The underlying platform's default TLS Cipher Preference ordering. This is usually the best option, as it will be automatically updated as the underlying OS or platform changes, and will always be supported on all platforms.
A TLS Cipher Preference ordering that supports TLS 1.0 through TLS 1.3, and has Kyber Round 3 as its highest priority post-quantum key exchange algorithm. PQ algorithms in this preference list will always be used in hybrid mode, and will be combined with a classical ECDHE key exchange that is performed in addition to the PQ key exchange. This preference makes a best-effort to negotiate a PQ algorithm, but if the peer does not support any PQ algorithms the TLS connection will fall back to a single classical algorithm for key exchange (such as ECDHE or RSA). NIST has announced that they plan to eventually standardize Kyber. However, the NIST standardization process might introduce minor changes that could cause the final Kyber standard to differ from the Kyber Round 3 implementation available in this preference list.
Recommended default policy with post-quantum algorithm support. This policy may change over time.
A TLS Cipher Preference ordering that supports TLS 1.2 through TLS 1.3, and does not include CBC cipher suites. It is FIPS-complaint.
Generated using TypeDoc
Each TlsCipherPreference represents an ordered list of TLS Ciphers to use when negotiating a TLS Connection. At present, the ability to configure arbitrary orderings of TLS Ciphers is not allowed, and only a curated list of vetted TlsCipherPref's are exposed.