Skip to main content

Docker Success Center

The Docker enterprise customer portal.

Docker, Inc.

What type of symmetric keys are used for TLS in swarm mode, and how strong are they?

The keys used for communication over TLS in swarm mode are Elliptic Curve (ECDSA) keys created with a length of 256 bits. The strength of an Elliptic Curve key of 256 bits is roughly equivalent to that of a 3072-bit RSA key. You can check the strength of your swarm keys yourself by looking at the files located on a Swarm manager in /var/lib/docker/swarm/certificates/* and viewing the details of your Swarm certificates with the openssl command. For example:

sudo openssl x509 -text -in /var/lib/docker/swarm/certificates/swarm-node.crt

This will tell you about the certificates used for swarm mode, as well as the encryption type and key strength used for Swarm mode.

Additionally, you can take a look at a section of the Swarmkit source within the Docker project where this is explicitly set.