Docker Community Forums

Share and learn in the Docker community.

Cipher Suites for UCP

(Evan Montgomery-Recht) #1

While troubleshooting why Jenkins won’t connect to the UCP based swarm I noticed that there were still enabled and should probably be disabled (or at least allow us to disable them.) This might be just something we need to do with Swarm, if this is the case then documentation should just reflect that.

prio ciphersuite protocols pfs

1 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,1024bits None

2 DHE-RSA-AES256-SHA256 TLSv1.2 DH,1024bits None

3 DHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 DH,1024bits None

4 DHE-RSA-CAMELLIA256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 DH,1024bits None

5 AES256-GCM-SHA384 TLSv1.2 None None

6 AES256-SHA256 TLSv1.2 None None

7 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None

8 CAMELLIA256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None

9 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,1024bits None

10 DHE-RSA-AES128-SHA256 TLSv1.2 DH,1024bits None

11 DHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 DH,1024bits None

12 DHE-RSA-CAMELLIA128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 DH,1024bits None

13 AES128-GCM-SHA256 TLSv1.2 None None

14 AES128-SHA256 TLSv1.2 None None

15 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None

16 CAMELLIA128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None

17 EDH-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 DH,1024bits None

18 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None

19 DES-CBC3-MD5 SSLv2 None None

Certificate: untrusted, 4096 bits, sha512WithRSAEncryption signature

TLS ticket lifetime hint: None

OCSP stapling: not supported

Cipher ordering: client

Curves ordering: none - fallback: no

Server supports secure renegotiation

Server supported compression methods: NONE

TLS Tolerance: yes

Update on Cipher Suites?