FIPS 140-2 mode cipher suites for TLS

Table 21936: OpenSSL, Apache, and Curl cipher suites
Cipher suite hex code Cipher suite name
[0xc024] ECDHE-ECDSA-AES256-SHA384
[0xc02c] ECDHE-ECDSA-AES256-GCM-SHA384
[0xc014] ECDHE-RSA-AES256-SHA
[0xc028] ECDHE-RSA-AES256-SHA384
[0xc030] ECDHE-RSA-AES256-GCM-SHA384
[0xc026] ECDH-ECDSA-AES256-SHA384
[0xc02e] ECDH-ECDSA-AES256-GCM-SHA384
[0xc02a] ECDH-RSA-AES256-SHA384
[0xc032] ECDH-RSA-AES256-GCM-SHA384
[0x3d] AES256-SHA256
[0x9d] AES256-GCM-SHA384
[0xc023] ECDHE-ECDSA-AES128-SHA256
[0xc02b] ECDHE-ECDSA-AES128-GCM-SHA256
[0xc027] ECDHE-RSA-AES128-SHA256
[0xc02f] ECDHE-RSA-AES128-GCM-SHA256
[0xc013] ECDHE-RSA-AES128-SHA
[0xc025] ECDH-ECDSA-AES128-SHA256
[0xc02d] ECDH-ECDSA-AES128-GCM-SHA256
[0xc029] ECDH-RSA-AES128-SHA256
[0xc031] ECDH-RSA-AES128-GCM-SHA256
[0x3c] AES128-SHA256
[0x9c] AES128-GCM-SHA256
[0x35] AES256-SHA
[0x2f] AES128-SHA
Table 32037: Java cipher suites
Cipher suite hex code Cipher suite name
[0xc024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[0xc02c] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[0xc014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[0xc028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[0xc030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[0xc026] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
[0xc02e] TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
[0xc02a] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
[0xc032] TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
[0x3d] TLS_RSA_WITH_AES_256_CBC_SHA256
[0x9d] TLS_RSA_WITH_AES_256_GCM_SHA384
[0xc023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[0xc02b] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[0xc027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[0xc02f] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[0xc013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
[0xc025] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
[0xc02d] TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
[0xc029] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
[0xc031] TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
[0x3c] TLS_RSA_WITH_AES_128_CBC_SHA256
[0x9c] TLS_RSA_WITH_AES_128_GCM_SHA256
[0x35] TLS_RSA_WITH_AES_256_CBC_SHA
[0x2f] TLS_RSA_WITH_AES_128_CBC_SHA
[0xc00e] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[0xc009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[0xc004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[0xc005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
[0xc00f] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
[0xc00a] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Table 2138: RabbitMQ cipher suites
Cipher suite hex code Cipher suite name
[0xc024] ecdhe_ecdsa,aes_256_cbc,sha384,sha384
[0xc014] ecdhe_rsa,aes_256_cbc,sha
[0xc028] ecdhe_rsa,aes_256_cbc,sha384,sha384
[0xc026] ecdh_ecdsa,aes_256_cbc,sha384,sha384
[0xc02a] ecdh_rsa,aes_256_cbc,sha384,sha384
[0x3d] rsa,aes_256_cbc,sha256
[0xc023] ecdhe_ecdsa,aes_128_cbc,sha256,sha256
[0xc027] ecdhe_rsa,aes_128_cbc,sha256,sha256
[0xc02f] ecdhe_rsa,aes_128_gcm,null,sha256
[0xc013] ecdhe_rsa,aes_128_cbc,sha
[0xc025] ecdh_ecdsa,aes_128_cbc,sha256,sha256
[0xc029] ecdh_rsa,aes_128_cbc,sha256,sha256
[0x3c] rsa,aes_128_cbc,sha256
[0x35] rsa,aes_256_cbc,sha
[0x2f] rsa,aes_128_cbc,sha
Table 522: Firefox cipher suites
Cipher suite hex code Cipher suite name
[0xc02c] security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384
[0xc014] security.ssl3.ecdhe_rsa_aes_256_sha
[0xc030] security.ssl3.ecdhe_rsa_aes_256_gcm_sha384
[0xc02b] security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256
[0xc02f] security.ssl3.ecdhe_rsa_aes_128_gcm_sha256
[0xc013] security.ssl3.ecdhe_rsa_aes_128_sha
[0x35] security.ssl3.rsa_aes_256_sha
[0x2f] security.ssl3.rsa_aes_128_sha
[0xcc14] security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256
[0xcc13] security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256
Table 62339: Digital signature algorithms
Algorithm
SHA256WITHRSA
SHA384WITHRSA
SHA512WITHRSA
SHA256WITHECDSA
SHA384WITHECDSA
SHA512WITHECDSA
SHA1WITHDSA *
SHA1WITHECDSA *
SHA1WITHRSA *

* SHA1 algorithms are not supported on appliance certificates, but are allowed on external server or managed device certificates. Any such SHA1 appliance certificates must be recreated and re-imported before you attempt a mode switch.

Table 24: Public key algorithm
Algorithm
RSA:2048
RSA:3072
RSA:4096
RSA:1024 *
ECDSA:256
ECDSA:384
ECDSA:521
DSA:1024 *
ECDH:384
ECDH:256
ECDH:521
DH:2048
DH:3072
ECCDH:256
ECCDH:384
ECCDH:521
ECMQV:256
ECMQV:384
ECMQV:521
EC:256
EC:384
EC:521
ECC:256
ECC:384
ECC:521
EC:192 *

* These algorithms are allowed under legacy-use clause of FIPS 140-2 specifications for external server or managed device certificates, but are not used for appliance certificates.