Secure Cipher Suite
The Secure protocol and the Security mode affect which cipher suite is selectable during an SSL handshake. The order in which the SPAdmin tool presents the cipher suite is dependent on the Secure protocol and Security mode that is enabled. The table below illustrates which cipher suites are valid for each protocol and mode. The SPAdmin tool allows you to enable or select ten from the list. However, during the SSL handshake any selection that is not valid for the Secure protocol and Security mode selected are ignored. At least one cipher must be valid for the protocol and mode enabled in both the PNODE and SNODE list.
Cipher ID |
Name |
Deprecated |
TLS 1.3 |
TLS 1.2 |
TLS 1.1 |
TLS 1.0 |
SSL 3.0 |
FIPS140-2 >= TLS1.0 |
SP800 - 131A TLS 1.2 Only |
Suite B 128 TLS 1.2 Only |
Suite B 192 TLS 1.2 Only |
Kx |
Au |
Enc |
Bits |
Mac |
Mac Bits |
Mode Strength |
0x01301 | TLS_AES_128_GCM_SHA256 |
X |
NULL | NULL | AES_128_GCM | 128 | SHA256 | 256 | 2 | |||||||||
0x01302 | TLS_AES_256_GCM_SHA384 |
X |
NULL | NULL | AES_256_GCM | 256 | SHA384 | 384 | 2 | |||||||||
0x0C02C |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
|
X |
|
|
|
X |
X |
X |
X |
ECDHE |
ECDSA |
AES_256_GCM |
256 |
SHA384 |
384 |
2 |
|
0x0C024 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
ECDSA |
AES_256_CBC |
256 |
SHA384 |
384 |
1 |
|
0x0C00A |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
ECDSA |
AES_256_CBC |
256 |
SHA |
160 |
1 |
|
0x0C02B |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
|
X |
|
|
|
X |
X |
X |
|
ECDHE |
ECDSA |
AES_128_GCM |
128 |
SHA256 |
256 |
2 |
|
0x0C023 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
ECDSA |
AES_128_CBC |
128 |
SHA256 |
256 |
1 |
|
0x0C009 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
ECDSA |
AES_128_CBC |
128 |
SHA |
160 |
1 |
|
0x0C007 |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
|
X |
|
|
|
|
|
|
|
ECDHE |
ECDSA |
RC4_128 |
128 |
SHA |
160 |
0 |
|
0x0C008 |
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
ECDSA |
3DES_EDE_CBC |
168 |
SHA |
160 |
1 |
|
0x0C006 |
TLS_ECDHE_ECDSA_WITH_NULL_SHA |
|
X |
|
|
|
|
|
|
|
ECDHE |
ECDSA |
NULL |
0 |
SHA |
160 |
0 |
|
0x0C030 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
RSA |
AES_256_GCM |
256 |
SHA384 |
384 |
2 |
|
0x0C028 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
RSA |
AES_256_CBC |
256 |
SHA384 |
384 |
1 |
|
0x0C014 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
RSA |
AES_256_CBC |
256 |
SHA |
160 |
1 |
|
0x0C02F |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
RSA |
AES_128_GCM |
128 |
SHA256 |
256 |
2 |
|
0x0C027 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
RSA |
AES_128_CBC |
128 |
SHA256 |
256 |
1 |
|
0x0C013 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
RSA |
AES_128_CBC |
128 |
SHA |
160 |
1 |
|
0x0C011 |
TLS_ECDHE_RSA_WITH_RC4_128_SHA |
|
X |
|
|
|
|
|
|
|
ECDHE |
RSA |
RC4_128 |
128 |
SHA |
160 |
0 |
|
0x0C012 |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
|
X |
|
|
|
X |
X |
|
|
ECDHE |
RSA |
3DES_EDE_CBC |
168 |
SHA |
160 |
1 |
|
0x0C010 |
TLS_ECDHE_RSA_WITH_NULL_SHA |
|
X |
|
|
|
|
|
|
|
ECDHE |
RSA |
NULL |
0 |
SHA |
160 |
0 |
|
0x0009D |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
|
X |
|
|
|
X |
X |
|
|
RSA |
RSA |
AES_256_GCM |
256 |
SHA384 |
384 |
2 |
|
0x0003D |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
|
X |
|
|
|
X |
X |
|
|
RSA |
RSA |
AES_256_CBC |
256 |
SHA256 |
256 |
1 |
|
0x00035 |
TLS_RSA_WITH_AES_256_CBC_SHA |
|
X |
X |
X |
X |
X |
X |
|
|
RSA |
RSA |
AES_256_CBC |
256 |
SHA |
160 |
1 |
|
0x0009C |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
|
X |
|
|
|
X |
X |
|
|
RSA |
RSA |
AES_128_GCM |
128 |
SHA256 |
256 |
2 |
|
0x0003C |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
|
X |
|
|
|
X |
X |
|
|
RSA |
RSA |
AES_128_CBC |
128 |
SHA256 |
256 |
1 |
|
0x0002F |
TLS_RSA_WITH_AES_128_CBC_SHA |
|
X |
X |
X |
X |
X |
X |
|
|
RSA |
RSA |
AES_128_CBC |
128 |
SHA |
160 |
1 |
|
0x00005 |
TLS_RSA_WITH_RC4_128_SHA |
|
X |
X |
X |
X |
|
|
|
|
RSA |
RSA |
RC4_128 |
128 |
SHA |
160 |
0 |
|
0x00004 |
TLS_RSA_WITH_RC4_128_MD5 |
|
|
X |
X |
X |
|
|
|
|
RSA |
RSA |
RC4_128 |
128 |
MD5 |
128 |
0 |
|
0x0000A |
TLS_RSA_WITH_3DES_EDE_CBC_SHA |
|
X |
X |
X |
X |
X |
X |
|
|
RSA |
RSA |
3DES_EDE_CBC |
168 |
SHA |
160 |
1 |
|
0x00009 |
TLS_RSA_WITH_DES_CBC_SHA |
|
|
X |
X |
X |
|
|
|
|
RSA |
RSA |
DES_CBC |
56 |
SHA |
160 |
1 |
|
0x0003B |
TLS_RSA_WITH_NULL_SHA256 |
|
X |
|
|
|
|
|
|
|
RSA |
RSA |
NULL |
0 |
SHA256 |
256 |
0 |
|
0x00002 |
TLS_RSA_WITH_NULL_SHA |
|
X |
X |
X |
X |
|
|
|
|
RSA |
RSA |
NULL |
0 |
SHA |
160 |
0 |
|
0x00001 |
TLS_RSA_WITH_NULL_MD5 |
|
|
X |
X |
X |
|
|
|
|
RSA |
RSA |
NULL |
0 |
MD5 |
128 |
0 |
|
0x00000 |
TLS_RSA_WITH_NULL_NULL |
|
X |
X |
X |
X |
|
|
|
|
RSA |
NULL |
NULL |
0 |
NULL |
0 |
0 |
|
0x00006 |
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
X |
|
|
X |
X |
|
|
|
|
RSA_EXPORT |
RSA_EXPORT |
RC2_CBC_40 |
40 |
MD5 |
128 |
1 |
|
0x00003 |
TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
X |
|
|
X |
X |
|
|
|
|
RSA_EXPORT |
RSA_EXPORT |
RC4_40 |
40 |
MD5 |
128 |
0 |
|
0x00062 |
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA |
X |
|
|
X |
X |
|
|
|
|
RSA_EXPORT 1024 |
RSA_EXPORT 1024 |
DES_CBC |
56 |
SHA |
160 |
1 |
|
0x00064 |
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA |
X |
|
|
X |
X |
|
|
|
|
RSA_EXPORT 1024 |
RSA_EXPORT 1024 |
RC4_56 |
56 |
SHA |
160 |
0 |