1. Which Cipher Suites are supported CEM/TIM for decoding SSL hosted applications?
2. How can I check those against the Ciphers installed on my web servers?
1. CEM supports the following algorithms for the symmetrical encryption of data: DES, Triple DES, RC4, RC2, and AES. Both U.S.-exportable and non-U.S.-exportable versions of all supported symmetrical ciphers are supported.
All ciphers provided with the installed TIM openssl library are supported except these:
- DH or DHE ciphers (Diffie-Hellman)
- TLS-PSK (Wikipedia: TLS-PSK) (Added July 2016)
2. The following public GitHub link contains a script apm-interact.sh which has a CIPHER option. That checks the installed cipher suites on the current device against a remote web server. If a match is found then it will report a success, otherwise a failure will be registered. At the end of the Check, a logfile will be created separating supported ciphers with non supported ciphers by the remote web server. If the script is executed from the TIM, the compatible ciphers of the openssl library used by the TIM will be checked against the openssl library (or similar) of the provided remote web server.
Acknowledgement to Joerg Mertin (CA APM Engineering Services) for providing this information and the scripts.