FIPS 140-2 mode cipher suites for TLS
| Cipher suite hex code | Cipher suite name |
| [0xc024] | ECDHE-ECDSA-AES256-SHA384 |
| [0xc02c] | ECDHE-ECDSA-AES256-GCM-SHA384 |
| [0xc014] | ECDHE-RSA-AES256-SHA |
| [0xc028] | ECDHE-RSA-AES256-SHA384 |
| [0xc030] | ECDHE-RSA-AES256-GCM-SHA384 |
| [0xc026] | ECDH-ECDSA-AES256-SHA384 |
| [0xc02e] | ECDH-ECDSA-AES256-GCM-SHA384 |
| [0xc02a] | ECDH-RSA-AES256-SHA384 |
| [0xc032] | ECDH-RSA-AES256-GCM-SHA384 |
| [0x3d] | AES256-SHA256 |
| [0x9d] | AES256-GCM-SHA384 |
| [0xc023] | ECDHE-ECDSA-AES128-SHA256 |
| [0xc02b] | ECDHE-ECDSA-AES128-GCM-SHA256 |
| [0xc027] | ECDHE-RSA-AES128-SHA256 |
| [0xc02f] | ECDHE-RSA-AES128-GCM-SHA256 |
| [0xc013] | ECDHE-RSA-AES128-SHA |
| [0xc025] | ECDH-ECDSA-AES128-SHA256 |
| [0xc02d] | ECDH-ECDSA-AES128-GCM-SHA256 |
| [0xc029] | ECDH-RSA-AES128-SHA256 |
| [0xc031] | ECDH-RSA-AES128-GCM-SHA256 |
| [0x3c] | AES128-SHA256 |
| [0x9c] | AES128-GCM-SHA256 |
| [0x35] | AES256-SHA |
| [0x2f] | AES128-SHA |
| Cipher suite hex code | Cipher suite name |
| [0xc024] | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| [0xc02c] | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| [0xc014] | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| [0xc028] | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| [0xc030] | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| [0xc026] | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| [0xc02e] | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
| [0xc02a] | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
| [0xc032] | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| [0x3d] | TLS_RSA_WITH_AES_256_CBC_SHA256 |
| [0x9d] | TLS_RSA_WITH_AES_256_GCM_SHA384 |
| [0xc023] | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| [0xc02b] | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| [0xc027] | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| [0xc02f] | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| [0xc013] | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| [0xc025] | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
| [0xc02d] | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| [0xc029] | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| [0xc031] | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| [0x3c] | TLS_RSA_WITH_AES_128_CBC_SHA256 |
| [0x9c] | TLS_RSA_WITH_AES_128_GCM_SHA256 |
| [0x35] | TLS_RSA_WITH_AES_256_CBC_SHA |
| [0x2f] | TLS_RSA_WITH_AES_128_CBC_SHA |
| [0xc00e] | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
| [0xc009] | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| [0xc004] | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| [0xc005] | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| [0xc00f] | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
| [0xc00a] | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| Cipher suite hex code | Cipher suite name |
| [0xc024] | ecdhe_ecdsa,aes_256_cbc,sha384,sha384 |
| [0xc014] | ecdhe_rsa,aes_256_cbc,sha |
| [0xc028] | ecdhe_rsa,aes_256_cbc,sha384,sha384 |
| [0xc026] | ecdh_ecdsa,aes_256_cbc,sha384,sha384 |
| [0xc02a] | ecdh_rsa,aes_256_cbc,sha384,sha384 |
| [0x3d] | rsa,aes_256_cbc,sha256 |
| [0xc023] | ecdhe_ecdsa,aes_128_cbc,sha256,sha256 |
| [0xc027] | ecdhe_rsa,aes_128_cbc,sha256,sha256 |
| [0xc02f] | ecdhe_rsa,aes_128_gcm,null,sha256 |
| [0xc013] | ecdhe_rsa,aes_128_cbc,sha |
| [0xc025] | ecdh_ecdsa,aes_128_cbc,sha256,sha256 |
| [0xc029] | ecdh_rsa,aes_128_cbc,sha256,sha256 |
| [0x3c] | rsa,aes_128_cbc,sha256 |
| [0x35] | rsa,aes_256_cbc,sha |
| [0x2f] | rsa,aes_128_cbc,sha |
| Cipher suite hex code | Cipher suite name |
| [0xc02c] | security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384 |
| [0xc014] | security.ssl3.ecdhe_rsa_aes_256_sha |
| [0xc030] | security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 |
| [0xc02b] | security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 |
| [0xc02f] | security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 |
| [0xc013] | security.ssl3.ecdhe_rsa_aes_128_sha |
| [0x35] | security.ssl3.rsa_aes_256_sha |
| [0x2f] | security.ssl3.rsa_aes_128_sha |
| [0xcc14] | security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256 |
| [0xcc13] | security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256 |
| Algorithm |
| SHA256WITHRSA |
| SHA384WITHRSA |
| SHA512WITHRSA |
| SHA256WITHECDSA |
| SHA384WITHECDSA |
| SHA512WITHECDSA |
| SHA1WITHDSA * |
| SHA1WITHECDSA * |
| SHA1WITHRSA * |
* The appliance certificate must have a SHA-256 or SHA-384 digital signature algorithm. External server or managed device certificates with SHA1 digital signatures are supported. Hewlett Packard Enterprise recommends that you regenerate the external server or managed device certificates with a stronger digital signature, such as SHA-256 or above.
| Algorithm |
| RSA:2048 |
| RSA:3072 |
| RSA:4096 |
| RSA:1024 * |
| ECDSA:256 |
| ECDSA:384 |
| ECDSA:521 |
| DSA:1024 * |
| ECDH:384 |
| ECDH:256 |
| ECDH:521 |
| DH:2048 |
| DH:3072 |
| ECCDH:256 |
| ECCDH:384 |
| ECCDH:521 |
| ECMQV:256 |
| ECMQV:384 |
| ECMQV:521 |
| EC:256 |
| EC:384 |
| EC:521 |
| ECC:256 |
| ECC:384 |
| ECC:521 |
| EC:192 * |
* These algorithms are allowed under legacy-use clause of FIPS 140-2 specifications for external server or managed device certificates, but are not used for appliance certificates.