| Algorithms | Recommended | Acceptable | Disable | Future | Debated | FIPS140 | CC | SuiteB | CSFC | PCI |
|---|---|---|---|---|---|---|---|---|---|---|
| SSL 3.0 or lower | TRUE | |||||||||
| TLS v1.0 or lower | TRUE | |||||||||
| TLSv1.1 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLSv1.2 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLSv1.3 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| Dual_EC_DRBG | TRUE | |||||||||
| ANSI X9.31 | TRUE | |||||||||
| CTR_DRBG (AES) | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| HMAC_DRBG (any) | TRUE | TRUE | TRUE | TRUE | ||||||
| AES Hash_DRBG (any) | TRUE | TRUE | TRUE | TRUE | ||||||
| RSA 4096 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| RSA 3072 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| RSA 2048 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| ECDSA with P-256 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| ECDSA with P-384 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| ECDSA with P-521 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| SSHv2 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| diffie-hellmann-group24-sha1 (256-bit POS) | TRUE | TRUE | TRUE | TRUE | ||||||
| diffie-hellmann-group20-sha1 (384-bit Random ECP) | TRUE | TRUE | TRUE | TRUE | ||||||
| diffie-hellmann-group19-sha1 (256-bit Random ECP) | TRUE | TRUE | TRUE | TRUE | ||||||
| diffie-hellman-group18-sha1 (8192-bit MODP) | TRUE | |||||||||
| diffie-hellman-group17-sha1 (6144-bit MODP) | TRUE | |||||||||
| diffie-hellman-group16-sha1 (4096-bit MODP) | TRUE | |||||||||
| diffie-hellman-group15-sha1 (3072-bit MODP) | TRUE | |||||||||
| diffie-hellmann-group14-sha1 (2048 MODP) | TRUE | TRUE | TRUE | TRUE | ||||||
| diffie-hellman-group1-sha1 | TRUE | |||||||||
| diffie-hellman-group2-sha1 | TRUE | |||||||||
| ecdh-sha2-nistp256 | TRUE | TRUE | TRUE | |||||||
| ecdh-sha2-nistp384 | TRUE | TRUE | TRUE | |||||||
| ecdh-sha2-nistp521 | TRUE | TRUE | TRUE | |||||||
| aes128-ctr | TRUE | TRUE | TRUE | TRUE | ||||||
| aes192-ctr | TRUE | TRUE | TRUE | TRUE | ||||||
| aes256-ctr | TRUE | TRUE | TRUE | TRUE | ||||||
| aes128-gcm | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| aes192-gcm | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| aes256-gcm | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| aes128-cbc | TRUE | TRUE | TRUE | |||||||
| aes192-cbc | TRUE | TRUE | TRUE | TRUE | ||||||
| aes256-cbc | TRUE | TRUE | TRUE | TRUE | ||||||
| AEAD_AES_256_GCM | TRUE | |||||||||
| AEAD_AES_128_GCM | TRUE | |||||||||
| ssh-rsa | TRUE | TRUE | TRUE | TRUE | ||||||
| ecdsa-sha2-nistp256 | TRUE | TRUE | TRUE | |||||||
| ecdsa-sha2-nistp384 | TRUE | TRUE | TRUE | |||||||
| ecdsa-sha2-nistp521 | TRUE | TRUE | TRUE | |||||||
| x509v3-ecdsa-sha2-nistp256 | TRUE | TRUE | TRUE | |||||||
| x509v3-ecdsa-sha2-nistp384 | TRUE | TRUE | TRUE | |||||||
| x509v3-ecdsa-sha2-nistp521 | TRUE | TRUE | TRUE | |||||||
| ssh-dsa | TRUE | |||||||||
| DSA any key size | TRUE | |||||||||
| SHA-256 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| SHA-384 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| SHA-512 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| SHA-1 | TRUE | TRUE | ||||||||
| hmac-md5 | TRUE | |||||||||
| AEAD_AES_128_GCM | TRUE | TRUE | ||||||||
| AEAD_AES_256_GCM | TRUE | TRUE | ||||||||
| hmac-sha1 | TRUE | TRUE | TRUE | TRUE | ||||||
| hmac-sha1-96 | TRUE | TRUE | TRUE | TRUE | ||||||
| hmac-sha2-256 | TRUE | TRUE | TRUE | TRUE | ||||||
| hmac-sha2-384 | TRUE | TRUE | TRUE | TRUE | ||||||
| hmac-sha2-512 | TRUE | TRUE | TRUE | TRUE | ||||||
| ssh-dsa | TRUE | TRUE | TRUE | |||||||
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_RSA_WITH_AES_192_CBC_SHA | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_RSA_WITH_AES_192_GCM_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_RSA_WITH_AES_192_CBC_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLS_ECDHE_ECDSA_WITH_AES_192_CBC_SHA | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLS_ECDHE_ECDSA_WITH_AES_192_CBC_SHA256 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| TLS_ECDHE_ECDSA_WITH_AES_192_GCM_SHA256 | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | TRUE | TRUE | TRUE | TRUE | TRUE | TRUE | ||||
| TLS_RSA_WITH_AES_128_CBC_SHA | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_RSA_WITH_AES_192_CBC_SHA | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_RSA_WITH_AES_256_CBC_SHA | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_RSA_WITH_AES_128_GCM_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_RSA_WITH_AES_192_GCM_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_RSA_WITH_AES_256_GCM_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_DHE_RSA_WITH_AES_192_CBC_SHA | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | TRUE | TRUE | TRUE | TRUE | TRUE | |||||
| TLS_RSA_WITH_AES_128_CBC_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_RSA_WITH_AES_192_CBC_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_RSA_WITH_AES_256_CBC_SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_DHE_RSA_WITH_AES_192_CBC_ SHA256 | TRUE | TRUE | TRUE | TRUE | ||||||
| TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 | TRUE | TRUE | TRUE | TRUE |