Cipher Suites Used by the Cato Socket and SDP Client

All versions of the Cato Socket and Cato SDP Clients use DTLS on UDP/443 to connect to Cato PoPs.

DTLS v1.2 is utilized for the underlay tunnel.

AES128 is the default cipher suite used by the Socket and Clients for PoP connections, if AES128 isn't available, then AES256 is used. These are the details:

Cato Socket

  • PSK-AES128-GCM-SHA256 (default cipher suite)
  • PSK-AES256-GCM-SHA384

Cato SDP Client

  • ECDHE-RSA-AES128-GCM-SHA256 (default cipher suite)


Was this article helpful?

1 out of 1 found this helpful


  • Comment author
    Sebastian Fuenzalida

    Hi Team, what version of DTLS is using CATO now?

  • Comment author
    Yaakov Simon
    • Edited


    Cato supports these TLS versions: 1.0, 1.1, 1.2, and 1.3.

    Thanks for your comment,


Add your comment