Cipher Suites
On Private Cloud Appliance, a cipher suite is a set of algorithms or ciphers that help secure network connections using Transport Layer Security (TLS). You configure cipher suites for a load balancer to determine the security, compatibility and speed of HTTPS traffic. All ciphers are associated with at least one version of TLS (1.0, 1.1, 1.2).
Predefined Cipher Suites
On Private Cloud Appliance, the Load Balancing service supports predefined cipher suites. Note that different ciphers are supported when session persistence is enabled on the load balancer.
This cipher suite contains a restricted set of ciphers that are only supported in TLS version 1.2 and meet stricter compliance requirements.
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES256-GCM-SHA384
This cipher suite contains a restricted set of ciphers that are only supported in TLS version 1.2 and meet stricter compliance requirements.
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-SHA256
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-SHA384
-
DHE-RSA-AES256-GCM-SHA384
-
DHE-RSA-AES256-SHA256
-
DHE-RSA-AES128-GCM-SHA256
-
DHE-RSA-AES128-SHA256
This cipher suite offers a wider set of ciphers, but still limited to TLS version 1.2 only.
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES128-SHA
-
ECDHE-RSA-AES128-SHA
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-SHA
-
ECDHE-ECDSA-AES256-SHA
-
AES128-GCM-SHA256
-
AES128-SHA
-
AES256-GCM-SHA384
-
AES256-SHA
This cipher suite offers a wider set of ciphers, but still limited to TLS version 1.2 only.
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-RSA-AES128-SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-AES256-SHA384
-
ECDHE-RSA-AES256-SHA384
-
AES128-GCM-SHA256
-
AES128-SHA256
-
AES256-GCM-SHA384
-
AES256-SHA256
-
DHE-RSA-AES256-GCM-SHA384
-
DHE-RSA-AES256-SHA256
-
DHE-RSA-AES128-GCM-SHA256
-
DHE-RSA-AES128-SHA256
This cipher suite supports the broadest set of ciphers. It contains ciphers supported by TLS versions 1.1 and 1.2.
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES128-SHA
-
ECDHE-RSA-AES128-SHA
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-SHA
-
ECDHE-ECDSA-AES256-SHA
-
AES128-GCM-SHA256
-
AES128-SHA
-
AES256-GCM-SHA384
-
AES256-SHA
This cipher suite supports the broadest set of ciphers. It contains ciphers supported by TLS versions 1.1 and 1.2.
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-RSA-AES128-SHA256
-
ECDHE-ECDSA-AES128-SHA
-
ECDHE-RSA-AES128-SHA
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-AES256-SHA384
-
ECDHE-RSA-AES256-SHA384
-
ECDHE-RSA-AES256-SHA
-
ECDHE-ECDSA-AES256-SHA
-
AES128-GCM-SHA256
-
AES128-SHA256
-
AES128-SHA
-
AES256-GCM-SHA384
-
AES256-SHA256
-
AES256-SHA
-
DHE-RSA-AES256-GCM-SHA384
-
DHE-RSA-AES256-SHA256
-
DHE-RSA-AES128-GCM-SHA256
-
DHE-RSA-AES128-SHA256
This cipher suite contains all supported ciphers.
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-GCM-SHA384
-
AES256-GCM-SHA384
-
ECDHE-ECDSA-AES128-SHA
-
ECDHE-ECDSA-AES256-SHA
-
ECDHE-RSA-AES128-SHA
-
ECDHE-RSA-AES256-SHA
-
AES128-GCM-SHA256
-
AES128-SHA
-
AES256-SHA
-
DES-CBC3-SHA
-
PSK-AES256-CBC-SHA
-
PSK-AES128-CBC-SHA
This cipher suite contains all supported ciphers.
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-AES256-SHA384
-
ECDHE-RSA-AES256-SHA384
-
AES128-SHA256
-
AES256-GCM-SHA384
-
AES256-SHA256
-
DHE-RSA-AES256-GCM-SHA384
-
DHE-RSA-AES256-SHA256
-
DHE-RSA-AES128-GCM-SHA256
-
DHE-RSA-AES128-SHA256
-
DH-DSS-AES256-GCM-SHA384
-
DHE-DSS-AES256-GCM-SHA384
-
DH-RSA-AES256-GCM-SHA384
-
DHE-DSS-AES256-SHA256
-
DH-RSA-AES256-SHA256
-
DH-DSS-AES256-SHA256
-
ECDH-RSA-AES256-GCM-SHA384
-
ECDH-ECDSA-AES256-GCM-SHA384
-
ECDH-RSA-AES256-SHA384
-
ECDH-ECDSA-AES256-SHA384
-
DH-DSS-AES128-GCM-SHA256
-
DHE-DSS-AES128-GCM-SHA256
-
DH-RSA-AES128-GCM-SHA256
-
DHE-DSS-AES128-SHA256
-
DH-RSA-AES128-SHA256
-
DH-DSS-AES128-SHA256
-
ECDH-RSA-AES128-GCM-SHA256
-
ECDH-ECDSA-AES128-GCM-SHA256
-
ECDH-RSA-AES128-SHA256
-
ECDH-ECDSA-AES128-SHA256
-
ECDHE-ECDSA-AES128-SHA
-
ECDHE-ECDSA-AES256-SHA
-
ECDHE-RSA-AES128-SHA
-
ECDHE-RSA-AES256-SHA
-
AES128-GCM-SHA256
-
AES128-SHA
-
AES256-SHA
-
DES-CBC3-SHA
-
DHE-RSA-AES128-SHA
-
DHE-RSA-CAMELLIA256-SHA
-
DHE-RSA-CAMELLIA128-SHA
-
DHE-RSA-SEED-SHA
-
DHE-RSA-AES256-SHA
-
DHE-DSS-AES256-SHA
-
DH-RSA-AES256-SHA
-
DH-DSS-AES256-SHA
-
DHE-RSA-CAMELLIA256-SHA
-
DHE-DSS-CAMELLIA256-SHA
-
DH-RSA-CAMELLIA256-SHA
-
DH-DSS-CAMELLIA256-SHA
-
ECDH-RSA-AES256-SHA
-
ECDH-ECDSA-AES256-SHA
-
CAMELLIA256-SHA
-
PSK-AES256-CBC-SHA
-
DHE-RSA-AES128-SHA
-
DHE-DSS-AES128-SHA
-
DH-RSA-AES128-SHA
-
DH-DSS-AES128-SHA
-
DHE-RSA-CAMELLIA128-SHA
-
DHE-DSS-CAMELLIA128-SHA
-
DH-RSA-CAMELLIA128-SHA
-
DH-DSS-CAMELLIA128-SHA
-
ECDH-RSA-AES128-SHA
-
ECDH-ECDSA-AES128-SHA
-
CAMELLIA128-SHA
-
PSK-AES128-CBC-SHA
Custom Cipher Suites
On Private Cloud Appliance,
Instead of selecting from the predefined cipher suites, you can create a cipher suite of your own to match the specific requirements of your environment. You build a custom cipher suite by adding individual ciphers associated with the TLS versions used in your configuration. A custom cipher suite must contain at least one cipher. Include only ciphers for the TLS versions that your environment effectively supports.
-
Ensure compatibility between specified SSL protocols and configured ciphers in the cipher suite, otherwise the SSL handshake will fail.
-
Ensure compatibility between configured ciphers in the cipher suite and configured certificates. For example: RSA-based ciphers require an RSA certificate, whereas ECDSA-based ciphers require ECDSA certificates.
Supported Ciphers
On Private Cloud Appliance, the Load Balancing service supports specific ciphers. Note that different ciphers are supported when session persistence is enabled on the load balancer.
-
AES128-GCM-SHA256
-
AES256-GCM-SHA384
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES256-GCM-SHA384
-
AES128-GCM-SHA256
-
AES128-SHA256
-
AES256-GCM-SHA384
-
AES256-SHA256
-
DH-DSS-AES128-GCM-SHA256
-
DH-DSS-AES128-SHA256
-
DH-DSS-AES256-GCM-SHA384
-
DH-DSS-AES256-SHA256
-
DH-RSA-AES128-GCM-SHA256
-
DH-RSA-AES128-SHA256
-
DH-RSA-AES256-GCM-SHA384
-
DH-RSA-AES256-SHA256
-
DHE-DSS-AES128-GCM-SHA256
-
DHE-DSS-AES128-SHA256
-
DHE-DSS-AES256-GCM-SHA384
-
DHE-DSS-AES256-SHA256
-
DHE-RSA-AES128-GCM-SHA256
-
DHE-RSA-AES128-SHA256
-
DHE-RSA-AES256-GCM-SHA384
-
DHE-RSA-AES256-SHA256
-
ECDH-ECDSA-AES128-GCM-SHA256
-
ECDH-ECDSA-AES128-SHA256
-
ECDH-ECDSA-AES256-GCM-SHA384
-
ECDH-ECDSA-AES256-SHA384
-
ECDH-RSA-AES128-GCM-SHA256
-
ECDH-RSA-AES128-SHA256
-
ECDH-RSA-AES256-GCM-SHA384
-
ECDH-RSA-AES256-SHA384
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-AES256-SHA384
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-SHA256
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-SHA384
-
AES128-SHA
-
AES256-SHA
-
DES-CBC3-SHA
-
ECDHE-ECDSA-AES128-SHA
-
ECDHE-ECDSA-AES256-SHA
-
ECDHE-RSA-AES128-SHA
-
ECDHE-RSA-AES256-SHA
-
PSK-AES128-CBC-SHA
-
PSK-AES256-CBC-SHA
-
AES128-SHA
-
AES256-SHA
-
CAMELLIA128-SHA
-
CAMELLIA256-SHADES-CBC3-SHA
-
DH-DSS-AES128-SHA
-
DH-DSS-AES256-SHA
-
DH-DSS-CAMELLIA128-SHA
-
DH-DSS-CAMELLIA256-SHA
-
DH-DSS-DES-CBC3-SHA
-
DH-DSS-SEED-SHA
-
DH-RSA-AES128-SHA
-
DH-RSA-AES256-SHA
-
DH-RSA-CAMELLIA128-SHA
-
DH-RSA-CAMELLIA256-SHA
-
DH-RSA-DES-CBC3-SHA
-
DH-RSA-SEED-SHA
-
DHE-DSS-AES128-SHA
-
DHE-DSS-AES256-SHA
-
DHE-DSS-CAMELLIA128-SHA
-
DHE-DSS-CAMELLIA256-SHA
-
DHE-DSS-DES-CBC3-SHA
-
DHE-DSS-SEED-SHA
-
DHE-RSA-AES128-SHA
-
DHE-RSA-AES256-SHA
-
DHE-RSA-CAMELLIA128-SHA
-
DHE-RSA-CAMELLIA256-SHA
-
DHE-RSA-DES-CBC3-SHA
-
DHE-RSA-SEED-SHA
-
ECDH-ECDSA-AES128-SHA
-
ECDH-ECDSA-AES256-SHA
-
ECDH-ECDSA-DES-CBC3-SHA
-
ECDH-ECDSA-RC4-SHA
-
ECDH-RSA-AES128-SHA
-
ECDH-RSA-AES256-SHA
-
ECDH-RSA-DES-CBC3-SHA
-
ECDH-RSA-RC4-SHA
-
ECDHE-ECDSA-AES128-SHA
-
ECDHE-ECDSA-AES256-SHA
-
ECDHE-ECDSA-DES-CBC3-SHA
-
ECDHE-ECDSA-RC4-SHA
-
ECDHE-RSA-AES128-SHA
-
ECDHE-RSA-AES256-SHA
-
ECDHE-RSA-DES-CBC3-SHA
-
ECDHE-RSA-RC4-SHA
-
IDEA-CBC-SHA
-
KRB5-DES-CBC3-MD5
-
KRB5-DES-CBC3-SHA
-
KRB5-IDEA-CBC-MD5
-
KRB5-IDEA-CBC-SHA
-
KRB5-RC4-MD5
-
KRB5-RC4-SHA
-
PSK-3DES-EDE-CBC-SHA
-
PSK-AES128-CBC-SHA
-
PSK-AES256-CBC-SHA
-
PSK-RC4-SHA
-
RC4-MD5
-
RC4-SHA
-
SEED-SHA