The Network Connector initiates an IP over TLS connection (TLS1.2), to specific service IP addresses on port 443 with the following spec:
- Authentication: RSA 2048/SHA256 certificates
- Cipher suites supported:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256_P256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384_P256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA_P256
- TLS_RSA_WITH_3DES_EDE_CBC_SHA.
Note:
- The service will choose the cipher suites based on what the Network Connector offers, which depends on the OS version
- The minimum OS version for the Network Connector when using Windows is Windows Server 2010 or Windows 8.1
- For example, if a customer is using one of these 2 operating systems with a default configuration, the cipher suite to be used would be TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
- For other scenarios, the suite could be different depending on OS capabilities.