This section covers the versions of Transport Layer Security (TLS) communication used by Cloud Web Security. Cloud Web Security will always use the highest TLS version available for the connection.
This highest TLS version is supported for full end-to-end communication
provided the client and server support this TLS version.For any communication to a web server, the client will begin by trying to negotiate the highest TLS version (1.3), and then when the Cloud Web Security service proxies the connection it will try to honor that version. However the web server will have the ultimate say on which TLS version is used. In other words, if the web server only supports TLS 1.2, that is the version that would be used for end-to-end communication in that instance.
Below is a list of supported TLS versions and cipher suites used in Cloud Web Security:
TLS Versions/Cipher Suites |
---|
(TLS 1.3) AES_256_GCM_SHA384 |
(TLS 1.3) CHACHA20_POLY1305_SHA256 |
(TLS 1.3) AES_128_GCM_SHA256 |
(TLS 1.2) ECDHE-RSA-AES128-GCM-SHA256 |
(TLS 1.2) ECDHE-RSA-AES256-GCM-SHA384 |
(TLS 1.2) ECDHE-RSA-AES128-SHA256 |
(TLS 1.2) ECDHE-RSA-AES256-SHA384 |
(TLS 1.2) AES128-GCM-SHA25 |
(TLS 1.2) AES256-GCM-SHA384 |
(TLS 1.2) AES128-SHA256 |
(TLS 1.2) AES256-SHA256 |
(TLS 1.0, 1.1) AES128-SHA |
(TLS 1.0, 1.1) AES256-SHA |
(TLS 1.0, 1.1) ECDHE-RSA-AES128-SHA |
(TLS 1.0, 1.1) ECDHE-RSA-AES256-SHA |