Updating Cipher Suites for Web Application Firewall (WAF) Security
Updating Cipher Suites for Web Application Firewall (WAF) Security
Release Description: Updating Cipher Suites for Web Application Firewall (WAF) Security
Category: Compliance
Target Audience:
Implementation date: 20/01/2025
Ciphers:
The primary purpose of ciphers is to ensure confidentiality, integrity, and authenticity of data during transmission. Using strong ciphers as outlined by PCI DSS is crucial for protecting sensitive cardholder data and ensuring compliance with industry standards, ultimately helping to safeguard against data breaches and cyber-attacks.
Strong Ciphers:
Strong ciphers provide high levels of security, making it extremely difficult for unauthorized parties to decipher the encrypted data without the correct decryption key.
Importance of Strong Ciphers:
- Data Protection: Strong ciphers protect sensitive data from unauthorized access and disclosure, ensuring the confidentiality and privacy of information.
- Compliance: Many regulatory standards such as PCI DSS, require the use of strong encryption to protect sensitive information, ensuring that organizations comply with legal and industry requirements.
- Preventing Data Breaches: By using strong ciphers, organizations can significantly reduce the risk of data breaches and the associated financial and reputational damage.
- Secure Communication: Strong ciphers enable secure communication over public networks, such as the internet, protecting data from interception and tampering.
- Authentication and Integrity: Strong ciphers are used in digital signatures and hash functions to verify the authenticity and integrity of data, ensuring that information has not been altered and is from a legitimate source.
Cipher Suites:
A cipher suite is a collection of cryptographic algorithms used to secure network connections via protocols like Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL). Each cipher suite specifies algorithms for key exchange, authentication, encryption, and message integrity, working together to establish a secure connection.
List of secure and supported Cipher Suites:
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CCM_8
TLS_RSA_WITH_AES_256_CCM
TLS_RSA_WITH_AES_128_CCM_8
TLS_RSA_WITH_AES_128_CCM
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA38
If your systems are not properly maintained and lack support for strong encryption, you may experience disconnection.
If you have any questions or need further assistance, please feel free to contact our Support team.