skip to main content
SSL Encryption Cipher Suites
  
SSL Encryption Cipher Suites
Refer to "Using Security" in the DataDirect Connect Series for ODBC User’s Guide for information about using Secure Sockets Layer (SSL) data encryption with the drivers. Transport Layer Security (TLS) protocols are supported as listed in this chapter.
The following tables list the SSL and encryption cipher suites supported by the DataDirect Connect for ODBC driver. The driver attempts to negotiate either SSL v3 or TLS v1 with the server using OpenSSL cipher suites.
The following table shows the OpenSSL encryption cipher suites that the driver can use if it can negotiate SSL v3 with the server, with the name of the corresponding SSL v3 encryption cipher suites.
Table 13. Mapping OpenSSL Cipher Suites to SSL v3 Cipher Suites
OpenSSL Cipher Suite
SSL v3 Cipher Suite
AES128-SHA
TLS_RSA_WITH_AES_128_CBC_SHA1
AES256-SHA
TLS_RSA_WITH_AES_256_CBC_SHA 2
DES-CBC3-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
DES-CBC-SHA
SSL_RSA_WITH_DES_CBC_SHA
DHE-DSS-AES128-SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA3
DHE-DSS-AES256-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA4
DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA5
DHE-RSA-AES256-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA6
EDH-DSS-DES-CBC3-SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
EDH-DSS-DES-CBC-SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
EDH-RSA-DES-CBC3-SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
EDH-RSA-DES-CBC-SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
EXP-DES-CBC-SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
EXP-EDH-DSS-DES-CBC-SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
EXP-EDH-RSA-DES-CBC-SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
EXP-RC2-CBC-MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
EXP-RC4-MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
RC4-MD5
SSL_RSA_WITH_RC4_128_MD5
RC4-SHA
SSL_RSA_WITH_RC4_128_SHA
1 AES cipher suites from RFC3268 are used to extend TLS v1.

2 AES cipher suites from RFC3268 are used to extend TLS v1.

3 AES cipher suites from RFC3268 are used to extend TLS v1.

4 AES cipher suites from RFC3268 are used to extend TLS v1.

5 AES cipher suites from RFC3268 are used to extend TLS v1.

6 AES cipher suites from RFC3268 are used to extend TLS v1.

The following table shows the OpenSSL Encryption Cipher suites that the driver can use if it can negotiate TLS v1 with the server, with the name of the corresponding TLS v1 cipher suites.
Table 14. Mapping OpenSSL Encryption Cipher Suites to TLS v1 Cipher Suites
OpenSSL Cipher Suite
Maps to TLS v1 Cipher Suite
AES128-SHA
TLS_RSA_WITH_AES_128_CBC_SHA1
AES256-SHA
TLS_RSA_WITH_AES_256_CBC_SHA2
DES-CBC3-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
DES-CBC-SHA
TLS_RSA_WITH_DES_CBC_SHA
DHE-DSS-AES128-SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA3
DHE-DSS-AES256-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA4
DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA5
DHE-RSA-AES256-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA6
EDH-DSS-DES-CBC3-SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
EDH-RSA-DES-CBC3-SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
EDH-RSA-DES-CBC-SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
EXP-DES-CBC-SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
EXP-EDH-DSS-DES-CBC-SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
EXP-EDH-RSA-DES-CBC-SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
EXP-RC2-CBC-MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
EXP-RC4-MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
RC4-MD5
TLS_RSA_WITH_RC4_128_MD5
RC4-SHA
TLS_RSA_WITH_RC4_128_SHA
1 AES cipher suites from RFC3268, extending TLS v1

2 AES cipher suites from RFC3268, extending TLS v1

3 AES cipher suites from RFC3268, extending TLS v1

4 AES cipher suites from RFC3268, extending TLS v1

5 AES cipher suites from RFC3268, extending TLS v1

6 AES cipher suites from RFC3268, extending TLS v1

The following table shows the SSL Encryption Cipher suite that the driver uses if the negotiation to use SSL v3 or TLS v1 fails.
Table 15. Default Mapping of Encryption Cipher Suites
OpenSSL Cipher Suite
SSL Encryption Cipher Suite
Protocol Version
AES128-SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS v1 extension1
AES256-SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS v1 extension2
DES-CBC3-MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
SSL v2
DES-CBC3-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL v3
DES-CBC-MD5
SSL_CK_DES_64_CBC_WITH_MD5
SSL v2
DES-CBC-SHA
SSL_CK_DES_64_CBC_WITH_MD5
SSL_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
SSL v2
SSL v3
TLS v1
DHE-DSS-AES128-SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS v1 extension3
DHE-DSS-AES256-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS v1 extension4
DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS v1 extension5
DHE-RSA-AES256-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS v1 extension6
EDH-DSS-DES-CBC3-SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS v1 extension7
EDH-RSA-DES-CBC3-SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL v3
EDH-RSA-DES-CBC-SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL v3
EXP-DES-CBC-SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL v3
EXP-EDH-DSS-DES-CBC-SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL v3
EXP-EDH-RSA-DES-CBC-SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL v3
EXP-RC2-CBC-MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL v3
EXP-RC4-MD5
SSL_CK_RC4_128_EXPORT40_WITH_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL v2
SSL v3
RC4-MD58
SSL_CK_RC4_128_WITH_MD5
SSL_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
SSL v2
SSL v3
TLS v1
RC4-SHA9
SSL_RSA_WITH_RC4_128_SHA
SSL v3
TLS v1
1 AES cipher suites from RFC3268, extending TLS v1

2 AES cipher suites from RFC3268, extending TLS v1

3 AES cipher suites from RFC3268, extending TLS v1

4 AES cipher suites from RFC3268, extending TLS v1

5 AES cipher suites from RFC3268, extending TLS v1

6 AES cipher suites from RFC3268, extending TLS v1

7 AES cipher suites from RFC3268, extending TLS v1

8 A default cipher for SSL v2, SSL v3, and TLS v1

9 A default cipher for SSL v3 and TLS v1

Reference:
OpenSSL Cryptography and SSL/TLS Toolkit