Cipher Suites and Protocols
The cipher suites and relevant protocols are listed when FIPS is in On and Off
mode.
It is strongly recommended that you
do not use SSL, TLS 1.0, or TLS 1.1 protocols. Some server versions may not support
TLS 1.3 yet, therefore the TLS 1.2 protocol should be considered as the cornerstone
configuration. Security of some of the cipher suites has degraded over time and as a
result, some cipher suites are known to be insecure. Old or outdated cipher suites
are often vulnerable to attacks. If they are used, the attacker may intercept or
modify data in transit. It is recommended that you use only the following cipher
suites:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |