# This is a list of TLS cipher suites as supported by Java SE 12
#
# $ /usr/jdk/jdk12/bin/java -version
# openjdk version "12.0.1" 2019-04-16
# OpenJDK Runtime Environment (build 12.0.1+12)
# OpenJDK 64-Bit Server VM (build 12.0.1+12, mixed mode, sharing)
#
# The cipher suites are ordered in the way that the
# com.unboundid.util.ssl.TLSCipherSuiteComparator is expected to sort them.
# Blank lines and lines starting with an octothorpe character will be ignored.
#
# The cipher suites should be prioritized in accordance with the following
# criteria:
#
# * Signalling cipher suite values should come last, since they merely
#   indicate capabilities and aren't actually cipher suites.
#
# * TLSv1.3-specific cipher suites (TLS_AES_* and TLS_CHACHA20_*) will come
#   first.  Other TLS suites will come next, followed by legacy SSL suites, and
#   finally any suites with an unrecognized protocol.
#
# * The key exchange algorithm will be prioritized as follows:
#   1. ECDHE
#   2. DHE
#   3. RSA
#   4. Everything else
#
# * The bulk encryption algorithm will be prioritized as follows:
#   1. 256-bit AES with GCM
#   2. 128-bit AES with GCM
#   3. 256-bit AES without GCM 
#   4. 128-bit AES without GCM 
#   5. ChaCha20
#   6. Everything else with GCM
#   7. Everything else
#
# * The digest algorithm will be prioritized as follows:
#   1. 512-bit SHA-2 (there are currently no such algorithms, but there may be
#      some in the future)
#   2. 384-bit SHA-2
#   3. 256-bit SHA-2
#   4. SHA-1
#   5. Everything else
#
# * If none of the above criteria can be used to differentiate two cipher
#   suites, then lexicographic ordering will be used.
TLS_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
