TLS Reference
On This Page:
Objective
This document provides information on the TLS versions and cipher suites supported for the HTTP load balancers and associated origin pools. For more information on load balancers, see Load Balancing and Service Mesh.
The TLS versions and cipher suites mentioned in this guide are supported for the following Volterra entities:
- HTTPS Load Balancer with Automatic Certificate
- HTTPS Load Balancer with Custom Certificate/Bring Your Own Certificate (BYOC)
- Origin Pool (origin servers that use TLS)
Use the information provided in this guide to understand the TLS security levels and associated cipher suites.
TLS Versions and Cipher Suites
Volterra provides predefined security levels that apply a minimum and maximum TLS versions and associated cipher suites for the levels. You can select the security levels or apply custom TLS security settings in VoltConsole. The following table lists the TLS security levels and associated cipher suites:
Security Level | TLS Versions | Cipher Suites | Details |
---|---|---|---|
Default | Minimum TLS 1.2 Maximum TLS 1.3 |
TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
Applied by default. This is also the high security level. |
Medium | Minimum TLS 1.0 Maximum TLS 1.3 |
Cipher Suites of Default Level TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
Selecting medium security level also gets the cipher suites of default or high security levels. |
Low | Minimum TLS 1.0 Maximum TLS 1.3 |
Cipher Suites of Default and Medium Levels TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 |
Selecting low security level also gets the cipher suites of default and medium levels. |
Note: The HTTPS load balancer with automatic certificate uses default security level by default.