TLSv1.3 Support for Administrative Access Using SSL/TLS Service Profiles
Focus
Focus
What's New in the NetSec Platform

TLSv1.3 Support for Administrative Access Using SSL/TLS Service Profiles

Table of Contents

TLSv1.3 Support for Administrative Access Using SSL/TLS Service Profiles

You can now secure administrative access to the management interface with TLSv1.3 through SSL/TLS service profiles.
You can now configure TLSv1.3 in SSL/TLS service profiles to secure administrative access to management interfaces. TLSv1.3 delivers several performance and security enhancements, including shorter SSL/TLS handshakes and more secure cipher suites. In an SSL/TLS service profile, you can select TLSv1.3 as the minimum or maximum supported protocol version for connections to the management interface. Selecting TLSv1.3 automatically enables the following TLSv1.3 cipher suites:
  • TLS-AES-128-GCM-SHA256
  • TLS-AES-256-GCM-SHA384
  • TLS-CHACHA20-POLY1305-SHA256
    TLS-CHACHA20-POLY1305-SHA256 is not supported in FIPS-CC mode.
However, you can deselect any key exchange algorithms, encryption algorithms, or authentication algorithms as needed. In addition to offering TLSv1.3 support, SSL/TLS service profiles now enable customization of the key exchange algorithms, encryption algorithms, and authentication algorithms supported.