Mécanismes de cryptage d'équilibreur de charge pris en charge
Visualisez les cryptages pris en charge par le service Load Balancer par TLS.
Lorsqu'elle est disponible, la version 3 d'un mécanisme de cryptage est recommandée à la place de la version 1.
TLS 1.3
| Certificat | Mécanisme de cryptage | Echange de clés | Cryptage | Bits | Nom du mécanisme de cryptage (IANA) |
|---|---|---|---|---|---|
| AES_128_GCM_SHA256 | 0x13, 0x01 | AES | AESGCM | 128 | TLS_AES_128_GCM_SHA256 |
| AES_256_GCM_SHA384 | 0x13, 0x02 | AES | AESGCM | 256 | TLS_AES_256_GCM_SHA384 |
| CHACHA20_POLY1305_SHA256 | 0x13, 0x03 | CHACHA20 | CHACHA20 POLY1305 | 256 | TLS_CHACHA20_POLY1305_SHA256 |
| AES_128_CCM_SHA256 | 0x13, 0x04 | AES | AESCCM | 128 | TLS_AES_128_CCM_SHA256 |
| AES_128_CCM_8_SHA256 | 0x13, 0x05 | AES | AESCCM | 128 | TLS_AES_128_CCM_8_SHA256 |
TLS 1.2
| Certificat | Mécanisme de cryptage | Echange de clés | Cryptage | Bits | Nom du mécanisme de cryptage (IANA) |
|---|---|---|---|---|---|
| ECDHE-ECDSA-CHACHA20-POLY1305 | [0xCC, 0xA9] | ECDH | CHACHA20 POLY1305 | 256 | TLS_ECDHE_ECDSA_CHACHA20_POLY1305 |
| ECDHE-RSA-CHACHA20-POLY1305 | [0xCC, 0xA8] | ECDH | CHACHA20 POLY1305 | 256 | TLS_ECDHE_RSA_CHACHA20_POLY1305 |
| ECDHE-ECDSA-AES256-CCM | [0xC0, 0xAD] | ECDH | AESGCM | 256 | TLS_ECDHE_ECDSA_AES256_CCM |
| ECDHE-ECDSA-AES128-CCM | [0xC0, 0xAC] | ECDH | AESGCM | 128 | TLS_ECDHE_ECDSA_AES128_CCM |
| ECDHE-ECDSA-AES128-GCM-SHA256 | [0xc02b] | ECDH | AESGCM | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-RSA-AES128-GCM-SHA256 | [0xc02f] | ECDH | AESGCM | 128 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | [0xc023] | ECDH | AES | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-RSA-AES128-SHA256 | [0xc027] | ECDH | AES | 128 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-ECDSA-AES256-GCM-SHA384 | [0xc02c] | ECDH | AESGCM | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-RSA-AES256-GCM-SHA384 | [0xc030] | ECDH | AESGCM | 256 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-ECDSA-AES256-SHA384 | [0xc024] | ECDH | AES | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| ECDHE-RSA-AES256-SHA384 | [0xc028] | ECDH | AES | 256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| AES128-GCM-SHA256 | [0x9c] | RSA | AESGCM | 128 | TLS_RSA_WITH_AES_128_GCM_SHA256 |
| AES128-SHA256 | [0x3c] | RSA | AES | 128 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
| AES256-GCM-SHA384 | [0x9d] | RSA | AESGCM | 256 | TLS_RSA_WITH_AES_256_GCM_SHA384 |
| AES256-SHA256 | [0x3d] | RSA | AES | 256 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
| DHE-RSA-AES256-GCM-SHA384 | [0x9f] | DH | AESGCM | 256 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| DHE-RSA-AES256-SHA256 | [0x6b] | DH | AES | 256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| DHE-RSA-AES128-GCM-SHA256 | [0x9e] | DH | AESGCM | 128 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| DHE-RSA-AES128-SHA256 | [0x67] | DH | AES | 128 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| DH-DSS-AES256-GCM-SHA384 | [0xa5] | DH/DSS | AESGCM | 256 | TLS_DH_DSS_WITH_AES_256_GCM_SHA384 |
| DHE-DSS-AES256-GCM-SHA384 | [0xa3] | DH | AESGCM | 256 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
| DH-RSA-AES256-GCM-SHA384 | [0xa1] | DH/RSA | AESGCM | 256 | TLS_DH_RSA_WITH_AES_256_GCM_SHA384 |
| DHE-DSS-AES256-SHA256 | [0x6a] | DH | AES | 256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
| DH-RSA-AES256-SHA256 | [0x69] | DH/RSA | AES | 256 | TLS_DH_RSA_WITH_AES_256_CBC_SHA256 |
| DH-DSS-AES256-SHA256 | [0x68] | DH/DSS | AES | 256 | TLS_DH_DSS_WITH_AES_256_CBC_SHA256 |
| ECDH-RSA-AES256-GCM-SHA384 | [0xc032] | ECDH/RSA | AESGCM | 256 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| ECDH-ECDSA-AES256-GCM-SHA384 | [0xc02e] | ECDH/ECDSA | AESGCM | 256 | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDH-RSA-AES256-SHA384 | [0xc02a] | ECDH/RSA | AES | 256 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
| ECDH-ECDSA-AES256-SHA384 | [0xc026] | ECDH/ECDSA | AES | 256 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| DH-DSS-AES128-GCM-SHA256 | [0xa4] | DH/DSS | AESGCM | 128 | TLS_DH_DSS_WITH_AES_128_GCM_SHA256 |
| DHE-DSS-AES128-GCM-SHA256 | [0xa2] | DH | AESGCM | 128 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| DH-RSA-AES128-GCM-SHA256 | [0xa0] | DH/RSA | AESGCM | 128 | TLS_DH_RSA_WITH_AES_128_GCM_SHA256 |
| DHE-DSS-AES128-SHA256 | [0x40] | DH | AES | 128 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
| DH-RSA-AES128-SHA256 | [0x3f] | DH/RSA | AES | 128 | TLS_DH_RSA_WITH_AES_128_CBC_SHA256 |
| DH-DSS-AES128-SHA256 | [0x3e] | DH/DSS | AES | 128 | TLS_DH_DSS_WITH_AES_128_CBC_SHA256 |
| ECDH-RSA-AES128-GCM-SHA256 | [0xc031] | ECDH/RSA | AESGCM | 128 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| ECDH-ECDSA-AES128-GCM-SHA256 | [0xc02d] | ECDH/ECDSA | AESGCM | 128 | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDH-RSA-AES128-SHA256 | [0xc029] | ECDH/RSA | AES | 128 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| ECDH-ECDSA-AES128-SHA256 | [0xc025] | ECDH/ECDSA | AES | 128 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Chiffrements TLS 1.0/1.1 pris en charge par TLS 1.2
| Certificat | Mécanisme de cryptage | Echange de clés | Cryptage | Bits | Nom du mécanisme de cryptage (IANA) |
|---|---|---|---|---|---|
| ECDHE-ECDSA-AES128-SHA | [0xc009] | ECDH | AES | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES128-SHA | [0xc013] | ECDH | AES | 128 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES256-SHA | [0xc014] | ECDH | AES | 256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| ECDHE-ECDSA-AES256-SHA | [0xc00a] | ECDH | AES | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| AES128-SHA | [0x2f] | RSA | AES | 128 | TLS_RSA_WITH_AES_128_CBC_SHA |
| AES256-SHA | [0x35] | RSA | AES | 256 | TLS_RSA_WITH_AES_256_CBC_SHA |
| DHE-RSA-AES128-SHA | [0x33] | DH | AES | 128 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
| DHE-RSA-CAMELLIA256-SHA | [0x88] | DH | Camellia | 256 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
| DHE-RSA-CAMELLIA128-SHA | [0x45] | DH | Camellia | 128 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
| DHE-DSS-CAMELLIA256-SHA | [0x87] | DH | Camellia | 256 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA |
| DHE-DSS-CAMELLIA128-SHA | [0x44] | DH | Camellia | 128 | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA |
| DHE-RSA-SEED-SHA | [0x9a] | DH | SEED | 128 | TLS_DHE_RSA_WITH_SEED_CBC_SHA |
| DHE-DSS-SEED-SHA | [0x99] | DH | SEED | 128 | TLS_DHE_DSS_WITH_SEED_CBC_SHA |
| DH-RSA-SEED-SHA | [0x98] | DH/RSA | SEED | 128 | TLS_DH_RSA_WITH_SEED_CBC_SHA |
| DH-DSS-SEED-SHA | [0x97] | DH/DSS | SEED | 128 | TLS_DH_DSS_WITH_SEED_CBC_SHA |
| DHE-RSA-AES256-SHA | [0x39] | DH | AES | 256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
| DHE-DSS-AES256-SHA | [0x38] | DH | AES | 256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
| DH-RSA-AES256-SHA | |||||
| DH-DSS-AES256-SHA | [0x36] | DH/DSS | AES | 256 | TLS_DH_DSS_WITH_AES_256_CBC_SHA |
| DH-RSA-CAMELLIA256-SHA | [0x86] | DH/RSA | Camellia | 256 | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA |
| DH-DSS-CAMELLIA256-SHA | [0x85] | DH/DSS | Camellia | 256 | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA |
| ECDH-RSA-AES256-SHA | [0xc00f] | ECDH/RSA | AES | 256 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
| ECDH-ECDSA-AES256-SHA | [0xc005] | ECDH/ECDSA | AES | 256 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| CAMELLIA256-SHA | [0x84] | RSA | Camellia | 256 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
| PSK-AES256-CBC-SHA | [0x8d] | PSK | AES | 256 | TLS_PSK_WITH_AES_256_CBC_SHA |
| DHE-DSS-AES128-SHA | [0x32] | DH | AES | 128 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
| DH-RSA-AES128-SHA | [0x31] | DH/RSA | AES | 128 | TLS_DH_RSA_WITH_AES_128_CBC_SHA |
| DH-DSS-AES128-SHA | [0x30] | DH/DSS | AES | 128 | TLS_DH_DSS_WITH_AES_128_CBC_SHA |
| DH-RSA-CAMELLIA128-SHA | [0x43] | DH/RSA | Camellia | 128 | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA |
| DH-DSS-CAMELLIA128-SHA | [0xbb] | DH/DSS | Camellia | 128 | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
| ECDH-RSA-AES128-SHA | [0xc00e] | ECDH/RSA | AES | 128 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
| ECDH-ECDSA-AES128-SHA | [0xc004] | ECDH/ECDSA | AES | 128 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| SEED-SHA | [0x96] | RSA | SEED | 128 | TLS_RSA_WITH_SEED_CBC_SHA |
| CAMELLIA128-SHA | |||||
| PSK-AES128-CBC-SHA | [0x8c] | PSK | AES | 128 | TLS_PSK_WITH_AES_128_CBC_SHA |
| DES-CBC3-SHA | [0x0701c0] | RSA | 3DES | 168 | SSL_CK_DES_192_EDE3_CBC_WITH_SHA |
| IDEA-CBC-SHA | [0x07] | RSA | IDEA | 128 | TLS_RSA_WITH_IDEA_CBC_SHA |
| ECDHE-RSA-DES-CBC3-SHA | [0xc012] | ECDH | 3DES | 168 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| ECDHE-ECDSA-DES-CBC3-SHA | [0xc008] | ECDH | 3DES | 168 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| DHE-RSA-DES-CBC3-SHA | |||||
| DHE-DSS-DES-CBC3-SHA | |||||
| DH-RSA-DES-CBC3-SHA | [0x10] | DH/RSA | 3DES | 168 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA |
| DH-DSS-DES-CBC3-SHA | [0x0d] | DH/DSS | 3DES | 168 | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA |
| ECDH-RSA-DES-CBC3-SHA | [0xc00d] | ECDH/RSA | 3DES | 168 | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
| ECDH-ECDSA-DES-CBC3-SHA | [0xc003] | ECDH/ECDSA | 3DES | 168 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| PSK-3DES-EDE-CBC-SHA | [0x8b] | PSK | 3DES | 168 | TLS_PSK_WITH_3DES_EDE_CBC_SHA |
| KRB5-IDEA-CBC-SHA | [0x21] | KRB5 | IDEA | 128 | TLS_KRB5_WITH_IDEA_CBC_SHA |
| KRB5-DES-CBC3-SHA | [0x1f] | KRB5 | 3DES | 168 | TLS_KRB5_WITH_3DES_EDE_CBC_SHA |
| KRB5-IDEA-CBC-MD5 | [0x25] | KRB5 | IDEA | 128 | TLS_KRB5_WITH_IDEA_CBC_MD5 |
| KRB5-DES-CBC3-MD5 | [0x23] | KRB5 | 3DES | 168 | TLS_KRB5_WITH_3DES_EDE_CBC_MD5 |
| ECDHE-RSA-RC4-SHA | [0xc011] | ECDH | RC4 | 128 | TLS_ECDHE_RSA_WITH_RC4_128_SHA |
| ECDHE-ECDSA-RC4-SHA | [0xc007] | ECDH | RC4 | 128 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| ECDH-RSA-RC4-SHA | [0xc00c] | ECDH/RSA | RC4 | 128 | TLS_ECDH_RSA_WITH_RC4_128_SHA |
| ECDH-ECDSA-RC4-SHA | [0xc002] | ECDH/ECDSA | RC4 | 128 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| RC4-SHA | [0x05] | RSA | RC4 | 128 | TLS_RSA_WITH_RC4_128_SHA |
| RC4-MD5 | [0x04] | RSA | RC4 | 128 | TLS_RSA_WITH_RC4_128_MD5 |
| PSK-RC4-SHA | [0x8a] | PSK | RC4 | 128 | TLS_PSK_WITH_RC4_128_SHA |
| KRB5-RC4-SHA | [0x20] | KRB5 | RC4 | 128 | TLS_KRB5_WITH_RC4_128_SHA |
| KRB5-RC4-MD5 | [0x24] | KRB5 | RC4 | 128 | TLS_KRB5_WITH_RC4_128_MD5 |
Cryptages en phase d'abandon
A partir du 15 août 2024, le service Oracle Cloud Infrastructure Load Balancer ne prend plus en charge les cryptages hérités suivants. Cette modification s'applique aux équilibreurs de charge existants et nouveaux avec TLS.
- DHE-DSS-AES256-GCM-SHA384
- DHE-DSS-AES256-SHA256
- ECDH-RSA-AES256-GCM-SHA384
- ECDH-ECDSA-AES256-GCM-SHA384
- ECDH-RSA-AES256-SHA384
- ECDH-ECDSA-AES256-SHA384
- DHE-DSS-AES128-GCM-SHA256
- DHE-DSS-AES128-SHA256
- ECDH-RSA-AES128-GCM-SHA256
- ECDH-ECDSA-AES128-GCM-SHA256
- ECDH-RSA-AES128-SHA256
- ECDH-ECDSA-AES128-SHA256
- IDEA-CBC-SHA
- RC4-MD5
Remarque
Si vous prévoyez d'utiliser le protocole TLS v1.3 avec un ensemble de back-ends ou un processus d'écoute sur le même équilibreur de charge, vous ne pouvez utiliser aucun mécanisme de cryptage personnalisé contenant ces cryptages en phase d'abandon.
Si vous prévoyez d'utiliser le protocole TLS v1.3 avec un ensemble de back-ends ou un processus d'écoute sur le même équilibreur de charge, vous ne pouvez utiliser aucun mécanisme de cryptage personnalisé contenant ces cryptages en phase d'abandon.