FIPS 140-2 Approved Cipher Algorithms

After enabling the FIPS mode, Session Monitor sends out only the following listed FIPS 140-2 approved Cipher Suites for all external interfaces where TLS is enabled:

  1. Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
  2. Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
  3. Cipher Suite: TLS_AES_128_CCM_SHA256 (0x1304)
  4. Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
  5. Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
  6. Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad)
  7. Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
  8. Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
  9. Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac)
  10. Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
  11. Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
  12. Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  13. Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  14. Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  15. Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  16. Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
  17. Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f)
  18. Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
  19. Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e)
  20. Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
  21. Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
  22. Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
  23. Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
  24. Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
The following Cipher Suites are NOT FIPS 140-2 compliant and cannot be used by Session Monitor when the FIPS mode enabled:
  1. TLS_CHACHA20_POLY1305_SHA256 (0x1303)
  2. TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
  3. TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
  4. TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
  5. TLS_RSA_WITH_AES_256_CCM (0xc09d)
  6. TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
  7. TLS_RSA_WITH_AES_128_CCM (0xc09c)
  8. TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
  9. TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
  10. TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  11. TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  12. TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)