skip to main content
Reference : SSL Encryption Cipher Suites
  

Try DataDirect Drivers Now

SSL Encryption Cipher Suites

See "Using Security" for information about using Secure Sockets Layer (SSL) data encryption with the drivers. Transport Layer Security (TLS) protocols are supported as listed in this chapter.
The following tables list the SSL and encryption cipher suites supported by your Progress DataDirect for ODBC driver. The driver attempts to negotiate either SSL v3 or TLS v1 with the server using OpenSSL cipher suites.
The following table shows the OpenSSL encryption cipher suites that the driver can use if it can negotiate SSL v2 with the server, with the name of the corresponding SSL v2 encryption cipher suites.
Note: OpenSSL libraries that are 1.1.1 and higher do not support SSL v2 cipher suites. For more information on specifying the OpenSSL library versions used by the driver, see "Designating an OpenSSL Library."
Table 22. OpenSSL Cipher Suites to SSL v2 Cipher Suites
OpenSSL Cipher Suite
SSL Encryption Cipher Suite
DES-CBC-MD5
SSL_CK_DES_64_CBC_WITH_MD5
DES-CBC3-MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
EXP-RC2-CBC-MD5
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
EXP-RC4-MD5
SSL_CK_RC4_128_EXPORT40_WITH_MD5
RC2-CBC-MD5
SSL_CK_RC2_128_CBC_WITH_MD5
RC4-MD5
SSL_CK_RC4_128_WITH_MD5
The following table shows the OpenSSL encryption cipher suites that the driver can use if it can negotiate SSL v3 with the server, with the name of the corresponding SSL v3 encryption cipher suites.
Table 23. Mapping OpenSSL Cipher Suites to SSL v3 Cipher Suites
OpenSSL Cipher Suite
SSL v3 Cipher Suite
AES128-GCM-SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
AES128-SHA
TLS_RSA_WITH_AES_128_CBC_SHA1
AES128-SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-GCM-SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
AES256-SHA
TLS_RSA_WITH_AES_256_CBC_SHA 2
AES256-SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
DES-CBC3-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
DES-CBC-SHA
SSL_RSA_WITH_DES_CBC_SHA
DHE-DSS-AES128-GCM-SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
DHE-DSS-AES128-SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA3
DHE-DSS-AES128-SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
DHE-DSS-AES256-GCM-SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
DHE-DSS-AES256-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA4
DHE-DSS-AES256-SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
DHE-DSS-SEED-SHA
TLS_DHE_DSS_WITH_SEED_CBC_SHA5
DHE-RSA-AES128-GCM-SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA6
DHE-RSA-AES128-SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
DHE-RSA-AES256-GCM-SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
DHE-RSA-AES256-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA7
DHE-RSA-AES256-SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
DHE-RSA-SEED-SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA8
EDH-DSS-DES-CBC3-SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
EDH-DSS-DES-CBC-SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
EDH-RSA-DES-CBC3-SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
EDH-RSA-DES-CBC-SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
EXP-DES-CBC-SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
EXP-EDH-DSS-DES-CBC-SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
EXP-EDH-RSA-DES-CBC-SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
EXP-RC2-CBC-MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
EXP-RC4-MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
PSK-3DES-EDE-CBC-SHA
TLS_PSK_WITH_3DES_EDE_CBC_SHA
PSK-AES128-CBC-SHA
TLS_PSK_WITH_AES_128_CBC_SHA
PSK-AES256-CBC-SHA
TLS_PSK_WITH_AES_256_CBC_SHA
PSK-RC4-SHA
TLS_PSK_WITH_RC4_128_SHA
RC4-MD5
SSL_RSA_WITH_RC4_128_MD5
RC4-SHA
SSL_RSA_WITH_RC4_128_SHA
SEED-SHA
TLS_RSA_WITH_SEED_CBC_SHA9
SRP-3DES-EDE-CBC-SHA
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
SRP-AES-128-CBC-SHA
TLS_SRP_SHA_WITH_AES_128_CBC_SHA
SRP-AES-256-CBC-SHA
TLS_SRP_SHA_WITH_AES_256_CBC_SHA
SRP-DSS-3DES-EDE-CBC-SHA
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
SRP-DSS-AES-128-CBC-SHA
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
SRP-DSS-AES-256-CBC-SHA
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
SRP-RSA-3DES-EDE-CBC-SHA
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
SRP-RSA-AES-128-CBC-SHA
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
SRP-RSA-AES-256-CBC-SHA
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
1 AES cipher suites from RFC3268 are used to extend TLS v1.

2 AES cipher suites from RFC3268 are used to extend TLS v1.

3 AES cipher suites from RFC3268 are used to extend TLS v1.

4 AES cipher suites from RFC3268 are used to extend TLS v1.

5 Seed cipher suites from RFC4162 are used to extend TLS v1.

6 AES cipher suites from RFC3268 are used to extend TLS v1.

7 AES cipher suites from RFC3268 are used to extend TLS v1.

8 Seed cipher suites from RFC4162 are used to extend TLS v1.

9 Seed cipher suites from RFC4162 are used to extend TLS v1.

The following table shows the OpenSSL Encryption Cipher suites that the driver can use if it can negotiate TLS v1.0, TLS v1.1, and TLS v1.2 with the server, with the name of the corresponding cipher suites.
Table 24. Mapping OpenSSL Encryption Cipher Suites to TLS v1.0, TLS v1.1, and TLS v1.2 Cipher Suites
OpenSSL Cipher Suite
Maps to TLS v1 Cipher Suite
AES128-GCM-SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
AES128-SHA
TLS_RSA_WITH_AES_128_CBC_SHA1
AES128-SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-GCM-SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
AES256-SHA
TLS_RSA_WITH_AES_256_CBC_SHA2
AES256-SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
ARIA128-GCM-SHA256
TLS_RSA_WITH_ARIA_128_GCM_SHA2563
ARIA256-GCM-SHA384
TLS_RSA_WITH_ARIA_256_GCM_SHA3844
DES-CBC3-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
DES-CBC-SHA
TLS_RSA_WITH_DES_CBC_SHA
DHE-DSS-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-DSS-AES128-SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA5
DHE-DSS-AES128-SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
DHE-DSS-AES256-GCM-SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
DHE-DSS-AES256-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA6
DHE-DSS-AES256-SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
DHE-DSS-ARIA128-GCM-SHA256
TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA2567
DHE-DSS-ARIA256-GCM-SHA384
TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA3848
DHE-DSS-SEED-SHA
TLS_DHE_DSS_WITH_SEED_CBC_SHA9
DHE-PSK-ARIA128-GCM-SHA256
TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 10
DHE-PSK-ARIA256-GCM-SHA384
TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 11
DHE-PSK-CHACHA20-POLY1305
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA25612
DHE-RSA-AES128-GCM-SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA13
DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
DHE-RSA-AES256-GCM-SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
DHE-RSA-AES256-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA14
DHE-RSA-AES256-SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
DHE-RSA-ARIA128-GCM-SHA256
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA25615
DHE-RSA-ARIA256-GCM-SHA384
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA38416
DHE-RSA-CHACHA20-POLY1305
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA25617
DHE-RSA-SEED-SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA18
ECDHE-ARIA128-GCM-SHA256
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 19
ECDHE-ARIA256-GCM-SHA384
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 20
ECDHE-RSA-CHACHA20-POLY1305
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA25621
ECDHE-ECDSA-ARIA128-GCM-SHA256
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA25622
ECDHE-ECDSA-ARIA256-GCM-SHA384
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA38423
ECDHE-ECDSA-CHACHA20-POLY1305
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA25624
ECDHE-PSK-CHACHA20-POLY1305
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA25625
ECDHE-RSA-AES256-SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ECDHE-RSA-AES256-SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-AES128-SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDHE-RSA-AES128-SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
EDH-DSS-DES-CBC3-SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
EDH-DSS-DES-CBC-SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
EDH-RSA-DES-CBC3-SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
EDH-RSA-DES-CBC-SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
EXP-DES-CBC-SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
EXP-EDH-DSS-DES-CBC-SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
EXP-EDH-RSA-DES-CBC-SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
EXP-RC2-CBC-MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
EXP-RC4-MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
PSK-3DES-EDE-CBC-SHA
TLS_PSK_WITH_3DES_EDE_CBC_SHA
PSK-AES128-CBC-SHA
TLS_PSK_WITH_AES_128_CBC_SHA
PSK-AES256-CBC-SHA
TLS_PSK_WITH_AES_256_CBC_SHA
PSK-ARIA128-GCM-SHA256
TLS_PSK_WITH_ARIA_128_GCM_SHA256 26
PSK-ARIA256-GCM-SHA384
TLS_PSK_WITH_ARIA_256_GCM_SHA384 27
PSK-CHACHA20-POLY1305
TLS_PSK_WITH_CHACHA20_POLY1305_SHA25628
PSK-RC4-SHA
TLS_PSK_WITH_RC4_128_SHA
RC4-MD5
TLS_RSA_WITH_RC4_128_MD5
RC4-SHA
TLS_RSA_WITH_RC4_128_SHA
RSA-PSK-ARIA128-GCM-SHA256
TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 29
RSA-PSK-ARIA256-GCM-SHA384
TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 30
RSA-PSK-CHACHA20-POLY1305
TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA25631
SEED-SHA
TLS_RSA_WITH_SEED_CBC_SHA32
SRP-3DES-EDE-CBC-SHA
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
SRP-AES-128-CBC-SHA
TLS_SRP_SHA_WITH_AES_128_CBC_SHA
SRP-AES-128-CBC-SHA
TLS_SRP_SHA_WITH_AES_128_CBC_SHA
SRP-AES-256-CBC-SHA
TLS_SRP_SHA_WITH_AES_256_CBC_SHA
SRP-DSS-3DES-EDE-CBC-SHA
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
SRP-DSS-AES-128-CBC-SHA
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
SRP-DSS-AES-256-CBC-SHA
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
SRP-RSA-3DES-EDE-CBC-SHA
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
SRP-RSA-AES-128-CBC-SHA
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
SRP-RSA-AES-256-CBC-SHA
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
1 AES cipher suites from RFC3268, extending TLS v1

2 AES cipher suites from RFC3268, extending TLS v1

3 Supported by OpenSSL libraries that are version 1.1.1 and higher.

4 Supported by OpenSSL libraries that are version 1.1.1 and higher.

5 AES cipher suites from RFC3268, extending TLS v1

6 AES cipher suites from RFC3268, extending TLS v1

7 Supported by OpenSSL libraries that are version 1.1.1 and higher.

8 Supported by OpenSSL libraries that are version 1.1.1 and higher.

9 Seed cipher suites from RFC4162 are used to extend TLS v1.

10 Supported by OpenSSL libraries that are version 1.1.1 and higher.

11 Supported by OpenSSL libraries that are version 1.1.1 and higher.

12 Supported by OpenSSL libraries that are version 1.1.1 and higher.

13 AES cipher suites from RFC3268, extending TLS v1

14 AES cipher suites from RFC3268, extending TLS v1

15 Supported by OpenSSL libraries that are version 1.1.1 and higher.

16 Supported by OpenSSL libraries that are version 1.1.1 and higher.

17 Supported by OpenSSL libraries that are version 1.1.1 and higher.

18 Seed cipher suites from RFC4162 are used to extend TLS v1.

19 Supported by OpenSSL libraries that are version 1.1.1 and higher.

20 Supported by OpenSSL libraries that are version 1.1.1 and higher.

21 Supported by OpenSSL libraries 1.1.1 and higher.

22 Supported by OpenSSL libraries that are version 1.1.1 and higher.

23 Supported by OpenSSL libraries that are version 1.1.1 and higher.

24 Supported by OpenSSL libraries 1.1.1 and higher.

25 Supported by OpenSSL libraries that are version 1.1.1 and higher.

26 Supported by OpenSSL libraries that are version 1.1.1 and higher.

27 Supported by OpenSSL libraries that are version 1.1.1 and higher.

28 Supported by OpenSSL libraries 1.1.1 and higher.

29 Supported by OpenSSL libraries 1.1.1 and higher.

30 Supported by OpenSSL libraries 1.1.1 and higher.

31 Supported by OpenSSL libraries 1.1.1 and higher.

32 Seed cipher suites from RFC4162 are used to extend TLS v1.

Reference:
OpenSSL Cryptography and SSL/TLS Toolkit