Cipher Suites Allowed in TLS1.2 and TLS1.3
The Internet Assigned Numbers Authority (IANA) is responsible for assigning numbers to all TLS cipher suites. The following table lists all secure IANA cipher suites that comply with Huawei's specifications. (The cipher suites recommended by IANA are not universally accepted by all standard organizations. Therefore, Huawei has conducted a screening process to select suites that meet the requirements of various organizations.) Cipher suites are classified into two security levels: high and medium. A cipher suite is considered high-level if it supports Perfect Forward Secrecy and AES symmetric encryption algorithms (GCM/CCM/CHACHA20-POLY1305). However, this criterion may change in the future based on the security level of TLS industry practices. Cipher suites that meet Huawei specifications but do not meet the high-level criteria are considered medium-level cipher suites.
Cipher Suites Allowed in TLS1.2
IANA Code |
IANA Cipher Suite |
Security Level |
---|---|---|
0x00,0x9E |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
High |
0x00,0x9F |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
High |
0x00,0xA2 |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
High |
0x00,0xA3 |
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
High |
0x00,0xA9 |
TLS_PSK_WITH_AES_256_GCM_SHA384 |
MEDIUM |
0x00,0xAA |
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
High |
0x00,0xAB |
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
High |
0xCC,0xAD |
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |
High |
0xC0,0x2B |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
High |
0xC0,0x2C |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
High |
0xC0,0x2F |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
High |
0xC0,0x30 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
High |
0xCC,0xA8 |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
High |
0xCC,0xAC |
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |
High |
0xD0,0x01 |
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 |
High |
0xD0,0x02 |
TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 |
High |
0xD0,0x05 |
TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 |
High |
0xC0,0x9E |
TLS_DHE_RSA_WITH_AES_128_CCM |
High |
0xC0,0x9F |
TLS_DHE_RSA_WITH_AES_256_CCM |
High |
0xCC,0xAA |
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
High |
0xC0,0xA5 |
TLS_PSK_WITH_AES_256_CCM |
MEDIUM |
0xC0,0xA6 |
TLS_DHE_PSK_WITH_AES_128_CCM |
High |
0xC0,0xA7 |
TLS_DHE_PSK_WITH_AES_256_CCM |
High |
0xC0,0xAC |
TLS_ECDHE_ECDSA_WITH_AES_128_CCM |
High |
0xC0,0xAD |
TLS_ECDHE_ECDSA_WITH_AES_256_CCM |
High |
0xCC,0xA9 |
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
High |
Cipher Suites Allowed in TLS1.3
IANA Code |
IANA Cipher Suite |
Security Level |
---|---|---|
0x13,0x01 |
TLS_AES_128_GCM_SHA256 |
High |
0x13,0x02 |
TLS_AES_256_GCM_SHA384 |
High |
0x13,0x03 |
TLS_CHACHA20_POLY1305_SHA256 |
High |
0x13,0x04 |
TLS_AES_128_CCM_SHA256 |
High |
According to RFC 8998, the SM series cryptographic algorithm suite is added to TLS1.3. The following two algorithm suites cannot be used in other TLS versions.
IANA Code |
IANA Cipher Suite |
---|---|
0x00,0xC6 |
TLS_SM4_GCM_SM3 |
0x00,0xC7 |
TLS_SM4_CCM_SM3 |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot