Cifrados de equilibrador de carga soportados
Vea los cifrados soportados por el servicio Load Balancer de TLS.
Si está disponible, se recomienda la versión 3 de un conjunto de cifrado en lugar de la versión 1.
TLS 1.3
| Certificado | Conjunto de cifrado | Intercambiador de claves | Cifrado | Bits | Nombre de conjunto de cifrado (IANA) |
|---|---|---|---|---|---|
| AES_128_GCM_SHA256 | 0x13, 0x01 | AES | AESGCM | 128 | TLS_AES_128_GCM_SHA256 |
| AES_256_GCM_SHA384 | 0x13, 0x02 | AES | AESGCM | 256 | TLS_AES_256_GCM_SHA384 |
| CHACHA20_POLY1305_SHA256 | 0x13, 0x03 | CHACHA20 | CHACHA20 POLY1305 | 256 | TLS_CHACHA20_POLY1305_SHA256 |
| AES_128_CCM_SHA256 | 0x13, 0x04 | AES | AESCCM | 128 | TLS_AES_128_CCM_SHA256 |
| AES_128_CCM_8_SHA256 | 0x13, 0x05 | AES | AESCCM | 128 | TLS_AES_128_CCM_8_SHA256 |
TLS 1.2
| Certificado | Conjunto de cifrado | Intercambiador de claves | Cifrado | Bits | Nombre de conjunto de cifrado (IANA) |
|---|---|---|---|---|---|
| ECDHE-ECDSA-CHACHA20-POLY1305 | [0xCC, 0xA9] | ECDH | CHACHA20 POLY1305 | 256 | TLS_ECDHE_ECDSA_CHACHA20_POLY1305 |
| ECDHE-RSA-CHACHA20-POLY1305 | [0xCC, 0xA8] | ECDH | CHACHA20 POLY1305 | 256 | TLS_ECDHE_RSA_CHACHA20_POLY1305 |
| ECDHE-ECDSA-AES256-CCM | [0xC0, 0xAD] | ECDH | AESGCM | 256 | TLS_ECDHE_ECDSA_AES256_CCM |
| ECDHE-ECDSA-AES128-CCM | [0xC0, 0xAC] | ECDH | AESGCM | 128 | TLS_ECDHE_ECDSA_AES128_CCM |
| ECDHE-ECDSA-AES128-GCM-SHA256 | [0xc02b] | ECDH | AESGCM | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-RSA-AES128-GCM-SHA256 | [0xc02f] | ECDH | AESGCM | 128 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | [0xc023] | ECDH | AES | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-RSA-AES128-SHA256 | [0xc027] | ECDH | AES | 128 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-ECDSA-AES256-GCM-SHA384 | [0xc02c] | ECDH | AESGCM | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-RSA-AES256-GCM-SHA384 | [0xc030] | ECDH | AESGCM | 256 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-ECDSA-AES256-SHA384 | [0xc024] | ECDH | AES | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| ECDHE-RSA-AES256-SHA384 | [0xc028] | ECDH | AES | 256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| AES128-GCM-SHA256 | [0x9c] | RSA | AESGCM | 128 | TLS_RSA_WITH_AES_128_GCM_SHA256 |
| AES128-SHA256 | [0x3c] | RSA | AES | 128 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
| AES256-GCM-SHA384 | [0x9d] | RSA | AESGCM | 256 | TLS_RSA_WITH_AES_256_GCM_SHA384 |
| AES256-SHA256 | [0x3d] | RSA | AES | 256 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
| DHE-RSA-AES256-GCM-SHA384 | [0x9f] | DH | AESGCM | 256 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| DHE-RSA-AES256-SHA256 | [0x6b] | DH | AES | 256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| DHE-RSA-AES128-GCM-SHA256 | [0x9e] | DH | AESGCM | 128 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| DHE-RSA-AES128-SHA256 | [0x67] | DH | AES | 128 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| DH-DSS-AES256-GCM-SHA384 | [0xa5] | DH/DSS | AESGCM | 256 | TLS_DH_DSS_WITH_AES_256_GCM_SHA384 |
| DHE-DSS-AES256-GCM-SHA384 | [0xa3] | DH | AESGCM | 256 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
| DH-RSA-AES256-GCM-SHA384 | [0xa1] | DH/RSA | AESGCM | 256 | TLS_DH_RSA_WITH_AES_256_GCM_SHA384 |
| DHE-DSS-AES256-SHA256 | [0x6a] | DH | AES | 256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
| DH-RSA-AES256-SHA256 | [0x69] | DH/RSA | AES | 256 | TLS_DH_RSA_WITH_AES_256_CBC_SHA256 |
| DH-DSS-AES256-SHA256 | [0x68] | DH/DSS | AES | 256 | TLS_DH_DSS_WITH_AES_256_CBC_SHA256 |
| ECDH-RSA-AES256-GCM-SHA384 | [0xc032] | ECDH/RSA | AESGCM | 256 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| ECDH-ECDSA-AES256-GCM-SHA384 | [0xc02e] | ECDH/ECDSA | AESGCM | 256 | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDH-RSA-AES256-SHA384 | [0xc02a] | ECDH/RSA | AES | 256 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
| ECDH-ECDSA-AES256-SHA384 | [0xc026] | ECDH/ECDSA | AES | 256 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| DH-DSS-AES128-GCM-SHA256 | [0xa4] | DH/DSS | AESGCM | 128 | TLS_DH_DSS_WITH_AES_128_GCM_SHA256 |
| DHE-DSS-AES128-GCM-SHA256 | [0xa2] | DH | AESGCM | 128 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| DH-RSA-AES128-GCM-SHA256 | [0xa0] | DH/RSA | AESGCM | 128 | TLS_DH_RSA_WITH_AES_128_GCM_SHA256 |
| DHE-DSS-AES128-SHA256 | [0x40] | DH | AES | 128 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
| DH-RSA-AES128-SHA256 | [0x3f] | DH/RSA | AES | 128 | TLS_DH_RSA_WITH_AES_128_CBC_SHA256 |
| DH-DSS-AES128-SHA256 | [0x3e] | DH/DSS | AES | 128 | TLS_DH_DSS_WITH_AES_128_CBC_SHA256 |
| ECDH-RSA-AES128-GCM-SHA256 | [0xc031] | ECDH/RSA | AESGCM | 128 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| ECDH-ECDSA-AES128-GCM-SHA256 | [0xc02d] | ECDH/ECDSA | AESGCM | 128 | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDH-RSA-AES128-SHA256 | [0xc029] | ECDH/RSA | AES | 128 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| ECDH-ECDSA-AES128-SHA256 | [0xc025] | ECDH/ECDSA | AES | 128 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Cifrados TLS 1.0/1.1 compatibles con TLS 1.2
| Certificado | Conjunto de cifrado | Intercambiador de claves | Cifrado | Bits | Nombre de conjunto de cifrado (IANA) |
|---|---|---|---|---|---|
| ECDHE-ECDSA-AES128-SHA | [0xc009] | ECDH | AES | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES128-SHA | [0xc013] | ECDH | AES | 128 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES256-SHA | [0xc014] | ECDH | AES | 256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| ECDHE-ECDSA-AES256-SHA | [0xc00a] | ECDH | AES | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| AES128-SHA | [0x2f] | RSA | AES | 128 | TLS_RSA_WITH_AES_128_CBC_SHA |
| AES256-SHA | [0x35] | RSA | AES | 256 | TLS_RSA_WITH_AES_256_CBC_SHA |
| DHE-RSA-AES128-SHA | [0x33] | DH | AES | 128 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
| DHE-RSA-CAMELLIA256-SHA | [0x88] | DH | Camellia | 256 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
| DHE-RSA-CAMELLIA128-SHA | [0x45] | DH | Camellia | 128 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
| DHE-DSS-CAMELLIA256-SHA | [0x87] | DH | Camellia | 256 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA |
| DHE-DSS-CAMELLIA128-SHA | [0x44] | DH | Camellia | 128 | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA |
| DHE-RSA-SEED-SHA | [0x9a] | DH | SEED | 128 | TLS_DHE_RSA_WITH_SEED_CBC_SHA |
| DHE-DSS-SEED-SHA | [0x99] | DH | SEED | 128 | TLS_DHE_DSS_WITH_SEED_CBC_SHA |
| DH-RSA-SEED-SHA | [0x98] | DH/RSA | SEED | 128 | TLS_DH_RSA_WITH_SEED_CBC_SHA |
| DH-DSS-SEED-SHA | [0x97] | DH/DSS | SEED | 128 | TLS_DH_DSS_WITH_SEED_CBC_SHA |
| DHE-RSA-AES256-SHA | [0x39] | DH | AES | 256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
| DHE-DSS-AES256-SHA | [0x38] | DH | AES | 256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
| DH-RSA-AES256-SHA | |||||
| DH-DSS-AES256-SHA | [0x36] | DH/DSS | AES | 256 | TLS_DH_DSS_WITH_AES_256_CBC_SHA |
| DH-RSA-CAMELLIA256-SHA | [0x86] | DH/RSA | Camellia | 256 | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA |
| DH-DSS-CAMELLIA256-SHA | [0x85] | DH/DSS | Camellia | 256 | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA |
| ECDH-RSA-AES256-SHA | [0xc00f] | ECDH/RSA | AES | 256 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
| ECDH-ECDSA-AES256-SHA | [0xc005] | ECDH/ECDSA | AES | 256 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| CAMELLIA256-SHA | [0x84] | RSA | Camellia | 256 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
| PSK-AES256-CBC-SHA | [0x8d] | PSK | AES | 256 | TLS_PSK_WITH_AES_256_CBC_SHA |
| DHE-DSS-AES128-SHA | [0x32] | DH | AES | 128 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
| DH-RSA-AES128-SHA | [0x31] | DH/RSA | AES | 128 | TLS_DH_RSA_WITH_AES_128_CBC_SHA |
| DH-DSS-AES128-SHA | [0x30] | DH/DSS | AES | 128 | TLS_DH_DSS_WITH_AES_128_CBC_SHA |
| DH-RSA-CAMELLIA128-SHA | [0x43] | DH/RSA | Camellia | 128 | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA |
| DH-DSS-CAMELLIA128-SHA | [0xbb] | DH/DSS | Camellia | 128 | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
| ECDH-RSA-AES128-SHA | [0xc00e] | ECDH/RSA | AES | 128 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
| ECDH-ECDSA-AES128-SHA | [0xc004] | ECDH/ECDSA | AES | 128 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| SEED-SHA | [0x96] | RSA | SEED | 128 | TLS_RSA_WITH_SEED_CBC_SHA |
| CAMELLIA128-SHA | |||||
| PSK-AES128-CBC-SHA | [0x8c] | PSK | AES | 128 | TLS_PSK_WITH_AES_128_CBC_SHA |
| DES-CBC3-SHA | [0x0701c0] | RSA | 3DES | 168 | SSL_CK_DES_192_EDE3_CBC_WITH_SHA |
| IDEA-CBC-SHA | [0x07] | RSA | IDEA | 128 | TLS_RSA_WITH_IDEA_CBC_SHA |
| ECDHE-RSA-DES-CBC3-SHA | [0xc012] | ECDH | 3DES | 168 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| ECDHE-ECDSA-DES-CBC3-SHA | [0xc008] | ECDH | 3DES | 168 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| DHE-RSA-DES-CBC3-SHA | |||||
| DHE-DSS-DES-CBC3-SHA | |||||
| DH-RSA-DES-CBC3-SHA | [0x10] | DH/RSA | 3DES | 168 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA |
| DH-DSS-DES-CBC3-SHA | [0x0d] | DH/DSS | 3DES | 168 | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA |
| ECDH-RSA-DES-CBC3-SHA | [0xc00d] | ECDH/RSA | 3DES | 168 | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
| ECDH-ECDSA-DES-CBC3-SHA | [0xc003] | ECDH/ECDSA | 3DES | 168 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| PSK-3DES-EDE-CBC-SHA | [0x8b] | PSK | 3DES | 168 | TLS_PSK_WITH_3DES_EDE_CBC_SHA |
| KRB5-IDEA-CBC-SHA | [0x21] | KRB5 | IDEA | 128 | TLS_KRB5_WITH_IDEA_CBC_SHA |
| KRB5-DES-CBC3-SHA | [0x1f] | KRB5 | 3DES | 168 | TLS_KRB5_WITH_3DES_EDE_CBC_SHA |
| KRB5-IDEA-CBC-MD5 | [0x25] | KRB5 | IDEA | 128 | TLS_KRB5_WITH_IDEA_CBC_MD5 |
| KRB5-DES-CBC3-MD5 | [0x23] | KRB5 | 3DES | 168 | TLS_KRB5_WITH_3DES_EDE_CBC_MD5 |
| ECDHE-RSA-RC4-SHA | [0xc011] | ECDH | RC4 | 128 | TLS_ECDHE_RSA_WITH_RC4_128_SHA |
| ECDHE-ECDSA-RC4-SHA | [0xc007] | ECDH | RC4 | 128 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| ECDH-RSA-RC4-SHA | [0xc00c] | ECDH/RSA | RC4 | 128 | TLS_ECDH_RSA_WITH_RC4_128_SHA |
| ECDH-ECDSA-RC4-SHA | [0xc002] | ECDH/ECDSA | RC4 | 128 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| RC4-SHA | [0x05] | RSA | RC4 | 128 | TLS_RSA_WITH_RC4_128_SHA |
| RC4-MD5 | [0x04] | RSA | RC4 | 128 | TLS_RSA_WITH_RC4_128_MD5 |
| PSK-RC4-SHA | [0x8a] | PSK | RC4 | 128 | TLS_PSK_WITH_RC4_128_SHA |
| KRB5-RC4-SHA | [0x20] | KRB5 | RC4 | 128 | TLS_KRB5_WITH_RC4_128_SHA |
| KRB5-RC4-MD5 | [0x24] | KRB5 | RC4 | 128 | TLS_KRB5_WITH_RC4_128_MD5 |
Cifrados en desuso
A partir del 15 de agosto de 2024, el servicio Oracle Cloud Infrastructure Load Balancer ya no soporta los siguientes cifrados heredados. Este cambio se aplica a los equilibradores de carga existentes y nuevos activados para TLS.
- DHE-DSS-AES256-GCM-SHA384
- DHE-DSS-AES256-SHA256
- ECDH-RSA-AES256-GCM-SHA384
- ECDH-ECDSA-AES256-GCM-SHA384
- ECDH-RSA-AES256-SHA384
- ECDH-ECDSA-AES256-SHA384
- DHE-DSS-AES128-GCM-SHA256
- DHE-DSS-AES128-SHA256
- ECDH-RSA-AES128-GCM-SHA256
- ECDH-ECDSA-AES128-GCM-SHA256
- ECDH-RSA-AES128-SHA256
- ECDH-ECDSA-AES128-SHA256
- IDEA-CBC-SHA
- RC4-MD5
Nota
Si tiene previsto utilizar el protocolo TLS v1.3 con un juego de backends o un listener en el mismo equilibrador de carga, no puede utilizar ningún conjunto de cifrado personalizado que contenga ninguno de estos cifrados en desuso.
Si tiene previsto utilizar el protocolo TLS v1.3 con un juego de backends o un listener en el mismo equilibrador de carga, no puede utilizar ningún conjunto de cifrado personalizado que contenga ninguno de estos cifrados en desuso.