Protect your customers’ data and secure all communications using DTLS in three cipher strengths – AES128, AES256, and Salsa20 – or add additional ciphers per your customer’s needs, whether site-to-site or site-to-multisite.
How Does it Work?
Data is encrypted between CPEs and aggregators using the DTLS 1.2 protocol. DTLS is based on SSL/TLS, and is defined in RFC 4347 and RFC 6347.
Three ciphers are available:
- AES 128, the default due to being accelerated on some CPUs (requires 64-bit operating system)
- AES 256
- Salsa20 256
What does that mean for you?
Our SD-WAN offers perfect forward secrecy with all ciphers. Perfect forward secrecy ensures encrypted traffic cannot be decrypted at a later time even if the private key is compromised.
Encryption is performed using private keys generated when the aggregator and CPE were provisioned, and hosts are authenticated with x.509 certificates signed by a certificate authority on the management server.