When using CA LDAP Server to establish an SSL (TLS) encryption tunnel, what cipherspec is used; i.e., what algorithm/strength for encipher/decipher, what signing/hash algorithm?

Document ID : KB000032093
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

When using CA LDAP Server to establish an SSL (TLS) encryption tunnel, what cipherspec is used; i.e., what algorithm/strength for encipher/decipher, or what signing/hash algorithm is used for the connection?

Answer:

The way SSL works is that the strongest cipher that both sides support is used for that specific connection.  The cipher is negotiated during the SSL handshake for each app that connects to the CA LDAP Server.  During a connection, the client app sends its list of supported ciphers and the server compares that to its list.  The server then selects the strongest and returns that to the client as what they shall use.  In order to get an answer for a specific app, tracing of the SSL handshake would need to be enabled in the CA LDAP Server and then reviewed.