Ciphers for secure connection between HPE OneView and backup server

Establish a secure connection between the HPE OneView appliance and the backup server.

Establishing a secure connection between the appliance and a backup server requires a negotiation between the client and the server to determine the strongest cryptographic components, such as the keys and algorithms that they both support.

The following are the cryptographic ciphers used for encryption:
Cipher names Description Example Additional information
SYMETRICKEY (Ciphers) The symmetric cypher algorithms used to encrypt the entire connection between the client and server. Aes256-ctr, aes192-ctr, and aes128-ctr For these ciphers, the client provides a list of candidates in a preferred order from strongest to weakest. The server responds with the first option that it supports.
MAC (MACs) The algorithms used to convert a hash of each message into the Message Authentication Code used to confirm that each message comes from the stated sender and has not been modified in transit. Hmac-sha2-512, hmac-sha2-256, and hmac-sha1
KEYEXCHANGE (KexAlgorithms) Key exchange algorithms used to negotiate a shared symmetric encryption key for each session based on public /private key pairs. These key pairs are generated inside the exchange algorithms that allow secured negotiation over insecure channels. Ecdh-sha2-nistp384, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp521, diffie-hellman-group14-sha1
ASYMETRICKEYGENERATOR (HostKeyAlgorithms) The public/private key pair used to authenticate the remote backup server as it is configured in the appliance. This key pair is only used for authentication and is unrelated to the key pairs used by the key exchange algorithm. Dsa, rsa, and ecdsa
NOTE:

Keys are specified by algorithm and length.

In the negotiation of this cipher, the server will respond by accepting the public key provided by the appliance, if it has already been accepted. If not, for version 4.2 or later, the server accepts a fingerprint and the strongest key at the current security level.