My Research Toolbox Update
Improved Security & Data Integrity
May 30, 2020
Written by Carlos Silvestre
We have officially enabled cryptographic modules that have been thoroughly tested and validated by the National Institute of Standards and Technology (NIST) Testing Laboratory. The tables below, illustrate security cipher suites in the pre and post validation phase.
|
Pre-Validation Suites in server-preferred order |
|
|
TLS 1.3 |
TLS 1.2 |
|
AES_256_GCM_SHA384 |
ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|
CHACHA20_POLY1305_SHA256 |
ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|
AES_128_GCM_SHA256 |
DHE_RSA_WITH_AES_256_GCM_SHA384 |
|
|
DHE_RSA_WITH_AES_128_GCM_SHA256 |
|
|
ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 |
|
|
DHE_RSA_WITH_ARIA_256_GCM_SHA384 |
|
|
ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 |
|
|
DHE_RSA_WITH_ARIA_128_GCM_SHA256 |
|
Post-Validation Suites in server-preferred order |
|
|
TLS 1.3 |
TLS 1.2 |
|
AES_256_GCM_SHA384 |
ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|
|
ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|
|
DHE_RSA_WITH_AES_256_GCM_SHA384 |
|
|
DHE_RSA_WITH_AES_128_GCM_SHA256 |
The security cipher suites selected are built on top of Federal Information Processing Standard (FIPS) certified modules containing:
(a) Bug Fixes
(b) Common Vulnerabilities and Exposures (CVE) Fixes
(c) Enhancements
(d) Additional Cryptographic Hash Functions
This is used to simultaneously verify both data integrity and authenticity of a message.
Disclaimer: We strongly value protecting the integrity of our users data. Using cryptographic modules built on top of heavily tested FIPS certified modules is a voluntary act. This is important because it defines compliance in encryption and security measures in the United States Government; which means that our systems have been thoroughly reviewed and tested to be FIPS compliant.