Communication and Connection Security

For security-conscious organizations that require standards based encryption for protecting data communication, SSL mode can be enabled to secure the communication between the MobiControl Device Agents on the device, the Deployment Servers and the MobiControl Manager consoles have this option enabled by default.

MobiControl's SSL communication mode uses the TLS (Transport Layer Security) v1.2 Cipher Suites of the Secure Channel (SChannel) Microsoft Security Support Provider (SSP), superseding the SSL v 3.0 protocol.  These cipher suites are implemented by the Microsoft Enhanced Cryptography Provider that is built into the Windows operating system on top of which the product runs.  The encryption meets the requirements specified in the Federal Information Processing Standards Publication (FIPS PUB) for FIPS PUB 140-2 Security Requirements.

The full list of Microsoft cipher suites available with SChannel TLS v1.2 is given below:


TLS_RSA_WITH_AES_128_CBC_SHA256

Note:

MobiControl does not support third party certificates (e.g. VeriSign certificates). Support will be added in later versions.

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_RC4_128_MD5

SSL_CK_RC4_128_WITH_MD5

SSL_CK_DES_192_EDE3_CBC_WITH_MD5

TLS_RSA_WITH_NULL_SHA256

TLS_RSA_WITH_NULL_SHA


The selection is determined based on the minimum and maximum cipher suite strengths that are defined by the Windows operating system upon which the product runs. The above is the full list of cipher suites that are included with Windows Server 2008.

SSL Configuration for Devices

Right-click on a target device or group in the device tree, click Configure Devices, then click Advanced Settings. Next, click the Configure SSL button and check the box next to Use SSL SecurityPlease see the Connection Security page for more information on the SSL options for configuration at the device or group level.