See below for the supported TLS versions and ciphersuites
Management Console TLS support
The PKI Hub Management Console supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | X25519MLKEM768 |
See below for the supported ciphersuites.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|
Grafana TLS support
The Grafana user interface supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | X25519MLKEM768 |
See below for the supported ciphersuites.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|
Certificate Authority TLS support
Certificate Authority supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | X25519MLKEM768 |
See below for the supported ciphersuites.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|
Certificate Enrollment Gateway TLS support
Certificate Enrollment Gateway supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | X25519MLKEM768 |
See below for the supported ciphersuites.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|
CA Gateway TLS support
CA Gateway supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
TLSv1.2 | None |
TLSv1.3 | None |
CA Gateway provides a Server setting to select the supported ciphersuites. See below for the ones supported by default.
Cipher | TLSv1.2 | TLSv1.3 |
|---|---|---|
TLS_AES_128_CCM_8_SHA256 |
|
|
TLS_AES_128_CCM_SHA256 |
|
|
TLS_AES_128_GCM_SHA256 |
|
|
TLS_AES_256_GCM_SHA384 |
|
|
TLS_CHACHA20_POLY1305_SHA256 |
|
|
TLS_CHACHA_POLY1305_SHA256 |
|
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
|
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
|
|
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|
|
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
|
|
TLS_RSA_WITH_AES_128_GCM_SHA256 |
|
|
TLS_RSA_WITH_AES_256_GCM_SHA384 |
|
|
