Auth0 Supported TLS and Cipher Suites

As per the TLS (SSL) Versions and Ciphers - TLS (SSL) Versions and Ciphers, " Auth0’s network edge has a secure set of allowed SSL/TLS version/cipher suite combinations. When connecting to Auth0 services using a reverse proxy with self-managed certificates, you must use a supported TLS version and cipher suite. During the TLS handshake, communication between the server and client specifies the TLS version and cipher suite. If you are not using a supported version, a failure could occur. "

The TLS configuration for our development environment TLS 1.2, ECDHE_RSA with P-256, and AES_128_GCM. Auth0 supported ciphers list for TLS 1.2 are:

  1. ECDHE-ECDSA-AES128-GCM-SHA256
  2. ECDHE-ECDSA-CHACHA20-POLY1305
  3. ECDHE-RSA-AES128-GCM-SHA256
  4. ECDHE-RSA-CHACHA20-POLY1305
  5. ECDHE-ECDSA-AES128-SHA256
  6. ECDHE-ECDSA-AES128-SHA
  7. ECDHE-RSA-AES128-SHA256
  8. ECDHE-RSA-AES128-SHA
  9. AES128-GCM-SHA256 10.AES128-SHA256
  10. AES128-SHA
  11. ECDHE-ECDSA-AES256-GCM-SHA384
  12. ECDHE-ECDSA-AES256-SHA384
  13. ECDHE-RSA-AES256-GCM-SHA384
  14. ECDHE-RSA-AES256-SHA384
  15. ECDHE-RSA-AES256-SHA
  16. AES256-GCM-SHA384
  17. AES256-SHA256
  18. AES256-SHA

AES_128_GCM and AES128-GCM-SHA256 are the same thing but do you guys think, ECDHE_RSA with P-256 is not supported by auth0?

Hello @Mostafijur,

It’s not clear to me what your question is. Auth0’s public cloud environments are protected by Cloudflare, which is almost certainly what Auth0 means when they say “Auth0’s edge network…”, meaning the supported cipher suites are determined more by Cloudflare than Auth0:

https://developers.cloudflare.com/ssl/ssl-tls/cipher-suites

1 Like