Cryptography
Summary
Pomerium uses cryptography to secure data in transit, at rest, and to provide guarantees around confidentiality, authenticity, and integrity between its services and upstreams it manages access for.
Encryption at rest
Confidential data stored at rest is encrypted using the authenticated encryption with associated data construction XChaCha20-Poly1305 with 196-bit nonces. Nonces are randomly generated for every encrypted object. When data is read, the authentication tag is checked for tampering.
Encryption in transit
Data in transit is protected by Transport Layer Security (TLS). See our lab's SSL Labs report .
Downstream TLS
For downstream TLS (connections from the user's client to Pomerium)
The minimum accepted version of TLS is 1.2.
For TLS 1.2, the following cipher suites are offered, in this order:
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
The following elliptic curves are offered, in this order:
- X25519
- secp256r1
Upstream TLS
For upstream TLS (connections from Pomerium to the application or service)
The minimum accepted version of TLS is 1.2.
For TLS 1.2, the following cipher suites are supported:
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- AES128-GCM-SHA256
- AES128-SHA
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- AES256-GCM-SHA384
- AES256-SHA
The following elliptic curves are supported:
- X25519
- P-256
- P-384
- P-521
HTTP Strict Transport Security (HSTS) with a long duration is used by default.
Mutually authenticated TLS is used when client side certificates are provided.