Cipher suite definitions
The following tables contain:
- Cipher suite definitions for SSL V2: Table 1.
- 2-character and 4-character cipher suite definitions for SSL V3, TLS V1.0, TLS V1.1, TLS V1.2, and TLS V1.3: Table 2.
- Cipher suite definitions for SSL V3, TLS V1.0, TLS V1.1, TLS V1.2, and TLS V1.3 by supported protocol, symmetric algorithm, and message authentication algorithm: Table 3.
- Cipher suite definitions for SSL V3, TLS V1.0, TLS V1.1, and TLS V1.2 by key-exchange method and signing certificate: Table 4.
Note: When executing in non-FIPS mode, if either the System SSL Security Level 3 FMID is installed
or the CPACF Feature 3863 is installed, the ciphers listed under the Security Level 3 FMID column
are allowed to be used.
| Cipher number | Description | FIPS 140-2 |  Base security level FMID
HCPT520 |
Security level 3 FMID
JCPT521 |
|---|---|---|---|---|
| 1 | 128-bit RC4 encryption with MD5 message authentication (128-bit secret key) | X | ||
| 2 | 128-bit RC4 export encryption with MD5 message authentication (40-bit secret key) | X | X | |
| 3 | 128-bit RC2 encryption with MD5 message authentication (128-bit secret key) | X | ||
| 4 | 128-bit RC2 export encryption with MD5 message authentication (40-bit secret key) | X | X | |
| 6 | 56-bit DES encryption with MD5 message authentication (56-bit secret key) | X | X | |
| 7 | 168-bit Triple DES encryption with MD5 message authentication (168-bit secret key) | X |
Note: When executing in non-FIPS mode, if either the System SSL Security Level 3 FMID is
installed or the CPACF Feature 3863 is installed, the ciphers listed under the Security Level 3 FMID
column are allowed to be used.
| 2- character cipher number | 4-character cipher number | Short name | Description 1 | FIPS 140-2 | Base security level FMID
HCPT520 |
Security level 3 FMID
JCPT521 |
|---|---|---|---|---|---|---|
| 00 | 0000 | TLS_NULL_WITH_NULL_NULL | No encryption or message authentication and RSA key exchange | X | X | |
| 01 | 0001 | TLS_RSA_WITH_NULL_MD5 | No encryption with MD5 message authentication and RSA key exchange | X | X | |
| 02 | 0002 | TLS_RSA_WITH_NULL_SHA | No encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 03 | 0003 | TLS_RSA_EXPORT_WITH_RC4_40_MD5 | 40-bit RC4 encryption with MD5 message authentication and RSA (export) key exchange | X | X | |
| 04 | 0004 | TLS_RSA_WITH_RC4_128_MD5 | 128-bit RC4 encryption with MD5 message authentication and RSA key exchange | X | ||
| 05 | 0005 | TLS_RSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and RSA key exchange | X | ||
| 06 | 0006 | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 40-bit RC2 encryption with MD5 message authentication and RSA (export) key exchange | X | X | |
| 09 | 0009 | TLS_RSA_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 0A | 000A | TLS_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 0C | 000C | TLS_DH_DSS_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 0D | 000D | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 0F | 000F | TLS_DH_RSA_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 10 | 0010 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 12 | 0012 | TLS_DHE_DSS_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 13 | 0013 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 15 | 0015 | TLS_DHE_RSA_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 16 | 0016 | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 2F | 002F |
TLS_RSA_WITH_AES_128_CBC_SHA
|
128-bit AES encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 30 | 0030 | TLS_DH_DSS_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 31 | 0031 | TLS_DH_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 32 | 0032 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 33 | 0033 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 35 | 0035 | TLS_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 36 | 0036 | TLS_DH_DSS_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 37 | 0037 | TLS_DH_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 38 | 0038 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 39 | 0039 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 3B | 003B | TLS_RSA_WITH_NULL_SHA256 | No encryption with SHA-256 message authentication and RSA key exchange | X | X | |
| 3C | 003C | TLS_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and RSA key exchange | X | X | |
| 3D | 003D | TLS_RSA_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and RSA key exchange | X | X | |
| 3E | 003E | TLS_DH_DSS_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 3F | 003F | TLS_DH_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 40 | 0040 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 67 | 0067 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 68 | 0068 | TLS_DH_DSS_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 69 | 0069 | TLS_DH_RSA_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 6A | 006A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 6B | 006B | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 9C | 009C | TLS_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and RSA key exchange | X | X | |
| 9D | 009D | TLS_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and RSA key exchange | X | X | |
| 9E | 009E | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 9F | 009F | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| A0 | 00A0 | TLS_DH_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| A1 | 00A1 | TLS_DH_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| A2 | 00A2 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| A3 | 00A3 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| A4 | 00A4 | TLS_DH_DSS_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| A5 | 00A5 | TLS_DH_DSS_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 1301 | TLS_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and HKDF (HMAC-based Extract-and-Expand Key Derivation Function) with SHA256 | X | |||
| 1302 | TLS_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and HKDF (HMAC-based Extract-and-Expand Key Derivation Function) with SHA384 | X | |||
| 1303 | TLS_CHACHA20_POLY1305_SHA256 | ChaCha20 encryption with 256-bit AEAD authentication and HKDF (HMAC-based Extract-and-Expand Key Derivation Function) with SHA256 | X | |||
| C001 | TLS_ECDH_ECDSA_WITH_NULL_SHA | NULL encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C002 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | |||
| C003 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C004 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C005 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C006 | TLS_ECDHE_ECDSA_WITH_NULL_SHA | NULL encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C007 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | |||
| C008 |
TLS_ECDHE_ECDSA_WITH_3DES_EDE_
CBC_SHA |
168-bit Triple DES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C00B | TLS_ECDH_RSA_WITH_NULL_SHA | NULL encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C00C | TLS_ECDH_RSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | |||
| C00D | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C00E | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C00F | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C010 | TLS_ECDHE_RSA_WITH_NULL_SHA | NULL encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C011 | TLS_ECDHE_RSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | |||
| C012 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C023 |
TLS_ECDHE_ECDSA_WITH_AES_128_
CBC_SHA256 |
128-bit AES encryption with SHA-256 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C024 |
TLS_ECDHE_ECDSA_WITH_AES_256_
CBC_SHA384 |
256-bit AES encryption with SHA-384 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C025 |
TLS_ECDH_ECDSA_WITH_AES_128_
CBC_SHA256 |
128-bit AES encryption with SHA-256 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C026 |
TLS_ECDH_ECDSA_WITH_AES_256_
CBC_SHA384 |
256-bit AES encryption with SHA-384 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C027 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C028 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 256-bit AES encryption with SHA-384 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C029 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C02A | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | 256-bit AES encryption with SHA-384 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C02B |
TLS_ECDHE_ECDSA_WITH_AES_128_
GCM_SHA256 *4th in the default list |
128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C02C |
TLS_ECDHE_ECDSA_WITH_AES_256_
GCM_SHA384 *2nd in the default list |
256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C02D |
TLS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256 |
128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C02E |
TLS_ECDH_ECDSA_WITH_AES_256_
GCM_SHA384 |
256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C02F |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
*3rd in the default list |
128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C030 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
*1st in the default list |
256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C031 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C032 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X |
Notes:
1 See Table 4 for more information about
the signing algorithm required for the key exchanges.
* Indicates the cipher suites in the SSL V3 default lists (GSK_V3_CIPHER_SPECS_EXPANDED) when no cipher suites are explicitly specified by the application when executing in FIPS mode or when executing in non-FIPS mode with Security Level 3 FMID or CPACF feature 3863 installed.
| Cipher suite | Protocol support | Symmetric algorithm | Message MAC | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4 Char | 2 Char | SSL V3 | TLS V1.0 | TLS V1.1 | TLS V1.2 | TLS V1.3 | RC2 or RC4 | DES or 3DES | AES- CBC 128 | AES- CBC 256 | AES- GCM 128 | AES- GCM 256 | Cha-Cha Poly 1305 | MD5 | SHA 1 | SHA 256 | SHA 384 | AEAD |
| 0000 | 00 | X | X | X | X | |||||||||||||
| 0001 | 01 | X | X | X | X | X | ||||||||||||
| 0002 | 02 | X | X | X | X | X | ||||||||||||
| 0003 | 03 | X | X | RC4 | X | |||||||||||||
| 0004 | 04 | X | X | X | X | RC4 | X | |||||||||||
| 0005 | 05 | X | X | X | X | RC4 | X | |||||||||||
| 0006 | 06 | X | X | RC2 | X | |||||||||||||
| 0009 | 09 | X | X | X | DES | X | ||||||||||||
| 000A | 0A | X | X | X | X | 3DES | X | |||||||||||
| 000C | 0C | X | X | X | DES | X | ||||||||||||
| 000D | 0D | X | X | X | X | 3DES | X | |||||||||||
| 000F | 0F | X | X | X | DES | X | ||||||||||||
| 0010 | 10 | X | X | X | X | 3DES | X | |||||||||||
| 0012 | 12 | X | X | X | DES | X | ||||||||||||
| 0013 | 13 | X | X | X | X | 3DES | X | |||||||||||
| 0015 | 15 | X | X | X | DES | X | ||||||||||||
| 0016 | 16 | X | X | X | X | 3DES | X | |||||||||||
| 002F | 2F | X | X | X | X | X | X | |||||||||||
| 0030 | 30 | X | X | X | X | X | X | |||||||||||
| 0031 | 31 | X | X | X | X | X | X | |||||||||||
| 0032 | 32 | X | X | X | X | X | X | |||||||||||
| 0033 | 33 | X | X | X | X | X | X | |||||||||||
| 0035 | 35 | X | X | X | X | X | X | |||||||||||
| 0036 | 36 | X | X | X | X | X | X | |||||||||||
| 0037 | 37 | X | X | X | X | X | X | |||||||||||
| 0038 | 38 | X | X | X | X | X | X | |||||||||||
| 0039 | 39 | X | X | X | X | X | X | |||||||||||
| 003B | 3B | X | X | |||||||||||||||
| 003C | 3C | X | X | X | ||||||||||||||
| 003D | 3D | X | X | X | ||||||||||||||
| 003E | 3E | X | X | X | ||||||||||||||
| 003F | 3F | X | X | X | ||||||||||||||
| 0040 | 40 | X | X | X | ||||||||||||||
| 0067 | 67 | X | X | X | ||||||||||||||
| 0068 | 68 | X | X | X | ||||||||||||||
| 0069 | 69 | X | X | X | ||||||||||||||
| 006A | 6A | X | X | X | ||||||||||||||
| 006B | 6B | X | X | X | ||||||||||||||
| 009C | 9C | X | X | X | ||||||||||||||
| 009D | 9D | X | X | X | ||||||||||||||
| 009E | 9E | X | X | X | ||||||||||||||
| 009F | 9F | X | X | X | ||||||||||||||
| 00A0 | A0 | X | X | X | ||||||||||||||
| 00A1 | A1 | X | X | X | ||||||||||||||
| 00A2 | A2 | X | X | X | ||||||||||||||
| 00A3 | A3 | X | X | X | ||||||||||||||
| 00A4 | A4 | X | X | X | ||||||||||||||
| 00A5 | A5 | X | X | X | ||||||||||||||
| 1301 | X | X | X | |||||||||||||||
| 1302 | X | X | X | |||||||||||||||
| 1303 | X | X | X | |||||||||||||||
| C001 | X | X | X | X | ||||||||||||||
| C002 | X | X | X | RC4 | X | |||||||||||||
| C003 | X | X | X | 3DES | X | |||||||||||||
| C004 | X | X | X | X | X | |||||||||||||
| C005 | X | X | X | X | X | |||||||||||||
| C006 | X | X | X | X | ||||||||||||||
| C007 | X | X | X | RC4 | X | |||||||||||||
| C008 | X | X | X | 3DES | X | |||||||||||||
| C009 | X | X | X | X | X | |||||||||||||
| C00A | X | X | X | X | X | |||||||||||||
| C00B | X | X | X | X | ||||||||||||||
| C00C | X | X | X | RC4 | X | |||||||||||||
| C00D | X | X | X | 3DES | X | |||||||||||||
| C00E | X | X | X | X | X | |||||||||||||
| C00F | X | X | X | X | X | |||||||||||||
| C010 | X | X | X | X | ||||||||||||||
| C011 | X | X | X | RC4 | X | |||||||||||||
| C012 | X | X | X | 3DES | X | |||||||||||||
| C013 | X | X | X | X | X | |||||||||||||
| C014 | X | X | X | X | X | |||||||||||||
| C023 | X | X | X | |||||||||||||||
| C024 | X | X | X | |||||||||||||||
| C025 | X | X | X | |||||||||||||||
| C026 | X | X | X | |||||||||||||||
| C027 | X | X | X | |||||||||||||||
| C028 | X | X | X | |||||||||||||||
| C029 | X | X | X | |||||||||||||||
| C02A | X | X | X | |||||||||||||||
| C02B | X | X | X | |||||||||||||||
| C02C | X | X | X | |||||||||||||||
| C02D | X | X | X | |||||||||||||||
| C02E | X | X | X | |||||||||||||||
| C02F | X | X | X | |||||||||||||||
| C030 | X | X | X | |||||||||||||||
| C031 | X | X | X | |||||||||||||||
| C032 | X | X | X | |||||||||||||||
| Cipher suite | RSA key exchange | Fixed Diffie-Hellman key exchange | Ephemeral Diffie-Hellman key exchange | Fixed EC Diffie-Hellman key exchange | Ephemeral EC Diffie-Hellman key exchange | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| 4 Char | 2 Char | Signed by RSA1 | Signed by DSA1 | Signed by RSA1 | Signed by DSA1 | Signed by RSA1 | Signed by ECDSA1 | Signed by RSA1 | Signed by ECDSA1 | |
| 0000 | 00 | X | ||||||||
| 0001 | 01 | X | ||||||||
| 0002 | 02 | X | ||||||||
| 0003 | 03 | X | ||||||||
| 0004 | 04 | X | ||||||||
| 0005 | 05 | X | ||||||||
| 0006 | 06 | X | ||||||||
| 0009 | 09 | X | ||||||||
| 000A | 0A | X | ||||||||
| 000C | 0C | X | ||||||||
| 000D | 0D | X | ||||||||
| 000F | 0F | X | ||||||||
| 0010 | 10 | X | ||||||||
| 0012 | 12 | X | ||||||||
| 0013 | 13 | X | ||||||||
| 0015 | 15 | X | ||||||||
| 0016 | 16 | X | ||||||||
| 002F | 2F | X | ||||||||
| 0030 | 30 | X | ||||||||
| 0031 | 31 | X | ||||||||
| 0032 | 32 | X | ||||||||
| 0033 | 33 | X | ||||||||
| 0035 | 35 | X | ||||||||
| 0036 | 36 | X | ||||||||
| 0037 | 37 | X | ||||||||
| 0038 | 38 | X | ||||||||
| 0039 | 39 | X | ||||||||
| 003B | 3B | X | ||||||||
| 003C | 3C | X | ||||||||
| 003D | 3D | X | ||||||||
| 003E | 3E | X | ||||||||
| 003F | 3F | X | ||||||||
| 0040 | 40 | X | ||||||||
| 0067 | 67 | X | ||||||||
| 0068 | 68 | X | ||||||||
| 0069 | 69 | X | ||||||||
| 006A | 6A | X | ||||||||
| 006B | 6B | X | ||||||||
| 009C | 9C | X | ||||||||
| 009D | 9D | X | ||||||||
| 009E | 9E | X | ||||||||
| 009F | 9F | X | ||||||||
| 00A0 | A0 | X | ||||||||
| 00A1 | A1 | X | ||||||||
| 00A2 | A2 | X | ||||||||
| 00A3 | A3 | X | ||||||||
| 00A4 | A4 | X | ||||||||
| 00A5 | A5 | X | ||||||||
| C001 | X | |||||||||
| C002 | X | |||||||||
| C003 | X | |||||||||
| C004 | X | |||||||||
| C005 | X | |||||||||
| C006 | X | |||||||||
| C007 | X | |||||||||
| C008 | X | |||||||||
| C009 | X | |||||||||
| C00A | X | |||||||||
| C00B | X | |||||||||
| C00C | X | |||||||||
| C00D | X | |||||||||
| C00E | X | |||||||||
| C00F | X | |||||||||
| C010 | X | |||||||||
| C011 | X | |||||||||
| C012 | X | |||||||||
| C013 | X | |||||||||
| C014 | X | |||||||||
| C023 | X | |||||||||
| C024 | X | |||||||||
| C025 | X | |||||||||
| C026 | X | |||||||||
| C027 | X | |||||||||
| C028 | X | |||||||||
| C029 | X | |||||||||
| C02A | X | |||||||||
| C02B | X | |||||||||
| C02C | X | |||||||||
| C02D | X | |||||||||
| C02E | X | |||||||||
| C02F | X | |||||||||
| C030 | X | |||||||||
| C031 | X | |||||||||
| C032 | X | |||||||||
1 SSL V3, TLS V1.0, and TLS V1.1 imposed restrictions on the signing algorithm that must be used to sign a server certificate when using any cipher suites that use a Diffie-Hellman based key-exchange. The TLS V1.2 protocol does not impose such restriction. If the server certificate signing algorithm is listed in the signature algorithm pairs that are specified by the client, the certificate can be used.