Browser/SSH Client Compatibility
Minimum Requirements
With the factory default settings (equivalent to a factory reset), the device security setting (policy = None) favors interoperability, but may restrict access to certain Web browsers and SSH clients.
Before beginning the hardening procedure, you should make sure that you are able to configure your SSH client to be compatible with the following:
- Version: SSH2
- KeyExchange: diffie-helmann-group14-sha1
- PublicKey: RSA 2048 bits
- Cipher: AES-128-CTR
- HMAC: HMAC-SHA2-256
Browser Compatibility with Cipher Suites
Before making a hardened device available to network users, you should verify browser compatibility (TLS 1.0 to TLS 1.2) with the following (minimal) list of cipher suites, assuming an RSA certificate is used:
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Supported Browsers
The following browsers are known to work with the Makito X in its factory default state:
- Windows
- Chrome 46.0 or later
- Firefox 41.0.2 or later
- Internet Explorer 11.0
- Mac OS X
- Safari 9.0 or later
- Safari 9.0 or later
Supported SSH Clients
The following SSH clients are known to work with the Makito X in its factory default state:
- Windows
- PuTTY 0.64
- PuTTY 0.64
Supported Cipher Suites
To obtain a list of the cipher suites supported by a given browser, use it to browse to one of the following URLs:
| Qualys SSL Labs | https://www.ssllabs.com/ssltest/viewMyClient.html SSL Labs is a non-commercial research effort maintained by Qualys (www.qualys.com). |
| DCSec SSL Cipher Suite Details | https://cc.dcsec.uni-hannover.de/ This site is maintained by the Distributed Computing & Security (DCSec) Research Group at the Leibniz University of Hannover). |