Cryptography
Summary
Pomerium uses cryptography to secure data in transit, at rest, and to provide guarantees around confidentiality, authenticity, and integrity between its services and upstream servers it manages access for.
Encryption at rest
Confidential data stored at rest is encrypted using the authenticated encryption with associated data construction XChaCha20Poly1305 with 196bit nonces. Nonces are randomly generated for every encrypted object. When data is read, the authentication tag is checked for tampering.
Encryption in transit
Data in transit is protected by Transport Layer Security (TLS). See our lab's SSL Labs report .
Downstream TLS
For downstream TLS (connections from the user's client to Pomerium)

The minimum accepted version of TLS is 1.2.

For TLS 1.2, the following cipher suites are offered, in this order:
 ECDHEECDSAAES256GCMSHA384
 ECDHERSAAES256GCMSHA384
 ECDHEECDSAAES128GCMSHA256
 ECDHERSAAES128GCMSHA256
 ECDHEECDSACHACHA20POLY1305
 ECDHERSACHACHA20POLY1305

The following elliptic curves are offered, in this order:
 X25519
 NIST P256
Upstream TLS
For upstream TLS (connections from Pomerium to the application or service)

The minimum accepted version of TLS is 1.2.

For TLS 1.2, the following cipher suites are supported:
 ECDHEECDSAAES256GCMSHA384
 ECDHERSAAES256GCMSHA384
 ECDHEECDSAAES128GCMSHA256
 ECDHERSAAES128GCMSHA256
 ECDHEECDSACHACHA20POLY1305
 ECDHERSACHACHA20POLY1305
 ECDHEECDSAAES128SHA
 ECDHERSAAES128SHA
 AES128GCMSHA256
 AES128SHA
 ECDHEECDSAAES256SHA
 ECDHERSAAES256SHA
 AES256GCMSHA384
 AES256SHA

The following elliptic curves are supported:
 X25519
 NIST P256
 NIST P384
 NIST P521

HTTP Strict Transport Security (HSTS) with a long duration is used by default.

Mutually authenticated TLS is used when client side certificates are provided.