Ciphers for Gmail TLS connections

Ciphers are algorithms that help secure network connections that use Transport Layer Security (TLS). Ciphers are generally one of 3 types:

  • Key exchange algorithm: Exchanges a key between two devices. The key encrypts and decrypts messages sent between the two devices. 
  • Bulk encryption algorithm: Encrypts the data sent over the TLS connection.
  • MAC algorithm: Verifies that sent data does not change in transit. 

There are also ciphers that include signatures, and that authenticate servers or clients. Learn more about Gmail and TLS connections.

Note: The ciphers in this article may change at any time without notice. 

Ciphers for TLS negotiation

Gmail accepts these ciphers for TLS negotiation.

TLS negotiation is also called a TLS handshake. During the handshake, the communicating sides acknowledge each other, verify each other, and agree on the ciphers and session keys they’ll use.

This list of ciphers for TLS negotiation was updated in April 2020.

TLS 1.3

TLS_AES_128_GCM_SHA256

TLS_AES_256_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA256

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS 1.1 and TLS 1.0

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Outbound server ciphers

These ciphers are preferred by Gmail outbound servers.

Gmail tells the receiving server that it supports TLS versions 1.3, 1.2, 1.1, and 1.0. The receiving server then determines which TLS version is used for the connection.

Google doesn't support SSLv3.

This list of outbound server ciphers was updated in April 2020.

TLS_AES_128_GCM_SHA256

TLS_AES_256_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue