TLS Supported Groups Database
Complete reference of 19 IANA-registered elliptic curves and FFDHE groups
About TLS Supported Groups
TLS supported groups (also known as named groups or elliptic curves) define the cryptographic groups used for key exchange in TLS connections. These include elliptic curve groups (ECDHE) and finite field groups (FFDHE) used for Diffie-Hellman key exchange, providing perfect forward secrecy.
In JA3 fingerprinting, the order and selection of supported groups is a critical component of the fingerprint. Different browsers and HTTP clients advertise different curves, making this a reliable indicator of client type and version.
JA3 Format: TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS
Search Supported Groups
Try searching for: "x25519", "P-256", "secp", "0x001d", "29", "brainpool", "post-quantum"
All Supported Groups (19)
| Group Name | Code (Dec) | Code (Hex) | Type | Security Level | Description |
|---|---|---|---|---|---|
secp192r1
|
19 |
0x0013 |
ECDHE | 96 bits (DEPRECATED) | secp192r1 (also known as P-192 or prime192v1) is a legacy NIST curve providing 9... |
secp224r1
|
21 |
0x0015 |
ECDHE | 112 bits (LEGACY) | secp224r1 (P-224) is a NIST curve providing 112-bit security, positioned between... |
secp256k1
|
22 |
0x0016 |
ECDHE | 128 bits | secp256k1 is a Koblitz curve providing 128-bit security, most famous for its use... |
brainpoolP256r1
|
26 |
0x001A |
ECDHE | 128 bits | brainpoolP256r1 is a 256-bit elliptic curve from the Brainpool standard, providi... |
brainpoolP384r1
|
27 |
0x001B |
ECDHE | 192 bits | brainpoolP384r1 is a 384-bit Brainpool curve providing 192-bit security, compara... |
brainpoolP512r1
|
28 |
0x001C |
ECDHE | 256 bits | brainpoolP512r1 is a 512-bit Brainpool curve providing 256-bit security, the hig... |
x25519
|
29 |
0x001D |
ECDHE | ~128 bits | X25519 (Curve25519) is the most popular elliptic curve for TLS 1.3 key exchange,... |
secp256r1
|
23 |
0x0017 |
ECDHE | 128 bits | secp256r1 (also known as P-256 or prime256v1) is a widely supported NIST ellipti... |
secp384r1
|
24 |
0x0018 |
ECDHE | 192 bits | secp384r1 (P-384) is a NIST curve providing 192-bit security, suitable for highl... |
secp521r1
|
25 |
0x0019 |
ECDHE | ~256 bits | secp521r1 (P-521, note: 521 not 512) is the largest NIST curve, providing approx... |
x448
|
30 |
0x001E |
ECDHE | ~224 bits | X448 (Curve448 or Goldilocks) is a high-security elliptic curve providing approx... |
ffdhe2048
|
256 |
0x0100 |
FFDHE | ~112 bits | FFDHE2048 (Finite Field Diffie-Hellman Ephemeral, 2048-bit) is a standardized DH... |
ffdhe3072
|
257 |
0x0101 |
FFDHE | ~128 bits | FFDHE3072 is a 3072-bit finite field Diffie-Hellman group providing approximatel... |
ffdhe4096
|
258 |
0x0102 |
FFDHE | ~152 bits | FFDHE4096 is a 4096-bit finite field DH group providing approximately 152-bit se... |
ffdhe6144
|
259 |
0x0103 |
FFDHE | ~176 bits | FFDHE6144 is a 6144-bit finite field DH group providing approximately 176-bit se... |
ffdhe8192
|
260 |
0x0104 |
FFDHE | ~192 bits | FFDHE8192 is the largest standardized finite field DH group, using 8192-bit para... |
x25519mlkem768
|
4588 |
0x11EC |
Hybrid PQ | Quantum-resistant (~192 bits classical) | X25519MLKEM768 is a post-quantum hybrid key exchange that combines the classical... |
secp256r1mlkem768
|
4587 |
0x11EB |
Hybrid PQ | Quantum-resistant (~192 bits classical) | secp256r1MLKEM768 is a post-quantum hybrid combining the NIST P-256 curve (secp2... |
x25519mlkem1024
|
4589 |
0x11ED |
Hybrid PQ | Quantum-resistant (~256 bits classical) | X25519MLKEM1024 is a higher-security post-quantum hybrid combining X25519 with M... |
Recommended curves for modern TLS:
- x25519 - Modern, fast, widely supported (128-bit security)
- secp256r1 (P-256) - NIST standard, ubiquitous compatibility (128-bit)
- secp384r1 (P-384) - Higher security for sensitive applications (192-bit)
- x25519mlkem768 - Post-quantum hybrid for future-proofing (NIST FIPS 203)
Avoid deprecated curves: secp192r1, secp224r1, secp256k1 offer insufficient security for modern applications.