Supported ciphers

cipher_dcmtk.txt is the intersection of the OpenSSL library supported cipher list, cmd: openssl ciphers -v "ALL:eNULL" and DCMTK library cipher suite list, cipher name and keySize separated with white space.

Supported ciphers:

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256
  • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128
  • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 128
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 128
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA 256
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256
  • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA 128
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128
  • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 128
  • TLS_RSA_WITH_AES_256_GCM_SHA384 256
  • TLS_RSA_WITH_AES_128_GCM_SHA256 128
  • TLS_RSA_WITH_AES_256_CBC_SHA256 256
  • TLS_RSA_WITH_AES_128_CBC_SHA256 128
  • TLS_RSA_WITH_AES_256_CBC_SHA 256
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256
  • TLS_RSA_WITH_AES_128_CBC_SHA 128
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128
  • TLS_RSA_WITH_NULL_SHA 0

Unsupported cipher suites

Some security profiles do not specify cipher suites. For example:

  • Extended BCP 195 TLS: Additional cipher suites not permitted.
  • BCP 195 TLS:
    • Non-downgrading BCP 195 TLS.
    • Basic TLS Secure Transport Connection.
    • AES TLS Secure Transport Connection: Unencrypted cipher suite (keySize=0, NULL-SHA).