Help Center/ Customer Operation Capabilities/ API Reference/ Appendix/ Cipher Suites Allowed in TLS1.2 and TLS1.3
Updated on 2024-09-26 GMT+08:00

Cipher Suites Allowed in TLS1.2 and TLS1.3

The Internet Assigned Numbers Authority (IANA) is responsible for assigning numbers to all TLS cipher suites. The following table lists all secure IANA cipher suites that comply with Huawei's specifications. (The cipher suites recommended by IANA are not universally accepted by all standard organizations. Therefore, Huawei has conducted a screening process to select suites that meet the requirements of various organizations.) Cipher suites are classified into two security levels: high and medium. A cipher suite is considered high-level if it supports Perfect Forward Secrecy and AES symmetric encryption algorithms (GCM/CCM/CHACHA20-POLY1305). However, this criterion may change in the future based on the security level of TLS industry practices. Cipher suites that meet Huawei specifications but do not meet the high-level criteria are considered medium-level cipher suites.

Cipher Suites Allowed in TLS1.2

IANA Code

IANA Cipher Suite

Security Level

0x00,0x9E

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

High

0x00,0x9F

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

High

0x00,0xA2

TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

High

0x00,0xA3

TLS_DHE_DSS_WITH_AES_256_GCM_SHA384

High

0x00,0xA9

TLS_PSK_WITH_AES_256_GCM_SHA384

MEDIUM

0x00,0xAA

TLS_DHE_PSK_WITH_AES_128_GCM_SHA256

High

0x00,0xAB

TLS_DHE_PSK_WITH_AES_256_GCM_SHA384

High

0xCC,0xAD

TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256

High

0xC0,0x2B

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

High

0xC0,0x2C

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

High

0xC0,0x2F

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

High

0xC0,0x30

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

High

0xCC,0xA8

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

High

0xCC,0xAC

TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256

High

0xD0,0x01

TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256

High

0xD0,0x02

TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384

High

0xD0,0x05

TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256

High

0xC0,0x9E

TLS_DHE_RSA_WITH_AES_128_CCM

High

0xC0,0x9F

TLS_DHE_RSA_WITH_AES_256_CCM

High

0xCC,0xAA

TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

High

0xC0,0xA5

TLS_PSK_WITH_AES_256_CCM

MEDIUM

0xC0,0xA6

TLS_DHE_PSK_WITH_AES_128_CCM

High

0xC0,0xA7

TLS_DHE_PSK_WITH_AES_256_CCM

High

0xC0,0xAC

TLS_ECDHE_ECDSA_WITH_AES_128_CCM

High

0xC0,0xAD

TLS_ECDHE_ECDSA_WITH_AES_256_CCM

High

0xCC,0xA9

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

High

Cipher Suites Allowed in TLS1.3

IANA Code

IANA Cipher Suite

Security Level

0x13,0x01

TLS_AES_128_GCM_SHA256

High

0x13,0x02

TLS_AES_256_GCM_SHA384

High

0x13,0x03

TLS_CHACHA20_POLY1305_SHA256

High

0x13,0x04

TLS_AES_128_CCM_SHA256

High

According to RFC 8998, the SM series cryptographic algorithm suite is added to TLS1.3. The following two algorithm suites cannot be used in other TLS versions.

IANA Code

IANA Cipher Suite

0x00,0xC6

TLS_SM4_GCM_SM3

0x00,0xC7

TLS_SM4_CCM_SM3