Supported Load Balancer Ciphers
View the ciphers supported by the Load Balancer service by TLS version.
TLS version 1.3
|
Certificate |
Cipher Suite |
Key Exchange |
Encryption |
Bits |
Cipher Suite Name (IANA) |
|---|---|---|---|---|---|
|
AES_128_GCM_SHA256 |
0x13, 0x01 |
AES |
AESGCM |
128 |
TLS_AES_128_GCM_SHA256 |
|
AES_256_GCM_SHA384 |
0x13, 0x02 |
AES |
AESGCM |
256 |
TLS_AES_256_GCM_SHA384 |
|
CHACHA20_POLY1305_SHA256 |
0x13, 0x03 |
CHACHA20 |
CHACHA20 POLY1305 |
256 |
TLS_CHACHA20_POLY1305_SHA256 |
|
AES_128_CCM_SHA256 |
0x13, 0x04 |
AES |
AESCCM |
128 |
TLS_AES_128_CCM_SHA256 |
|
AES_128_CCM_8_SHA256 |
0x13, 0x05 |
AES |
AESCCM |
128 |
TLS_AES_128_CCM_8_SHA256 |
TLS version 1.2
|
Certificate |
Cipher Suite |
Key Exchange |
Encryption |
Bits |
Cipher Suite Name (IANA) |
|---|---|---|---|---|---|
|
ECDHE-ECDSA-AES128-GCM-SHA256 |
[0xc02b] |
ECDH |
AESGCM |
128 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
|
ECDHE-RSA-AES128-GCM-SHA256 |
[0xc02f] |
ECDH |
AESGCM |
128 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|
ECDHE-ECDSA-AES128-SHA256 |
[0xc023] |
ECDH |
AES |
128 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
|
ECDHE-RSA-AES128-SHA256 |
[0xc027] |
ECDH |
AES |
128 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
|
ECDHE-ECDSA-AES256-GCM-SHA384 |
[0xc02c] |
ECDH |
AESGCM |
256 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
|
ECDHE-RSA-AES256-GCM-SHA384 |
[0xc030] |
ECDH |
AESGCM |
256 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|
ECDHE-ECDSA-AES256-SHA384 |
[0xc024] |
ECDH |
AES |
256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
|
ECDHE-RSA-AES256-SHA384 |
[0xc028] |
ECDH |
AES |
256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
|
AES128-GCM-SHA256 |
[0x9c] |
RSA |
AESGCM |
128 |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
|
AES128-SHA256 |
[0x3c] |
RSA |
AES |
128 |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
|
AES256-GCM-SHA384 |
[0x9d] |
RSA |
AESGCM |
256 |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
|
AES256-SHA256 |
[0x3d] |
RSA |
AES |
256 |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
|
DHE-RSA-AES256-GCM-SHA384 |
[0x9f] |
DH |
AESGCM |
256 |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
|
DHE-RSA-AES256-SHA256 |
[0x6b] |
DH |
AES |
256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
|
DHE-RSA-AES128-GCM-SHA256 |
[0x9e] |
DH |
AESGCM |
128 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
|
DHE-RSA-AES128-SHA256 |
[0x67] |
DH |
AES |
128 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
|
DH-DSS-AES256-GCM-SHA384 |
[0xa5] |
DH/DSS |
AESGCM |
256 |
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 |
|
DHE-DSS-AES256-GCM-SHA384 |
[0xa3] |
DH |
AESGCM |
256 |
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
|
DH-RSA-AES256-GCM-SHA384 |
[0xa1] |
DH/RSA |
AESGCM |
256 |
TLS_DH_RSA_WITH_AES_256_GCM_SHA384 |
|
DHE-DSS-AES256-SHA256 |
[0x6a] |
DH |
AES |
256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
|
DH-RSA-AES256-SHA256 |
[0x69] |
DH/RSA |
AES |
256 |
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 |
|
DH-DSS-AES256-SHA256 |
[0x68] |
DH/DSS |
AES |
256 |
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 |
|
ECDH-RSA-AES256-GCM-SHA384 |
[0xc032] |
ECDH/RSA |
AESGCM |
256 |
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
|
ECDH-ECDSA-AES256-GCM-SHA384 |
[0xc02e] |
ECDH/ECDSA |
AESGCM |
256 |
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
|
ECDH-RSA-AES256-SHA384 |
[0xc02a] |
ECDH/RSA |
AES |
256 |
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
|
ECDH-ECDSA-AES256-SHA384 |
[0xc026] |
ECDH/ECDSA |
AES |
256 |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
|
DH-DSS-AES128-GCM-SHA256 |
[0xa4] |
DH/DSS |
AESGCM |
128 |
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 |
|
DHE-DSS-AES128-GCM-SHA256 |
[0xa2] |
DH |
AESGCM |
128 |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
|
DH-RSA-AES128-GCM-SHA256 |
[0xa0] |
DH/RSA |
AESGCM |
128 |
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 |
|
DHE-DSS-AES128-SHA256 |
[0x40] |
DH |
AES |
128 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
|
DH-RSA-AES128-SHA256 |
[0x3f] |
DH/RSA |
AES |
128 |
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 |
|
DH-DSS-AES128-SHA256 |
[0x3e] |
DH/DSS |
AES |
128 |
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 |
|
ECDH-RSA-AES128-GCM-SHA256 |
[0xc031] |
ECDH/RSA |
AESGCM |
128 |
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
|
ECDH-ECDSA-AES128-GCM-SHA256 |
[0xc02d] |
ECDH/ECDSA |
AESGCM |
128 |
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
|
ECDH-RSA-AES128-SHA256 |
[0xc029] |
ECDH/RSA |
AES |
128 |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
|
ECDH-ECDSA-AES128-SHA256 |
[0xc025] |
ECDH/ECDSA |
AES |
128 |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
TLS version 1.0/1.1 Ciphers Supported by TLS version 1.2
|
Certificate |
Cipher Suite |
Key Exchange |
Encryption |
Bits |
Cipher Suite Name (IANA) |
|---|---|---|---|---|---|
|
ECDHE-ECDSA-AES128-SHA |
[0xc009] |
ECDH |
AES |
128 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
|
ECDHE-RSA-AES128-SHA |
[0xc013] |
ECDH |
AES |
128 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
|
ECDHE-RSA-AES256-SHA |
[0xc014] |
ECDH |
AES |
256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
|
ECDHE-ECDSA-AES256-SHA |
[0xc00a] |
ECDH |
AES |
256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
|
AES128-SHA |
[0x2f] |
RSA |
AES |
128 |
TLS_RSA_WITH_AES_128_CBC_SHA |
|
AES256-SHA |
[0x35] |
RSA |
AES |
256 |
TLS_RSA_WITH_AES_256_CBC_SHA |
|
DHE-RSA-AES128-SHA |
[0x33] |
DH |
AES |
128 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
|
DHE-RSA-CAMELLIA256-SHA |
[0x88] |
DH |
Camellia |
256 |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
|
DHE-RSA-CAMELLIA128-SHA |
[0x45] |
DH |
Camellia |
128 |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
|
DHE-DSS-CAMELLIA256-SHA |
[0x87] |
DH |
Camellia |
256 |
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA |
|
DHE-DSS-CAMELLIA128-SHA |
[0x44] |
DH |
Camellia |
128 |
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA |
|
DHE-RSA-SEED-SHA |
[0x9a] |
DH |
SEED |
128 |
TLS_DHE_RSA_WITH_SEED_CBC_SHA |
|
DHE-DSS-SEED-SHA |
[0x99] |
DH |
SEED |
128 |
TLS_DHE_DSS_WITH_SEED_CBC_SHA |
|
DH-RSA-SEED-SHA |
[0x98] |
DH/RSA |
SEED |
128 |
TLS_DH_RSA_WITH_SEED_CBC_SHA |
|
DH-DSS-SEED-SHA |
[0x97] |
DH/DSS |
SEED |
128 |
TLS_DH_DSS_WITH_SEED_CBC_SHA |
|
DHE-RSA-AES256-SHA |
[0x39] |
DH |
AES |
256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
|
DHE-DSS-AES256-SHA |
[0x38] |
DH |
AES |
256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
|
DH-RSA-AES256-SHA |
|||||
|
DH-DSS-AES256-SHA |
[0x36] |
DH/DSS |
AES |
256 |
TLS_DH_DSS_WITH_AES_256_CBC_SHA |
|
DH-RSA-CAMELLIA256-SHA |
[0x86] |
DH/RSA |
Camellia |
256 |
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA |
|
DH-DSS-CAMELLIA256-SHA |
[0x85] |
DH/DSS |
Camellia |
256 |
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA |
|
ECDH-RSA-AES256-SHA |
[0xc00f] |
ECDH/RSA |
AES |
256 |
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
|
ECDH-ECDSA-AES256-SHA |
[0xc005] |
ECDH/ECDSA |
AES |
256 |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
|
CAMELLIA256-SHA |
[0x84] |
RSA |
Camellia |
256 |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
|
PSK-AES256-CBC-SHA |
[0x8d] |
PSK |
AES |
256 |
TLS_PSK_WITH_AES_256_CBC_SHA |
|
DHE-DSS-AES128-SHA |
[0x32] |
DH |
AES |
128 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
|
DH-RSA-AES128-SHA |
[0x31] |
DH/RSA |
AES |
128 |
TLS_DH_RSA_WITH_AES_128_CBC_SHA |
|
DH-DSS-AES128-SHA |
[0x30] |
DH/DSS |
AES |
128 |
TLS_DH_DSS_WITH_AES_128_CBC_SHA |
|
DH-RSA-CAMELLIA128-SHA |
[0x43] |
DH/RSA |
Camellia |
128 |
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA |
|
DH-DSS-CAMELLIA128-SHA |
[0xbb] |
DH/DSS |
Camellia |
128 |
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
|
ECDH-RSA-AES128-SHA |
[0xc00e] |
ECDH/RSA |
AES |
128 |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
|
ECDH-ECDSA-AES128-SHA |
[0xc004] |
ECDH/ECDSA |
AES |
128 |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
|
SEED-SHA |
[0x96] |
RSA |
SEED |
128 |
TLS_RSA_WITH_SEED_CBC_SHA |
|
CAMELLIA128-SHA |
|||||
|
PSK-AES128-CBC-SHA |
[0x8c] |
PSK |
AES |
128 |
TLS_PSK_WITH_AES_128_CBC_SHA |
|
DES-CBC3-SHA |
[0x0701c0] |
RSA |
3DES |
168 |
SSL_CK_DES_192_EDE3_CBC_WITH_SHA |
|
IDEA-CBC-SHA |
[0x07] |
RSA |
IDEA |
128 |
TLS_RSA_WITH_IDEA_CBC_SHA |
|
ECDHE-RSA-DES-CBC3-SHA |
[0xc012] |
ECDH |
3DES |
168 |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
|
ECDHE-ECDSA-DES-CBC3-SHA |
[0xc008] |
ECDH |
3DES |
168 |
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
|
DHE-RSA-DES-CBC3-SHA |
|||||
|
DHE-DSS-DES-CBC3-SHA |
|||||
|
DH-RSA-DES-CBC3-SHA |
[0x10] |
DH/RSA |
3DES |
168 |
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA |
|
DH-DSS-DES-CBC3-SHA |
[0x0d] |
DH/DSS |
3DES |
168 |
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA |
|
ECDH-RSA-DES-CBC3-SHA |
[0xc00d] |
ECDH/RSA |
3DES |
168 |
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
|
ECDH-ECDSA-DES-CBC3-SHA |
[0xc003] |
ECDH/ECDSA |
3DES |
168 |
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
|
PSK-3DES-EDE-CBC-SHA |
[0x8b] |
PSK |
3DES |
168 |
TLS_PSK_WITH_3DES_EDE_CBC_SHA |
|
KRB5-IDEA-CBC-SHA |
[0x21] |
KRB5 |
IDEA |
128 |
TLS_KRB5_WITH_IDEA_CBC_SHA |
|
KRB5-DES-CBC3-SHA |
[0x1f] |
KRB5 |
3DES |
168 |
TLS_KRB5_WITH_3DES_EDE_CBC_SHA |
|
KRB5-IDEA-CBC-MD5 |
[0x25] |
KRB5 |
IDEA |
128 |
TLS_KRB5_WITH_IDEA_CBC_MD5 |
|
KRB5-DES-CBC3-MD5 |
[0x23] |
KRB5 |
3DES |
168 |
TLS_KRB5_WITH_3DES_EDE_CBC_MD5 |
|
ECDHE-RSA-RC4-SHA |
[0xc011] |
ECDH |
RC4 |
128 |
TLS_ECDHE_RSA_WITH_RC4_128_SHA |
|
ECDHE-ECDSA-RC4-SHA |
[0xc007] |
ECDH |
RC4 |
128 |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
|
ECDH-RSA-RC4-SHA |
[0xc00c] |
ECDH/RSA |
RC4 |
128 |
TLS_ECDH_RSA_WITH_RC4_128_SHA |
|
ECDH-ECDSA-RC4-SHA |
[0xc002] |
ECDH/ECDSA |
RC4 |
128 |
TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
|
RC4-SHA |
[0x05] |
RSA |
RC4 |
128 |
TLS_RSA_WITH_RC4_128_SHA |
|
RC4-MD5 |
[0x04] |
RSA |
RC4 |
128 |
TLS_RSA_WITH_RC4_128_MD5 |
|
PSK-RC4-SHA |
[0x8a] |
PSK |
RC4 |
128 |
TLS_PSK_WITH_RC4_128_SHA |
|
KRB5-RC4-SHA |
[0x20] |
KRB5 |
RC4 |
128 |
TLS_KRB5_WITH_RC4_128_SHA |
|
KRB5-RC4-MD5 |
[0x24] |
KRB5 |
RC4 |
128 |
TLS_KRB5_WITH_RC4_128_MD5 |
Deprecated Ciphers
Starting August 15, 2024, the Oracle Cloud Infrastructure Load Balancer service no longer supports the following legacy ciphers. This change applies to existing and new TLS-enabled load balancers.
-
DHE-DSS-AES256-GCM-SHA384
-
DHE-DSS-AES256-SHA256
-
ECDH-RSA-AES256-GCM-SHA384
-
ECDH-ECDSA-AES256-GCM-SHA384
-
ECDH-RSA-AES256-SHA384
-
ECDH-ECDSA-AES256-SHA384
-
DHE-DSS-AES128-GCM-SHA256
-
DHE-DSS-AES128-SHA256
-
ECDH-RSA-AES128-GCM-SHA256
-
ECDH-ECDSA-AES128-GCM-SHA256
-
ECDH-RSA-AES128-SHA256
-
ECDH-ECDSA-AES128-SHA256
-
IDEA-CBC-SHA
-
RC4-MD5
If you plan to use TLS v1.3 protocol with either a backend set or a listener on the same load balancer, you can't use any custom cipher suites that contains any of these deprecated ciphers.