Skip to content

Supported cipher suites

Cloudflare supports the following cipher suites by default. If needed, you can restrict your website or application to only use specific cipher suites.

Cipher nameMinimum protocolSecurity recommendationCipher suiteIANA name
ECDHE-ECDSA-AES128-GCM-SHA256TLS 1.2Modern[0xc02b]TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ECDHE-ECDSA-CHACHA20-POLY1305TLS 1.2Modern[0xcca9]TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
ECDHE-RSA-AES128-GCM-SHA256TLS 1.2Modern[0xc02f]TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE-RSA-CHACHA20-POLY1305TLS 1.2Modern[0xcca8]TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
ECDHE-ECDSA-AES128-SHA256TLS 1.2Compatible[0xc023]TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ECDHE-ECDSA-AES128-SHATLS 1.0Legacy[0xc009]TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES128-SHA256TLS 1.2Compatible[0xc027]TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDHE-RSA-AES128-SHATLS 1.0Legacy[0xc013]TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
AES128-GCM-SHA256TLS 1.2Legacy[0x9c]TLS_RSA_WITH_AES_128_GCM_SHA256
AES128-SHA256TLS 1.2Legacy[0x3c]TLS_RSA_WITH_AES_128_CBC_SHA256
AES128-SHATLS 1.0Legacy[0x2f]TLS_RSA_WITH_AES_128_CBC_SHA
ECDHE-ECDSA-AES256-GCM-SHA384TLS 1.2Modern[0xc02c]TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ECDHE-ECDSA-AES256-SHA384TLS 1.2Compatible[0xc024]TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ECDHE-RSA-AES256-GCM-SHA384TLS 1.2Modern[0xc030]TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES256-SHA384TLS 1.2Compatible[0xc028]TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ECDHE-RSA-AES256-SHATLS 1.0Legacy[0xc014]TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
AES256-GCM-SHA384TLS 1.2Legacy[0x9d]TLS_RSA_WITH_AES_256_GCM_SHA384
AES256-SHA256TLS 1.2Legacy[0x3d]TLS_RSA_WITH_AES_256_CBC_SHA256
AES256-SHATLS 1.0Legacy[0x35]TLS_RSA_WITH_AES_256_CBC_SHA
DES-CBC3-SHATLS 1.0Legacy[0x0a]TLS_RSA_WITH_3DES_EDE_CBC_SHA
AEAD-AES128-GCM-SHA256 *TLS 1.3Modern{0x13,0x01}TLS_AES_128_GCM_SHA256
AEAD-AES256-GCM-SHA384 *TLS 1.3Modern{0x13,0x02}TLS_AES_256_GCM_SHA384
AEAD-CHACHA20-POLY1305-SHA256 *TLS 1.3Modern{0x13,0x03}TLS_CHACHA20_POLY1305_SHA256