Introduction
This document describes the Umbrella-supported Cipher Suites.
Overview
Cisco Umbrella accepts the mentioned Cipher Suites when negotiating HTTPS connections to, and upstream from, the Secure Web Gateway (SWG), Intelligent Proxy, and block pages. Clients must support at least one of the Cipher Suites mentioned in order to successfully connect to those services.
The Product Security Baseline (PSB) of Cisco defines security requirements for functionality, development, and testing. Part of those requirements drive the list of supported Cipher Suites. These are documented here for informational purposes and are not configurable in Umbrella.
PSB Approved Cipher Suites
|
ECDHE-ECDSA-AES128-SHA
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
|
ECDHE-ECDSA-AES128-SHA256
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
|
ECDHE-ECDSA-AES128-GCM-SHA256
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
ECDHE-ECDSA-AES256-SHA384
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
|
ECDHE-ECDSA-AES256-GCM-SHA384
|
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
ECDHE-RSA-AES128-SHA
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
|
ECDHE-RSA-AES128-SHA256
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
|
ECDHE-RSA-AES128-GCM-SHA256
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
ECDHE-RSA-AES256-SHA384
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
|
ECDHE-RSA-AES256-GCM-SHA384
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
AES128-SHA
|
TLS_RSA_WITH_AES_128_CBC_SHA
|
|
AES128-SHA256
|
TLS_RSA_WITH_AES_128_CBC_SHA256
|
|
AES128-GCM-SHA256
|
TLS_RSA_WITH_AES_128_GCM_SHA256
|
|
AES256-SHA256
|
TLS_RSA_WITH_AES_256_CBC_SHA256
|
|
AES256-GCM-SHA384
|
TLS_RSA_WITH_AES_256_GCM_SHA384
|
|
AES256-GCM-SHA384
|
TLS_AES_256_GCM_SHA384
|
|
AES128-GCM-SHA256
|
TLS_AES_128_GCM_SHA256
|
Feedback