Hi,
What encryption algorithms does the multiplexing proxy use for TLS/SSL communication? What key length is used?
Thanks,
Vaso
TLS/SSL Encryption Algorithms
Search
Re: TLS/SSL Encryption Algorithms
Hi Vaso,
Considering that the following command lines are used for certificate and key creation :
openssl genrsa -aes256 -out intermediate/private/www.example.com.key.pem 2048
openssl req -config intermediate/openssl.cnf -key intermediate/private/www.example.com.key.pem -new -sha256 -out intermediate/csr/www.example.com.csr.pem -subj roleOccupant = "para"
I would say key length is 2048 and algorithm is AES256.
BR
Alex
Considering that the following command lines are used for certificate and key creation :
openssl genrsa -aes256 -out intermediate/private/www.example.com.key.pem 2048
openssl req -config intermediate/openssl.cnf -key intermediate/private/www.example.com.key.pem -new -sha256 -out intermediate/csr/www.example.com.csr.pem -subj roleOccupant = "para"
I would say key length is 2048 and algorithm is AES256.
BR
Alex
-
- Posts: 23
- Joined: Mon Mar 02, 2015 11:33 am
Re: TLS/SSL Encryption Algorithms
Really helpful.
Many thanks Alex.
Many thanks Alex.
Re: TLS/SSL Encryption Algorithms
The information given by "adenaeu" is written in the documentation for the example how to create own certificates via the command line.
I checked the documentation for WinCC OA 3.17 and for the creation of the intermediate key the following command is described as an example:
openssl genrsa -aes256 -out intermediate/private/intermediate.key.pem 4096
Then the key length is 4096.
For me it looks like the certificates you are using define the type of encryption.
Normally you are using pre defined certificates you got from your system administration. Creating own certificates using the command line is not the standard use case.
Best Regards
Leopold Knipp
Senior Support Specialist
I checked the documentation for WinCC OA 3.17 and for the creation of the intermediate key the following command is described as an example:
openssl genrsa -aes256 -out intermediate/private/intermediate.key.pem 4096
Then the key length is 4096.
For me it looks like the certificates you are using define the type of encryption.
Normally you are using pre defined certificates you got from your system administration. Creating own certificates using the command line is not the standard use case.
Best Regards
Leopold Knipp
Senior Support Specialist
-
- Posts: 23
- Joined: Mon Mar 02, 2015 11:33 am
Re: TLS/SSL Encryption Algorithms
Hi Leopold,
Thanks for the response. Does the same apply to version 3.15, as this is the version I'm interested in?
In terms if the pre-defined certificates (the default certificates that are generated when creating a project), is the same AES256 algorithm used and with what length ?
Many thanks,
Vaso
Thanks for the response. Does the same apply to version 3.15, as this is the version I'm interested in?
In terms if the pre-defined certificates (the default certificates that are generated when creating a project), is the same AES256 algorithm used and with what length ?
Many thanks,
Vaso
Re: TLS/SSL Encryption Algorithms
Please take into account that in productive system you should use your own certificates.
When the default certificates are used everyone who has a WinCC OA installation can connect as the same certificates are used.
Using the default certificates does not increase the level of security in a project.
The information given in the previous posts were just the information copied from the WinCC OA Documentation for the example how to create certificates.
You can look at the documentation in 3.15 which examples are described there.
Best Regards
Leopold Knipp
Senior Support Specialist
When the default certificates are used everyone who has a WinCC OA installation can connect as the same certificates are used.
Using the default certificates does not increase the level of security in a project.
The information given in the previous posts were just the information copied from the WinCC OA Documentation for the example how to create certificates.
You can look at the documentation in 3.15 which examples are described there.
Best Regards
Leopold Knipp
Senior Support Specialist