Oracle recommends the following ciphers, and includes them in the DEFAULT cipher list:

• TLS_AES_128_GCM_SHA256 (new in 9.2.0)
• TLS_AES_256_GCM_SHA384 (new in 9.2.0)
• TLS_CHACHA20_POLY1305_SHA256 (new in 9.2.0)
• TLS_AES_128_CCM_SHA256 (new in 9.2.0)
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Oracle supports the following ciphers, but does not include them in the DEFAULT cipher list:

• TLS_AES_128_CCM_8_SHA256 (new in 9.2.0)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_GCM_SHA256

Oracle supports the following ciphers, but considers them not secure. They are not included in the DEFAULT cipher-list, but they are included when you set the cipher-list attribute to ALL. The verify-config command returns a warning if these ciphers are used.

• TLS_RSA_WITH_3DES_EDE_CBC_SHA (demoted to weak in 9.2.0)
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Oracle supports the following ciphers for debugging purposes only:

• TLS_RSA_WITH_NULL_SHA256
• TLS_RSA_WITH_NULL_SHA
• TLS_RSA_WITH_NULL_MD5