TLS Cipher Suites Database
Complete reference of 14 IANA-registered TLS cipher suites
About TLS Cipher Suites
TLS cipher suites define the cryptographic algorithms used to secure TLS connections. Each suite specifies the key exchange algorithm, authentication method, encryption cipher, and message authentication code (MAC) algorithm.
In JA3 fingerprinting, the ordered list of cipher suites advertised by a client is the first and most distinctive component of the fingerprint. Different browsers prioritize different cipher suites (e.g., Chrome prefers ChaCha20 on mobile devices, Firefox prioritizes AES-GCM), making cipher suite ordering a highly reliable client identifier.
JA3 Format: TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS
Search & Filter Cipher Suites
Try searching for: "AES", "ChaCha20", "0x1301", "GCM", "TLS_AES", or "ECDHE"
All Cipher Suites (14)
| Cipher Suite Name | Hex Value | TLS Version | Security Level | Status | Description |
|---|---|---|---|---|---|
TLS_AES_128_GCM_SHA256
|
0x1301 |
TLS 1.3 | 128-bit | Recommended | TLS_AES_128_GCM_SHA256 is the most widely used TLS 1.3 ciphe... |
TLS_AES_256_GCM_SHA384
|
0x1302 |
TLS 1.3 | 256-bit | Recommended | TLS_AES_256_GCM_SHA384 provides 256-bit security using AES-2... |
TLS_CHACHA20_POLY1305_SHA256
|
0x1303 |
TLS 1.3 | 256-bit | Recommended | TLS_CHACHA20_POLY1305_SHA256 uses ChaCha20 stream cipher wit... |
TLS_AES_128_CCM_SHA256
|
0x1304 |
TLS 1.3 | 128-bit | Not Recommended | TLS_AES_128_CCM_SHA256 uses AES-128 in CCM (Counter with CBC... |
TLS_AES_128_CCM_8_SHA256
|
0x1305 |
TLS 1.3 | 128-bit (64-bit auth) | Not Recommended | TLS_AES_128_CCM_8_SHA256 is a variant of CCM with an 8-byte ... |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
0xC02F |
TLS 1.2 | 128-bit + Forward Secrecy | Recommended | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is the most common TLS... |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
0xC030 |
TLS 1.2 | 256-bit + Forward Secrecy | Recommended | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is the 256-bit variant... |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
0xCCA8 |
TLS 1.2 | 256-bit + Forward Secrecy | Recommended | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 brings ChaCha20-... |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
0xC02B |
TLS 1.2 | 128-bit + Forward Secrecy | Recommended | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uses ECDSA (Elliptic... |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
0xC02C |
TLS 1.2 | 256-bit + Forward Secrecy | Recommended | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is the high-security... |
TLS_RSA_WITH_AES_128_GCM_SHA256
|
0x009C |
TLS 1.2 | 128-bit (NO Forward Secrecy) | Not Recommended | TLS_RSA_WITH_AES_128_GCM_SHA256 uses static RSA key exchange... |
TLS_RSA_WITH_AES_256_GCM_SHA384
|
0x009D |
TLS 1.2 | 256-bit (NO Forward Secrecy) | Not Recommended | TLS_RSA_WITH_AES_256_GCM_SHA384 is the 256-bit variant of st... |
TLS_RSA_WITH_AES_128_CBC_SHA
|
0x002F |
TLS 1.0, TLS 1.1, TLS 1.2 | WEAK - Multiple Vulnerabilities | Not Recommended | TLS_RSA_WITH_AES_128_CBC_SHA is one of the oldest widely sup... |
TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
0x000A |
TLS 1.0, TLS 1.1, TLS 1.2 | CRITICALLY WEAK | Not Recommended | TLS_RSA_WITH_3DES_EDE_CBC_SHA is an extremely weak cipher su... |
Recommended cipher suites for TLS 1.3:
- TLS_AES_128_GCM_SHA256 - Fast, secure, widely supported
- TLS_AES_256_GCM_SHA384 - Higher security for sensitive data
- TLS_CHACHA20_POLY1305_SHA256 - Best for mobile devices (software-based)
For TLS 1.2 compatibility:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - Good balance of security and compatibility
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - Alternative for mobile
Avoid insecure ciphers: CBC-mode ciphers, RC4, DES, 3DES, MD5, and all non-AEAD ciphers are vulnerable to various attacks.