Supported Ciphers
When you create a TLS context, you can specify the list of cipher suites that should be used. If you do not specify any cipher suites, the default cipher suites for the selected TLS version will be used.
Important: It is recommended to use only strong ciphers for business communications.
Further, some TLS cipher suites are not listed in the table for backward compatibility reasons.
Support for these ciphers may be removed at any time.
The following table displays the recommended cipher suites supported for inbound traffic for both
TLS 1.3 and TLS 1.2. However, as the outbound ciphers depend on third-party systems, they are not
listed here.
| Supported Cipers for TLS 1.3 | ||
| Cipher Suite Name (OpenSSL) | Recommended (Y/N) | Reference (IANA/RFC) |
| TLS_AES_128_GCM_SHA256 | Y | [RFC8446] |
| TLS_AES_256_GCM_SHA384 | Y | [RFC8446] |
| TLS_CHACHA20_POLY1305_SHA256 | Y | [RFC8446] |
| TLS_AES_128_CCM_SHA256 | Y | [RFC8446] |
| TLS_AES_128_CCM_8_SHA256 | Y | [RFC8446] |
| Supported Cipers for TLS 1.2 | ||
| Cipher Suite Name (OpenSSL) | Recommended (Y/N) | Reference (IANA/RFC) |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | Y | [RFC5289] |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | Y | [RFC5289] |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | Y | [RFC5289] |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | Y | [RFC5289] |
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | Y | [RFC7905] |
| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | Y | [RFC7905] |
| TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | Y | [RFC7905] |
| TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | Y | [RFC8442] |
| TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | Y | [RFC8442] |
| TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | Y | [RFC8442] |