Encryption Strength
Tenable Nessus uses the following default encryption for storage and communications.
| Function | Default Encryption |
|---|---|
| Storing user account passwords | SHA-512 and the PBKDF2 function with a 512-bit key |
| Storing user and service accounts for scan credentials, as described in Credentials |
AES-128 |
| Scan results and scan exports | AES-128 |
| Communications between Tenable Nessus and clients (GUI/API users) | TLS 1.3 (fallback to TLS 1.2 or earlier, as configured) with the strongest encryption method supported by Tenable Nessus and your browser or API program |
| Communications between Tenable Nessus and Tenable Agents | TLS 1.3 (fallback to TLS 1.2 if forced by the environment) |
| Communications between Tenable Nessus and the Tenable plugin update server | TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384 |
| Communications between Tenable Nessus and the Tenable product registration server | TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384 |