StreamSec HB
Home
Products
StreamSec Tools 4.0
StreamSec Tools 2.x
 >> Features
   FAQ
  PKC Tools 4.0
  StreamSec Mobile TLS 1.0
Order
Downloads
  Links
  Contact
    
STRSECII FEATURES
IMPLEMENTED SSL/TLS STANDARDS
  • TLS Protocol Version 1.0 (RFC 2246) (ST 2.1 and up)
  • TLS Protocol Version 1.1 (RFC 4346) (ST 2.2 and up)
  • TLS Protocol Version 1.2 (RFC 5246) (ST 2.3 and up)
  • AES Cipher Suites (RFC 3268)
  • ECC Cipher Suites (RFC 4492)
  • Secure Renegotiation (RFC 5746)
  • Encrypt-then-MAC (RFC 7366)
OTHER SSL/TLS SECURITY FEATURES
  • TRUE 128/192/256 bit encryption Many implements put a cap on security by only allowing public keys up to a limitied size. If the public keys are only 2048, you will get at most 112 bit security. StreamSec Tools 2.x supports RSA, DH and DHE keys of any size. The server will use the RFC 3526 MODP groups of at least 2048 bits, configurable up to 8192 bits. If 256 bit encryption is required, use ECDSA_ECDHE with the prime521 curve.
  • RSA, RSA_DHE, DSS_DHE, DH, RSA_ECDHE, ECDSA_ECDH and ECDH key exchange algorithms.
  • Support for RSA, DSS, DH, ECDSA, ECDH certificates with keys of any size and with both SHA-1 and SHA-2 signature digest algorithms.
  • Automatic certificate chaining using independent trust lists and with an OS indpendent implementation.
  • All cipher suites that provide server authentication are also compatible with client certificate authentication. Optionally, the server might be configured to let the clients send their client certificates encrypted, in which case a second handshake is initiated immediately after the first, before any application data is sent.
  • Resumed sessions MUST use the same cipher suite as the original connections.
  • Client initiated renegotiation is only allowed when client certificate authentication is in use. Clients are not allowed to change client certificate when renegotiating. This prevents both some DoS attacks and some MITM attacks.
  • Server side support for TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks.
  • Clients and servers support application specific AES-CTR, TwoFish-CTR and BlowFish-CTR cipher suites, which are immune against BEAST and similar attacks.
    
shortcuts
 Order StreamSec Tools 2.3 
 Order PKC Tools 4.0 
 Contact sales 
 Registered user dowloads 

 

The contents of this page were modified 2014-11-04
The page was last deployed 2017-03-27

StreamSec HB

© 2000-2014 StreamSec™ All rights reserved.
This web site does not use cookies.
We do not share information about our customers with third parties without explicit permission.