Bosch IoT Rollouts

SOUP Transport layer security

The System Software Update extension is currently under development. The provided documentation aims to give insights into the general concepts of the future offering. However, details including APIs may be subject to change.

Table of contents:

Supported encryption protocols

Protocol

Supported

SSL any version

-

TLS1.0

-

TLS1.1

-

TLS1.2

images/confluence/download/thumbnails/3493178922/Screenshot-2023-11-16-at-13.07.53-version-1-modificationdate-1711615948000-api-v2.png

TLS1.3

images/confluence/download/thumbnails/3493178922/Screenshot-2023-11-16-at-13.07.53-version-1-modificationdate-1711615948000-api-v2.png

Supported TLS cipher suites

UI

Endpoint: https://console.bosch-iot-suite.com/systems

TLS Version

Cipher Suite Name (IANA/RFC)

KeyExch.

Authenticator

Encryption

Bits

Remark

TLSv1.2

TLS_ ECDHE_ ECDSA_ WITH_ AES_ 128_ GCM_ SHA256

ECDHE

ECDSA

AES GCM

128

Recommended

TLSv1.2

TLS_ ECDHE_ ECDSA_ WITH_ AES_ 256_ GCM_ SHA384

ECDHE

ECDSA

AES GCM

256

Recommended

TLSv1.2

TLS_ ECDHE_ RSA_ WITH_ AES_ 128_ GCM_ SHA256

ECDHE

RSA

AES GCM

128

Secure

TLSv1.2

TLS_ ECDHE_ RSA_ WITH_ AES_ 256_ GCM_ SHA384

ECDHE

RSA

AES GCM

256

Secure

TLSv1.2

TLS_ ECDHE_ ECDSA_ WITH_ AES_ 128_ CBC_ SHA256

ECDHE

ECDSA

AES CBC

128

Weak

TLSv1.2

TLS_ ECDHE_ RSA_ WITH_ AES_ 128_ CBC_ SHA256

ECDHE

RSA

AES CBC

128

Weak

TLSv1.2

TLS_ ECDHE_ ECDSA_ WITH_ AES_ 256_ CBC_ SHA384

ECDHE

ECDSA

AES CBC

256

Weak

TLSv1.2

TLS_ ECDHE_ RSA_ WITH_ AES_ 256_ CBC_ SHA384

ECDHE

RSA

AES CBC

256

Weak

TLSv1.2

TLS_ RSA_ WITH_ AES_ 128_ GCM_ SHA256

RSA

RSA

AES GCM

128

Weak

TLSv1.2

TLS_RSA_WITH_AES_128_CBC_SHA256

RSA

RSA

AES CBC

128

Weak

TLSv1.2

TLS_ RSA_ WITH_ AES_ 256_ GCM_ SHA384

RSA

RSA

AES GCM

256

Weak

TLSv1.2

TLS_ RSA_ WITH_ AES_ 256_ CBC_ SHA256

RSA

RSA

AES CBC

256

Weak

System Management API

Endpoint: https://system-management.eu1.bosch-iot-rollouts.com/api/mgmt

TLS Version

Cipher Suite Name (IANA/RFC)

KeyExch.

Authenticator

Encryption

Bits

Remark

TLSv1.3

TLS_AES_128_GCM_SHA256

PFS

-

AES GCM

128

Recommended

TLSv1.3

TLS_AES_256_GCM_SHA384

PFS

-

AES GCM

256

Recommended

TLSv1.3

TLS_CHACHA20_POLY1305_SHA256

PFS

-

ChaCha20

256

Recommended

TLSv1.3, TLSv1.2

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

ECDHE 256

ECDSA

AES GCM

256

Recommended

TLSv1.3, TLSv1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDHE 256

RSA

AES GCM

256

Secure

TLSv1.3, TLSv1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDHE 256

RSA

AES GCM

128

Secure

TLSv1.3, TLSv1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDHE 256

RSA

AES GCM

256

Secure

Install API

Endpoint: https://system.eu1.bosch-iot-rollouts.com/api/install

TLS Version

Cipher Suite Name (IANA/RFC)

KeyExch.

Authenticator

Encryption

Bits

Remark

TLSv1.3

TLS_AES_128_GCM_SHA256

PFS

-

AES GCM

128

Recommended

TLSv1.3

TLS_AES_256_GCM_SHA384

PFS

-

AES GCM

256

Recommended

TLSv1.3

TLS_CHACHA20_POLY1305_SHA256

PFS

-

ChaCha20

256

Recommended

TLSv1.3, TLSv1.2

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

ECDHE 256

ECDSA

AES GCM

256

Recommended

TLSv1.3, TLSv1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDHE 256

RSA

AES GCM

256

Secure

TLSv1.3, TLSv1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDHE 256

RSA

AES GCM

128

Secure

TLSv1.3, TLSv1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDHE 256

RSA

AES GCM

256

Secure

Secure ciphers are considered state-of-the-art. Recommended ciphers also provide Perfect Forward Secrecy (PFS) and should be preferred. Weak ciphers are only offered to provide support for older operations systems, browsers, or applications. However, they are old and should be avoided. Furthermore, they are deprecated and will not be offered in the near future.