We support the following encryption configurations:
- Protocols: TLS 1.2 and greater
- Key exchange algorithms: RSA, DHE, ECDHE
- Authentication algorithms: RSA
- Bulk encryption algorithms: AES_256_GCM, AES_128_GCM, AES_256_CBC, AES_128_CBC
- MAC algorithms: SHA, SHA256
All client applications must support the TLS Server Name Indication (SNI) extension: http://en.wikipedia.org/wiki/Server_Name_Indication
We do not support:
- Any version of the SSL (1.0-3.0) protocols
- TLS 1.0 or 1.1
- RC4 or MD5 encryption
- Encryption algorithms cipher strengths below 128bits
As an example, Google Chrome v40 defaults to this cipher suite: TLS 1.2 + ECDHE + RSA + AES_128_GCM + SHA256