Encryption Strength

Tenable Security Center Director uses the following default encryption for storage and communications.

Function

Encryption

Storing TNS user account passwords

SHA-512 and the PBKDF2 function

Storing user and service accounts for scan credentials, as described in Credentials.

AES-256-CBC

Storing scan data, as described in Repositories.

None

Communications between Tenable Security Center and clients (Tenable Security Center users).

TLS 1.2 with the strongest encryption method supported by Tenable Security Center Apache and your browser, CLI program, or API program: EECDH+AESGCM, EDH+AESGCM, AES256+EECDH, or AES256+EDH.

For more information about strong encryption, see Configure SSL/TLS Strong Encryption.

Communications between Tenable Security Center and the Tenable product registration server.

TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384

Communications between Tenable Security Center and the Tenable plugin update server.

TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384

Communications between Tenable Security Center and:

  • Tenable Nessus or Tenable Nessus Manager

  • Tenable Vulnerability Management

  • Tenable Nessus Network Monitor

  • Tenable Log Correlation Engine

TLS 1.2 with the strongest encryption method supported by Tenable Security Center Apache and your browser, CLI program, or API program: ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-SHA384, or ECDHE-RSA-AES256-GCM-SHA384.

Synchronizations between Tenable Security Center and Tenable Vulnerability Management for Tenable Lumin.

TLS 1.2