Cipher Suites
TLS 1.2/1.3 cipher suite reference with security recommendations. Review ECDHE, AES-GCM, ChaCha20, and other algorithm combinations for server TLS hardening and security audits
Related Categories:SSL/TLSSecurity
Protocol Version
Security Rating
32 entries
| Cipher Suite Name | Protocol | Key Exch. | Auth | Encryption | MAC | Rating |
|---|---|---|---|---|---|---|
TLS_AES_256_GCM_SHA384 | TLS 1.3 | Any (ECDHE/DHE) | Any | AES-256-GCM | SHA-384 | Recommended |
TLS_AES_128_GCM_SHA256 | TLS 1.3 | Any (ECDHE/DHE) | Any | AES-128-GCM | SHA-256 | Recommended |
TLS_CHACHA20_POLY1305_SHA256 | TLS 1.3 | Any (ECDHE/DHE) | Any | ChaCha20-Poly1305 | SHA-256 | Recommended |
TLS_AES_128_CCM_SHA256 | TLS 1.3 | Any (ECDHE/DHE) | Any | AES-128-CCM | SHA-256 | Recommended |
TLS_AES_128_CCM_8_SHA256 | TLS 1.3 | Any (ECDHE/DHE) | Any | AES-128-CCM-8 | SHA-256 | Recommended |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | ECDHE | ECDSA | AES-256-GCM | SHA-384 | Recommended |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | TLS 1.2 | ECDHE | ECDSA | AES-128-GCM | SHA-256 | Recommended |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | ECDHE | RSA | AES-256-GCM | SHA-384 | Recommended |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | TLS 1.2 | ECDHE | RSA | AES-128-GCM | SHA-256 | Recommended |
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | TLS 1.2 | ECDHE | ECDSA | ChaCha20-Poly1305 | SHA-256 | Recommended |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | TLS 1.2 | ECDHE | RSA | ChaCha20-Poly1305 | SHA-256 | Recommended |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | DHE | RSA | AES-256-GCM | SHA-384 | Recommended |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | TLS 1.2 | DHE | RSA | AES-128-GCM | SHA-256 | Recommended |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | TLS 1.2 | ECDHE | ECDSA | AES-256-CBC | SHA-384 | Acceptable |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | TLS 1.2 | ECDHE | RSA | AES-256-CBC | SHA-384 | Acceptable |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | TLS 1.2 | ECDHE | ECDSA | AES-128-CBC | SHA-256 | Acceptable |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | TLS 1.2 | ECDHE | RSA | AES-128-CBC | SHA-256 | Acceptable |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | TLS 1.2 | DHE | RSA | AES-256-CBC | SHA-256 | Acceptable |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | TLS 1.2 | DHE | RSA | AES-128-CBC | SHA-256 | Acceptable |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | TLS 1.2 | ECDHE | RSA | AES-256-CBC | SHA-1 | Weak |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TLS 1.2 | ECDHE | RSA | AES-128-CBC | SHA-1 | Weak |
TLS_RSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | RSA | RSA | AES-256-GCM | SHA-384 | Weak |
TLS_RSA_WITH_AES_128_GCM_SHA256 | TLS 1.2 | RSA | RSA | AES-128-GCM | SHA-256 | Weak |
TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS 1.2 | RSA | RSA | AES-256-CBC | SHA-256 | Weak |
TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS 1.2 | RSA | RSA | AES-128-CBC | SHA-256 | Weak |
TLS_RSA_WITH_AES_256_CBC_SHA | TLS 1.2 | RSA | RSA | AES-256-CBC | SHA-1 | Weak |
TLS_RSA_WITH_AES_128_CBC_SHA | TLS 1.2 | RSA | RSA | AES-128-CBC | SHA-1 | Weak |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS 1.2 | RSA | RSA | 3DES-EDE-CBC | SHA-1 | Insecure |
TLS_RSA_WITH_RC4_128_SHA | TLS 1.2 | RSA | RSA | RC4-128 | SHA-1 | Insecure |
TLS_RSA_WITH_RC4_128_MD5 | TLS 1.2 | RSA | RSA | RC4-128 | MD5 | Insecure |
TLS_RSA_WITH_NULL_SHA256 | TLS 1.2 | RSA | RSA | NULL | SHA-256 | Insecure |
TLS_RSA_WITH_NULL_SHA | TLS 1.2 | RSA | RSA | NULL | SHA-1 | Insecure |