See below for the supported TLS versions and ciphersuites
Management Console TLS support
The PKI Hub Management Console supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | X25519MLKEM768 |
See below for the supported ciphersuites.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|
Grafana TLS support
The Grafana user interface supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | X25519MLKEM768 |
See below for the supported ciphersuites.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|
Certificate Authority TLS support
Certificate Authority supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | X25519MLKEM768 |
See below for the supported ciphersuites.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|
Certificate Enrollment Gateway TLS support
Certificate Enrollment Gateway supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | X25519MLKEM768 |
See below for the supported ciphersuites.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
|
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|
CA Gateway TLS support
CA Gateway supports the following TLS versions.
TLS versions | Key Encapsulation Mechanisms (KEMs) |
|---|---|
1.2 and 1.3 | None |
CA Gateway provides a Server setting to select the supported ciphersuites. See below for the ones supported by default.
Ciphersuite | TSL 1.2 | TLS 1.3 |
|---|---|---|
AES256-GCM-SHA384 |
| |
DHE-RSA-AES128-GCM-SHA256 |
| |
DHE-RSA-AES256-GCM-SHA384 |
| |
ECDHE-RSA-AES128-GCM-SHA256 |
| |
ECDHE-RSA-AES256-GCM-SHA384 |
| |
ECDHE-RSA-CHACHA20-POLY1305 |
| |
TLS_AES_128_GCM_SHA256 |
| |
TLS_AES_256_GCM_SHA384 |
| |
TLS_CHACHA20_POLY1305_SHA256 |
|