OneSpan Cloud Authentication uses the Transport Layer Security (TLS) protocol. Ensure to observe the following requirements for your integration of OneSpan Cloud Authentication.

The correct TLS settings must be provided on the certificate handshakes.

Supported TLS versions

The OneSpan Cloud Authentication endpoints support the following TLS versions:

• TLS 1.2
• TLS 1.3

When you connect to OneSpan Cloud Authentication, you must use one of these TLS versions!

Supported cipher suites

For the different TLS versions, the OneSpan Cloud Authentication endpoints support the following TLS cipher suites:

• TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS 1.3
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256

When you connect to OneSpan Cloud Authentication, you must use one of these TLS cipher suites!

Server Name Indication

You must support Server Name Indication (SNI) when communicating with OneSpan Cloud Authentication endpoints. SNI is an extension of the TLS protocol that enables a client to specify the domain name it is trying to reach.