Print this page

Salesforce Supported TLS Ciphers

Knowledge Article Number 000004569
Description

Salesforce Supported TLS Ciphers

Resolution

Salesforce Supported TLS Ciphers

TLS versions 1.2, 1.1 and 1.0** are supported with the following CipherSuites.
 
Cipher Suite                            OpenSSL CipherSuite Name
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384‡*ECDHE-RSA-AES256-GCM-SHA384‡*
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256‡*ECDHE-RSA-AES128-GCM-SHA256‡*
TLS_RSA_WITH_AES_256_GCM_SHA384*AES256-GCM-SHA384*
TLS_RSA_WITH_AES_128_GCM_SHA256*AES128-GCM-SHA256*
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384‡*ECDHE-RSA-AES256-SHA384‡*
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256‡*ECDHE-RSA-AES128-SHA256‡*
TLS_RSA_WITH_AES_256_CBC_SHA256*AES256-SHA256*
TLS_RSA_WITH_AES_128_CBC_SHA256*AES128-SHA256*
TLS_RSA_WITH_AES_256_CBC_SHAAES256-SHA
TLS_RSA_WITH_AES_128_CBC_SHAAES128-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA ◊DES-CBC3-SHA ◊

 
* Available with TLS 1.2 only
‡ Available on select instances
◊ Supported only for legacy compatibility with older client software. Support may be withdrawn at a future date.
 
**Starting in June, 2016 salesforce will begin disabling TLS 1.0 in a phased manner, as more fully documented in the Knowledge Article “Salesforce disabling TLS 1.0“. It is important to ensure that your systems and applications connecting to salesforce are compatible with TLS 1.2 and/or TLS 1.1 prior to this change.
 





promote demote