Understanding cipher suites
Know the supported cipher suites for inbound traffic under both TLS 1.3 and TLS 1.2. When you create a Transport Layer Security (TLS) context, you can specify the list of cipher suites that can be used. If you do not specify any cipher suites, the default cipher suites for the selected TLS version are used.
A cipher suite refers to a group of cryptographic algorithms that are used to secure network connections established through the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocol. It consists of key exchange, encryption, and message authentication algorithms that work together to help ensure the confidentiality, integrity, and authenticity of data transmitted over the network.
Outbound cipher suites are not included, as they depend on third-party systems. Certain TLS cipher suites are excluded due to compatibility considerations with older versions. Support for these ciphers might be withdrawn at any time. Help ensure that only strong cipher suites are used for business communications.
Supported and recommended ciphers for TLS 1.3
- Cipher suite name (OpenSSL) and Reference (IANA/RFC)
- TLS_AES_128_GCM_SHA256 - [RFC8446]
Supported and recommended ciphers for TLS 1.2
- Cipher suite name (OpenSSL) and Reference (IANA/RFC)
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - [RFC5289]