Transport security
Your Identity Cloud instance can be accessed via HTTPS only.
There is a plain HTTP endpoint, but its sole purpose is to ensure incoming requests are redirected to HTTPS.
Strict Transport Security (HSTS) is applied on responses to prevent a downgrade of the connection to plain HTTP and man-in-the-middle attacks. HSTS has a long duration.
Browsers and technical clients must use Transport Layer Security (TLS) version 1.2 or version 1.3.
The supported ciphers are:
ECDHE-ECDSA-AES128-GCM-SHA256ECDHE-ECDSA-CHACHA20-POLY1305ECDHE-RSA-AES128-GCM-SHA256ECDHE-RSA-CHACHA20-POLY1305ECDHE-ECDSA-AES256-GCM-SHA384ECDHE-RSA-AES256-GCM-SHA384
Browsers and technical clients also need to support server name indication (SNI).
Your Identity Cloud instance has its own server key and certificate.
The server key is 2048 bits.
The server certificate has a short expiration and is renewed periodically.