Global acceptance and proposal policies enable certain security protocols and cipher suites by default.

Table 1. Default Global Policies
Default Security Protocols Default Cipher Suites
  • TLS 1.2
  • TLS 1.1
  • TLS 1.0
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA

If all connecting clients support TLS 1.1 and/or TLS 1.2, you can remove TLS 1.0 from the acceptance policy.