SSH support for Suite B
Suite B contains a set of encryption and authentication algorithms that meet high security requirements. Table 30 lists all algorithms in Suite B.
The SSH server and client support using the X.509v3 certificate for identity authentication in compliance with the algorithm, negotiation, and authentication specifications defined in RFC 6239.
Table 30: Suite B algorithms
Security level | Key exchange algorithm | Encryption algorithm and HMAC algorithm | Public key algorithm |
---|---|---|---|
128-bit | ecdh-sha2-nistp256 | AES128-GCM | x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384 |
192-bit | ecdh-sha2-nistp384 | AES256-GCM | x509v3-ecdsa-sha2-nistp384 |
Both | ecdh-sha2-nistp256 ecdh-sha2-nistp384 | AES128-GCM AES256-GCM | x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384 |