SSH support for Suite B

Suite B contains a set of encryption and authentication algorithms that meet high security requirements. Table 30 lists all algorithms in Suite B.

The SSH server and client support using the X.509v3 certificate for identity authentication in compliance with the algorithm, negotiation, and authentication specifications defined in RFC 6239.

Table 30: Suite B algorithms

Security level

Key exchange algorithm

Encryption algorithm and HMAC algorithm

Public key algorithm

128-bit

ecdh-sha2-nistp256

AES128-GCM

x509v3-ecdsa-sha2-nistp256

x509v3-ecdsa-sha2-nistp384

192-bit

ecdh-sha2-nistp384

AES256-GCM

x509v3-ecdsa-sha2-nistp384

Both

ecdh-sha2-nistp256

ecdh-sha2-nistp384

AES128-GCM

AES256-GCM

x509v3-ecdsa-sha2-nistp256

x509v3-ecdsa-sha2-nistp384