User's Guide
	PreviousNext

PreviousNext

Portal Top > Manual top > About the Machine > Specifications > Security and Management Function Specifications

Security and Management Function Specifications

Document number: 95J7-00Y

Firewall

Keys and Certificates

Definition of "Weak Encryption"

TLS

Firewall

Up to 16 IP addresses (or ranges of IP addresses) can be specified for both IPv4 and IPv6.

Up to 32 MAC addresses can be specified.

Keys and Certificates

The following keys and certificates are supported:

Self-generated Key and Self-signed Certificate or CSR

Public key algorithm (and key length)	RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) ECDSA (P256, P384, P521)
Certificate signature algorithm	RSA: SHA-256, SHA-3841, SHA-5121 ECDSA: SHA-256, SHA-384, SHA-512

*1 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.

Key and Certificate or CA Certificate for Installation

Format	Key PKCS#1212 CA certificate X.509 DER format/PEM format*2
File extension	Key ".p12" or ".pfx" CA certificate ".cer" or ".pem"
Public key algorithm (and key length)	RSA (512 bits, 1024 bits, 2048 bits, 4096 bits) ECDSA (P256, P384, P521)
Certificate signature algorithm	RSA: SHA-256, SHA-3843, SHA-5123 ECDSA: SHA-256, SHA-384, SHA-512

*1 Requirements for the certificate contained in a key are pursuant to CA certificates.

*2 Certificates of more than 2 MB cannot be registered.

*3 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.


The machine does not support use of a certificate revocation list (CRL).

Definition of "Weak Encryption"

When [Prohibit Use of Weak Encryption] in [Encryption Settings] is set to [On], the use of the following algorithms is prohibited. [Encryption Settings]

Hash	MD4, MD5, SHA-1
HMAC	HMAC-MD5
Common key encryption	RC2, RC4, DES
Public key encryption	RSA encryption (512 bits/1024 bits) RSA signature (512 bits/1024 bits) DSA (512 bits/1024 bits) DH (512 bits/1024 bits)


Even when [Prohibit Key/Cert. with Weak Encryption] in [Encryption Settings] is set to [On], the hash algorithm SHA-1, which is used for signing a root certificate, can be used.

TLS

The following combinations of the TLS version and algorithm are usable:

: Usable

: Not usable

Algorithm	TLS Version
Algorithm	TLS 1.3	TLS 1.2	TLS 1.1	TLS 1.0
Encryption Algorithm
AES-CBC (256bit)
AES-CBC (128bit)
AES-GCM (256bit)
AES-GCM (128bit)
3DES-CBC
CHACHA20-POLY1305
Key Exchange Algorithm
RSA
ECDHE
X25519
Signature Algorithm
RSA
ECDSA
HMAC Algorithm
SHA1
SHA256
SHA384

Find manuals for other products

If you can't find what you're looking for, you can search here.

imageCLASS MF269dw II

User's Guide

Please be sure to read this.‎Supported browsers Cookies

USRMA-7613-012023-06Copyright CANON INC. 2023