Ciphers used in NetBackup

This section lists the ciphers that NetBackup uses for secure communication.

Table: Ciphers used in NetBackup for web access

Product	Local account password encryption	Web access
NetBackup 10.x	NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.	TLSv1.2	Web Services (ports 443 and 1556): ECDHE_RSA_WITH_AES_128_GCM_SHA256 DHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE_RSA_WITH_AES_256_GCM_SHA384 DHE_RSA_WITH_AES_256_GCM_SHA384 Secure communications (control and data channels): ECDHE-RSA-AES256-GCM-SHA384 RabbitMQ (port 13781): ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384

Product

Local account password encryption

Web access

Connections

Enabled transmission ciphers

NetBackup 10.x

NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.

TLSv1.2

Web Services (ports 443 and 1556):

ECDHE_RSA_WITH_AES_128_GCM_SHA256

DHE_RSA_WITH_AES_128_GCM_SHA256

ECDHE_RSA_WITH_AES_256_GCM_SHA384

DHE_RSA_WITH_AES_256_GCM_SHA384

Secure communications (control and data channels):

ECDHE-RSA-AES256-GCM-SHA384

RabbitMQ (port 13781):

ECDHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES256-GCM-SHA384

Table: Ciphers used in NetBackup for authentication

Product	Local account password encryption	Authentication services connections
NetBackup 10.2	NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.	If configured, NetBackup uses Openldap to connect directly to LDAP or AD servers. Both LDAP and LDAPS (LDAP over TLS) are supported	Simple authentication	ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA

Product

Local account password encryption

Authentication services connections

Active Directory Domain Controllers

LDAP authentication

Ciphers

NetBackup 10.2

NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.

If configured, NetBackup uses Openldap to connect directly to LDAP or AD servers. Both LDAP and LDAPS (LDAP over TLS) are supported

Simple authentication

ECDHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-SHA384

ECDHE-RSA-AES256-SHA

DHE-RSA-AES256-SHA

Table: Ciphers used in NetBackup for data at rest encryption

Product	Local account password encryption	Data at rest encryption
NetBackup 10.x	NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.	Software based except for tape drive encryption	MSDP: AES-256-CTR Legacy cloud connector and Advanced Disk Crypt: AES-256-CFB Client encryption (selected by customer): AES-128-CFB (default) BF-CFB DES-EDE-CFB AES-256-CFB Tape drive encryption (hardware-based): AES-256

Product

Local account password encryption

Data at rest encryption

Hardware or software-based encryption

Ciphers

NetBackup 10.x

NetBackup typically does not use local accounts. Instead, accounts that are defined on the local OS or an external identity provider (SAML, AD, or LDAP) are used.

Software based except for tape drive encryption

MSDP: AES-256-CTR

Legacy cloud connector and Advanced Disk Crypt:

AES-256-CFB

Client encryption (selected by customer):

AES-128-CFB (default)

BF-CFB

DES-EDE-CFB

AES-256-CFB

Tape drive encryption (hardware-based):

AES-256

Ciphers used in NetBackup

Feedback

Feedback