IDMC uses specific cipher suites for TLS 1.2 and 1.3. It's critical that your organization's infrastructure supports at least one of these suites to prevent disruption in connecting to IDMC, including Secure Agent connectivity and task failures.
IDMC uses the following cipher suites:
TLS 1.3 cipher suites
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
TLS 1.2 cipher suites
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Deprecated cipher suites
The following cipher suites are no longer used by IDMC:
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Verifying your organization's cipher support
To verify whether your organization is using a valid cipher suite for IDMC, run the following curl command:
A response of '200' indicates that you are using a valid cipher suite.
Note: If your network or system administrator is testing cipher availability using the nmap utility ensure that nmap is version 7.95 or later. Earlier versions can have issues identifying TLS1.3 ciphers.