Mac Management Group

View Only

SMP Agent for Mac 8.0 - SSL, TLS, Key Exchange & Cipher Information

Recommend

Nov 21, 2016 11:33 AM

Migration User

The following charts show test results for various configurations of SSL, TLS, Key Exchange and Cipher settings in IIS for SMP Agent for Mac communication with the SMP server.

While it would be impossible to test every combination, there are several obvious combinations that were tested. The following conditions apply:

All SSL, TLS, Key Exchange and Cipher configuration changes were done using "IIS Crypto 2.0". A reboot of the SMP VM was done after each change.
The SMP virtual machine is running Windows Server 2012 R2 Standard.
The Mac client is running OS X 10.12.1 and the SMP Agent for Mac version 8.0.3311.
Communication was tested on the client by running 'aex-refreshpolicies' in the Terminal.app.

The following table shows test results for when the NS is NOT configured to use SSL. It is HTTP only. The default <servername> certificate is bound to port 443. The client is configured to use HTTPS (the agent will fallback to http):

SSL & TLS				Result	Notes
SSL All	TLS All	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL All	TLS None	Key Exchanges: ALL	Ciphers: ALL	Failed
SSL None	TLS All	Key Exchanges: ALL	Ciphers: ALL	Failed
SSL All	TLS 1.0	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL All	TLS 1.1	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL All	TLS 1.2	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 2.0	TLS All	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 2.0	TLS 1.0	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 2.0	TLS 1.1	Key Exchanges: ALL	Ciphers: ALL	Failed	SSL 2.0 evidently does not work with TLS 1.1 and 1.2.
SSL 2.0	TLS 1.2	Key Exchanges: ALL	Ciphers: ALL	Failed	SSL 2.0 evidently does not work with TLS 1.1 and 1.2.
SSL 3.0	TLS All	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 3.0	TLS 1.0	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 3.0	TLS 1.1	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 3.0	TLS 1.2	Key Exchanges: ALL	Ciphers: ALL	Successful

Key Exchanges
SSL All	TLS All	Key Exchanges: None	Ciphers: ALL	Failed
SSL All	TLS All	Key Exchanges:Diffie-Heilman only	Ciphers: ALL	Successful
SSL All	TLS All	Key Exchanges:PKCS only	Ciphers: ALL	Successful
SSL All	TLS All	Key Exchanges:ECDH only	Ciphers: ALL	Successful

Ciphers
SSL All	TLS All	Key Exchanges All	Ciphers: None	Successful

The following table shows test results for when the NS IS configured to require SSL and accept client certificates. The default <servername> certificate is bound to port 443. The client is configured to use HTTPS (the agent will fallback to http):

SSL & TLS				Result
SSL All	TLS All	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL All	TLS None	Key Exchanges: ALL	Ciphers: ALL	Failed
SSL None	TLS All	Key Exchanges: ALL	Ciphers: ALL	Successful	Verified in the registry - no enabled SSL versions.
SSL All	TLS 1.0	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL All	TLS 1.1	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL All	TLS 1.2	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 2.0	TLS All	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 2.0	TLS 1.0	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 2.0	TLS 1.1	Key Exchanges: ALL	Ciphers: ALL	Failed
SSL 2.0	TLS 1.2	Key Exchanges: ALL	Ciphers: ALL	Failed
SSL 3.0	TLS All	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 3.0	TLS 1.0	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 3.0	TLS 1.1	Key Exchanges: ALL	Ciphers: ALL	Successful
SSL 3.0	TLS 1.2	Key Exchanges: ALL	Ciphers: ALL	Successful

Key Exchanges
SSL All	TLS All	Key Exchanges: None	Ciphers: ALL	Failed
SSL All	TLS All	Key Exchanges:Diffie-Heilman only	Ciphers: ALL	Successful
SSL All	TLS All	Key Exchanges:PKCS only	Ciphers: ALL	Successful
SSL All	TLS All	Key Exchanges:ECDH only	Ciphers: ALL	Successful

Ciphers
SSL All	TLS All	Key Exchanges All	Ciphers: None	Failed

Statistics

0 Favorited

0 Views

0 Files

0 Shares

0 Downloads

Mac Management Group

SMP Agent for Mac 8.0 - SSL, TLS, Key Exchange & Cipher Information

Tags and Keywords

Related Entries and Links