Using Ciphers and TLS For Infiniband Switches
(Doc ID 2424026.1)
Last updated on SEPTEMBER 16, 2019
Applies to:Sun Datacenter InfiniBand Switch 36 - Version All Versions to All Versions [Release All Releases]
Sun Network QDR InfiniBand Gateway Switch - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.
After some PCI Security scan, we are asked to do this for our Infiniband Switches in our X5-2 Quarter rack :
The server-side TLS endpoint's configuration should be updated to allow only TLSv1.2 connections with cipher suites that use:
• Ephemeral Diffie-Hellman for key exchange (optionally, allow RSA for key exchange if necessary for supporting some clients)
• Block ciphers with key lengths of at least 128 bits (AES-128 and AES-256)
• Block ciphers in GCM mode.
Note: If CBC mode must be allowed for supporting some clients, use only CBC mode cipher suites that use the SHA2 family of hash functions (SHA256, SHA384, SHA512) Note that all modern browsers support TLSv1.2.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document