Encryption Algorithm Suite

Security Configuration Guide

OceanStor Dorado V6 Series 6.1.0

"This document describes security features of the storage system in terms of security deployment, security configuration, security maintenance, and data security."

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Encryption Algorithm Suite

This chapter describes the TLS encryption algorithm suite supported by OceanStor Dorado V6 series storage systems.

The encryption algorithm suite defines a series of security mechanisms to ensure the security of TLS communication.

Key exchange algorithm: Defines how keys, which are used for data encryption, are exchanged between clients and servers. For example, ECDHE algorithm.
Authentication method: Defines how a client authenticates a server. For example, RSA certificate or no authentication.
Encryption algorithm: Defines how to encrypt data. For example, AES (256-bit or 128-bit).
Hash algorithm: Provides a method for checking whether data has been tampered to ensure data integrity during transmission. For example, SHA-2.

Table E-1 provides the TLS encryption algorithm suite supported by OceanStor Dorado V6 series storage systems.

Table E-1 Encryption algorithm suite

Application	Protocol	Port Number	Encryption Algorithm Suite
DeviceManager (GUI for system management)	TLS 1.2 and TLS 1.3	8088	Two types of encryption suites are supported on DeviceManager: safe and compatible. safe DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-CCM ECDHE-RSA-AES256-SHA384 compatible ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-CCM ECDHE-RSA-AES256-SHA384 NOTE: You can log in to the CLI management interface, run show devicemanager ciphersuite and change devicemanager ciphersuite to query and configure the DeviceManager security suites.
SSH Server (CLI for system management)	SSH V2	22	Ciphers AES128-CTR AES192-CTR AES256-CTR CHACHA20-POLY1305@openssh.com AES128-GCM@openssh.com AES256-GCM@openssh.com KexAlgorithms CURVE25519-SHA256 CURVE25519-SHA256@libssh.org DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA256 HostKeyAlgorithms SSH-ED25519 SSH-ED25519-CERT-V01@openssh.com RSA-SHA2-256 RSA-SHA2-512 MAC HMAC-SHA2-256
HyperMetro services	TLS 1.2	30002	AES256+RSA+SHA256 AES256-GCM-SHA384 AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384
SNMP Agent	SNMPv3	161	MD5 SHA SHA224 SHA256 SHA384 SHA512 DES 3DES AES AES192 AES256

Download

Updated: 2020-11-16

Document ID: EDOC1100140618

Downloads: 44

Average rating:

This Document Applies to these Products

Reminder

"This document describes security features of the storage system in terms of security deployment, security configuration, security maintenance, and data security."

Related Version

Related Documents

About Huawei

How to Buy

Partner

Resources

Others

Enterpise App

Reminder

Enterprise

Corporate

Consumer

Carrier

Africa

Latin America

Middle East

Asia Pacific

North America

Europe

"This document describes security features of the storage system in terms of security deployment, security configuration, security maintenance, and data security."

Encryption Algorithm Suite

Related Version

Related Documents

About Huawei

How to Buy

Partner

Resources

Others

Enterpise App