TLS Reference

Objective

This document provides information on the TLS versions and cipher suites supported for the HTTP load balancers and associated origin pools. For more information on load balancers, see Load Balancing and Service Mesh.

The TLS versions and cipher suites mentioned in this guide are supported for the following Volterra entities:

  • HTTPS Load Balancer with Automatic Certificate
  • HTTPS Load Balancer with Custom Certificate/Bring Your Own Certificate (BYOC)
  • Origin Pool (origin servers that use TLS)

Use the information provided in this guide to understand the TLS security levels and associated cipher suites.


TLS Versions and Cipher Suites

Volterra provides predefined security levels that apply a minimum and maximum TLS versions and associated cipher suites for the levels. You can select the security levels or apply custom TLS security settings in VoltConsole. The following table lists the TLS security levels and associated cipher suites:

Security Level TLS Versions Cipher Suites Details
Default Minimum TLS 1.2
Maximum TLS 1.3
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Applied by default. This is also the high security level.
Medium Minimum TLS 1.0
Maximum TLS 1.3
Cipher Suites of Default Level
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Selecting medium security level also gets the cipher suites of default or high security levels.
Low Minimum TLS 1.0
Maximum TLS 1.3
Cipher Suites of Default and Medium Levels
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
Selecting low security level also gets the cipher suites of default and medium levels.

Note: The HTTPS load balancer with automatic certificate uses default security level by default.