Product Documentation

FIPS Approved Ciphers

Apr 27, 2017

The following table lists the FIPS approved ciphers supported on a NetScaler FIPS appliance. 

Table 1. FIPS Approved Ciphers 

Cipher Suite (Hex Code)

MPX 9700 with firmware 1.1

MPX 9700 with firmware 2.2

MPX 14xxx FIPS*

SDX 14xxx FIPS**

TLS1-AES-256-CBC-SHA (0x0035)

12.0 all builds

11.1 all builds

11.0 all builds

10.5 all builds

12.0 all builds

11.1 all builds

11.0 all builds

12.0 all builds

11.1 builds 51.x and later

10.5 Enhancement build 59.1306.e and later

12.0 all builds

11.1 builds 52.x and later

TLS1-AES-128-CBC-SHA (0x002f) 

12.0 all builds

11.1 all builds

11.0 all builds

10.5 all builds

12.0 all builds

11.1 all builds

11.0 all builds

12.0 all builds

11.1 builds 51.x and later

10.5 Enhancement build 59.1306.e and later

12.0 all builds

11.1 builds 52.x and later

TLS1-ECDHE-RSA-AES256-SHA (0xc014)

Not supported

12.0 all builds

11.1 all builds

10.5 Enhancement build 59.1306.e and later

12.0 all builds


11.1 builds 51.x and later

12.0 all builds

11.1 builds 52.x and later

TLS1-ECDHE-RSA-AES128-SHA (0xc013)

Not supported

12.0 all builds

11.1 all builds

10.5 Enhancement build 59.1306.e and later

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 52.x and later

TLS1.2-ECDHE-RSA-AES-256-SHA384 (0xc028)

Not supported

On the frontend:

 

12.0 all builds

11.1 all builds

10.5 Enhancement build 59.1306.e and later

On the backend:

12.0 all builds

11.1 builds 53.x and later

 

On the frontend:

12.0 all builds

11.1 builds 51.x and later

On the backend:

12.0 all builds

11.1 builds 53.x and later

 

On the frontend:

12.0 all builds

11.1 builds 52.x and later

On the backend:

12.0 all builds

11.1 builds 53.x and later

TLS1.2-ECDHE-RSA-AES-128-SHA256 (0xc027)

Not supported

12.0 all builds

11.1 all builds

10.5 Enhancement build 59.1306.e and later

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 52.x and later

TLS1-ECDHE-RSA-DES-CBC3-SHA (0xc012)

Not supported

12.0 all builds

11.1 all builds

10.5 Enhancement build 59.1306.e and later

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 52.x and later

SSL3-DES-CBC3-SHA (0x000a)

12.0 all builds

11.1 all builds

11.0 all builds

10.5 all builds

12.0 all builds

11.1 all builds

11.0 all builds

12.0 all builds

11.1 builds 51.x and later

10.5 Enhancement build 59.1306.e and later

12.0 all builds

11.1 builds 52.x and later

TLS1.2-AES256-GCM-SHA384 (0x009d)

 

Not supported

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 52.x and later

TLS1.2-AES128-GCM-SHA256 (0x009c)

 

Not supported

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 52.x and later

TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 (0xc030)

Not supported

On the frontend:

12.0 all builds

11.1 builds 51.x and later

On the backend:

12.0 all builds

 

On the frontend:

12.0 all builds

11.1 builds 51.x and later

On the backend:

12.0 all builds

On the frontend:

12.0 all builds

11.1 builds 52.x and later

On the backend:

12.0 all builds

TLS1.2-ECDHE-RSA-AES128-GCM-SHA256 (0xc02f)

 

Not supported

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 51.x and later

12.0 all builds

11.1 builds 52.x and later

TLS1.2-AES-256-SHA256 (0x003d)

 

Not supported

12.0 all builds

11.1 builds 52.x and later

12.0 all builds

11.1 builds 52.x and later

12.0 all builds

11.1 builds 52.x and later

TLS1.2-AES-128-SHA256 (0x003c)

 

Not supported

12.0 all builds

11.1 builds 52.x and later

12.0 all builds

11.1 builds 52.x and later

12.0 all builds

11.1 builds 52.x and later

*MPX 14030/14060/14080

** SDX 14030/14060/14080

To see the complete details for each cipher suite, at the NetScaler CLI command prompt, type: 

command Copy

 sh ssl cipher FIPS