Supported TLS Cipher Suites
This appendix and the WSOP configuration file both use the OpenSSL project’s identifiers for TLS Cipher Suites.
Recommended Cipher Suites: The Default List
The following TLS Cipher Suites are supported by WSOP, and are configured for use by default. It is strongly recommended that this default set of cipher suites, or a subset of it, is used.
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-CHACHA20-POLY1305
-
ECDHE-RSA-CHACHA20-POLY1305
Less Secure Cipher Suites: Not Recommended
The following TLS Cipher Suites are supported by WSOP, but only if explicitly configured for use by the user. These are less secure cipher suites and should only be configured for use after a thorough threat analysis of the operating environment.
-
ECDHE-RSA-AES128-SHA256
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-RSA-AES256-SHA
-
ECDHE-RSA-AES128-SHA
-
ECDHE-RSA-DES-CBC3-SHA
-
ECDHE-ECDSA-AES256-SHA
-
ECDHE-ECDSA-AES128-SHA
-
ECDHE-RSA-RC4-SHA
-
ECDHE-ECDSA-RC4-SHA
-
AES256-GCM-SHA384
-
AES128-GCM-SHA256
-
AES128-SHA256
-
AES256-SHA
-
AES128-SHA
-
DES-CBC3-SHA
-
RC4-SHA