适用于 TLS 的 FIPS 140-2 模式密码套件

OpenSSL、Apache 和 Curl 密码套件
密码套件十六进制代码 密码套件名称
[0xc024] ECDHE-ECDSA-AES256-SHA384
[0xc02c] ECDHE-ECDSA-AES256-GCM-SHA384
[0xc014] ECDHE-RSA-AES256-SHA
[0xc028] ECDHE-RSA-AES256-SHA384
[0xc030] ECDHE-RSA-AES256-GCM-SHA384
[0xc026] ECDH-ECDSA-AES256-SHA384
[0xc02e] ECDH-ECDSA-AES256-GCM-SHA384
[0xc02a] ECDH-RSA-AES256-SHA384
[0xc032] ECDH-RSA-AES256-GCM-SHA384
[0x3d] AES256-SHA256
[0x9d] AES256-GCM-SHA384
[0xc023] ECDHE-ECDSA-AES128-SHA256
[0xc02b] ECDHE-ECDSA-AES128-GCM-SHA256
[0xc027] ECDHE-RSA-AES128-SHA256
[0xc02f] ECDHE-RSA-AES128-GCM-SHA256
[0xc013] ECDHE-RSA-AES128-SHA
[0xc025] ECDH-ECDSA-AES128-SHA256
[0xc02d] ECDH-ECDSA-AES128-GCM-SHA256
[0xc029] ECDH-RSA-AES128-SHA256
[0xc031] ECDH-RSA-AES128-GCM-SHA256
[0x3c] AES128-SHA256
[0x9c] AES128-GCM-SHA256
[0x35] AES256-SHA
[0x2f] AES128-SHA
Java 密码套件
密码套件十六进制代码 密码套件名称
[0xc024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[0xc02c] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[0xc014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[0xc028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[0xc030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[0xc026] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
[0xc02e] TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
[0xc02a] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
[0xc032] TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
[0x3d] TLS_RSA_WITH_AES_256_CBC_SHA256
[0x9d] TLS_RSA_WITH_AES_256_GCM_SHA384
[0xc023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[0xc02b] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[0xc027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[0xc02f] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[0xc013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
[0xc025] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
[0xc02d] TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
[0xc029] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
[0xc031] TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
[0x3c] TLS_RSA_WITH_AES_128_CBC_SHA256
[0x9c] TLS_RSA_WITH_AES_128_GCM_SHA256
[0x35] TLS_RSA_WITH_AES_256_CBC_SHA
[0x2f] TLS_RSA_WITH_AES_128_CBC_SHA
[0xc00e] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[0xc009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[0xc004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[0xc005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
[0xc00f] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
[0xc00a] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
RabbitMQ 密码套件
密码套件十六进制代码 密码套件名称
[0xc024] ecdhe_ecdsa,aes_256_cbc,sha384,sha384
[0xc014] ecdhe_rsa,aes_256_cbc,sha
[0xc028] ecdhe_rsa,aes_256_cbc,sha384,sha384
[0xc026] ecdh_ecdsa,aes_256_cbc,sha384,sha384
[0xc02a] ecdh_rsa,aes_256_cbc,sha384,sha384
[0x3d] rsa,aes_256_cbc,sha256
[0xc023] ecdhe_ecdsa,aes_128_cbc,sha256,sha256
[0xc027] ecdhe_rsa,aes_128_cbc,sha256,sha256
[0xc02f] ecdhe_rsa,aes_128_gcm,null,sha256
[0xc013] ecdhe_rsa,aes_128_cbc,sha
[0xc025] ecdh_ecdsa,aes_128_cbc,sha256,sha256
[0xc029] ecdh_rsa,aes_128_cbc,sha256,sha256
[0x3c] rsa,aes_128_cbc,sha256
[0x35] rsa,aes_256_cbc,sha
[0x2f] rsa,aes_128_cbc,sha
Firefox 密码套件
密码套件十六进制代码 密码套件名称
[0xc02c] security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384
[0xc014] security.ssl3.ecdhe_rsa_aes_256_sha
[0xc030] security.ssl3.ecdhe_rsa_aes_256_gcm_sha384
[0xc02b] security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256
[0xc02f] security.ssl3.ecdhe_rsa_aes_128_gcm_sha256
[0xc013] security.ssl3.ecdhe_rsa_aes_128_sha
[0x35] security.ssl3.rsa_aes_256_sha
[0x2f] security.ssl3.rsa_aes_128_sha
[0xcc14] security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256
[0xcc13] security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256
数字签名算法
算法
SHA256WITHRSA
SHA384WITHRSA
SHA512WITHRSA
SHA256WITHECDSA
SHA384WITHECDSA
SHA512WITHECDSA
SHA1WITHDSA*
SHA1WITHECDSA*
SHA1WITHRSA*

* 在装置证书上不支持 SHA1 算法,但允许在外部服务器或管理的设备证书上使用该算法。在尝试切换模式之前,必须重新创建并重新导入任何此类 SHA1 装置证书。

公钥算法
算法
RSA:2048
RSA:3072
RSA:4096
RSA:1024 *
ECDSA:256
ECDSA:384
ECDSA:521
DSA:1024 *
ECDH:384
ECDH:256
ECDH:521
DH:2048
DH:3072
ECCDH:256
ECCDH:384
ECCDH:521
ECMQV:256
ECMQV:384
ECMQV:521
EC:256
EC:384
EC:521
ECC:256
ECC:384
ECC:521
EC:192 *

* 在 FIPS 140-2 规范的旧使用条款下,允许将这些算法用于外部服务器或受管设备证书,但不得用于装置证书。