Notification

Duet AI is now Gemini for Google Workspace. Learn more

Ciphers for Gmail SMTP TLS connections

Ciphers are algorithms that help secure network connections that use Transport Layer Security (TLS). Ciphers are generally one of 3 types:

  • Key exchange algorithm: Exchanges a key between two devices. The key encrypts and decrypts messages sent between the two devices. 
  • Bulk encryption algorithm: Encrypts the data sent over the TLS connection.
  • MAC algorithm: Verifies that sent data does not change in transit. 

There are also ciphers that include signatures, and that authenticate servers or clients. Learn more about Gmail and TLS connections.

Note: The ciphers in this article may change at any time without notice. 

Ciphers for TLS negotiation

Google’s SMTP servers accepts these ciphers for Transport Layer Security (TLS) negotiation.

TLS negotiation is also called a TLS handshake. During the handshake, the communicating sides acknowledge each other, verify each other, and agree on the ciphers and session keys they’ll use.

This list of ciphers for TLS negotiation was updated in March 2023.

TLS 1.3

TLS_AES_128_GCM_SHA256

TLS_AES_256_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA256

TLS 1.2

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS 1.1 and TLS 1.0

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

Outbound server ciphers

These ciphers are preferred by Gmail outbound servers.

Gmail tells the receiving server that it supports TLS versions 1.3, 1.2, 1.1, and 1.0. The receiving server then determines which TLS version is used for the connection.

Google doesn't support SSLv3.

This list of outbound server ciphers was updated in April 2020.

TLS_AES_128_GCM_SHA256

TLS_AES_256_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Main menu
18228408619950635812
true
Search Help Center
true
true
true
true
true
73010
false
false