Transport Layer Security

Intel AMT uses the Transport Layer Security (TLS) protocol to provide endpoint authentication and communications privacy across a public network (see Intel AMT and Security Considerations).

 TLS Versions Supported by Various Firmware Versions

In Intel AMT Release 12.0, support was added for TLS version 1.2 and support was removed for TLS version 1.0. Following is the list of supported TLS 1.2 ciphers:

• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Starting from Intel CSME 15.0 firmware for desktops, and Intel CSME 16.0 firmware for all platforms, Intel has removed support for TLS 1.1. TLS 1.1 can no longer be used to connect to Intel AMT. Customers should use TLS 1.2.

Intel plans to add support for TLS 1.3 and AEAD cipher suites TLS13-AES-256-GCM-SHA384 and TLS13-AES-128-GCM-SHA256 to Intel CSME, starting with an Intel CSME 15 release and an Intel CSME 16 release.

For more information about the Transport Layer Security feature, see the following:

   Detailed Description

   CIM Elements

   Events

   Use Cases

Copyright © 2006-2022, Intel Corporation. All rights reserved.