About Secure Web Appliance
The Cisco Secure Web Appliance intercepts and monitors Internet traffic and applies policies to help keep your internal network secure from malware, sensitive data loss, productivity loss, and other Internet-based threats.
Supported Ciphers
This section contains the list of supported ciphers (SSL and SSH) for AsyncOS for Secure Web Appliance.
Port 8443 (Management Interface)
TLS 1.2 |
TLS 1.3 |
||
---|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
TLS_AES_256_GCM_SHA384 |
||
ECDHE-RSA-AES256-GCM-SHA384 |
TLS_AES_128_GCM_SHA256 |
||
ECDHE-ECDSA-CHACHA20-POLY1305 |
TLS_CHACHA20_POLY1305_SHA256 |
||
ECDHE-RSA-CHACHA20-POLY1305 |
|||
ECDHE-ECDSA-AES256-CCM |
|||
ECDHE-ECDSA-AES128-GCM-SHA256 |
|||
ECDHE-RSA-AES128-GCM-SHA256 |
|||
ECDHE-ECDSA-AES128-CCM |
|||
ECDHE-ECDSA-AES256-SHA384 |
|||
ECDHE-RSA-AES256-SHA384 |
|||
ECDHE-ECDSA-CAMELLIA256-SHA384 |
|||
ECDHE-RSA-CAMELLIA256-SHA384 |
|||
ECDHE-ECDSA-AES128-SHA256 |
|||
ECDHE-RSA-AES128-SHA256 |
|||
ECDHE-ECDSA-CAMELLIA128-SHA256 |
|||
ECDHE-RSA-CAMELLIA128-SHA256 |
|||
AES256-GCM-SHA384 |
|||
AES256-CCM |
|||
AES128-GCM-SHA256 |
|||
AES128-CCM |
|||
AES256-SHA256 |
|||
CAMELLIA256-SHA256 |
|||
AES128-SHA256 |
|||
CAMELLIA128-SHA256 |
|||
Default Mode: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-CAMELLIA256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-CAMELLIA128-SHA256 ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES256-CCM AES128-GCM-SHA256 AES128-CCM AES256-SHA256 CAMELLIA256-SHA256 AES128-SHA256 CAMELLIA128-SHA256 AES256-SHA AES128-SHA CAMELLIA128-SHA |
|||
|
|||
|
Port 443 (SSL Port)
TLS 1.0 |
TLS 1.1 |
TLS 1.2 |
TLS 1.3 |
||
---|---|---|---|---|---|
ECDHE-ECDSA-AES128-SHA |
ECDHE-ECDSA-AES128-SHA |
ECDHE-ECDSA-AES256-GCM-SHA384 |
TLS_AES_256_GCM_SHA384 |
||
ECDHE-RSA-AES128-SHA |
ECDHE-RSA-AES128-SHA |
ECDHE-RSA-AES256-GCM-SHA384 |
TLS_AES_128_GCM_SHA256 |
||
AES256-SHA |
AES256-SHA |
ECDHE-ECDSA-CHACHA20-POLY1305 |
TLS_CHACHA20_POLY1305_SHA256 |
||
AES128-SHA |
AES128-SHA |
ECDHE-RSA-CHACHA20-POLY1305 |
|||
ECDHE-ECDSA-AES256-CCM |
|||||
ECDHE-ECDSA-AES128-GCM-SHA256 |
|||||
ECDHE-RSA-AES128-GCM-SHA256 |
|||||
ECDHE-ECDSA-AES128-CCM |
|||||
ECDHE-ECDSA-AES256-SHA384 |
|||||
ECDHE-RSA-AES256-SHA384 |
|||||
ECDHE-ECDSA-CAMELLIA256-SHA384 |
|||||
ECDHE-RSA-CAMELLIA256-SHA384 |
|||||
ECDHE-ECDSA-AES128-SHA256 |
|||||
ECDHE-RSA-AES128-SHA256 |
|||||
ECDHE-ECDSA-CAMELLIA128-SHA256 |
|||||
ECDHE-RSA-CAMELLIA128-SHA256 |
|||||
AES256-GCM-SHA384 |
|||||
AES256-CCM |
|||||
AES128-GCM-SHA256 |
|||||
AES128-CCM |
|||||
AES256-SHA256 |
|||||
CAMELLIA256-SHA256 |
|||||
AES128-SHA256 |
|||||
CAMELLIA128-SHA256 |
|||||
Default Mode: ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA AES128-SHA DHE-RSA-AES128-SHA |
Default Mode: ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA AES128-SHA DHE-RSA-AES128-SHA ECDHE-PSK-AES128-CBC-SHA256 ECDHE-PSK-AES128-CBC-SHA DHE-PSK-AES128-CBC-SHA256 |
Default Mode: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES128-SHA DHE-RSA-AES128-SHA DHE-PSK-AES256-GCM-SHA384 ECDHE-PSK-CHACHA20-POLY1305 DHE-PSK-AES128-GCM-SHA256 |
Default Mode: TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 |
||
|
Port 22 (SSH Port)
ssh2-enum-algos:
1. kex_algorithms (8):
|
2. encryption_algorithms (7):
|
3. server_host_key_algorithms (4):
|
4. mac_algorithms (3):
|
5. compression_algorithms (2):
|
Unsupported Ciphers
The following ciphers are not supported from the release SWA15.5 onwards with OpenSSL-1.1.1y.
DHE-RSA-AES256-GCM-SHA384 |
DHE-RSA-CHACHA20-POLY1305 |
DHE-RSA-AES128-GCM-SHA256 |
DHE-RSA-AES256-SHA256 |
DHE-RSA-AES128-SHA256 |
DHE-RSA-AES128-SHA |
RSA-PSK-AES256-GCM-SHA384 |
DHE-PSK-AES256-GCM-SHA384 |
RSA-PSK-CHACHA20-POLY1305 |
DHE-PSK-CHACHA20-POLY1305 |
ECDHE-PSK-CHACHA20-POLY1305 |
PSK-AES256-GCM-SHA384 |
PSK-CHACHA20-POLY1305 |
RSA-PSK-AES128-GCM-SHA256 |
DHE-PSK-AES128-GCM-SHA256 |
PSK-AES128-GCM-SHA256 |
ECDHE-PSK-AES256-CBC-SHA384 |
RSA-PSK-AES256-CBC-SHA384 |
DHE-PSK-AES256-CBC-SHA384 |
PSK-AES256-CBC-SHA384 |
ECDHE-PSK-AES128-CBC-SHA256 |
ECDHE-PSK-AES128-CBC-SHA |
RSA-PSK-AES128-CBC-SHA256 |
DHE-PSK-AES128-CBC-SHA256 |
RSA-PSK-AES128-CBC-SHA |
DHE-PSK-AES128-CBC-SHA |
PSK-AES128-CBC-SHA256 |
PSK-AES128-CBC-SHA |
Port 8443 (Management Interface)
SSL V 3.0 |
TLS 1.0 |
---|---|
RC4-MD5 |
RC4-MD5 |
RC4-SHA |
RC4-SHA |