Scannex ip.buffer User Manual
© UK 2007-2021 Scannex Electronics Ltd. All rights reserved worldwide.
•
“±
sha384
” = SHA-384bit HMAC
Examples:
•
“
aes+3des
” = AES ciphers and 3DES.
•
“
all-rc4-md5
” = everything but RC4 and MD5
•
“
none+aes+3des-dhe-sha256
” = AES and 3DES encryption with RSA key
exchange only (not DHE/RSA), and no SHA-256 HMAC
8.2.13. Signature Hashes override strings
The Signature Hashes override string allows you to specify what signature hashes should be
presented during the handshake phase of the TLS connection, and also what signature
hashes are allowed for a peer TLS certificate.
The same semantics apply as for cipher suites, but obviously the set of applicable values is
reduced:
•
“
all
” = all digests
•
“
def
” = all digests
•
“±
md5
” = MD-5 digest (very weak)
•
“±
sha1
” = SHA-1 digest (weak - avoid for strong security)
•
“±
sha224
” = SHA-224bit digest
•
“±
sha256
” = SHA-256bit digest
•
“±
sha384
” = SHA-384bit digest
Page 49
Scannex ip.buffer User Manual
© UK 2007-2021 Scannex Electronics Ltd. All rights reserved worldwide.
•
“±
sha384
” = SHA-384bit HMAC
Examples:
•
“
aes+3des
” = AES ciphers and 3DES.
•
“
all-rc4-md5
” = everything but RC4 and MD5
•
“
none+aes+3des-dhe-sha256
” = AES and 3DES encryption with RSA key
exchange only (not DHE/RSA), and no SHA-256 HMAC
8.2.13. Signature Hashes override strings
The Signature Hashes override string allows you to specify what signature hashes should be
presented during the handshake phase of the TLS connection, and also what signature
hashes are allowed for a peer TLS certificate.
The same semantics apply as for cipher suites, but obviously the set of applicable values is
reduced:
•
“
all
” = all digests
•
“
def
” = all digests
•
“±
md5
” = MD-5 digest (very weak)
•
“±
sha1
” = SHA-1 digest (weak - avoid for strong security)
•
“±
sha224
” = SHA-224bit digest
•
“±
sha256
” = SHA-256bit digest
•
“±
sha384
” = SHA-384bit digest
Page 49
