> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Check supported TLS versions and ciphers if you are using a reverse proxy configured for use with self-managed certificates

# TLS (SSL) Versions and Ciphers

<Card title="Before you start">
  Auth0's network edge requires a Server Name Indication (SNI) to be set on all requests. Most clients set SNI by default; if your web client does not, consult your web client documentation to determine how to manually set an SNI.
</Card>

Auth0’s network edge has a secure set of allowed SSL/TLS version/cipher suite combinations. When connecting to Auth0 services using a reverse proxy with self-managed certificates, you **must** use a supported TLS version and cipher suite. During the TLS handshake, communication between the server and client specifies the TLS version and cipher suite. If you are not using a supported version, a failure could occur.

## Supported Versions

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  If you are using self-managed certificates in your custom domain, they must be compatible with one of the below TLS versions and ciphers. For security purposes, a protocol or cipher could be removed from support without notice.
</Callout>

Auth requires using TLS version 1.2 or 1.3 with the supported ciphers.

#### TLS 1.3 Supported Ciphers

AEAD-AES128-GCM-SHA256\
AEAD-AES256-GCM-SHA384\
AEAD-CHACHA20-POLY1305-SHA256

#### TLS 1.2 Supported Ciphers

ECDHE-ECDSA-AES128-GCM-SHA256\
ECDHE-ECDSA-CHACHA20-POLY1305\
ECDHE-RSA-AES128-GCM-SHA256\
ECDHE-RSA-CHACHA20-POLY1305\
ECDHE-ECDSA-AES128-SHA256\
ECDHE-ECDSA-AES128-SHA\
ECDHE-RSA-AES128-SHA256\
ECDHE-RSA-AES128-SHA\
AES128-GCM-SHA256\
AES128-SHA256\
AES128-SHA\
ECDHE-ECDSA-AES256-GCM-SHA384\
ECDHE-ECDSA-AES256-SHA384\
ECDHE-RSA-AES256-GCM-SHA384\
ECDHE-RSA-AES256-SHA384\
ECDHE-RSA-AES256-SHA\
AES256-GCM-SHA384\
AES256-SHA256\
AES256-SHA

#### TLS RFCs

[TLS 1.2](https://tools.ietf.org/html/rfc5246)

[TLS 1.3](https://tools.ietf.org/html/rfc8446)

#### TLS Parameters

To learn more, read [Transport Layer Security (TLS) Parameters](https://www.iana.org/assignments/tls-parameters) for the Internet Assigned Numbers Authority (IANA) list of registered parameters including ciphers.

## Learn more

* [Configure Cloudflare as Reverse Proxy](/docs/customize/custom-domains/self-managed-certificates/configure-cloudflare-for-use-as-reverse-proxy)
* [Troubleshoot Custom Domains](/docs/troubleshoot/integration-extensibility-issues/troubleshoot-custom-domains)
