Encryption Strength

Tenable Security Center uses the following default encryption for storage and communications.

Function

Encryption

Storing TNS user account passwords

SHA-512 and the PBKDF2 function

Storing user and service accounts for scan credentials, as described in Credentials.

AES-256-CBC

Storing scan data, as described in Repositories.

None

Communications between Tenable.sc and clients (Tenable.sc users).

SSL/TLS 1.2 with the strongest encryption method supported by Tenable.sc Apache and your browser, CLI program, or API program: EECDH+AESGCM, EDH+AESGCM, AES256+EECDH, or AES256+EDH.

For more information about strong encryption, see Configure SSL/TLS Strong Encryption.

Communications between Tenable.sc and the Tenable product registration server.

SSL/TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384

Communications between Tenable.sc and the Tenable plugin update server.

SSL/TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384

Communications between Tenable.sc and:

  • Tenable Nessus or Tenable Nessus Manager

  • Tenable Vulnerability Management

  • Nessus Network Monitor

  • LCE

SSL/TLS 1.2 with the strongest encryption method supported by Tenable.sc Apache and your browser, CLI program, or API program: ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-SHA384, or ECDHE-RSA-AES256-GCM-SHA384.

Synchronizations between Tenable.sc and Tenable Vulnerability Management for Tenable One.

SSL/TLS 1.2