Suítes de Cifragem Suportadas do Balanceador de Carga
Exiba as cifragens suportadas pelo serviço Load Balancer por TLS.
Quando disponível, a versão 3 de uma suíte de cifragem é recomendada em vez da versão 1.
TLS 1.3
| Certificado | Suíte de Cifragem | Troca de Chaves | Criptografia | Bits | Nome da Suíte de Cifragem (IANA) |
|---|---|---|---|---|---|
| AES_128_GCM_SHA256 | 0x13, 0x01 | AES | AESGCM | 128 | TLS_AES_128_GCM_SHA256 |
| AES_256_GCM_SHA384 | 0x13, 0x02 | AES | AESGCM | 256 | TLS_AES_256_GCM_SHA384 |
| CHACHA20_POLY1305_SHA256 | 0x13, 0x03 | CHACHA20 | CHACHA20 POLY1305 | 256 | TLS_CHACHA20_POLY1305_SHA256 |
| AES_128_CCM_SHA256 | 0x13, 0x04 | AES | AESCCM | 128 | TLS_AES_128_CCM_SHA256 |
| AES_128_CCM_8_SHA256 | 0x13, 0x05 | AES | AESCCM | 128 | TLS_AES_128_CCM_8_SHA256 |
TLS 1.2
| Certificado | Suíte de Cifragem | Troca de Chaves | Criptografia | Bits | Nome da Suíte de Cifragem (IANA) |
|---|---|---|---|---|---|
| ECDHE-ECDSA-CHACHA20-POLY1305 | [0xCC, 0xA9] | ECDH | CHACHA20 POLY1305 | 256 | TLS_ECDHE_ECDSA_CHACHA20_POLY1305 |
| ECDHE-RSA-CHACHA20-POLY1305 | [0xCC, 0xA8] | ECDH | CHACHA20 POLY1305 | 256 | TLS_ECDHE_RSA_CHACHA20_POLY1305 |
| ECDHE-ECDSA-AES256-CCM | [0xC0, 0xAD] | ECDH | AESGCM | 256 | TLS_ECDHE_ECDSA_AES256_CCM |
| ECDHE-ECDSA-AES128-CCM | [0xC0, 0xAC] | ECDH | AESGCM | 128 | TLS_ECDHE_ECDSA_AES128_CCM |
| ECDHE-ECDSA-AES128-GCM-SHA256 | [0xc02b] | ECDH | AESGCM | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-RSA-AES128-GCM-SHA256 | [0xc02f] | ECDH | AESGCM | 128 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | [0xc023] | ECDH | AES | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-RSA-AES128-SHA256 | [0xc027] | ECDH | AES | 128 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-ECDSA-AES256-GCM-SHA384 | [0xc02c] | ECDH | AESGCM | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-RSA-AES256-GCM-SHA384 | [0xc030] | ECDH | AESGCM | 256 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-ECDSA-AES256-SHA384 | [0xc024] | ECDH | AES | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| ECDHE-RSA-AES256-SHA384 | [0xc028] | ECDH | AES | 256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| AES128-GCM-SHA256 | [0x9c] | RSA | AESGCM | 128 | TLS_RSA_WITH_AES_128_GCM_SHA256 |
| AES128-SHA256 | [0x3c] | RSA | AES | 128 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
| AES256-GCM-SHA384 | [0x9d] | RSA | AESGCM | 256 | TLS_RSA_WITH_AES_256_GCM_SHA384 |
| AES256-SHA256 | [0x3d] | RSA | AES | 256 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
| DHE-RSA-AES256-GCM-SHA384 | [0x9f] | DH | AESGCM | 256 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| DHE-RSA-AES256-SHA256 | [0x6b] | DH | AES | 256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| DHE-RSA-AES128-GCM-SHA256 | [0x9e] | DH | AESGCM | 128 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| DHE-RSA-AES128-SHA256 | [0x67] | DH | AES | 128 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| DH-DSS-AES256-GCM-SHA384 | [0xa5] | DH/DSS | AESGCM | 256 | TLS_DH_DSS_WITH_AES_256_GCM_SHA384 |
| DHE-DSS-AES256-GCM-SHA384 | [0xa3] | DH | AESGCM | 256 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
| DH-RSA-AES256-GCM-SHA384 | [0xa1] | DH/RSA | AESGCM | 256 | TLS_DH_RSA_WITH_AES_256_GCM_SHA384 |
| DHE-DSS-AES256-SHA256 | [0x6a] | DH | AES | 256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
| DH-RSA-AES256-SHA256 | [0x69] | DH/RSA | AES | 256 | TLS_DH_RSA_WITH_AES_256_CBC_SHA256 |
| DH-DSS-AES256-SHA256 | [0x68] | DH/DSS | AES | 256 | TLS_DH_DSS_WITH_AES_256_CBC_SHA256 |
| ECDH-RSA-AES256-GCM-SHA384 | [0xc032] | ECDH/RSA | AESGCM | 256 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| ECDH-ECDSA-AES256-GCM-SHA384 | [0xc02e] | ECDH/ECDSA | AESGCM | 256 | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDH-RSA-AES256-SHA384 | [0xc02a] | ECDH/RSA | AES | 256 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
| ECDH-ECDSA-AES256-SHA384 | [0xc026] | ECDH/ECDSA | AES | 256 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| DH-DSS-AES128-GCM-SHA256 | [0xa4] | DH/DSS | AESGCM | 128 | TLS_DH_DSS_WITH_AES_128_GCM_SHA256 |
| DHE-DSS-AES128-GCM-SHA256 | [0xa2] | DH | AESGCM | 128 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| DH-RSA-AES128-GCM-SHA256 | [0xa0] | DH/RSA | AESGCM | 128 | TLS_DH_RSA_WITH_AES_128_GCM_SHA256 |
| DHE-DSS-AES128-SHA256 | [0x40] | DH | AES | 128 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
| DH-RSA-AES128-SHA256 | [0x3f] | DH/RSA | AES | 128 | TLS_DH_RSA_WITH_AES_128_CBC_SHA256 |
| DH-DSS-AES128-SHA256 | [0x3e] | DH/DSS | AES | 128 | TLS_DH_DSS_WITH_AES_128_CBC_SHA256 |
| ECDH-RSA-AES128-GCM-SHA256 | [0xc031] | ECDH/RSA | AESGCM | 128 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| ECDH-ECDSA-AES128-GCM-SHA256 | [0xc02d] | ECDH/ECDSA | AESGCM | 128 | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDH-RSA-AES128-SHA256 | [0xc029] | ECDH/RSA | AES | 128 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| ECDH-ECDSA-AES128-SHA256 | [0xc025] | ECDH/ECDSA | AES | 128 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Cifras TLS 1.0/1.1 Suportadas pelo TLS 1.2
| Certificado | Suíte de Cifragem | Troca de Chaves | Criptografia | Bits | Nome da Suíte de Cifragem (IANA) |
|---|---|---|---|---|---|
| ECDHE-ECDSA-AES128-SHA | [0xc009] | ECDH | AES | 128 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES128-SHA | [0xc013] | ECDH | AES | 128 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES256-SHA | [0xc014] | ECDH | AES | 256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| ECDHE-ECDSA-AES256-SHA | [0xc00a] | ECDH | AES | 256 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| AES128-SHA | [0x2f] | RSA | AES | 128 | TLS_RSA_WITH_AES_128_CBC_SHA |
| AES256-SHA | [0x35] | RSA | AES | 256 | TLS_RSA_WITH_AES_256_CBC_SHA |
| DHE-RSA-AES128-SHA | [0x33] | DH | AES | 128 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
| DHE-RSA-CAMELLIA256-SHA | [0x88] | DH | Camellia | 256 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
| DHE-RSA-CAMELLIA128-SHA | [0x45] | DH | Camellia | 128 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
| DHE-DSS-CAMELLIA256-SHA | [0x87] | DH | Camellia | 256 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA |
| DHE-DSS-CAMELLIA128-SHA | [0x44] | DH | Camellia | 128 | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA |
| DHE-RSA-SEED-SHA | [0x9a] | DH | SEED | 128 | TLS_DHE_RSA_WITH_SEED_CBC_SHA |
| DHE-DSS-SEED-SHA | [0x99] | DH | SEED | 128 | TLS_DHE_DSS_WITH_SEED_CBC_SHA |
| DH-RSA-SEED-SHA | [0x98] | DH/RSA | SEED | 128 | TLS_DH_RSA_WITH_SEED_CBC_SHA |
| DH-DSS-SEED-SHA | [0x97] | DH/DSS | SEED | 128 | TLS_DH_DSS_WITH_SEED_CBC_SHA |
| DHE-RSA-AES256-SHA | [0x39] | DH | AES | 256 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
| DHE-DSS-AES256-SHA | [0x38] | DH | AES | 256 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
| DH-RSA-AES256-SHA | |||||
| DH-DSS-AES256-SHA | [0x36] | DH/DSS | AES | 256 | TLS_DH_DSS_WITH_AES_256_CBC_SHA |
| DH-RSA-CAMELLIA256-SHA | [0x86] | DH/RSA | Camellia | 256 | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA |
| DH-DSS-CAMELLIA256-SHA | [0x85] | DH/DSS | Camellia | 256 | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA |
| ECDH-RSA-AES256-SHA | [0xc00f] | ECDH/RSA | AES | 256 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
| ECDH-ECDSA-AES256-SHA | [0xc005] | ECDH/ECDSA | AES | 256 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| CAMELLIA256-SHA | [0x84] | RSA | Camellia | 256 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
| PSK-AES256-CBC-SHA | [0x8d] | PSK | AES | 256 | TLS_PSK_WITH_AES_256_CBC_SHA |
| DHE-DSS-AES128-SHA | [0x32] | DH | AES | 128 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
| DH-RSA-AES128-SHA | [0x31] | DH/RSA | AES | 128 | TLS_DH_RSA_WITH_AES_128_CBC_SHA |
| DH-DSS-AES128-SHA | [0x30] | DH/DSS | AES | 128 | TLS_DH_DSS_WITH_AES_128_CBC_SHA |
| DH-RSA-CAMELLIA128-SHA | [0x43] | DH/RSA | Camellia | 128 | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA |
| DH-DSS-CAMELLIA128-SHA | [0xbb] | DH/DSS | Camellia | 128 | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
| ECDH-RSA-AES128-SHA | [0xc00e] | ECDH/RSA | AES | 128 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
| ECDH-ECDSA-AES128-SHA | [0xc004] | ECDH/ECDSA | AES | 128 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| SEED-SHA | [0x96] | RSA | SEED | 128 | TLS_RSA_WITH_SEED_CBC_SHA |
| CAMELLIA128-SHA | |||||
| PSK-AES128-CBC-SHA | [0x8c] | PSK | AES | 128 | TLS_PSK_WITH_AES_128_CBC_SHA |
| DES-CBC3-SHA | [0x0701c0] | RSA | 3DES | 168 | SSL_CK_DES_192_EDE3_CBC_WITH_SHA |
| IDEA-CBC-SHA | [0x07] | RSA | IDEA | 128 | TLS_RSA_WITH_IDEA_CBC_SHA |
| ECDHE-RSA-DES-CBC3-SHA | [0xc012] | ECDH | 3DES | 168 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| ECDHE-ECDSA-DES-CBC3-SHA | [0xc008] | ECDH | 3DES | 168 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| DHE-RSA-DES-CBC3-SHA | |||||
| DHE-DSS-DES-CBC3-SHA | |||||
| DH-RSA-DES-CBC3-SHA | [0x10] | DH/RSA | 3DES | 168 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA |
| DH-DSS-DES-CBC3-SHA | [0x0d] | DH/DSS | 3DES | 168 | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA |
| ECDH-RSA-DES-CBC3-SHA | [0xc00d] | ECDH/RSA | 3DES | 168 | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
| ECDH-ECDSA-DES-CBC3-SHA | [0xc003] | ECDH/ECDSA | 3DES | 168 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| PSK-3DES-EDE-CBC-SHA | [0x8b] | PSK | 3DES | 168 | TLS_PSK_WITH_3DES_EDE_CBC_SHA |
| KRB5-IDEA-CBC-SHA | [0x21] | KRB5 | IDEA | 128 | TLS_KRB5_WITH_IDEA_CBC_SHA |
| KRB5-DES-CBC3-SHA | [0x1f] | KRB5 | 3DES | 168 | TLS_KRB5_WITH_3DES_EDE_CBC_SHA |
| KRB5-IDEA-CBC-MD5 | [0x25] | KRB5 | IDEA | 128 | TLS_KRB5_WITH_IDEA_CBC_MD5 |
| KRB5-DES-CBC3-MD5 | [0x23] | KRB5 | 3DES | 168 | TLS_KRB5_WITH_3DES_EDE_CBC_MD5 |
| ECDHE-RSA-RC4-SHA | [0xc011] | ECDH | RC4 | 128 | TLS_ECDHE_RSA_WITH_RC4_128_SHA |
| ECDHE-ECDSA-RC4-SHA | [0xc007] | ECDH | RC4 | 128 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| ECDH-RSA-RC4-SHA | [0xc00c] | ECDH/RSA | RC4 | 128 | TLS_ECDH_RSA_WITH_RC4_128_SHA |
| ECDH-ECDSA-RC4-SHA | [0xc002] | ECDH/ECDSA | RC4 | 128 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| RC4-SHA | [0x05] | RSA | RC4 | 128 | TLS_RSA_WITH_RC4_128_SHA |
| RC4-MD5 | [0x04] | RSA | RC4 | 128 | TLS_RSA_WITH_RC4_128_MD5 |
| PSK-RC4-SHA | [0x8a] | PSK | RC4 | 128 | TLS_PSK_WITH_RC4_128_SHA |
| KRB5-RC4-SHA | [0x20] | KRB5 | RC4 | 128 | TLS_KRB5_WITH_RC4_128_SHA |
| KRB5-RC4-MD5 | [0x24] | KRB5 | RC4 | 128 | TLS_KRB5_WITH_RC4_128_MD5 |
Cifras Obsoletas
A partir de 15 de agosto de 2024, o serviço Oracle Cloud Infrastructure Load Balancer não suporta mais as cifras legadas a seguir. Essa alteração se aplica a balanceadores de carga existentes e novos ativados para TLS.
- DHE-DSS-AES256-GCM-SHA384
- DHE-DSS-AES256-SHA256
- ECDH-RSA-AES256-GCM-SHA384
- ECDH-ECDSA-AES256-GCM-SHA384
- ECDH-RSA-AES256-SHA384
- ECDH-ECDSA-AES256-SHA384
- DHE-DSS-AES128-GCM-SHA256
- DHE-DSS-AES128-SHA256
- ECDH-RSA-AES128-GCM-SHA256
- ECDH-ECDSA-AES128-GCM-SHA256
- ECDH-RSA-AES128-SHA256
- ECDH-ECDSA-AES128-SHA256
- IDEA-CBC-SHA
- RC4-MD5
Observação
Se você planeja usar o protocolo TLS v1.3 com um conjunto de backend ou um listener no mesmo balanceador de carga, não poderá usar suítes de cifragem personalizadas que contenham qualquer uma dessas cifras obsoletas.
Se você planeja usar o protocolo TLS v1.3 com um conjunto de backend ou um listener no mesmo balanceador de carga, não poderá usar suítes de cifragem personalizadas que contenham qualquer uma dessas cifras obsoletas.