The cipher suites and relevant protocols are listed when FIPS is in On and Off mode.
Note: It is strongly recommended that you do not use SSL, TLS 1.0, or TLS 1.1 protocols. Some server versions may not support TLS 1.3 yet, therefore the TLS 1.2 protocol should be considered as the cornerstone configuration. Security of some of the cipher suites has degraded over time and as a result, some cipher suites are known to be insecure. Old or outdated cipher suites are often vulnerable to attacks. If they are used, the attacker may intercept or modify data in transit. It is recommended that you use only the following cipher suites:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |