Ciphers

Ciphers are algorithms for performing encryption and decryption. They are used to help provide secure communications over computer networks. Load balancers that make use of the SSL Termination feature are configured to use only certain ciphers based on the assigned cipher profile.

Ciphers profiles are a named set of cipher suites to be used by a load balancer. The cipher profile can be assigned via the cipherProfile field when creating or updating SSL Termination configuration for the load balancer.

By default, load balancers are assigned the default cipher profile which is managed by Rackspace and updated from time to time to disable ciphers that have become insecure. For this reason, use of the default cipher profile is recommended.

Warning

The default profile is a general cipher suite that is designed to accommodate the largest number of possible clients. To accomplish this goal while still providing a base level of security, the default cipher suite will be updated from time to time to mitigate major vulnerabilities. Other cipher profile suites will be added to accomodate specific security requirements for environments that require stricter compliance.

You can view the list of ciphers enabled on a particular load balancer by using the List ciphers API.

Cipher profiles

The following table provides the available profiles and their associated ciphers. As security concerns change, new cipher profiles may be added.

Ciphers

default

CLBCipherPolicy2017-08

CLBCipherPolicy2019-05

TLS_AES_256_GCM_SHA384

TLS_AES_128_GCM_SHA256

SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384

SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256

SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384

SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA

SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256

SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA

SSL_RSA_WITH_AES_256_GCM_SHA384

SSL_RSA_WITH_AES_256_CBC_SHA256

SSL_RSA_WITH_AES_256_CBC_SHA

SSL_RSA_WITH_AES_128_GCM_SHA256

SSL_RSA_WITH_AES_128_CBC_SHA256

SSL_RSA_WITH_AES_128_CBC_SHA

SSL_RSA_WITH_3DES_EDE_CBC_SHA

Cipher Statuses

Name

Description

ERROR

The system encountered an error when attempting to retrieve the load balancer ciphers. Contact Support.

List ciphers

GET /v1.0/{account}/loadbalancers/{loadbalancerid}/ssltermination/ciphers

Lists ciphers enabled for SSL termination on the loadbalancer.

The following table shows the possible response codes for this operation:

Response code

Name

Description

200

Success

Request succeeded.

400

Bad Request

The request is missing one or more elements, or the values of some elements are invalid.

401

Unauthorized

You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.

413

Over Limit

The number of items returned is above the allowed limit.

422

ImmutableEntity

This fault is returned when a user attempts to modify an item that is not currently in a state that allows modification. For example, load balancers in a status of PENDING_UPDATE,BUILD, or DELETED may not be modified.

500

Load Balancer Fault

The load balancer has experienced a fault.

503

Service Unavailable

The service is not available.

Request

The following table shows the URI parameters for the request:

Name

Type

Description

{account}

String

The ID for the tenant or account in a multi- tenancy cloud.

{loadbalancerid}

String

The ID of the load balancer.

This operation does not accept a request body.

Response

The following table shows the body parameters for the response:

Name

Type

Description

ciphers

Object

A list of named ciphers associated to the load balancer.

Example List ciphers: JSON response

{
   "ciphers": [
     {
      "name": "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
     },
     {
      "name": "SSL_RSA_WITH_AES_128_CBC_SHA"
     }
   ]
}

Example List ciphers: XML response

<?xml version="1.0" ?>
<ciphers>
    <cipher name="SSL_RSA_WITH_3DES_EDE_CBC_SHA" />
    <cipher name="SSL_RSA_WITH_AES_128_CBC_SHA" />
</ciphers>