Heuristic:BerriAI Litellm SSL Cipher Optimization
| Knowledge Sources | |
|---|---|
| Domains | Infrastructure, Optimization |
| Last Updated | 2026-02-15 16:00 GMT |
Overview
Tiered SSL/TLS cipher selection prioritizing TLS 1.3 (~50ms handshake) over TLS 1.2 ECDHE+GCM (~100ms) with fallbacks for broad compatibility.
Description
LiteLLM configures a custom cipher suite ordering for outbound HTTPS connections to LLM providers. Since the proxy makes thousands of TLS handshakes per minute, even small improvements in handshake latency compound significantly. The cipher list is organized in four priority tiers: TLS 1.3 ciphers first (fastest), followed by TLS 1.2 with ECDHE+GCM (widely supported and fast), then additional modern ciphers, and finally legacy fallbacks for maximum compatibility.
Usage
This heuristic is automatically applied by default. Override with `LITELLM_SSL_CIPHERS` environment variable if you need specific cipher restrictions (e.g., compliance requirements) or are experiencing TLS handshake issues with certain providers.
The Insight (Rule of Thumb)
- Action: Use a tiered cipher suite that strongly prefers TLS 1.3 but falls back gracefully.
- Priority Order:
- Priority 1: TLS 1.3 ciphers (TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256)
- Priority 2: TLS 1.2 ECDHE+GCM (ECDHE-RSA-AES256-GCM-SHA384, etc.)
- Priority 3: ECDHE+ChaCha20 (good for ARM/mobile)
- Priority 4: Non-PFS fallbacks (AES256-GCM-SHA384, AES128-GCM-SHA256)
- Trade-off: Excluding legacy ciphers (RC4, DES, non-GCM) improves security but may cause failures with very old endpoints. The fallback ciphers ensure compatibility with most providers.
Reasoning
TLS 1.3 ciphers are faster because the protocol requires only 1 round-trip for the handshake (vs 2 for TLS 1.2), and the cipher negotiation is simpler. For a proxy handling 1000 RPM, the difference between a 50ms and 100ms handshake is 50 seconds of cumulative latency per minute. ChaCha20 is included for ARM-based deployments (e.g., AWS Graviton) where it can outperform AES without hardware acceleration.
Code Evidence
Cipher configuration from `litellm/constants.py:190-211`:
# SSL/TLS cipher configuration for faster handshakes
# Strategy: Strongly prefer fast modern ciphers, but allow fallback
DEFAULT_SSL_CIPHERS = os.getenv(
"LITELLM_SSL_CIPHERS",
# Priority 1: TLS 1.3 ciphers (fastest, ~50ms handshake)
"TLS_AES_256_GCM_SHA384:" # Fastest observed in testing
"TLS_AES_128_GCM_SHA256:" # Slightly faster than 256-bit
"TLS_CHACHA20_POLY1305_SHA256:" # Fast on ARM/mobile
# Priority 2: TLS 1.2 ECDHE+GCM (fast, ~100ms handshake)
"ECDHE-RSA-AES256-GCM-SHA384:"
"ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES256-GCM-SHA384:"
"ECDHE-ECDSA-AES128-GCM-SHA256:"
# Priority 3-4: Fallbacks for compatibility
"ECDHE-RSA-CHACHA20-POLY1305:"
"ECDHE-ECDSA-CHACHA20-POLY1305:"
"ECDHE-RSA-AES256-SHA384:"
"ECDHE-RSA-AES128-SHA256:"
"AES256-GCM-SHA384:"
"AES128-GCM-SHA256",
)