on the machine or modify the registry where it all configured directly.

The answer about 7.6 would be – yes, 7.x and 8.x agent most likely select the same algorithm when running on the same client machine and connecting to the same server.

The following cipher suites are enabled and in this priority order by default by the Microsoft Schannel Provider: (LINK)

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.