browse
Overview
Cisco Umbrella accepts the following cipher suites when negotiating HTTPS connections to, and upstream from, the Secure Web Gateway (SWG), Intelligent Proxy, and block pages. Clients must support at least one of the cipher suites below in order to successfully connect to those services.
Cisco’s Product Security Baseline (PSB) defines security requirements for functionality, development, and testing. Part of those requirements drive the list of supported cipher suites. These are documented here for informational purposes and are not configurable in Umbrella.
PSB Approved Cipher Suites
Cipher Suites:
ECDHE-ECDSA-AES128-SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
ECDHE-ECDSA-AES128-SHA256 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
ECDHE-ECDSA-AES128-GCM-SHA256 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
ECDHE-ECDSA-AES256-SHA384 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
ECDHE-ECDSA-AES256-GCM-SHA384 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
ECDHE-RSA-AES128-SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
ECDHE-RSA-AES128-SHA256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
ECDHE-RSA-AES128-GCM-SHA256 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
ECDHE-RSA-AES256-SHA384 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
ECDHE-RSA-AES256-GCM-SHA384 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
AES128-SHA | TLS_RSA_WITH_AES_128_CBC_SHA |
AES128-SHA256 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
AES128-GCM-SHA256 | TLS_RSA_WITH_AES_128_GCM_SHA256 |
AES256-SHA256 | TLS_RSA_WITH_AES_256_CBC_SHA256 |
AES256-GCM-SHA384 | TLS_RSA_WITH_AES_256_GCM_SHA384 |
AES256-GCM-SHA384 | TLS_AES_256_GCM_SHA384 |
AES128-GCM-SHA256 | TLS_AES_128_GCM_SHA256 |