Nessus uses the following default encryption for storage and communications.
|Storing user account passwords||SHA-512 and the PBKDF2 function with a 512-bit key|
|Storing user and service accounts for scan credentials, as described in Credentials||
|Communications between Nessus and clients (GUI/API users)||TLS 1.3 (fallback to TLS 1.2 or earlier, as configured) with the strongest encryption method supported by Nessus and your browser or API program|
|Communications between Nessus and the Tenable product registration server||TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384|
|Communications between Nessus and the Tenable plugin update server||TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384|