Secure Mobile Access 12.4 Administration Guide

Suite B Support

Suite B is a set of security algorithms or ciphers approved by the National Security Agency (NSA) for assuring the security and integrity of information passed over public networks.

Suite B comprises these cipher combinations:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Suite B for SMA appliances supports these two cipher suites and the Elliptic Curve Digital Signature Algorithm (ECDSA) certificates that they require.

When you create a new certificate signing request or a new self-signed certificate, you have the option to choose an RSA certificate or an ECDSA certificate. The configuration options are different for the different types of certificates. See Configuring the Suite B ciphers for details.

If a mismatch occurs between an enabled cipher and an installed certificate, the AMC will display a warning and prevent the configuration from being enabled.

SMA Tunnel clients and Mobile Connect clients support the Suite B ciphers.

SSH connections will negotiate the cipher to use, including the two Suite B ciphers, by following the existing SSH negotiation rules.

The Suite B ciphers will be enabled and operational on all currently supported appliance models, including virtual appliances.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.