Supported TLS Ciphers

As shown in Figure: TLS Handshake, TLS negotiates the supported ciphers between the client and the server.

The client sends the supported cipher suites in the client Hello message, and the server compares them with the server cipher list. The top protocol on both lists is chosen and returned from the server in the server Hello message.

The 7705 SAR supports the following ciphers as a TLS 1.2 client:

• tls-rsa-with3des-ede-cbc-sha

• tls-rsa-with-aes128-cbc-sha

• tls-rsa-with-aes256-cbc-sha

• tls-rsa-with-aes128-cbc-sha256

• tls-rsa-with-aes256-cbc-sha256

The 7705 SAR supports the following TLS 1.3 ciphers, groups, and signature algorithms as a TLS 1.3 client:

• ciphers:

  • tls-aes128-gcm-sha256

  • tls-aes256-gcm-sha384

  • tls-chacha20-poly1305-sha256

  • tls-aes128-ccm-sha256

  • tls-aes128-ccm8-sha256

• groups:

  • tls-ecdhe-256

  • tls-ecdhe-384

  • tls-ecdhe-521

  • tls-x25519

  • tls-x448

• signature algorithms:

  • tls-rsa-pkcs1-sha256

  • tls-rsa-pkcs1-sha384

  • tls-rsa-pkcs1-sha512

  • tls-ecdsa-secp256r1-sha256

  • tls-ecdsa-secp384r1-sha384

  • tls-ecdsa-secp521r1-sha512

  • tls-rsa-pss-rsae-sha256

  • tls-rsa-pss-rsae-sha384

  • tls-rsa-pss-rsae-sha512

  • tls-rsa-pss-pss-sha256

  • tls-rsa-pss-pss-sha384

  • tls-rsa-pss-pss-sha512

  • tls-ed25519

  • tls-ed448