Secure Global Desktop 4.40 Administration Guide > Security > Selecting a Cipher Suite for Secure Connections

Selecting a Cipher Suite for Secure Connections

A cipher suite is a set of cryptographic algorithms used for the following:

Protect information required to create shared keys (key exchange)
Encrypt messages exchanged between clients and servers (bulk encryption)
Generate message hashes and signatures to ensure the integrity of a message (message authentication)

A cipher suite specifies one algorithm for each of these tasks. For example, the RSA_WITH_RC4_128_MD5 cipher suite uses RSA for key exchange, RC4 with a 128-bit key for bulk encryption, and MD5 for message authentication.

SGD allows you to specify the cipher suite used for secure connections between SGD Clients and SGD servers, and between the SGD servers in an array. Secure connections are available only when SGD security services are enabled.

The following table lists the supported cipher suites.

Supported Cipher Suite	Client Preference	OpenSSL Name	JSSE Name
RSA_WITH_AES_256_CBC_SHA	1	AES256-SHA	TLS_RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA	2	AES128-SHA	TLS_RSA_WITH_AES_128_CBC_SHA
RSA_WITH_3DES_EDE_CBC_SHA	3	DES-CBC3-SHA	SSL_RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_RC4_128_SHA	4	RC4-SHA	SSL_RSA_WITH_RC4_128_SHA
RSA_WITH_RC4_128_MD5	5	RC4-MD5	SSL_RSA_WITH_RC4_128_MD5
RSA_WITH_DES_CBC_SHA	6	DES-CBC-SHA	SSL_RSA_WITH_DES_CBC_SHA

Connections Between SGD Clients and SGD Servers

To specify the cipher suites used for connections between SGD Clients and SGD servers:

Log in as superuser (root).
Stop all the SGD servers in the array.
Specify the cipher suites.
Use the following command:
```
# tarantella config edit --tarantella-config-security-ciphers cipher_list
```
The cipher_list is a colon-separated list of cipher suites. Use the OpenSSL name from the table above.

The order of the cipher suites does not matter, as it is the client that determines which suite is used, based on the client preference order shown in the table above.

The default setting is AES256-SHA:RC4-MD5
Start all the SGD servers in the array.

Connections Between the SGD Servers in an Array

Secure connections between the SGD servers in array are available only when secure intra-array communication is enabled.

To specify the cipher suite used for secure connections between the SGD servers in an array:

Log in as superuser (root).
Stop all the SGD servers in the array.
Specify the cipher suites.
Use the following command:
```
# tarantella config edit --tarantella-config-security-peerssl-ciphers cipher_list
```
The cipher_list is a colon separated list of cipher suites. Use the Java Secure Socket Extension(JSSE) name from the table above.

Although you can specify a list, currently the first cipher in the list is always used.

The default setting is AES256-SHA.
Start all the SGD servers in the array.

Related Topics
Securing Connections Between SGD Servers Introducing SGD Security Services