Tenable Nessus uses the following default encryption for storage and communications.
|Storing user account passwords||SHA-512 and the PBKDF2 function with a 512-bit key|
|Storing user and service accounts for scan credentials, as described in Credentials||
|Communications between Tenable Nessus and clients (GUI/API users)||TLS 1.3 (fallback to TLS 1.2 or earlier, as configured) with the strongest encryption method supported by Tenable Nessus and your browser or API program|
|Communications between Tenable Nessus and the Tenable product registration server||TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384|
|Communications between Tenable Nessus and the Tenable plugin update server||TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384|