Supported Load Balancer Ciphers

View the ciphers supported by the Load Balancer service by TLS.

When available, the version 3 of a cipher suite is recommended instead of the version 1.

TLS 1.3

TLS 1.3 Supported Ciphers
Certificate Cipher Suite Key Exchange Encryption Bits Cipher Suite Name (IANA)
AES_128_GCM_SHA256 0x13, 0x01 AES AESGCM 128 TLS_AES_128_GCM_SHA256
AES_256_GCM_SHA384 0x13, 0x02 AES AESGCM 256 TLS_AES_256_GCM_SHA384
CHACHA20_POLY1305_SHA256 0x13, 0x03 CHACHA20 CHACHA20 POLY1305 256 TLS_CHACHA20_POLY1305_SHA256
AES_128_CCM_SHA256 0x13, 0x04 AES AESCCM 128 TLS_AES_128_CCM_SHA256
AES_128_CCM_8_SHA256 0x13, 0x05 AES AESCCM 128 TLS_AES_128_CCM_8_SHA256

TLS 1.2

Supported Ciphers for TLS 1.2
Certificate Cipher Suite Key Exchange Encryption Bits Cipher Suite Name (IANA)
ECDHE-ECDSA-CHACHA20-POLY1305 [0xCC, 0xA9] ECDH CHACHA20 POLY1305 256 TLS_ECDHE_ECDSA_CHACHA20_POLY1305
ECDHE-RSA-CHACHA20-POLY1305 [0xCC, 0xA8] ECDH CHACHA20 POLY1305 256 TLS_ECDHE_RSA_CHACHA20_POLY1305
ECDHE-ECDSA-AES256-CCM [0xC0, 0xAD] ECDH AESGCM 256 TLS_ECDHE_ECDSA_AES256_CCM
ECDHE-ECDSA-AES128-CCM [0xC0, 0xAC] ECDH AESGCM 128 TLS_ECDHE_ECDSA_AES128_CCM
ECDHE-ECDSA-AES128-GCM-SHA256 [0xc02b] ECDH AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ECDHE-RSA-AES128-GCM-SHA256 [0xc02f] ECDH AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE-ECDSA-AES128-SHA256 [0xc023] ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ECDHE-RSA-AES128-SHA256 [0xc027] ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDHE-ECDSA-AES256-GCM-SHA384 [0xc02c] ECDH AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES256-GCM-SHA384 [0xc030] ECDH AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDHE-ECDSA-AES256-SHA384 [0xc024] ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ECDHE-RSA-AES256-SHA384 [0xc028] ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
AES128-GCM-SHA256 [0x9c] RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
AES128-SHA256 [0x3c] RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-GCM-SHA384 [0x9d] RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
AES256-SHA256 [0x3d] RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
DHE-RSA-AES256-GCM-SHA384 [0x9f] DH AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
DHE-RSA-AES256-SHA256 [0x6b] DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
DHE-RSA-AES128-GCM-SHA256 [0x9e] DH AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
DHE-RSA-AES128-SHA256 [0x67] DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
DH-DSS-AES256-GCM-SHA384 [0xa5] DH/DSS AESGCM 256 TLS_DH_DSS_WITH_AES_256_GCM_SHA384
DHE-DSS-AES256-GCM-SHA384 [0xa3] DH AESGCM 256 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
DH-RSA-AES256-GCM-SHA384 [0xa1] DH/RSA AESGCM 256 TLS_DH_RSA_WITH_AES_256_GCM_SHA384
DHE-DSS-AES256-SHA256 [0x6a] DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
DH-RSA-AES256-SHA256 [0x69] DH/RSA AES 256 TLS_DH_RSA_WITH_AES_256_CBC_SHA256
DH-DSS-AES256-SHA256 [0x68] DH/DSS AES 256 TLS_DH_DSS_WITH_AES_256_CBC_SHA256
ECDH-RSA-AES256-GCM-SHA384 [0xc032] ECDH/RSA AESGCM 256 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
ECDH-ECDSA-AES256-GCM-SHA384 [0xc02e] ECDH/ECDSA AESGCM 256 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
ECDH-RSA-AES256-SHA384 [0xc02a] ECDH/RSA AES 256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
ECDH-ECDSA-AES256-SHA384 [0xc026] ECDH/ECDSA AES 256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
DH-DSS-AES128-GCM-SHA256 [0xa4] DH/DSS AESGCM 128 TLS_DH_DSS_WITH_AES_128_GCM_SHA256
DHE-DSS-AES128-GCM-SHA256 [0xa2] DH AESGCM 128 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
DH-RSA-AES128-GCM-SHA256 [0xa0] DH/RSA AESGCM 128 TLS_DH_RSA_WITH_AES_128_GCM_SHA256
DHE-DSS-AES128-SHA256 [0x40] DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
DH-RSA-AES128-SHA256 [0x3f] DH/RSA AES 128 TLS_DH_RSA_WITH_AES_128_CBC_SHA256
DH-DSS-AES128-SHA256 [0x3e] DH/DSS AES 128 TLS_DH_DSS_WITH_AES_128_CBC_SHA256
ECDH-RSA-AES128-GCM-SHA256 [0xc031] ECDH/RSA AESGCM 128 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ECDH-ECDSA-AES128-GCM-SHA256 [0xc02d] ECDH/ECDSA AESGCM 128 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ECDH-RSA-AES128-SHA256 [0xc029] ECDH/RSA AES 128 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
ECDH-ECDSA-AES128-SHA256 [0xc025] ECDH/ECDSA AES 128 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

TLS 1.0/1.1 Ciphers Supported by TLS 1.2

TLS version 1.0/1.1 Ciphers Supported by TLS 1.2
Certificate Cipher Suite Key Exchange Encryption Bits Cipher Suite Name (IANA)
ECDHE-ECDSA-AES128-SHA [0xc009] ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES128-SHA [0xc013] ECDH AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES256-SHA [0xc014] ECDH AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDHE-ECDSA-AES256-SHA [0xc00a] ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
AES128-SHA [0x2f] RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
AES256-SHA [0x35] RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
DHE-RSA-AES128-SHA [0x33] DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DHE-RSA-CAMELLIA256-SHA [0x88] DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
DHE-RSA-CAMELLIA128-SHA [0x45] DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
DHE-DSS-CAMELLIA256-SHA [0x87] DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
DHE-DSS-CAMELLIA128-SHA [0x44] DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
DHE-RSA-SEED-SHA [0x9a] DH SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA
DHE-DSS-SEED-SHA [0x99] DH SEED 128 TLS_DHE_DSS_WITH_SEED_CBC_SHA
DH-RSA-SEED-SHA [0x98] DH/RSA SEED 128 TLS_DH_RSA_WITH_SEED_CBC_SHA
DH-DSS-SEED-SHA [0x97] DH/DSS SEED 128 TLS_DH_DSS_WITH_SEED_CBC_SHA
DHE-RSA-AES256-SHA [0x39] DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
DHE-DSS-AES256-SHA [0x38] DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
DH-RSA-AES256-SHA
DH-DSS-AES256-SHA [0x36] DH/DSS AES 256 TLS_DH_DSS_WITH_AES_256_CBC_SHA
DH-RSA-CAMELLIA256-SHA [0x86] DH/RSA Camellia 256 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
DH-DSS-CAMELLIA256-SHA [0x85] DH/DSS Camellia 256 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
ECDH-RSA-AES256-SHA [0xc00f] ECDH/RSA AES 256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
ECDH-ECDSA-AES256-SHA [0xc005] ECDH/ECDSA AES 256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
CAMELLIA256-SHA [0x84] RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
PSK-AES256-CBC-SHA [0x8d] PSK AES 256 TLS_PSK_WITH_AES_256_CBC_SHA
DHE-DSS-AES128-SHA [0x32] DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
DH-RSA-AES128-SHA [0x31] DH/RSA AES 128 TLS_DH_RSA_WITH_AES_128_CBC_SHA
DH-DSS-AES128-SHA [0x30] DH/DSS AES 128 TLS_DH_DSS_WITH_AES_128_CBC_SHA
DH-RSA-CAMELLIA128-SHA [0x43] DH/RSA Camellia 128 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
DH-DSS-CAMELLIA128-SHA [0xbb] DH/DSS Camellia 128 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
ECDH-RSA-AES128-SHA [0xc00e] ECDH/RSA AES 128 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
ECDH-ECDSA-AES128-SHA [0xc004] ECDH/ECDSA AES 128 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
SEED-SHA [0x96] RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA
CAMELLIA128-SHA
PSK-AES128-CBC-SHA [0x8c] PSK AES 128 TLS_PSK_WITH_AES_128_CBC_SHA
DES-CBC3-SHA [0x0701c0] RSA 3DES 168 SSL_CK_DES_192_EDE3_CBC_WITH_SHA
IDEA-CBC-SHA [0x07] RSA IDEA 128 TLS_RSA_WITH_IDEA_CBC_SHA
ECDHE-RSA-DES-CBC3-SHA [0xc012] ECDH 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECDHE-ECDSA-DES-CBC3-SHA [0xc008] ECDH 3DES 168 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
DHE-RSA-DES-CBC3-SHA
DHE-DSS-DES-CBC3-SHA
DH-RSA-DES-CBC3-SHA [0x10] DH/RSA 3DES 168 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
DH-DSS-DES-CBC3-SHA [0x0d] DH/DSS 3DES 168 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
ECDH-RSA-DES-CBC3-SHA [0xc00d] ECDH/RSA 3DES 168 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
ECDH-ECDSA-DES-CBC3-SHA [0xc003] ECDH/ECDSA 3DES 168 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
PSK-3DES-EDE-CBC-SHA [0x8b] PSK 3DES 168 TLS_PSK_WITH_3DES_EDE_CBC_SHA
KRB5-IDEA-CBC-SHA [0x21] KRB5 IDEA 128 TLS_KRB5_WITH_IDEA_CBC_SHA
KRB5-DES-CBC3-SHA [0x1f] KRB5 3DES 168 TLS_KRB5_WITH_3DES_EDE_CBC_SHA
KRB5-IDEA-CBC-MD5 [0x25] KRB5 IDEA 128 TLS_KRB5_WITH_IDEA_CBC_MD5
KRB5-DES-CBC3-MD5 [0x23] KRB5 3DES 168 TLS_KRB5_WITH_3DES_EDE_CBC_MD5
ECDHE-RSA-RC4-SHA [0xc011] ECDH RC4 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA
ECDHE-ECDSA-RC4-SHA [0xc007] ECDH RC4 128 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
ECDH-RSA-RC4-SHA [0xc00c] ECDH/RSA RC4 128 TLS_ECDH_RSA_WITH_RC4_128_SHA
ECDH-ECDSA-RC4-SHA [0xc002] ECDH/ECDSA RC4 128 TLS_ECDH_ECDSA_WITH_RC4_128_SHA
RC4-SHA [0x05] RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA
RC4-MD5 [0x04] RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5
PSK-RC4-SHA [0x8a] PSK RC4 128 TLS_PSK_WITH_RC4_128_SHA
KRB5-RC4-SHA [0x20] KRB5 RC4 128 TLS_KRB5_WITH_RC4_128_SHA
KRB5-RC4-MD5 [0x24] KRB5 RC4 128 TLS_KRB5_WITH_RC4_128_MD5

Deprecated Ciphers

Starting August 15, 2024, the Oracle Cloud Infrastructure Load Balancer service no longer supports the following legacy ciphers. This change applies to existing and new TLS-enabled load balancers.

  • DHE-DSS-AES256-GCM-SHA384

  • DHE-DSS-AES256-SHA256

  • ECDH-RSA-AES256-GCM-SHA384

  • ECDH-ECDSA-AES256-GCM-SHA384

  • ECDH-RSA-AES256-SHA384

  • ECDH-ECDSA-AES256-SHA384

  • DHE-DSS-AES128-GCM-SHA256

  • DHE-DSS-AES128-SHA256

  • ECDH-RSA-AES128-GCM-SHA256

  • ECDH-ECDSA-AES128-GCM-SHA256

  • ECDH-RSA-AES128-SHA256

  • ECDH-ECDSA-AES128-SHA256

  • IDEA-CBC-SHA

  • RC4-MD5

Note

If you plan to use TLS v1.3 protocol with either a backend set or a listener on the same load balancer, you can't use any custom cipher suites that contains any of these deprecated ciphers.