Supported TLS cipher suites

This appendix and the WSOP configuration file both use the OpenSSL project’s identifiers for TLS Cipher Suites.

Recommended Cipher Suites: The Default List

The following TLS Cipher Suites are supported by WSOP, and are configured for use by default. It is strongly recommended that this default set of cipher suites, or a subset of it, is used.

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-CHACHA20-POLY1305

  • ECDHE-RSA-CHACHA20-POLY1305

Less Secure Cipher Suites: Not Recommended

The following TLS Cipher Suites are supported by WSOP, but only if explicitly configured for use by the user. These are less secure cipher suites and should only be configured for use after a thorough threat analysis of the operating environment.

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-DES-CBC3-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-RC4-SHA

  • ECDHE-ECDSA-RC4-SHA

  • AES256-GCM-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-SHA

  • AES128-SHA

  • DES-CBC3-SHA

  • RC4-SHA