This section covers the versions of Transport Layer Security (TLS) communication used by Cloud Web Security. Cloud Web Security will always use the highest TLS version available for the connection.
This highest TLS version is supported for full end-to-end communication provided the client and server support this TLS version.
For any communication to a web server, the client will begin by trying to negotiate the highest TLS version (1.3), and then when the Cloud Web Security service proxies the connection it will try to honor that version. However, the web server will have the ultimate say on which TLS version is used. In other words, if the web server only supports TLS 1.2, that is the version that would be used for end-to-end communication in that instance.
| TLS Versions/Cipher Suites |
|---|
| (TLS 1.3) AES_256_GCM_SHA384 |
| (TLS 1.3) CHACHA20_POLY1305_SHA256 |
| (TLS 1.3) AES_128_GCM_SHA256 |
| (TLS 1.2) ECDHE-RSA-AES128-GCM-SHA256 |
| (TLS 1.2) ECDHE-RSA-AES256-GCM-SHA384 |
| (TLS 1.2) ECDHE-RSA-AES128-SHA256 |
| (TLS 1.2) ECDHE-RSA-AES256-SHA384 |
| (TLS 1.2) AES128-GCM-SHA25 |
| (TLS 1.2) AES256-GCM-SHA384 |
| (TLS 1.2) AES128-SHA256 |
| (TLS 1.2) AES256-SHA256 |
| (TLS 1.0, 1.1) AES128-SHA |
| (TLS 1.0, 1.1) AES256-SHA |
| (TLS 1.0, 1.1) ECDHE-RSA-AES128-SHA |
| (TLS 1.0, 1.1) ECDHE-RSA-AES256-SHA |
