Cipher Suites Allowed in TLS1.2 and TLS1.3

Updated on 2024-09-26 GMT+08:00

View PDF

The Internet Assigned Numbers Authority (IANA) is responsible for assigning numbers to all TLS cipher suites. The following table lists all secure IANA cipher suites that comply with Huawei's specifications. (The cipher suites recommended by IANA are not universally accepted by all standard organizations. Therefore, Huawei has conducted a screening process to select suites that meet the requirements of various organizations.) Cipher suites are classified into two security levels: high and medium. A cipher suite is considered high-level if it supports Perfect Forward Secrecy and AES symmetric encryption algorithms (GCM/CCM/CHACHA20-POLY1305). However, this criterion may change in the future based on the security level of TLS industry practices. Cipher suites that meet Huawei specifications but do not meet the high-level criteria are considered medium-level cipher suites.

Cipher Suites Allowed in TLS1.2

IANA Code	IANA Cipher Suite	Security Level
0x00,0x9E	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256	High
0x00,0x9F	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384	High
0x00,0xA2	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256	High
0x00,0xA3	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384	High
0x00,0xA9	TLS_PSK_WITH_AES_256_GCM_SHA384	MEDIUM
0x00,0xAA	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256	High
0x00,0xAB	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384	High
0xCC,0xAD	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256	High
0xC0,0x2B	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	High
0xC0,0x2C	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	High
0xC0,0x2F	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	High
0xC0,0x30	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	High
0xCC,0xA8	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	High
0xCC,0xAC	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256	High
0xD0,0x01	TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256	High
0xD0,0x02	TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384	High
0xD0,0x05	TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256	High
0xC0,0x9E	TLS_DHE_RSA_WITH_AES_128_CCM	High
0xC0,0x9F	TLS_DHE_RSA_WITH_AES_256_CCM	High
0xCC,0xAA	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256	High
0xC0,0xA5	TLS_PSK_WITH_AES_256_CCM	MEDIUM
0xC0,0xA6	TLS_DHE_PSK_WITH_AES_128_CCM	High
0xC0,0xA7	TLS_DHE_PSK_WITH_AES_256_CCM	High
0xC0,0xAC	TLS_ECDHE_ECDSA_WITH_AES_128_CCM	High
0xC0,0xAD	TLS_ECDHE_ECDSA_WITH_AES_256_CCM	High
0xCC,0xA9	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	High

Cipher Suites Allowed in TLS1.3

IANA Code	IANA Cipher Suite	Security Level
0x13,0x01	TLS_AES_128_GCM_SHA256	High
0x13,0x02	TLS_AES_256_GCM_SHA384	High
0x13,0x03	TLS_CHACHA20_POLY1305_SHA256	High
0x13,0x04	TLS_AES_128_CCM_SHA256	High

According to RFC 8998, the SM series cryptographic algorithm suite is added to TLS1.3. The following two algorithm suites cannot be used in other TLS versions.