All AES and ChaCha20-Poly1305 ciphers supported ordered from strong to weak. This choice of ciphersuites should satisfy most normal needs. For otherwise strong ciphers we make little distinction between AES128 and AES256, and list each but the weakest of the AES128 ciphers ahead of the corresponding AES256 ciphers.

AEAD ciphers with equivalent security properties are ordered based on CPU hardware-acceleration support. If this dynamic runtime behavior is not desired, use ciphersuite_default_det instead.

Same as ciphersuite_default, but using deterministic preference not influenced by the CPU.

The default ciphersuites + some not recommended last resort ciphers.

AEAD ciphers with equivalent security properties are ordered based on CPU hardware-acceleration support. If this dynamic runtime behavior is not desired, use ciphersuite_all_det instead.

Same as ciphersuite_all, but using deterministic preference not influenced by the CPU.

The strongest ciphers supported. For ciphers with PFS, AEAD and SHA2, we list each AES128 variant after the corresponding AES256 and ChaCha20-Poly1305 variants. For weaker constructs, we use just the AES256 form.

AEAD ciphers with equivalent security properties are ordered based on CPU hardware-acceleration support. If this dynamic runtime behavior is not desired, use ciphersuite_strong_det instead.

Same as ciphersuite_strong, but using deterministic preference not influenced by the CPU.

DHE-RSA cipher suite. This only includes ciphers bound specifically to DHE-RSA so TLS 1.3 ciphers must be added separately.

Since: 2.1.5