Supported cipher strings and meanings – Nortel Networks NN46120-104 User Manual

Unable to download NetDirect from VPN server

181

Supported Cipher Strings and Meanings

The following table lists each supported cipher string alias and its
significance.

Table 7
Cipher Strings and Meanings

Cipher String Aliases

Meaning

DEFAULT

The default cipher list, which corresponds to

ALL@STRENGTH

.

ALL

All cipher suites except the eNULL ciphers,
which must be explicitly enabled.

HIGH

Cipher suites with key lengths larger than 128
bits.

MEDIUM

Cipher suites using 128 bit encryption.

LOW

Includes cipher suites using 64 or 56 bit
encryption, but excludes export cipher suites.

EXPORT

Includes cipher suites using 40 and 56 bit
encryption.

EXPORT40

Cipher suites using 40 bit export encryption
only.

EXPORT56

Cipher suites using 56 bit export encryption
only.

eNULL, NULL

Cipher suites that do not offer any encryption
at all. Because the use of such ciphers pose
a security threat, they are disabled unless
explicitly included.

aNULL

Cipher suites that do not offer authentication,
like anonymous DH algorithms. The use
of such cipher suites is not recommended,
because they facilitate man-in-the-middle
attacks.

kRSA, RSA

Cipher suites using RSA key exchange.

kEDH

Cipher suites using ephemeral Diffie-Hellman
key agreement.

aRSA

Cipher suites using RSA authentication, which
implies that the certificates carry RSA keys.

SSLv3, SSLv2

SSL version 3.0 and SSL version 2.0 cipher
suites, respectively.

DH

Cipher suites using DH encryption algorithms,
including anonymous DH.

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.