Supported cipher suites
Cloudflare supports the following cipher suites by default. If needed, you can restrict your website or application to only use specific cipher suites.
Cipher name | Minimum protocol | Security recommendation | Cipher suite | IANA name |
---|---|---|---|---|
ECDHE-ECDSA-AES128-GCM-SHA256 | TLS 1.2 | Modern | [0xc02b] | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
ECDHE-ECDSA-CHACHA20-POLY1305 | TLS 1.2 | Modern | [0xcca9] | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
ECDHE-RSA-AES128-GCM-SHA256 | TLS 1.2 | Modern | [0xc02f] | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
ECDHE-RSA-CHACHA20-POLY1305 | TLS 1.2 | Modern | [0xcca8] | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
ECDHE-ECDSA-AES128-SHA256 | TLS 1.2 | Compatible | [0xc023] | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
ECDHE-ECDSA-AES128-SHA | TLS 1.0 | Legacy | [0xc009] | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
ECDHE-RSA-AES128-SHA256 | TLS 1.2 | Compatible | [0xc027] | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
ECDHE-RSA-AES128-SHA | TLS 1.0 | Legacy | [0xc013] | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
AES128-GCM-SHA256 | TLS 1.2 | Legacy | [0x9c] | TLS_RSA_WITH_AES_128_GCM_SHA256 |
AES128-SHA256 | TLS 1.2 | Legacy | [0x3c] | TLS_RSA_WITH_AES_128_CBC_SHA256 |
AES128-SHA | TLS 1.0 | Legacy | [0x2f] | TLS_RSA_WITH_AES_128_CBC_SHA |
ECDHE-ECDSA-AES256-GCM-SHA384 | TLS 1.2 | Modern | [0xc02c] | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
ECDHE-ECDSA-AES256-SHA384 | TLS 1.2 | Compatible | [0xc024] | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
ECDHE-RSA-AES256-GCM-SHA384 | TLS 1.2 | Modern | [0xc030] | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
ECDHE-RSA-AES256-SHA384 | TLS 1.2 | Compatible | [0xc028] | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
ECDHE-RSA-AES256-SHA | TLS 1.0 | Legacy | [0xc014] | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
AES256-GCM-SHA384 | TLS 1.2 | Legacy | [0x9d] | TLS_RSA_WITH_AES_256_GCM_SHA384 |
AES256-SHA256 | TLS 1.2 | Legacy | [0x3d] | TLS_RSA_WITH_AES_256_CBC_SHA256 |
AES256-SHA | TLS 1.0 | Legacy | [0x35] | TLS_RSA_WITH_AES_256_CBC_SHA |
DES-CBC3-SHA | TLS 1.0 | Legacy | [0x0a] | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
AEAD-AES128-GCM-SHA256 1 | TLS 1.3 | Modern | {0x13,0x01} | TLS_AES_128_GCM_SHA256 |
AEAD-AES256-GCM-SHA384 1 | TLS 1.3 | Modern | {0x13,0x02} | TLS_AES_256_GCM_SHA384 |
AEAD-CHACHA20-POLY1305-SHA256 1 | TLS 1.3 | Modern | {0x13,0x03} | TLS_CHACHA20_POLY1305_SHA256 |
Automatically supported by your zone if you enable TLS 1.3. TLS 1.3 uses the same cipher suite space as previous versions of TLS, but defines these cipher suites differently. TLS 1.3 only specifies the symmetric ciphers and cannot be used for TLS 1.2. Similarly, TLS 1.2 and lower cipher suites cannot be used with TLS 1.3 (IETF TLS 1.3 draft 21). BoringSSL also hard-codes cipher preferences in this order for TLS 1.3. ↩︎ ↩︎ ↩︎