Cipher suite definitions
The following tables outline:
- Cipher suite definitions for SSL V2
- 2-character and 4-character cipher suite definitions for SSL V3, TLS V1.0, TLS V1.1, and TLS V1.2.
- Cipher suite definitions for SSL V3, TLS V1.0, TLS V1.1, and TLS V1.2 by supported protocol, symmetric algorithm, and message authentication algorithm
- Cipher suite definitions for SSL V3, TLS V1.0, TLS V1.1, and TLS V1.2 by key-exchange method and signing certificate
- Supported elliptic curve definitions for TLS V1.0, TLS V1.1, and TLS V1.2.
Note: When executing in non-FIPS mode, if either the System SSL Security Level 3 FMID
is installed or the CPACF Feature 3863 is installed, the ciphers listed under the Security Level 3
FMID column are allowed to be used.
| Cipher number | Description | FIPS 140-2 | Base security level FMID HCPT430 | Security level 3 FMID JCPT431 |
|---|---|---|---|---|
| 1 | 128-bit RC4 encryption with MD5 message authentication (128-bit secret key) | X | ||
| 2 | 128-bit RC4 export encryption with MD5 message authentication (40-bit secret key) | X | X | |
| 3 | 128-bit RC2 encryption with MD5 message authentication (128-bit secret key) | X | ||
| 4 | 128-bit RC2 export encryption with MD5 message authentication (40-bit secret key) | X | X | |
| 6 | 56-bit DES encryption with MD5 message authentication (56-bit secret key) | X | X | |
| 7 | 168-bit Triple DES encryption with MD5 message authentication (168-bit secret key) | X |
Note: When executing in non-FIPS mode, if either the System SSL Security Level 3 FMID is
installed or the CPACF Feature 3863 is installed, the ciphers listed under the Security Level 3 FMID
column are allowed to be used.
| 2- character cipher number | 4-character cipher number | Short name | Description 1 | FIPS 140-2 | Base security level FMID HCPT430 | Security level 3 FMID JCPT431 |
|---|---|---|---|---|---|---|
| 00 | 0000 | TLS_NULL_WITH_NULL_NULL | No encryption or message authentication and RSA key exchange | X | X | |
| 01 | 0001 | TLS_RSA_WITH_NULL_MD5 | No encryption with MD5 message authentication and RSA key exchange | X | X | |
| 02 | 0002 | TLS_RSA_WITH_NULL_SHA | No encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 03 | 0003 | TLS_RSA_EXPORT_WITH_RC4_40_MD5 | 40-bit RC4 encryption with MD5 message authentication and RSA (export) key exchange | X | X | |
| 04 | 0004 | TLS_RSA_WITH_RC4_128_MD5 | 128-bit RC4 encryption with MD5 message authentication and RSA key exchange | X | ||
| 05 | 0005 | TLS_RSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and RSA key exchange | X | ||
| 06 | 0006 | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 40-bit RC2 encryption with MD5 message authentication and RSA (export) key exchange | X | X | |
| 09 | 0009 | TLS_RSA_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 0A | 000A | TLS_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 0C | 000C | TLS_DH_DSS_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 0D | 000D | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 0F | 000F | TLS_DH_RSA_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 10 | 0010 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 12 | 0012 | TLS_DHE_DSS_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 13 | 0013 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 15 | 0015 | TLS_DHE_RSA_WITH_DES_CBC_SHA | 56-bit DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 16 | 0016 | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 2F | 002F | TLS_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 30 | 0030 | TLS_DH_DSS_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 31 | 0031 | TLS_DH_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 32 | 0032 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 33 | 0033 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 35 | 0035 | TLS_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and RSA key exchange | X | X | |
| 36 | 0036 | TLS_DH_DSS_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 37 | 0037 | TLS_DH_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 38 | 0038 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 39 | 0039 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 3B | 003B | TLS_RSA_WITH_NULL_SHA256 | No encryption with SHA-256 message authentication and RSA key exchange | X | X | |
| 3C | 003C | TLS_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and RSA key exchange | X | X | |
| 3D | 003D | TLS_RSA_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and RSA key exchange | X | X | |
| 3E | 003E | TLS_DH_DSS_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 3F | 003F | TLS_DH_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 40 | 0040 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 67 | 0067 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 68 | 0068 | TLS_DH_DSS_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 69 | 0069 | TLS_DH_RSA_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 6A | 006A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| 6B | 006B | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | 256-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 9C | 009C | TLS_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and RSA key exchange | X | X | |
| 9D | 009D | TLS_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and RSA key exchange | X | X | |
| 9E | 009E | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| 9F | 009F | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| A0 | 00A0 | TLS_DH_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| A1 | 00A1 | TLS_DH_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate | X | X | |
| A2 | 00A2 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| A3 | 00A3 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| A4 | 00A4 | TLS_DH_DSS_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| A5 | 00A5 | TLS_DH_DSS_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate | X | X | |
| C001 | TLS_ECDH_ECDSA_WITH_NULL_SHA | NULL encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C002 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | |||
| C003 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C004 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C005 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C006 | TLS_ECDHE_ECDSA_WITH_NULL_SHA | NULL encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C007 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | |||
| C008 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_
CBC_SHA |
168-bit Triple DES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C00B | TLS_ECDH_RSA_WITH_NULL_SHA | NULL encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C00C | TLS_ECDH_RSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | |||
| C00D | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C00E | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C00F | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C010 | TLS_ECDHE_RSA_WITH_NULL_SHA | NULL encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C011 | TLS_ECDHE_RSA_WITH_RC4_128_SHA | 128-bit RC4 encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | |||
| C012 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 168-bit Triple DES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 128-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 256-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C023 | TLS_ECDHE_ECDSA_WITH_AES_128_
CBC_SHA256 |
128-bit AES encryption with SHA-256 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C024 | TLS_ECDHE_ECDSA_WITH_AES_256_
CBC_SHA384 |
256-bit AES encryption with SHA-384 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C025 | TLS_ECDH_ECDSA_WITH_AES_128_
CBC_SHA256 |
128-bit AES encryption with SHA-256 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C026 | TLS_ECDH_ECDSA_WITH_AES_256_
CBC_SHA384 |
256-bit AES encryption with SHA-384 message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C027 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C028 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 256-bit AES encryption with SHA-384 message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C029 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | 128-bit AES encryption with SHA-256 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C02A | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | 256-bit AES encryption with SHA-384 message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C02B | TLS_ECDHE_ECDSA_WITH_AES_128_
GCM_SHA256 |
128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C02C | TLS_ECDHE_ECDSA_WITH_AES_256_
GCM_SHA384 |
256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C02D | TLS_ECDH_ECDSA_WITH_AES_128_
GCM_SHA256 |
128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C02E | TLS_ECDH_ECDSA_WITH_AES_256_
GCM_SHA384 |
256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an ECDSA certificate | X | X | ||
| C02F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C030 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an RSA certificate | X | X | ||
| C031 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | 128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X | ||
| C032 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | 256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an RSA certificate | X | X |
1 See Table 4 for
more information about the signing algorithm required for the key
exchanges.
| Cipher suite | Protocol support | Symmetric algorithm | Message MAC | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4 Char | 2 Char | SSL V3 | TLS V1.0 | TLS V1.1 | TLS V1.2 | RC2 or RC4 | DES or 3DES | AES- CBC 128 | AES- CBC 256 | AES- GCM 128 | AES- GCM 256 | MD5 | SHA 1 | SHA 256 | SHA 384 | AEAD |
| 0000 | 00 | X | X | X | X | |||||||||||
| 0001 | 01 | X | X | X | X | X | ||||||||||
| 0002 | 02 | X | X | X | X | X | ||||||||||
| 0003 | 03 | X | X | RC4 | X | |||||||||||
| 0004 | 04 | X | X | X | X | RC4 | X | |||||||||
| 0005 | 05 | X | X | X | X | RC4 | X | |||||||||
| 0006 | 06 | X | X | RC2 | X | |||||||||||
| 0009 | 09 | X | X | X | DES | X | ||||||||||
| 000A | 0A | X | X | X | X | 3DES | X | |||||||||
| 000C | 0C | X | X | X | DES | X | ||||||||||
| 000D | 0D | X | X | X | X | 3DES | X | |||||||||
| 000F | 0F | X | X | X | DES | X | ||||||||||
| 0010 | 10 | X | X | X | X | 3DES | X | |||||||||
| 0012 | 12 | X | X | X | DES | X | ||||||||||
| 0013 | 13 | X | X | X | X | 3DES | X | |||||||||
| 0015 | 15 | X | X | X | DES | X | ||||||||||
| 0016 | 16 | X | X | X | X | 3DES | X | |||||||||
| 002F | 2F | X | X | X | X | X | X | |||||||||
| 0030 | 30 | X | X | X | X | X | X | |||||||||
| 0031 | 31 | X | X | X | X | X | X | |||||||||
| 0032 | 32 | X | X | X | X | X | X | |||||||||
| 0033 | 33 | X | X | X | X | X | X | |||||||||
| 0035 | 35 | X | X | X | X | X | X | |||||||||
| 0036 | 36 | X | X | X | X | X | X | |||||||||
| 0037 | 37 | X | X | X | X | X | X | |||||||||
| 0038 | 38 | X | X | X | X | X | X | |||||||||
| 0039 | 39 | X | X | X | X | X | X | |||||||||
| 003B | 3B | X | X | |||||||||||||
| 003C | 3C | X | X | X | ||||||||||||
| 003D | 3D | X | X | X | ||||||||||||
| 003E | 3E | X | X | X | ||||||||||||
| 003F | 3F | X | X | X | ||||||||||||
| 0040 | 40 | X | X | X | ||||||||||||
| 0067 | 67 | X | X | X | ||||||||||||
| 0068 | 68 | X | X | X | ||||||||||||
| 0069 | 69 | X | X | X | ||||||||||||
| 006A | 6A | X | X | X | ||||||||||||
| 006B | 6B | X | X | X | ||||||||||||
| 009C | 9C | X | X | X | ||||||||||||
| 009D | 9D | X | X | X | ||||||||||||
| 009E | 9E | X | X | X | ||||||||||||
| 009F | 9F | X | X | X | ||||||||||||
| 00A0 | A0 | X | X | X | ||||||||||||
| 00A1 | A1 | X | X | X | ||||||||||||
| 00A2 | A2 | X | X | X | ||||||||||||
| 00A3 | A3 | X | X | X | ||||||||||||
| 00A4 | A4 | X | X | X | ||||||||||||
| 00A5 | A5 | X | X | X | ||||||||||||
| C001 | X | X | X | X | ||||||||||||
| C002 | X | X | X | RC4 | X | |||||||||||
| C003 | X | X | X | 3DES | X | |||||||||||
| C004 | X | X | X | X | X | |||||||||||
| C005 | X | X | X | X | X | |||||||||||
| C006 | X | X | X | X | ||||||||||||
| C007 | X | X | X | RC4 | X | |||||||||||
| C008 | X | X | X | 3DES | X | |||||||||||
| C009 | X | X | X | X | X | |||||||||||
| C00A | X | X | X | X | X | |||||||||||
| C00B | X | X | X | X | ||||||||||||
| C00C | X | X | X | RC4 | X | |||||||||||
| C00D | X | X | X | 3DES | X | |||||||||||
| C00E | X | X | X | X | X | |||||||||||
| C00F | X | X | X | X | X | |||||||||||
| C010 | X | X | X | X | ||||||||||||
| C011 | X | X | X | RC4 | X | |||||||||||
| C012 | X | X | X | 3DES | X | |||||||||||
| C013 | X | X | X | X | X | |||||||||||
| C014 | X | X | X | X | X | |||||||||||
| C023 | X | X | X | |||||||||||||
| C024 | X | X | X | |||||||||||||
| C025 | X | X | X | |||||||||||||
| C026 | X | X | X | |||||||||||||
| C027 | X | X | X | |||||||||||||
| C028 | X | X | X | |||||||||||||
| C029 | X | X | X | |||||||||||||
| C02A | X | X | X | |||||||||||||
| C02B | X | X | X | |||||||||||||
| C02C | X | X | X | |||||||||||||
| C02D | X | X | X | |||||||||||||
| C02E | X | X | X | |||||||||||||
| C02F | X | X | X | |||||||||||||
| C030 | X | X | X | |||||||||||||
| C031 | X | X | X | |||||||||||||
| C032 | X | X | X | |||||||||||||
| Cipher suite | RSA key exchange | Fixed Diffie-Hellman key exchange | Ephemeral Diffie-Hellman key exchange | Fixed EC Diffie-Hellman key exchange | Ephemeral EC Diffie-Hellman key exchange | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| 4 Char | 2 Char | Signed by RSA1 | Signed by DSA1 | Signed by RSA1 | Signed by DSA1 | Signed by RSA1 | Signed by ECDSA1 | Signed by RSA1 | Signed by ECDSA1 | |
| 0000 | 00 | X | ||||||||
| 0001 | 01 | X | ||||||||
| 0002 | 02 | X | ||||||||
| 0003 | 03 | X | ||||||||
| 0004 | 04 | X | ||||||||
| 0005 | 05 | X | ||||||||
| 0006 | 06 | X | ||||||||
| 0009 | 09 | X | ||||||||
| 000A | 0A | X | ||||||||
| 000C | 0C | X | ||||||||
| 000D | 0D | X | ||||||||
| 000F | 0F | X | ||||||||
| 0010 | 10 | X | ||||||||
| 0012 | 12 | X | ||||||||
| 0013 | 13 | X | ||||||||
| 0015 | 15 | X | ||||||||
| 0016 | 16 | X | ||||||||
| 002F | 2F | X | ||||||||
| 0030 | 30 | X | ||||||||
| 0031 | 31 | X | ||||||||
| 0032 | 32 | X | ||||||||
| 0033 | 33 | X | ||||||||
| 0035 | 35 | X | ||||||||
| 0036 | 36 | X | ||||||||
| 0037 | 37 | X | ||||||||
| 0038 | 38 | X | ||||||||
| 0039 | 39 | X | ||||||||
| 003B | 3B | X | ||||||||
| 003C | 3C | X | ||||||||
| 003D | 3D | X | ||||||||
| 003E | 3E | X | ||||||||
| 003F | 3F | X | ||||||||
| 0040 | 40 | X | ||||||||
| 0067 | 67 | X | ||||||||
| 0068 | 68 | X | ||||||||
| 0069 | 69 | X | ||||||||
| 006A | 6A | X | ||||||||
| 006B | 6B | X | ||||||||
| 009C | 9C | X | ||||||||
| 009D | 9D | X | ||||||||
| 009E | 9E | X | ||||||||
| 009F | 9F | X | ||||||||
| 00A0 | A0 | X | ||||||||
| 00A1 | A1 | X | ||||||||
| 00A2 | A2 | X | ||||||||
| 00A3 | A3 | X | ||||||||
| 00A4 | A4 | X | ||||||||
| 00A5 | A5 | X | ||||||||
| C001 | X | |||||||||
| C002 | X | |||||||||
| C003 | X | |||||||||
| C004 | X | |||||||||
| C005 | X | |||||||||
| C006 | X | |||||||||
| C007 | X | |||||||||
| C008 | X | |||||||||
| C009 | X | |||||||||
| C00A | X | |||||||||
| C00B | X | |||||||||
| C00C | X | |||||||||
| C00D | X | |||||||||
| C00E | X | |||||||||
| C00F | X | |||||||||
| C010 | X | |||||||||
| C011 | X | |||||||||
| C012 | X | |||||||||
| C013 | X | |||||||||
| C014 | X | |||||||||
| C023 | X | |||||||||
| C024 | X | |||||||||
| C025 | X | |||||||||
| C026 | X | |||||||||
| C027 | X | |||||||||
| C028 | X | |||||||||
| C029 | X | |||||||||
| C02A | X | |||||||||
| C02B | X | |||||||||
| C02C | X | |||||||||
| C02D | X | |||||||||
| C02E | X | |||||||||
| C02F | X | |||||||||
| C030 | X | |||||||||
| C031 | X | |||||||||
| C032 | X | |||||||||
1 SSL V3, TLS V1.0, and TLS V1.1 imposed restrictions on the signing algorithm that must be used to sign a server certificate when using any cipher suites that use a Diffie-Hellman based key-exchange. The TLS V1.2 protocol does not impose such restriction. If the server certificate signing algorithm is listed in the signature algorithm pairs that are specified by the client, the certificate can be used.
| I.A.N.A Elliptic curve enumerator (decimal) | Named curve by standards organizations | ||
|---|---|---|---|
| SECG | ANSI X9.62 | NIST | |
| 0019 | secp192r1 | prime192v1 | NIST P-192 |
| 0021 | secp224r1 | NIST P-224 | |
| 0023 | secp256r1 | prime256v1 | NIST P-256 |
| 0024 | secp384r1 | NIST P-384 | |
| 0025 | secp521r1 | NIST P-521 | |
| Signature algorithm enumerator | Hash and signature algorithm |
|---|---|
| 0101* | MD5 with RSA |
| 0201 | SHA-1 with RSA |
| 0202 | SHA-1 with DSA |
| 0203 | SHA-1 with ECDSA |
| 0301 | SHA-224 with RSA |
| 0302 | SHA-224 with DSA |
| 0303 | SHA-224 with ECDSA |
| 0401 | SHA-256 with RSA |
| 0402 | SHA-256 with DSA |
| 0403 | SHA-256 with ECDSA |
| 0501 | SHA-384 with RSA |
| 0503 | SHA-384 with ECDSA |
| 0601 | SHA-512 with RSA |
| 0603 | SHA-512 with ECDSA |
* - For OCSP request signing and OCSP response signature algorithm pairs, this algorithm is not allowed to be set or specified while in FIPS mode. For TLS V1.2 signature algorithm pairs, this algorithm is not allowed be used while in FIPS mode.