Cifre del load balancer supportate
Visualizzare le cifrature supportate dal servizio Load Balancer da TLS.
Quando disponibile, si consiglia la versione 3 di una suite di cifratura al posto della versione 1.
TLS 1.3
| Certificato | Suite di cifratura | Scambio di chiavi | Cifratura | Bit | Nome suite di cifratura (IANA) |
|---|---|---|---|---|---|
| AES_128_GCM_SHA256 | 0x13, 0x01 | AES | AESGCM | 128 | TLS_AES_128_GCM_SHA256 |
| AES_256_GCM_SHA384 | 0x13, 0x02 | AES | AESGCM | 256 | TLS_AES_256_GCM_SHA384 |
| CHACHA20_POLY1305_SHA256 | 0x13, 0x03 | CHACHA20 | CHACHA20 POLY1305 | 256 | TLS_CHACHA20_POLY1305_SHA256 |
| AES_128_CCM_SHA256 | 0x13, 0x04 | AES | AESCCM | 128 | TLS_AES_128_CCM_SHA256 |
| AES_128_CCM_8_SHA256 | 0x13, 0x05 | AES | AESCCM | 128 | TLS_AES_128_CCM_8_SHA256 |
TLS 1.2
| Certificato | Suite di cifratura | Scambio di chiavi | Cifratura | Bit | Nome suite di cifratura (IANA) |
|---|---|---|---|---|---|
| ECDHE-ECDSA-CHACHA20-POLY1305 | [0xCC, 0xA9] | ECDH | CHACHA20 POLY1305 | 256 | TLS_ECDHE_ECDSA_CHACHA20_POLY1305 |
| ECDHE-RSA-CHACHA20-POLY1305 | [0xCC, 0xA8] | ECDH | CHACHA20 POLY1305 | 256 | TLS_ECDHE_RSA_CHACHA20_POLY1305 |
| ECDHE-ECDSA-AES256-CCM | [0xC0, 0xAD] | ECDH | AESGCM | 256 | TLS_ECDHE_ECDSA_AES256_CCM |
| ECDHE-ECDSA-AES128-CCM | [0xC0, 0xAC] | ECDH | AESGCM | 128 | TLS_ECDHE_ECDSA_AES128_CCM |
| ECDHE-ECDSA-AES128-GCM-SHA256 | [0xc02b] | ECDH | AESGCM | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-RSA-AES128-GCM-SHA256 | [0xc02f] | ECDH | AESGCM | 128 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | [0xc023] | ECDH | AES | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-RSA-AES128-SHA256 | [0xc027] | ECDH | AES | 128 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-ECDSA-AES256-GCM-SHA384 | [0xc02c] | ECDH | AESGCM | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-RSA-AES256-GCM-SHA384 | [0xc030] | ECDH | AESGCM | 256 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-ECDSA-AES256-SHA384 | [0xc024] | ECDH | AES | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| ECDHE-RSA-AES256-SHA384 | [0xc028] | ECDH | AES | 256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| AES128-GCM-SHA256 | [0x9c] | RSA | AESGCM | 128 | TLS_RSA_WITH_AES_128_GCM_SHA256 |
| AES128-SHA256 | [0x3c] | RSA | AES | 128 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
| AES256-GCM-SHA384 | [0x9d] | RSA | AESGCM | 256 | TLS_RSA_WITH_AES_256_GCM_SHA384 |
| AES256-SHA256 | [0x3d] | RSA | AES | 256 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
| DHE-RSA-AES256-GCM-SHA384 | [0x9f] | DH | AESGCM | 256 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| DHE-RSA-AES256-SHA256 | [0x6b] | DH | AES | 256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| DHE-RSA-AES128-GCM-SHA256 | [0x9e] | DH | AESGCM | 128 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| DHE-RSA-AES128-SHA256 | [0x67] | DH | AES | 128 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| DH-DSS-AES256-GCM-SHA384 | [0xa5] | DH/DSS | AESGCM | 256 | TLS_DH_DSS_WITH_AES_256_GCM_SHA384 |
| DHE-DSS-AES256-GCM-SHA384 | [0xa3] | DH | AESGCM | 256 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
| DH-RSA-AES256-GCM-SHA384 | [0xa1] | DH/RSA | AESGCM | 256 | TLS_DH_RSA_WITH_AES_256_GCM_SHA384 |
| DHE-DSS-AES256-SHA256 | [0x6a] | DH | AES | 256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
| DH-RSA-AES256-SHA256 | [0x69] | DH/RSA | AES | 256 | TLS_DH_RSA_WITH_AES_256_CBC_SHA256 |
| DH-DSS-AES256-SHA256 | [0x68] | DH/DSS | AES | 256 | TLS_DH_DSS_WITH_AES_256_CBC_SHA256 |
| ECDH-RSA-AES256-GCM-SHA384 | [0xc032] | ECDH/RSA | AESGCM | 256 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| ECDH-ECDSA-AES256-GCM-SHA384 | [0xc02e] | ECDH/ECDSA | AESGCM | 256 | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDH-RSA-AES256-SHA384 | [0xc02a] | ECDH/RSA | AES | 256 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
| ECDH-ECDSA-AES256-SHA384 | [0xc026] | ECDH/ECDSA | AES | 256 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| DH-DSS-AES128-GCM-SHA256 | [0xa4] | DH/DSS | AESGCM | 128 | TLS_DH_DSS_WITH_AES_128_GCM_SHA256 |
| DHE-DSS-AES128-GCM-SHA256 | [0xa2] | DH | AESGCM | 128 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| DH-RSA-AES128-GCM-SHA256 | [0xa0] | DH/RSA | AESGCM | 128 | TLS_DH_RSA_WITH_AES_128_GCM_SHA256 |
| DHE-DSS-AES128-SHA256 | [0x40] | DH | AES | 128 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
| DH-RSA-AES128-SHA256 | [0x3f] | DH/RSA | AES | 128 | TLS_DH_RSA_WITH_AES_128_CBC_SHA256 |
| DH-DSS-AES128-SHA256 | [0x3e] | DH/DSS | AES | 128 | TLS_DH_DSS_WITH_AES_128_CBC_SHA256 |
| ECDH-RSA-AES128-GCM-SHA256 | [0xc031] | ECDH/RSA | AESGCM | 128 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| ECDH-ECDSA-AES128-GCM-SHA256 | [0xc02d] | ECDH/ECDSA | AESGCM | 128 | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDH-RSA-AES128-SHA256 | [0xc029] | ECDH/RSA | AES | 128 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| ECDH-ECDSA-AES128-SHA256 | [0xc025] | ECDH/ECDSA | AES | 128 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Cifre TLS 1.0/1.1 supportate da TLS 1.2
| Certificato | Suite di cifratura | Scambio di chiavi | Codifica | Bit | Nome suite di cifratura (IANA) |
|---|---|---|---|---|---|
| ECDHE-ECDSA-AES128-SHA | [0xc009] | ECDH | AES | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES128-SHA | [0xc013] | ECDH | AES | 128 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES256-SHA | [0xc014] | ECDH | AES | 256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| ECDHE-ECDSA-AES256-SHA | [0xc00a] | ECDH | AES | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| AES128-SHA | [0x2f] | RSA | AES | 128 | TLS_RSA_WITH_AES_128_CBC_SHA |
| AES256-SHA | [0x35] | RSA | AES | 256 | TLS_RSA_WITH_AES_256_CBC_SHA |
| DHE-RSA-AES128-SHA | [0x33] | DH | AES | 128 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
| DHE-RSA-CAMELLIA256-SHA | [0x88] | DH | Camelia | 256 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
| DHE-RSA-CAMELLIA128-SHA | [0x45] | DH | Camelia | 128 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
| DHE-DSS-CAMELLIA256-SHA | [0x87] | DH | Camelia | 256 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA |
| DHE-DSS-CAMELLIA128-SHA | [0x44] | DH | Camelia | 128 | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA |
| DHE-RSA-SEED-SHA | [0x9a] | DH | Semi | 128 | TLS_DHE_RSA_WITH_SEED_CBC_SHA |
| DHE-DSS-SEED-SHA | [0x99] | DH | Semi | 128 | TLS_DHE_DSS_WITH_SEED_CBC_SHA |
| DH-RSA-SEED-SHA | [0x98] | DH/RSA | Semi | 128 | TLS_DH_RSA_WITH_SEED_CBC_SHA |
| DH-DSS-SEED-SHA | [0x97] | DH/DSS | Semi | 128 | TLS_DH_DSS_WITH_SEED_CBC_SHA |
| DHE-RSA-AES256-SHA | [0x39] | DH | AES | 256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
| DHE-DSS-AES256-SHA | [0x38] | DH | AES | 256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
| DH-RSA-AES256-SHA | |||||
| DH-DSS-AES256-SHA | [0x36] | DH/DSS | AES | 256 | TLS_DH_DSS_WITH_AES_256_CBC_SHA |
| DH-RSA-CAMELLIA256-SHA | [0x86] | DH/RSA | Camelia | 256 | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA |
| DH-DSS-CAMELLIA256-SHA | [0x85] | DH/DSS | Camelia | 256 | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA |
| ECDH-RSA-AES256-SHA | [0xc00f] | ECDH/RSA | AES | 256 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
| ECDH-ECDSA-AES256-SHA | [0xc005] | ECDH/ECDSA | AES | 256 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| CAMELLIA256-SHA | [0x84] | RSA | Camelia | 256 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
| PSK-AES256-CBC-SHA | [0x8d] | PSK | AES | 256 | TLS_PSK_WITH_AES_256_CBC_SHA |
| DHE-DSS-AES128-SHA | [0x32] | DH | AES | 128 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
| DH-RSA-AES128-SHA | [0x31] | DH/RSA | AES | 128 | TLS_DH_RSA_WITH_AES_128_CBC_SHA |
| DH-DSS-AES128-SHA | [0x30] | DH/DSS | AES | 128 | TLS_DH_DSS_WITH_AES_128_CBC_SHA |
| DH-RSA-CAMELLIA128-SHA | [0x43] | DH/RSA | Camelia | 128 | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA |
| DH-DSS-CAMELLIA128-SHA | [0xbb] | DH/DSS | Camelia | 128 | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
| ECDH-RSA-AES128-SHA | [0xc00e] | ECDH/RSA | AES | 128 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
| ECDH-ECDSA-AES128-SHA | [0xc004] | ECDH/ECDSA | AES | 128 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| SEED-SHA | [0x96] | RSA | Semi | 128 | TLS_RSA_WITH_SEED_CBC_SHA |
| CAMELLIA128-SHA | |||||
| PSK-AES128-CBC-SHA | [0x8c] | PSK | AES | 128 | TLS_PSK_WITH_AES_128_CBC_SHA |
| DES-CBC3-SHA | [0x0701c0] | RSA | 3DES | 168 | SSL_CK_DES_192_EDE3_CBC_WITH_SHA |
| IDEA-CBC-SHA | [0x07] | RSA | IDEA | 128 | TLS_RSA_WITH_IDEA_CBC_SHA |
| ECDHE-RSA-DES-CBC3-SHA | [0xc012] | ECDH | 3DES | 168 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| ECDHE-ECDSA-DES-CBC3-SHA | [0xc008] | ECDH | 3DES | 168 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| DHE-RSA-DES-CBC3-SHA | |||||
| DHE-DSS-DES-CBC3-SHA | |||||
| DH-RSA-DES-CBC3-SHA | [0x10] | DH/RSA | 3DES | 168 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA |
| DH-DSS-DES-CBC3-SHA | [0x0d] | DH/DSS | 3DES | 168 | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA |
| ECDH-RSA-DES-CBC3-SHA | [0xc00d] | ECDH/RSA | 3DES | 168 | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
| ECDH-ECDSA-DES-CBC3-SHA | [0xc003] | ECDH/ECDSA | 3DES | 168 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| PSK-3DES-EDE-CBC-SHA | [0x8b] | PSK | 3DES | 168 | TLS_PSK_WITH_3DES_EDE_CBC_SHA |
| KRB5-IDEA-CBC-SHA | [0x21] | KRB5 | IDEA | 128 | TLS_KRB5_WITH_IDEA_CBC_SHA |
| KRB5-DES-CBC3-SHA | [0x1f] | KRB5 | 3DES | 168 | TLS_KRB5_WITH_3DES_EDE_CBC_SHA |
| KRB5-IDEA-CBC-MD5 | [0x25] | KRB5 | IDEA | 128 | TLS_KRB5_WITH_IDEA_CBC_MD5 |
| KRB5-DES-CBC3-MD5 | [0x23] | KRB5 | 3DES | 168 | TLS_KRB5_WITH_3DES_EDE_CBC_MD5 |
| ECDHE-RSA-RC4-SHA | [0xc011] | ECDH | RC4 | 128 | TLS_ECDHE_RSA_WITH_RC4_128_SHA |
| ECDHE-ECDSA-RC4-SHA | [0xc007] | ECDH | RC4 | 128 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| ECDH-RSA-RC4-SHA | [0xc00c] | ECDH/RSA | RC4 | 128 | TLS_ECDH_RSA_WITH_RC4_128_SHA |
| ECDH-ECDSA-RC4-SHA | [0xc002] | ECDH/ECDSA | RC4 | 128 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| RC4-SHA | [0x05] | RSA | RC4 | 128 | TLS_RSA_WITH_RC4_128_SHA |
| RC4-MD5 | [0x04] | RSA | RC4 | 128 | TLS_RSA_WITH_RC4_128_MD5 |
| PSK-RC4-SHA | [0x8a] | PSK | RC4 | 128 | TLS_PSK_WITH_RC4_128_SHA |
| KRB5-RC4-SHA | [0x20] | KRB5 | RC4 | 128 | TLS_KRB5_WITH_RC4_128_SHA |
| KRB5-RC4-MD5 | [0x24] | KRB5 | RC4 | 128 | TLS_KRB5_WITH_RC4_128_MD5 |
Cifre non più valide
A partire dal 15 agosto 2024, il servizio Oracle Cloud Infrastructure Load Balancer non supporta più le cifrature precedenti riportate di seguito. Questa modifica si applica ai load balancer esistenti e nuovi abilitati per TLS.
- DHE-DSS-AES256-GCM-SHA384
- DHE-DSS-AES256-SHA256
- ECDH-RSA-AES256-GCM-SHA384
- ECDH-ECDSA-AES256-GCM-SHA384
- ECDH-RSA-AES256-SHA384
- ECDH-ECDSA-AES256-SHA384
- DHE-DSS-AES128-GCM-SHA256
- DHE-DSS-AES128-SHA256
- ECDH-RSA-AES128-GCM-SHA256
- ECDH-ECDSA-AES128-GCM-SHA256
- ECDH-RSA-AES128-SHA256
- ECDH-ECDSA-AES128-SHA256
- IDEA-CBC-SHA
- RC4-MD5
Nota
Se si prevede di utilizzare il protocollo TLS v1.3 con un set backend o un listener sullo stesso load balancer, non sarà possibile utilizzare suite di cifratura personalizzate contenenti una di queste cifrature non più valide.
Se si prevede di utilizzare il protocollo TLS v1.3 con un set backend o un listener sullo stesso load balancer, non sarà possibile utilizzare suite di cifratura personalizzate contenenti una di queste cifrature non più valide.