1 /*
2 * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26
27 package sun.security.ssl;
28
29 import java.util.*;
30
31 import java.security.NoSuchAlgorithmException;
32 import java.security.InvalidKeyException;
33 import java.security.SecureRandom;
34 import java.security.KeyManagementException;
35
36 import javax.crypto.Cipher;
37 import javax.crypto.SecretKey;
38 import javax.crypto.spec.IvParameterSpec;
39 import javax.crypto.spec.SecretKeySpec;
40
41 import static sun.security.ssl.CipherSuite.KeyExchange.*;
42 import static sun.security.ssl.CipherSuite.PRF.*;
43 import static sun.security.ssl.CipherSuite.CipherType.*;
44 import static sun.security.ssl.CipherSuite.MacAlg.*;
45 import static sun.security.ssl.CipherSuite.BulkCipher.*;
46 import static sun.security.ssl.JsseJce.*;
47 import static sun.security.ssl.NamedGroupType.*;
48
49 /**
50 * An SSL/TLS CipherSuite. Constants for the standard key exchange, cipher,
51 * and mac algorithms are also defined in this class.
52 *
53 * The CipherSuite class and the inner classes defined in this file roughly
54 * follow the type safe enum pattern described in Effective Java. This means:
55 *
56 * . instances are immutable, classes are final
57 *
58 * . there is a unique instance of every value, i.e. there are never two
59 * instances representing the same CipherSuite, etc. This means equality
60 * tests can be performed using == instead of equals() (although that works
61 * as well). [A minor exception are *unsupported* CipherSuites read from a
62 * handshake message, but this is usually irrelevant]
63 *
64 * . instances are obtained using the static valueOf() factory methods.
65 *
66 * . properties are defined as final variables and made available as
67 * package private variables without method accessors
68 *
69 * . if the member variable allowed is false, the given algorithm is either
70 * unavailable or disabled at compile time
71 *
72 */
73 final class CipherSuite implements Comparable<CipherSuite> {
74
75 // minimum priority for supported CipherSuites
76 static final int SUPPORTED_SUITES_PRIORITY = 1;
77
78 // minimum priority for default enabled CipherSuites
79 static final int DEFAULT_SUITES_PRIORITY = 300;
80
81 private static final boolean ALLOW_ECC = Debug.getBooleanProperty
82 ("com.sun.net.ssl.enableECC", true);
83
84 // Map Integer(id) -> CipherSuite
85 // contains all known CipherSuites
86 private static final Map<Integer,CipherSuite> idMap;
87
88 // Map String(name) -> CipherSuite
89 // contains only supported CipherSuites (i.e. allowed == true)
90 private static final Map<String,CipherSuite> nameMap;
91
92 // Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5
93 // we use TLS_* only for new CipherSuites, still SSL_* for old ones
94 final String name;
95
96 // id in 16 bit MSB format, i.e. 0x0004 for SSL_RSA_WITH_RC4_128_MD5
97 final int id;
98
99 // priority for the internal default preference order. the higher the
100 // better. Each supported CipherSuite *must* have a unique priority.
101 // Ciphersuites with priority >= DEFAULT_SUITES_PRIORITY are enabled
102 // by default
103 final int priority;
104
105 // key exchange, bulk cipher, mac and prf algorithms. See those
106 // classes below.
107 final KeyExchange keyExchange;
108 final BulkCipher cipher;
109 final MacAlg macAlg;
110 final PRF prfAlg;
111
112 // whether a CipherSuite qualifies as exportable under 512/40 bit rules.
113 // TLS 1.1+ (RFC 4346) must not negotiate to these suites.
114 final boolean exportable;
115
116 // true iff implemented and enabled at compile time
117 final boolean allowed;
118
119 // obsoleted since protocol version
120 //
121 // TLS version is used. If checking DTLS versions, please map to
122 // TLS version firstly. See ProtocolVersion.mapToTLSProtocol().
123 final int obsoleted;
124
125 // supported since protocol version (TLS version is used)
126 //
127 // TLS version is used. If checking DTLS versions, please map to
128 // TLS version firstly. See ProtocolVersion.mapToTLSProtocol().
129 final int supported;
130
131 /**
132 * Constructor for implemented CipherSuites.
133 */
134 private CipherSuite(String name, int id, int priority,
135 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
136 boolean allowed, int obsoleted, int supported, PRF prfAlg) {
137 this.name = name;
138 this.id = id;
139 this.priority = priority;
140 this.keyExchange = keyExchange;
141 this.cipher = cipher;
142 this.macAlg = mac;
143 this.exportable = cipher.exportable;
144 allowed &= keyExchange.allowed;
145 allowed &= cipher.allowed;
146 this.allowed = allowed;
147 this.obsoleted = obsoleted;
148 this.supported = supported;
149 this.prfAlg = prfAlg;
150 }
151
152 /**
153 * Constructor for unimplemented CipherSuites.
154 */
155 private CipherSuite(String name, int id) {
156 this.name = name;
157 this.id = id;
158 this.allowed = false;
159
160 this.priority = 0;
161 this.keyExchange = null;
162 this.cipher = null;
163 this.macAlg = null;
164 this.exportable = false;
165 this.obsoleted = ProtocolVersion.LIMIT_MAX_VALUE;
166 this.supported = ProtocolVersion.LIMIT_MIN_VALUE;
167 this.prfAlg = P_NONE;
168 }
169
170 /**
171 * Return whether this CipherSuite is available for use. A
172 * CipherSuite may be unavailable even if it is supported
173 * (i.e. allowed == true) if the required JCE cipher is not installed.
174 */
175 boolean isAvailable() {
176 return allowed && keyExchange.isAvailable() && cipher.isAvailable();
177 }
178
179 boolean isNegotiable() {
180 return this != C_SCSV && isAvailable();
181 }
182
183 // See also CipherBox.calculatePacketSize().
184 int calculatePacketSize(int fragmentSize,
185 ProtocolVersion protocolVersion, boolean isDTLS) {
186
187 int packetSize = fragmentSize;
188 if (cipher != B_NULL) {
189 int blockSize = cipher.ivSize;
190 switch (cipher.cipherType) {
191 case BLOCK_CIPHER:
192 packetSize += macAlg.size;
193 packetSize += 1; // 1 byte padding length field
194 packetSize += // use the minimal padding
195 (blockSize - (packetSize % blockSize)) % blockSize;
196 if (protocolVersion.useTLS11PlusSpec()) {
197 packetSize += blockSize; // explicit IV
198 }
199
200 break;
201 case AEAD_CIPHER:
202 packetSize += cipher.ivSize - cipher.fixedIvSize; // record IV
203 packetSize += cipher.tagSize;
204
205 break;
206 default: // NULL_CIPHER or STREAM_CIPHER
207 packetSize += macAlg.size;
208 }
209 }
210
211 return packetSize +
212 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
213 }
214
215 // See also CipherBox.calculateFragmentSize().
216 int calculateFragSize(int packetLimit,
217 ProtocolVersion protocolVersion, boolean isDTLS) {
218
219 int fragSize = packetLimit -
220 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
221 if (cipher != B_NULL) {
222 int blockSize = cipher.ivSize;
223 switch (cipher.cipherType) {
224 case BLOCK_CIPHER:
225 if (protocolVersion.useTLS11PlusSpec()) {
226 fragSize -= blockSize; // explicit IV
227 }
228 fragSize -= (fragSize % blockSize); // cannot hold a block
229 // No padding for a maximum fragment.
230 fragSize -= 1; // 1 byte padding length field: 0x00
231 fragSize -= macAlg.size;
232
233 break;
234 case AEAD_CIPHER:
235 fragSize -= cipher.tagSize;
236 fragSize -= cipher.ivSize - cipher.fixedIvSize; // record IV
237
238 break;
239 default: // NULL_CIPHER or STREAM_CIPHER
240 fragSize -= macAlg.size;
241 }
242 }
243
244 return fragSize;
245 }
246
247 /**
248 * Compares CipherSuites based on their priority. Has the effect of
249 * sorting CipherSuites when put in a sorted collection, which is
250 * used by CipherSuiteList. Follows standard Comparable contract.
251 *
252 * Note that for unsupported CipherSuites parsed from a handshake
253 * message we violate the equals() contract.
254 */
255 @Override
256 public int compareTo(CipherSuite o) {
257 return o.priority - priority;
258 }
259
260 /**
261 * Returns this.name.
262 */
263 @Override
264 public String toString() {
265 return name;
266 }
267
268 /**
269 * Return a CipherSuite for the given name. The returned CipherSuite
270 * is supported by this implementation but may not actually be
271 * currently useable. See isAvailable().
272 *
273 * @exception IllegalArgumentException if the CipherSuite is unknown or
274 * unsupported.
275 */
276 static CipherSuite valueOf(String s) {
277 if (s == null) {
278 throw new IllegalArgumentException("Name must not be null");
279 }
280
281 CipherSuite c = nameMap.get(s);
282 if ((c == null) || (c.allowed == false)) {
283 throw new IllegalArgumentException("Unsupported ciphersuite " + s);
284 }
285
286 return c;
287 }
288
289 /**
290 * Return a CipherSuite with the given ID. A temporary object is
291 * constructed if the ID is unknown. Use isAvailable() to verify that
292 * the CipherSuite can actually be used.
293 */
294 static CipherSuite valueOf(int id1, int id2) {
295 id1 &= 0xff;
296 id2 &= 0xff;
297 int id = (id1 << 8) | id2;
298 CipherSuite c = idMap.get(id);
299 if (c == null) {
300 String h1 = Integer.toString(id1, 16);
301 String h2 = Integer.toString(id2, 16);
302 c = new CipherSuite("Unknown 0x" + h1 + ":0x" + h2, id);
303 }
304 return c;
305 }
306
307 // for use by SSLContextImpl only
308 static Collection<CipherSuite> allowedCipherSuites() {
309 return nameMap.values();
310 }
311
312 /*
313 * Use this method when all of the values need to be specified.
314 * This is primarily used when defining a new ciphersuite for
315 * TLS 1.2+ that doesn't use the "default" PRF.
316 */
317 private static void add(String name, int id, int priority,
318 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
319 boolean allowed, int obsoleted, int supported, PRF prf) {
320
321 CipherSuite c = new CipherSuite(name, id, priority, keyExchange,
322 cipher, mac, allowed, obsoleted, supported, prf);
323 if (idMap.put(id, c) != null) {
324 throw new RuntimeException("Duplicate ciphersuite definition: "
325 + id + ", " + name);
326 }
327 if (c.allowed) {
328 if (nameMap.put(name, c) != null) {
329 throw new RuntimeException("Duplicate ciphersuite definition: "
330 + id + ", " + name);
331 }
332 }
333 }
334
335 /*
336 * Use this method when there is no lower protocol limit where this
337 * suite can be used, and the PRF is P_SHA256. That is, the
338 * existing ciphersuites. From RFC 5246:
339 *
340 * All cipher suites in this document use P_SHA256.
341 */
342 private static void add(String name, int id, int priority,
343 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
344 boolean allowed, int obsoleted) {
345 PRF prf = obsoleted < ProtocolVersion.TLS12.v ? P_NONE : P_SHA256;
346
347 add(name, id, priority, keyExchange, cipher, mac, allowed, obsoleted,
348 ProtocolVersion.LIMIT_MIN_VALUE, prf);
349 }
350
351 /*
352 * Use this method when there is no upper protocol limit. That is,
353 * suites which have not been obsoleted.
354 */
355 private static void add(String name, int id, int priority,
356 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
357 boolean allowed) {
358 add(name, id, priority, keyExchange, cipher, mac, allowed,
359 ProtocolVersion.LIMIT_MAX_VALUE);
360 }
361
362 /*
363 * Use this method to define an unimplemented suite. This provides
364 * a number<->name mapping that can be used for debugging.
365 */
366 private static void add(String name, int id) {
367 CipherSuite c = new CipherSuite(name, id);
368 if (idMap.put(id, c) != null) {
369 throw new RuntimeException("Duplicate ciphersuite definition: "
370 + id + ", " + name);
371 }
372 }
373
374 /**
375 * An SSL/TLS key exchange algorithm.
376 */
377 static enum KeyExchange {
378
379 // key exchange algorithms
380 K_NULL ("NULL", false, NAMED_GROUP_NONE),
381 K_RSA ("RSA", true, NAMED_GROUP_NONE),
382 K_RSA_EXPORT ("RSA_EXPORT", true, NAMED_GROUP_NONE),
383 K_DH_RSA ("DH_RSA", false, NAMED_GROUP_NONE),
384 K_DH_DSS ("DH_DSS", false, NAMED_GROUP_NONE),
385 K_DHE_DSS ("DHE_DSS", true, NAMED_GROUP_FFDHE),
386 K_DHE_RSA ("DHE_RSA", true, NAMED_GROUP_FFDHE),
387 K_DH_ANON ("DH_anon", true, NAMED_GROUP_FFDHE),
388
389 K_ECDH_ECDSA ("ECDH_ECDSA", ALLOW_ECC, NAMED_GROUP_ECDHE),
390 K_ECDH_RSA ("ECDH_RSA", ALLOW_ECC, NAMED_GROUP_ECDHE),
391 K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC, NAMED_GROUP_ECDHE),
392 K_ECDHE_RSA ("ECDHE_RSA", ALLOW_ECC, NAMED_GROUP_ECDHE),
393 K_ECDH_ANON ("ECDH_anon", ALLOW_ECC, NAMED_GROUP_ECDHE),
394
395 // Kerberos cipher suites
396 K_KRB5 ("KRB5", true, NAMED_GROUP_NONE),
397 K_KRB5_EXPORT("KRB5_EXPORT", true, NAMED_GROUP_NONE),
398
399 // renegotiation protection request signaling cipher suite
400 K_SCSV ("SCSV", true, NAMED_GROUP_NONE);
401
402 // name of the key exchange algorithm, e.g. DHE_DSS
403 final String name;
404 final boolean allowed;
405 final NamedGroupType groupType;
406 private final boolean alwaysAvailable;
407
408 KeyExchange(String name, boolean allowed, NamedGroupType groupType) {
409 this.name = name;
410 this.allowed = allowed;
411 this.groupType = groupType;
412 this.alwaysAvailable = allowed &&
413 (!name.startsWith("EC")) && (!name.startsWith("KRB"));
414 }
415
416 boolean isAvailable() {
417 if (alwaysAvailable) {
418 return true;
419 }
420
421 if (groupType == NAMED_GROUP_ECDHE) {
422 return (allowed && JsseJce.isEcAvailable());
423 } else if (name.startsWith("KRB")) {
424 return (allowed && JsseJce.isKerberosAvailable());
425 } else {
426 return allowed;
427 }
428 }
429
430 @Override
431 public String toString() {
432 return name;
433 }
434 }
435
436 static enum CipherType {
437 NULL_CIPHER, // null cipher
438 STREAM_CIPHER, // stream cipher
439 BLOCK_CIPHER, // block cipher in CBC mode
440 AEAD_CIPHER // AEAD cipher
441 }
442
443 /**
444 * An SSL/TLS bulk cipher algorithm. One instance per combination of
445 * cipher and key length.
446 *
447 * Also contains a factory method to obtain in initialized CipherBox
448 * for this algorithm.
449 */
450 static enum BulkCipher {
451
452 // export strength ciphers
453 B_NULL("NULL", NULL_CIPHER, 0, 0, 0, 0, true),
454 B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true),
455 B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false),
456 B_DES_40(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true),
457
458 // domestic strength ciphers
459 B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true),
460 B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true),
461 B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true),
462 B_IDEA("IDEA", BLOCK_CIPHER, 16, 8, 0, false),
463 B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true),
464 B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true),
465 B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true),
466 B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true);
467
468 // descriptive name including key size, e.g. AES/128
469 final String description;
470
471 // JCE cipher transformation string, e.g. AES/CBC/NoPadding
472 final String transformation;
473
474 // algorithm name, e.g. AES
475 final String algorithm;
476
477 // supported and compile time enabled. Also see isAvailable()
478 final boolean allowed;
479
480 // number of bytes of entropy in the key
481 final int keySize;
482
483 // length of the actual cipher key in bytes.
484 // for non-exportable ciphers, this is the same as keySize
485 final int expandedKeySize;
486
487 // size of the IV
488 final int ivSize;
489
490 // size of fixed IV
491 //
492 // record_iv_length = ivSize - fixedIvSize
493 final int fixedIvSize;
494
495 // exportable under 512/40 bit rules
496 final boolean exportable;
497
498 // Is the cipher algorithm of Cipher Block Chaining (CBC) mode?
499 final CipherType cipherType;
500
501 // size of the authentication tag, only applicable to cipher suites in
502 // Galois Counter Mode (GCM)
503 //
504 // As far as we know, all supported GCM cipher suites use 128-bits
505 // authentication tags.
506 final int tagSize = 16;
507
508 // The secure random used to detect the cipher availability.
509 private static final SecureRandom secureRandom;
510
511 // runtime availability
512 private final boolean isAvailable;
513
514 static {
515 try {
516 secureRandom = JsseJce.getSecureRandom();
517 } catch (KeyManagementException kme) {
518 throw new RuntimeException(kme);
519 }
520 }
521
522 BulkCipher(String transformation, CipherType cipherType, int keySize,
523 int expandedKeySize, int ivSize,
524 int fixedIvSize, boolean allowed) {
525
526 this.transformation = transformation;
527 String[] splits = transformation.split("/");
528 this.algorithm = splits[0];
529 this.cipherType = cipherType;
530 this.description = this.algorithm + "/" + (keySize << 3);
531 this.keySize = keySize;
532 this.ivSize = ivSize;
533 this.fixedIvSize = fixedIvSize;
534 this.allowed = allowed;
535
536 this.expandedKeySize = expandedKeySize;
537 this.exportable = true;
538
539 // availability of this bulk cipher
540 //
541 // Currently all supported ciphers except AES are always available
542 // via the JSSE internal implementations. We also assume AES/128 of
543 // CBC mode is always available since it is shipped with the SunJCE
544 // provider. However, AES/256 is unavailable when the default JCE
545 // policy jurisdiction files are installed because of key length
546 // restrictions.
547 this.isAvailable =
548 allowed ? isUnlimited(keySize, transformation) : false;
549 }
550
551 BulkCipher(String transformation, CipherType cipherType, int keySize,
552 int ivSize, int fixedIvSize, boolean allowed) {
553 this.transformation = transformation;
554 String[] splits = transformation.split("/");
555 this.algorithm = splits[0];
556 this.cipherType = cipherType;
557 this.description = this.algorithm + "/" + (keySize << 3);
558 this.keySize = keySize;
559 this.ivSize = ivSize;
560 this.fixedIvSize = fixedIvSize;
561 this.allowed = allowed;
562
563 this.expandedKeySize = keySize;
564 this.exportable = false;
565
566 // availability of this bulk cipher
567 //
568 // Currently all supported ciphers except AES are always available
569 // via the JSSE internal implementations. We also assume AES/128 of
570 // CBC mode is always available since it is shipped with the SunJCE
571 // provider. However, AES/256 is unavailable when the default JCE
572 // policy jurisdiction files are installed because of key length
573 // restrictions.
574 this.isAvailable =
575 allowed ? isUnlimited(keySize, transformation) : false;
576 }
577
578 /**
579 * Return an initialized CipherBox for this BulkCipher.
580 * IV must be null for stream ciphers.
581 *
582 * @exception NoSuchAlgorithmException if anything goes wrong
583 */
584 CipherBox newCipher(ProtocolVersion version, SecretKey key,
585 IvParameterSpec iv, SecureRandom random,
586 boolean encrypt) throws NoSuchAlgorithmException {
587 return CipherBox.newCipherBox(version, this,
588 key, iv, random, encrypt);
589 }
590
591 /**
592 * Test if this bulk cipher is available. For use by CipherSuite.
593 */
594 boolean isAvailable() {
595 return this.isAvailable;
596 }
597
598 private static boolean isUnlimited(int keySize, String transformation) {
599 int keySizeInBits = keySize * 8;
600 if (keySizeInBits > 128) { // need the JCE unlimited
601 // strength jurisdiction policy
602 try {
603 if (Cipher.getMaxAllowedKeyLength(
604 transformation) < keySizeInBits) {
605
606 return false;
607 }
608 } catch (Exception e) {
609 return false;
610 }
611 }
612
613 return true;
614 }
615
616 @Override
617 public String toString() {
618 return description;
619 }
620 }
621
622 /**
623 * An SSL/TLS key MAC algorithm.
624 *
625 * Also contains a factory method to obtain an initialized MAC
626 * for this algorithm.
627 */
628 static enum MacAlg {
629 // MACs
630 M_NULL ("NULL", 0, 0, 0),
631 M_MD5 ("MD5", 16, 64, 9),
632 M_SHA ("SHA", 20, 64, 9),
633 M_SHA256 ("SHA256", 32, 64, 9),
634 M_SHA384 ("SHA384", 48, 128, 17);
635
636 // descriptive name, e.g. MD5
637 final String name;
638
639 // size of the MAC value (and MAC key) in bytes
640 final int size;
641
642 // block size of the underlying hash algorithm
643 final int hashBlockSize;
644
645 // minimal padding size of the underlying hash algorithm
646 final int minimalPaddingSize;
647
648 MacAlg(String name, int size,
649 int hashBlockSize, int minimalPaddingSize) {
650 this.name = name;
651 this.size = size;
652 this.hashBlockSize = hashBlockSize;
653 this.minimalPaddingSize = minimalPaddingSize;
654 }
655
656 /**
657 * Return an initialized MAC for this MacAlg. ProtocolVersion
658 * must either be SSL30 (SSLv3 custom MAC) or TLS10 (std. HMAC).
659 *
660 * @exception NoSuchAlgorithmException if anything goes wrong
661 */
662 MAC newMac(ProtocolVersion protocolVersion, SecretKey secret)
663 throws NoSuchAlgorithmException, InvalidKeyException {
664 return new MAC(this, protocolVersion, secret);
665 }
666
667 @Override
668 public String toString() {
669 return name;
670 }
671 }
672
673 /**
674 * PRFs (PseudoRandom Function) from TLS specifications.
675 *
676 * TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for generating
677 * the necessary material.
678 *
679 * In TLS 1.2+, all existing/known CipherSuites use SHA256, however
680 * new Ciphersuites (e.g. RFC 5288) can define specific PRF hash
681 * algorithms.
682 */
683 static enum PRF {
684
685 // PRF algorithms
686 P_NONE( "NONE", 0, 0),
687 P_SHA256("SHA-256", 32, 64),
688 P_SHA384("SHA-384", 48, 128),
689 P_SHA512("SHA-512", 64, 128); // not currently used.
690
691 // PRF characteristics
692 private final String prfHashAlg;
693 private final int prfHashLength;
694 private final int prfBlockSize;
695
696 PRF(String prfHashAlg, int prfHashLength, int prfBlockSize) {
697 this.prfHashAlg = prfHashAlg;
698 this.prfHashLength = prfHashLength;
699 this.prfBlockSize = prfBlockSize;
700 }
701
702 String getPRFHashAlg() {
703 return prfHashAlg;
704 }
705
706 int getPRFHashLength() {
707 return prfHashLength;
708 }
709
710 int getPRFBlockSize() {
711 return prfBlockSize;
712 }
713 }
714
715 static {
716 idMap = new HashMap<Integer,CipherSuite>();
717 nameMap = new HashMap<String,CipherSuite>();
718
719 final boolean F = false;
720 final boolean T = true;
721 // N: ciphersuites only allowed if we are not in FIPS mode
722 final boolean N = (SunJSSE.isFIPS() == false);
723
724 /*
725 * TLS Cipher Suite Registry, as of November 2015.
726 *
727 * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
728 *
729 * Range Registration Procedures Notes
730 * 000-191 Standards Action Refers to value of first byte
731 * 192-254 Specification Required Refers to value of first byte
732 * 255 Reserved for Private Use Refers to value of first byte
733 *
734 * Value Description Reference
735 * 0x00,0x00 TLS_NULL_WITH_NULL_NULL [RFC5246]
736 * 0x00,0x01 TLS_RSA_WITH_NULL_MD5 [RFC5246]
737 * 0x00,0x02 TLS_RSA_WITH_NULL_SHA [RFC5246]
738 * 0x00,0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 [RFC4346]
739 * 0x00,0x04 TLS_RSA_WITH_RC4_128_MD5 [RFC5246]
740 * 0x00,0x05 TLS_RSA_WITH_RC4_128_SHA [RFC5246]
741 * 0x00,0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 [RFC4346]
742 * 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469]
743 * 0x00,0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
744 * 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469]
745 * 0x00,0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
746 * 0x00,0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
747 * 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469]
748 * 0x00,0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246]
749 * 0x00,0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
750 * 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469]
751 * 0x00,0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
752 * 0x00,0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
753 * 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469]
754 * 0x00,0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246]
755 * 0x00,0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
756 * 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469]
757 * 0x00,0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
758 * 0x00,0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 [RFC4346]
759 * 0x00,0x18 TLS_DH_anon_WITH_RC4_128_MD5 [RFC5246]
760 * 0x00,0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
761 * 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469]
762 * 0x00,0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [RFC5246]
763 * 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3 [RFC5246]
764 * 0x00,0x1E TLS_KRB5_WITH_DES_CBC_SHA [RFC2712]
765 * 0x00,0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA [RFC2712]
766 * 0x00,0x20 TLS_KRB5_WITH_RC4_128_SHA [RFC2712]
767 * 0x00,0x21 TLS_KRB5_WITH_IDEA_CBC_SHA [RFC2712]
768 * 0x00,0x22 TLS_KRB5_WITH_DES_CBC_MD5 [RFC2712]
769 * 0x00,0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 [RFC2712]
770 * 0x00,0x24 TLS_KRB5_WITH_RC4_128_MD5 [RFC2712]
771 * 0x00,0x25 TLS_KRB5_WITH_IDEA_CBC_MD5 [RFC2712]
772 * 0x00,0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA [RFC2712]
773 * 0x00,0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA [RFC2712]
774 * 0x00,0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA [RFC2712]
775 * 0x00,0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [RFC2712]
776 * 0x00,0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 [RFC2712]
777 * 0x00,0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 [RFC2712]
778 * 0x00,0x2C TLS_PSK_WITH_NULL_SHA [RFC4785]
779 * 0x00,0x2D TLS_DHE_PSK_WITH_NULL_SHA [RFC4785]
780 * 0x00,0x2E TLS_RSA_PSK_WITH_NULL_SHA [RFC4785]
781 * 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]
782 * 0x00,0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA [RFC5246]
783 * 0x00,0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA [RFC5246]
784 * 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA [RFC5246]
785 * 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246]
786 * 0x00,0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA [RFC5246]
787 * 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246]
788 * 0x00,0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA [RFC5246]
789 * 0x00,0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA [RFC5246]
790 * 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA [RFC5246]
791 * 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246]
792 * 0x00,0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA [RFC5246]
793 * 0x00,0x3B TLS_RSA_WITH_NULL_SHA256 [RFC5246]
794 * 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
795 * 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
796 * 0x00,0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 [RFC5246]
797 * 0x00,0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
798 * 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [RFC5246]
799 * 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
800 * 0x00,0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
801 * 0x00,0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
802 * 0x00,0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
803 * 0x00,0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
804 * 0x00,0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
805 * 0x00,0x47-4F Reserved to avoid conflicts with
806 * deployed implementations [Pasi_Eronen]
807 * 0x00,0x50-58 Reserved to avoid conflicts [Pasi Eronen]
808 * 0x00,0x59-5C Reserved to avoid conflicts with
809 * deployed implementations [Pasi_Eronen]
810 * 0x00,0x5D-5F Unassigned
811 * 0x00,0x60-66 Reserved to avoid conflicts with widely
812 * deployed implementations [Pasi_Eronen]
813 * 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
814 * 0x00,0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 [RFC5246]
815 * 0x00,0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
816 * 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [RFC5246]
817 * 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
818 * 0x00,0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 [RFC5246]
819 * 0x00,0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 [RFC5246]
820 * 0x00,0x6E-83 Unassigned
821 * 0x00,0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
822 * 0x00,0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
823 * 0x00,0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
824 * 0x00,0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
825 * 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
826 * 0x00,0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
827 * 0x00,0x8A TLS_PSK_WITH_RC4_128_SHA [RFC4279]
828 * 0x00,0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
829 * 0x00,0x8C TLS_PSK_WITH_AES_128_CBC_SHA [RFC4279]
830 * 0x00,0x8D TLS_PSK_WITH_AES_256_CBC_SHA [RFC4279]
831 * 0x00,0x8E TLS_DHE_PSK_WITH_RC4_128_SHA [RFC4279]
832 * 0x00,0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
833 * 0x00,0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC4279]
834 * 0x00,0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC4279]
835 * 0x00,0x92 TLS_RSA_PSK_WITH_RC4_128_SHA [RFC4279]
836 * 0x00,0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
837 * 0x00,0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA [RFC4279]
838 * 0x00,0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA [RFC4279]
839 * 0x00,0x96 TLS_RSA_WITH_SEED_CBC_SHA [RFC4162]
840 * 0x00,0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA [RFC4162]
841 * 0x00,0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA [RFC4162]
842 * 0x00,0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA [RFC4162]
843 * 0x00,0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA [RFC4162]
844 * 0x00,0x9B TLS_DH_anon_WITH_SEED_CBC_SHA [RFC4162]
845 * 0x00,0x9C TLS_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
846 * 0x00,0x9D TLS_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
847 * 0x00,0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
848 * 0x00,0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
849 * 0x00,0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
850 * 0x00,0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
851 * 0x00,0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [RFC5288]
852 * 0x00,0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 [RFC5288]
853 * 0x00,0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 [RFC5288]
854 * 0x00,0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 [RFC5288]
855 * 0x00,0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 [RFC5288]
856 * 0x00,0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 [RFC5288]
857 * 0x00,0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
858 * 0x00,0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
859 * 0x00,0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
860 * 0x00,0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
861 * 0x00,0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
862 * 0x00,0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
863 * 0x00,0xAE TLS_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
864 * 0x00,0xAF TLS_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
865 * 0x00,0xB0 TLS_PSK_WITH_NULL_SHA256 [RFC5487]
866 * 0x00,0xB1 TLS_PSK_WITH_NULL_SHA384 [RFC5487]
867 * 0x00,0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
868 * 0x00,0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
869 * 0x00,0xB4 TLS_DHE_PSK_WITH_NULL_SHA256 [RFC5487]
870 * 0x00,0xB5 TLS_DHE_PSK_WITH_NULL_SHA384 [RFC5487]
871 * 0x00,0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
872 * 0x00,0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
873 * 0x00,0xB8 TLS_RSA_PSK_WITH_NULL_SHA256 [RFC5487]
874 * 0x00,0xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [RFC5487]
875 * 0x00,0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
876 * 0x00,0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
877 * 0x00,0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
878 * 0x00,0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
879 * 0x00,0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
880 * 0x00,0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
881 * 0x00,0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
882 * 0x00,0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
883 * 0x00,0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
884 * 0x00,0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
885 * 0x00,0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
886 * 0x00,0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
887 * 0x00,0xC6-FE Unassigned
888 * 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [RFC5746]
889 * 0x01-55,* Unassigned
890 * 0x56,0x00 TLS_FALLBACK_SCSV [RFC7507]
891 * 0x56,0x01-0xC0,0x00 Unassigned
892 * 0xC0,0x01 TLS_ECDH_ECDSA_WITH_NULL_SHA [RFC4492]
893 * 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA [RFC4492]
894 * 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
895 * 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [RFC4492]
896 * 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA [RFC4492]
897 * 0xC0,0x06 TLS_ECDHE_ECDSA_WITH_NULL_SHA [RFC4492]
898 * 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [RFC4492]
899 * 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
900 * 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [RFC4492]
901 * 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [RFC4492]
902 * 0xC0,0x0B TLS_ECDH_RSA_WITH_NULL_SHA [RFC4492]
903 * 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA [RFC4492]
904 * 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
905 * 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [RFC4492]
906 * 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA [RFC4492]
907 * 0xC0,0x10 TLS_ECDHE_RSA_WITH_NULL_SHA [RFC4492]
908 * 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA [RFC4492]
909 * 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
910 * 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [RFC4492]
911 * 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [RFC4492]
912 * 0xC0,0x15 TLS_ECDH_anon_WITH_NULL_SHA [RFC4492]
913 * 0xC0,0x16 TLS_ECDH_anon_WITH_RC4_128_SHA [RFC4492]
914 * 0xC0,0x17 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [RFC4492]
915 * 0xC0,0x18 TLS_ECDH_anon_WITH_AES_128_CBC_SHA [RFC4492]
916 * 0xC0,0x19 TLS_ECDH_anon_WITH_AES_256_CBC_SHA [RFC4492]
917 * 0xC0,0x1A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA [RFC5054]
918 * 0xC0,0x1B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA [RFC5054]
919 * 0xC0,0x1C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA [RFC5054]
920 * 0xC0,0x1D TLS_SRP_SHA_WITH_AES_128_CBC_SHA [RFC5054]
921 * 0xC0,0x1E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA [RFC5054]
922 * 0xC0,0x1F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA [RFC5054]
923 * 0xC0,0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA [RFC5054]
924 * 0xC0,0x21 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA [RFC5054]
925 * 0xC0,0x22 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA [RFC5054]
926 * 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289]
927 * 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289]
928 * 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289]
929 * 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289]
930 * 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5289]
931 * 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289]
932 * 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [RFC5289]
933 * 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 [RFC5289]
934 * 0xC0,0x2B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289]
935 * 0xC0,0x2C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289]
936 * 0xC0,0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289]
937 * 0xC0,0x2E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289]
938 * 0xC0,0x2F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5289]
939 * 0xC0,0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5289]
940 * 0xC0,0x31 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [RFC5289]
941 * 0xC0,0x32 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 [RFC5289]
942 * 0xC0,0x33 TLS_ECDHE_PSK_WITH_RC4_128_SHA [RFC5489]
943 * 0xC0,0x34 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC5489]
944 * 0xC0,0x35 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA [RFC5489]
945 * 0xC0,0x36 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA [RFC5489]
946 * 0xC0,0x37 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5489]
947 * 0xC0,0x38 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5489]
948 * 0xC0,0x39 TLS_ECDHE_PSK_WITH_NULL_SHA [RFC5489]
949 * 0xC0,0x3A TLS_ECDHE_PSK_WITH_NULL_SHA256 [RFC5489]
950 * 0xC0,0x3B TLS_ECDHE_PSK_WITH_NULL_SHA384 [RFC5489]
951 * 0xC0,0x3C TLS_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
952 * 0xC0,0x3D TLS_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
953 * 0xC0,0x3E TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 [RFC6209]
954 * 0xC0,0x3F TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 [RFC6209]
955 * 0xC0,0x40 TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
956 * 0xC0,0x41 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
957 * 0xC0,0x42 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 [RFC6209]
958 * 0xC0,0x43 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 [RFC6209]
959 * 0xC0,0x44 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
960 * 0xC0,0x45 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
961 * 0xC0,0x46 TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 [RFC6209]
962 * 0xC0,0x47 TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 [RFC6209]
963 * 0xC0,0x48 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
964 * 0xC0,0x49 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
965 * 0xC0,0x4A TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
966 * 0xC0,0x4B TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
967 * 0xC0,0x4C TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
968 * 0xC0,0x4D TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
969 * 0xC0,0x4E TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
970 * 0xC0,0x4F TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
971 * 0xC0,0x50 TLS_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
972 * 0xC0,0x51 TLS_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
973 * 0xC0,0x52 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
974 * 0xC0,0x53 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
975 * 0xC0,0x54 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
976 * 0xC0,0x55 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
977 * 0xC0,0x56 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 [RFC6209]
978 * 0xC0,0x57 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 [RFC6209]
979 * 0xC0,0x58 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 [RFC6209]
980 * 0xC0,0x59 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 [RFC6209]
981 * 0xC0,0x5A TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 [RFC6209]
982 * 0xC0,0x5B TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 [RFC6209]
983 * 0xC0,0x5C TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
984 * 0xC0,0x5D TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
985 * 0xC0,0x5E TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
986 * 0xC0,0x5F TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
987 * 0xC0,0x60 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
988 * 0xC0,0x61 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
989 * 0xC0,0x62 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
990 * 0xC0,0x63 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
991 * 0xC0,0x64 TLS_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209]
992 * 0xC0,0x65 TLS_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209]
993 * 0xC0,0x66 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209]
994 * 0xC0,0x67 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209]
995 * 0xC0,0x68 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209]
996 * 0xC0,0x69 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209]
997 * 0xC0,0x6A TLS_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209]
998 * 0xC0,0x6B TLS_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209]
999 * 0xC0,0x6C TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209]
1000 * 0xC0,0x6D TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209]
1001 * 0xC0,0x6E TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209]
1002 * 0xC0,0x6F TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209]
1003 * 0xC0,0x70 TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209]
1004 * 0xC0,0x71 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209]
1005 * 0xC0,0x72 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
1006 * 0xC0,0x73 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
1007 * 0xC0,0x74 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
1008 * 0xC0,0x75 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
1009 * 0xC0,0x76 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
1010 * 0xC0,0x77 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
1011 * 0xC0,0x78 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
1012 * 0xC0,0x79 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
1013 * 0xC0,0x7A TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1014 * 0xC0,0x7B TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1015 * 0xC0,0x7C TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1016 * 0xC0,0x7D TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1017 * 0xC0,0x7E TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1018 * 0xC0,0x7F TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1019 * 0xC0,0x80 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1020 * 0xC0,0x81 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1021 * 0xC0,0x82 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1022 * 0xC0,0x83 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1023 * 0xC0,0x84 TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1024 * 0xC0,0x85 TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1025 * 0xC0,0x86 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1026 * 0xC0,0x87 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1027 * 0xC0,0x88 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1028 * 0xC0,0x89 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1029 * 0xC0,0x8A TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1030 * 0xC0,0x8B TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1031 * 0xC0,0x8C TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1032 * 0xC0,0x8D TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1033 * 0xC0,0x8E TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1034 * 0xC0,0x8F TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1035 * 0xC0,0x90 TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1036 * 0xC0,0x91 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1037 * 0xC0,0x92 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
1038 * 0xC0,0x93 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
1039 * 0xC0,0x94 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
1040 * 0xC0,0x95 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
1041 * 0xC0,0x96 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
1042 * 0xC0,0x97 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
1043 * 0xC0,0x98 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
1044 * 0xC0,0x99 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
1045 * 0xC0,0x9A TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
1046 * 0xC0,0x9B TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
1047 * 0xC0,0x9C TLS_RSA_WITH_AES_128_CCM [RFC6655]
1048 * 0xC0,0x9D TLS_RSA_WITH_AES_256_CCM [RFC6655]
1049 * 0xC0,0x9E TLS_DHE_RSA_WITH_AES_128_CCM [RFC6655]
1050 * 0xC0,0x9F TLS_DHE_RSA_WITH_AES_256_CCM [RFC6655]
1051 * 0xC0,0xA0 TLS_RSA_WITH_AES_128_CCM_8 [RFC6655]
1052 * 0xC0,0xA1 TLS_RSA_WITH_AES_256_CCM_8 [RFC6655]
1053 * 0xC0,0xA2 TLS_DHE_RSA_WITH_AES_128_CCM_8 [RFC6655]
1054 * 0xC0,0xA3 TLS_DHE_RSA_WITH_AES_256_CCM_8 [RFC6655]
1055 * 0xC0,0xA4 TLS_PSK_WITH_AES_128_CCM [RFC6655]
1056 * 0xC0,0xA5 TLS_PSK_WITH_AES_256_CCM [RFC6655]
1057 * 0xC0,0xA6 TLS_DHE_PSK_WITH_AES_128_CCM [RFC6655]
1058 * 0xC0,0xA7 TLS_DHE_PSK_WITH_AES_256_CCM [RFC6655]
1059 * 0xC0,0xA8 TLS_PSK_WITH_AES_128_CCM_8 [RFC6655]
1060 * 0xC0,0xA9 TLS_PSK_WITH_AES_256_CCM_8 [RFC6655]
1061 * 0xC0,0xAA TLS_PSK_DHE_WITH_AES_128_CCM_8 [RFC6655]
1062 * 0xC0,0xAB TLS_PSK_DHE_WITH_AES_256_CCM_8 [RFC6655]
1063 * 0xC0,0xAC TLS_ECDHE_ECDSA_WITH_AES_128_CCM [RFC7251]
1064 * 0xC0,0xAD TLS_ECDHE_ECDSA_WITH_AES_256_CCM [RFC7251]
1065 * 0xC0,0xAE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 [RFC7251]
1066 * 0xC0,0xAF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 [RFC7251]
1067 * 0xC0,0xB0-FF Unassigned
1068 * 0xC1-FD,* Unassigned
1069 * 0xFE,0x00-FD Unassigned
1070 * 0xFE,0xFE-FF Reserved to avoid conflicts with widely
1071 * deployed implementations [Pasi_Eronen]
1072 * 0xFF,0x00-FF Reserved for Private Use [RFC5246]
1073 */
1074
1075 add("SSL_NULL_WITH_NULL_NULL", 0x0000,
1076 1, K_NULL, B_NULL, M_NULL, F);
1077
1078 /*
1079 * Definition of the CipherSuites that are enabled by default.
1080 * They are listed in preference order, most preferred first, using
1081 * the following criteria:
1082 * 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
1083 * changed later, see below).
1084 * 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
1085 * AES_128(GCM), AES_256, AES_128, 3DES-EDE.
1086 * 3. Prefer the stronger MAC algorithm, in the order of SHA384,
1087 * SHA256, SHA, MD5.
1088 * 4. Prefer the better performance of key exchange and digital
1089 * signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
1090 * RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.
1091 */
1092 int p = DEFAULT_SUITES_PRIORITY * 2;
1093
1094 // shorten names to fit the following table cleanly.
1095 int max = ProtocolVersion.LIMIT_MAX_VALUE;
1096 int tls11 = ProtocolVersion.TLS11.v;
1097 int tls12 = ProtocolVersion.TLS12.v;
1098
1099 // ID Key Exchange Cipher A obs suprt PRF
1100 // ====== ============ ========= = === ===== ========
1101
1102 // Suite B compliant cipher suites, see RFC 6460.
1103 //
1104 // Note that, at present this provider is not Suite B compliant. The
1105 // preference order of the GCM cipher suites does not follow the spec
1106 // of RFC 6460. In this section, only two cipher suites are listed
1107 // so that applications can make use of Suite-B compliant cipher
1108 // suite firstly.
1109 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02c, --p,
1110 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1111 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02b, --p,
1112 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1113
1114 // AES_256(GCM)
1115 add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, --p,
1116 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1117 add("TLS_RSA_WITH_AES_256_GCM_SHA384", 0x009d, --p,
1118 K_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1119 add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02e, --p,
1120 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1121 add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, --p,
1122 K_ECDH_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1123 add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 0x009f, --p,
1124 K_DHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1125 add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x00a3, --p,
1126 K_DHE_DSS, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1127
1128 // AES_128(GCM)
1129 add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 0xc02f, --p,
1130 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1131 add("TLS_RSA_WITH_AES_128_GCM_SHA256", 0x009c, --p,
1132 K_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1133 add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02d, --p,
1134 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1135 add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, --p,
1136 K_ECDH_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1137 add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 0x009e, --p,
1138 K_DHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1139 add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x00a2, --p,
1140 K_DHE_DSS, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1141
1142 // AES_256(CBC)
1143 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0xc024, --p,
1144 K_ECDHE_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384);
1145 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0xc028, --p,
1146 K_ECDHE_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384);
1147 add("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x003d, --p,
1148 K_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256);
1149 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0xc026, --p,
1150 K_ECDH_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384);
1151 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0xc02a, --p,
1152 K_ECDH_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384);
1153 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x006b, --p,
1154 K_DHE_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256);
1155 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x006a, --p,
1156 K_DHE_DSS, B_AES_256, M_SHA256, T, max, tls12, P_SHA256);
1157
1158 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 0xC00A, --p,
1159 K_ECDHE_ECDSA, B_AES_256, M_SHA, T);
1160 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 0xC014, --p,
1161 K_ECDHE_RSA, B_AES_256, M_SHA, T);
1162 add("TLS_RSA_WITH_AES_256_CBC_SHA", 0x0035, --p,
1163 K_RSA, B_AES_256, M_SHA, T);
1164 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 0xC005, --p,
1165 K_ECDH_ECDSA, B_AES_256, M_SHA, T);
1166 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 0xC00F, --p,
1167 K_ECDH_RSA, B_AES_256, M_SHA, T);
1168 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 0x0039, --p,
1169 K_DHE_RSA, B_AES_256, M_SHA, T);
1170 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 0x0038, --p,
1171 K_DHE_DSS, B_AES_256, M_SHA, T);
1172
1173 // AES_128(CBC)
1174 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0xc023, --p,
1175 K_ECDHE_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1176 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0xc027, --p,
1177 K_ECDHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1178 add("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x003c, --p,
1179 K_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1180 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0xc025, --p,
1181 K_ECDH_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1182 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0xc029, --p,
1183 K_ECDH_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1184 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0067, --p,
1185 K_DHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1186 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0040, --p,
1187 K_DHE_DSS, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1188
1189 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 0xC009, --p,
1190 K_ECDHE_ECDSA, B_AES_128, M_SHA, T);
1191 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 0xC013, --p,
1192 K_ECDHE_RSA, B_AES_128, M_SHA, T);
1193 add("TLS_RSA_WITH_AES_128_CBC_SHA", 0x002f, --p,
1194 K_RSA, B_AES_128, M_SHA, T);
1195 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 0xC004, --p,
1196 K_ECDH_ECDSA, B_AES_128, M_SHA, T);
1197 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 0xC00E, --p,
1198 K_ECDH_RSA, B_AES_128, M_SHA, T);
1199 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 0x0033, --p,
1200 K_DHE_RSA, B_AES_128, M_SHA, T);
1201 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 0x0032, --p,
1202 K_DHE_DSS, B_AES_128, M_SHA, T);
1203
1204 // 3DES_EDE
1205 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC008, --p,
1206 K_ECDHE_ECDSA, B_3DES, M_SHA, T);
1207 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 0xC012, --p,
1208 K_ECDHE_RSA, B_3DES, M_SHA, T);
1209 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", 0x000a, --p,
1210 K_RSA, B_3DES, M_SHA, T);
1211 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC003, --p,
1212 K_ECDH_ECDSA, B_3DES, M_SHA, T);
1213 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 0xC00D, --p,
1214 K_ECDH_RSA, B_3DES, M_SHA, T);
1215 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 0x0016, --p,
1216 K_DHE_RSA, B_3DES, M_SHA, T);
1217 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 0x0013, --p,
1218 K_DHE_DSS, B_3DES, M_SHA, N);
1219
1220 // Renegotiation protection request Signalling Cipher Suite Value (SCSV)
1221 add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0x00ff, --p,
1222 K_SCSV, B_NULL, M_NULL, T);
1223
1224 /*
1225 * Definition of the CipherSuites that are supported but not enabled
1226 * by default.
1227 * They are listed in preference order, preferred first, using the
1228 * following criteria:
1229 * 1. CipherSuites for KRB5 need additional KRB5 service
1230 * configuration, and these suites are not common in practice,
1231 * so we put KRB5 based cipher suites at the end of the supported
1232 * list.
1233 * 2. If a cipher suite has been obsoleted, we put it at the end of
1234 * the list.
1235 * 3. Prefer the stronger bulk cipher, in the order of AES_256,
1236 * AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
1237 * 4. Prefer the stronger MAC algorithm, in the order of SHA384,
1238 * SHA256, SHA, MD5.
1239 * 5. Prefer the better performance of key exchange and digital
1240 * signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
1241 * RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.
1242 */
1243 p = DEFAULT_SUITES_PRIORITY;
1244
1245 add("TLS_DH_anon_WITH_AES_256_GCM_SHA384", 0x00a7, --p,
1246 K_DH_ANON, B_AES_256_GCM, M_NULL, N, max, tls12, P_SHA384);
1247 add("TLS_DH_anon_WITH_AES_128_GCM_SHA256", 0x00a6, --p,
1248 K_DH_ANON, B_AES_128_GCM, M_NULL, N, max, tls12, P_SHA256);
1249
1250 add("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x006d, --p,
1251 K_DH_ANON, B_AES_256, M_SHA256, N, max, tls12, P_SHA256);
1252 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 0xC019, --p,
1253 K_ECDH_ANON, B_AES_256, M_SHA, N);
1254 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", 0x003a, --p,
1255 K_DH_ANON, B_AES_256, M_SHA, N);
1256
1257 add("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x006c, --p,
1258 K_DH_ANON, B_AES_128, M_SHA256, N, max, tls12, P_SHA256);
1259 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 0xC018, --p,
1260 K_ECDH_ANON, B_AES_128, M_SHA, N);
1261 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", 0x0034, --p,
1262 K_DH_ANON, B_AES_128, M_SHA, N);
1263
1264 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 0xC017, --p,
1265 K_ECDH_ANON, B_3DES, M_SHA, N);
1266 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 0x001b, --p,
1267 K_DH_ANON, B_3DES, M_SHA, N);
1268
1269 // RC-4
1270 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 0xC007, --p,
1271 K_ECDHE_ECDSA, B_RC4_128, M_SHA, N);
1272 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", 0xC011, --p,
1273 K_ECDHE_RSA, B_RC4_128, M_SHA, N);
1274 add("SSL_RSA_WITH_RC4_128_SHA", 0x0005, --p,
1275 K_RSA, B_RC4_128, M_SHA, N);
1276 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 0xC002, --p,
1277 K_ECDH_ECDSA, B_RC4_128, M_SHA, N);
1278 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", 0xC00C, --p,
1279 K_ECDH_RSA, B_RC4_128, M_SHA, N);
1280 add("SSL_RSA_WITH_RC4_128_MD5", 0x0004, --p,
1281 K_RSA, B_RC4_128, M_MD5, N);
1282
1283 add("TLS_ECDH_anon_WITH_RC4_128_SHA", 0xC016, --p,
1284 K_ECDH_ANON, B_RC4_128, M_SHA, N);
1285 add("SSL_DH_anon_WITH_RC4_128_MD5", 0x0018, --p,
1286 K_DH_ANON, B_RC4_128, M_MD5, N);
1287
1288 // weak cipher suites obsoleted in TLS 1.2
1289 add("SSL_RSA_WITH_DES_CBC_SHA", 0x0009, --p,
1290 K_RSA, B_DES, M_SHA, N, tls12);
1291 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0015, --p,
1292 K_DHE_RSA, B_DES, M_SHA, N, tls12);
1293 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0012, --p,
1294 K_DHE_DSS, B_DES, M_SHA, N, tls12);
1295 add("SSL_DH_anon_WITH_DES_CBC_SHA", 0x001a, --p,
1296 K_DH_ANON, B_DES, M_SHA, N, tls12);
1297
1298 // weak cipher suites obsoleted in TLS 1.1
1299 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0008, --p,
1300 K_RSA_EXPORT, B_DES_40, M_SHA, N, tls11);
1301 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0014, --p,
1302 K_DHE_RSA, B_DES_40, M_SHA, N, tls11);
1303 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0011, --p,
1304 K_DHE_DSS, B_DES_40, M_SHA, N, tls11);
1305 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0019, --p,
1306 K_DH_ANON, B_DES_40, M_SHA, N, tls11);
1307
1308 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0003, --p,
1309 K_RSA_EXPORT, B_RC4_40, M_MD5, N, tls11);
1310 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0017, --p,
1311 K_DH_ANON, B_RC4_40, M_MD5, N, tls11);
1312
1313 add("TLS_RSA_WITH_NULL_SHA256", 0x003b, --p,
1314 K_RSA, B_NULL, M_SHA256, N, max, tls12, P_SHA256);
1315 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", 0xC006, --p,
1316 K_ECDHE_ECDSA, B_NULL, M_SHA, N);
1317 add("TLS_ECDHE_RSA_WITH_NULL_SHA", 0xC010, --p,
1318 K_ECDHE_RSA, B_NULL, M_SHA, N);
1319 add("SSL_RSA_WITH_NULL_SHA", 0x0002, --p,
1320 K_RSA, B_NULL, M_SHA, N);
1321 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", 0xC001, --p,
1322 K_ECDH_ECDSA, B_NULL, M_SHA, N);
1323 add("TLS_ECDH_RSA_WITH_NULL_SHA", 0xC00B, --p,
1324 K_ECDH_RSA, B_NULL, M_SHA, N);
1325 add("TLS_ECDH_anon_WITH_NULL_SHA", 0xC015, --p,
1326 K_ECDH_ANON, B_NULL, M_SHA, N);
1327 add("SSL_RSA_WITH_NULL_MD5", 0x0001, --p,
1328 K_RSA, B_NULL, M_MD5, N);
1329
1330 // Supported Kerberos ciphersuites from RFC2712
1331 add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001f, --p,
1332 K_KRB5, B_3DES, M_SHA, N);
1333 add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023, --p,
1334 K_KRB5, B_3DES, M_MD5, N);
1335 add("TLS_KRB5_WITH_RC4_128_SHA", 0x0020, --p,
1336 K_KRB5, B_RC4_128, M_SHA, N);
1337 add("TLS_KRB5_WITH_RC4_128_MD5", 0x0024, --p,
1338 K_KRB5, B_RC4_128, M_MD5, N);
1339 add("TLS_KRB5_WITH_DES_CBC_SHA", 0x001e, --p,
1340 K_KRB5, B_DES, M_SHA, N, tls12);
1341 add("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022, --p,
1342 K_KRB5, B_DES, M_MD5, N, tls12);
1343 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026, --p,
1344 K_KRB5_EXPORT, B_DES_40, M_SHA, N, tls11);
1345 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029, --p,
1346 K_KRB5_EXPORT, B_DES_40, M_MD5, N, tls11);
1347 add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028, --p,
1348 K_KRB5_EXPORT, B_RC4_40, M_SHA, N, tls11);
1349 add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002b, --p,
1350 K_KRB5_EXPORT, B_RC4_40, M_MD5, N, tls11);
1351
1352 /*
1353 * Other values from the TLS Cipher Suite Registry, as of August 2010.
1354 *
1355 * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
1356 *
1357 * Range Registration Procedures Notes
1358 * 000-191 Standards Action Refers to value of first byte
1359 * 192-254 Specification Required Refers to value of first byte
1360 * 255 Reserved for Private Use Refers to value of first byte
1361 */
1362
1363 // Register the names of a few additional CipherSuites.
1364 // Makes them show up as names instead of numbers in
1365 // the debug output.
1366
1367 // remaining unsupported ciphersuites defined in RFC2246.
1368 add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006);
1369 add("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007);
1370 add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b);
1371 add("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c);
1372 add("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d);
1373 add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e);
1374 add("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f);
1375 add("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010);
1376
1377 // SSL 3.0 Fortezza ciphersuites
1378 add("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c);
1379 add("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d);
1380
1381 // 1024/56 bit exportable ciphersuites from expired internet draft
1382 add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062);
1383 add("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063);
1384 add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064);
1385 add("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065);
1386 add("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066);
1387
1388 // Netscape old and new SSL 3.0 FIPS ciphersuites
1389 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
1390 add("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0);
1391 add("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1);
1392 add("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe);
1393 add("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff);
1394
1395 // Unsupported Kerberos cipher suites from RFC 2712
1396 add("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021);
1397 add("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025);
1398 add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027);
1399 add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a);
1400
1401 // Unsupported cipher suites from RFC 4162
1402 add("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096);
1403 add("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097);
1404 add("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098);
1405 add("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099);
1406 add("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a);
1407 add("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b);
1408
1409 // Unsupported cipher suites from RFC 4279
1410 add("TLS_PSK_WITH_RC4_128_SHA", 0x008a);
1411 add("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b);
1412 add("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c);
1413 add("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d);
1414 add("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e);
1415 add("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f);
1416 add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090);
1417 add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091);
1418 add("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092);
1419 add("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093);
1420 add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094);
1421 add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095);
1422
1423 // Unsupported cipher suites from RFC 4785
1424 add("TLS_PSK_WITH_NULL_SHA", 0x002c);
1425 add("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d);
1426 add("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e);
1427
1428 // Unsupported cipher suites from RFC 5246
1429 add("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030);
1430 add("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031);
1431 add("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036);
1432 add("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037);
1433 add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e);
1434 add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f);
1435 add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068);
1436 add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069);
1437
1438 // Unsupported cipher suites from RFC 5288
1439 add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0);
1440 add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1);
1441 add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4);
1442 add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5);
1443
1444 // Unsupported cipher suites from RFC 5487
1445 add("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8);
1446 add("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9);
1447 add("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa);
1448 add("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab);
1449 add("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac);
1450 add("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad);
1451 add("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae);
1452 add("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af);
1453 add("TLS_PSK_WITH_NULL_SHA256", 0x00b0);
1454 add("TLS_PSK_WITH_NULL_SHA384", 0x00b1);
1455 add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2);
1456 add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3);
1457 add("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4);
1458 add("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5);
1459 add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6);
1460 add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7);
1461 add("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8);
1462 add("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9);
1463
1464 // Unsupported cipher suites from RFC 5932
1465 add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041);
1466 add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042);
1467 add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043);
1468 add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044);
1469 add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045);
1470 add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046);
1471 add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084);
1472 add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085);
1473 add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086);
1474 add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087);
1475 add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088);
1476 add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089);
1477 add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba);
1478 add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb);
1479 add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc);
1480 add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd);
1481 add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be);
1482 add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf);
1483 add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0);
1484 add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1);
1485 add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2);
1486 add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3);
1487 add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4);
1488 add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5);
1489
1490 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507
1491 add("TLS_FALLBACK_SCSV", 0x5600);
1492
1493 // Unsupported cipher suites from RFC 5054
1494 add("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a);
1495 add("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b);
1496 add("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c);
1497 add("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d);
1498 add("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e);
1499 add("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f);
1500 add("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020);
1501 add("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021);
1502 add("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022);
1503
1504 // Unsupported cipher suites from RFC 5489
1505 add("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033);
1506 add("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034);
1507 add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035);
1508 add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036);
1509 add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037);
1510 add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038);
1511 add("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039);
1512 add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a);
1513 add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b);
1514
1515 // Unsupported cipher suites from RFC 6209
1516 add("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c);
1517 add("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d);
1518 add("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e);
1519 add("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f);
1520 add("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040);
1521 add("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041);
1522 add("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042);
1523 add("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043);
1524 add("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044);
1525 add("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045);
1526 add("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046);
1527 add("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047);
1528 add("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048);
1529 add("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049);
1530 add("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a);
1531 add("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b);
1532 add("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c);
1533 add("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d);
1534 add("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e);
1535 add("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f);
1536 add("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050);
1537 add("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051);
1538 add("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052);
1539 add("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053);
1540 add("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054);
1541 add("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055);
1542 add("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056);
1543 add("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057);
1544 add("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058);
1545 add("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059);
1546 add("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a);
1547 add("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b);
1548 add("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c);
1549 add("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d);
1550 add("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e);
1551 add("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f);
1552 add("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060);
1553 add("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061);
1554 add("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062);
1555 add("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063);
1556 add("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064);
1557 add("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065);
1558 add("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066);
1559 add("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067);
1560 add("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068);
1561 add("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069);
1562 add("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a);
1563 add("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b);
1564 add("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c);
1565 add("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d);
1566 add("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e);
1567 add("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f);
1568 add("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070);
1569 add("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071);
1570
1571 // Unsupported cipher suites from RFC 6367
1572 add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072);
1573 add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073);
1574 add("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074);
1575 add("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075);
1576 add("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076);
1577 add("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077);
1578 add("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078);
1579 add("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079);
1580 add("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a);
1581 add("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b);
1582 add("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c);
1583 add("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d);
1584 add("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e);
1585 add("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f);
1586 add("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080);
1587 add("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081);
1588 add("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082);
1589 add("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083);
1590 add("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084);
1591 add("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085);
1592 add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086);
1593 add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087);
1594 add("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088);
1595 add("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089);
1596 add("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a);
1597 add("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b);
1598 add("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c);
1599 add("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d);
1600 add("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e);
1601 add("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f);
1602 add("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090);
1603 add("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091);
1604 add("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092);
1605 add("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093);
1606 add("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094);
1607 add("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095);
1608 add("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096);
1609 add("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097);
1610 add("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098);
1611 add("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099);
1612 add("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a);
1613 add("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b);
1614
1615 // Unsupported cipher suites from RFC 6655
1616 add("TLS_RSA_WITH_AES_128_CCM", 0xc09c);
1617 add("TLS_RSA_WITH_AES_256_CCM", 0xc09d);
1618 add("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e);
1619 add("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f);
1620 add("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0);
1621 add("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1);
1622 add("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2);
1623 add("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3);
1624 add("TLS_PSK_WITH_AES_128_CCM", 0xc0A4);
1625 add("TLS_PSK_WITH_AES_256_CCM", 0xc0A5);
1626 add("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6);
1627 add("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7);
1628 add("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8);
1629 add("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9);
1630 add("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa);
1631 add("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab);
1632
1633 // Unsupported cipher suites from RFC 7251
1634 add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac);
1635 add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad);
1636 add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae);
1637 add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af);
1638 }
1639
1640 // ciphersuite SSL_NULL_WITH_NULL_NULL
1641 static final CipherSuite C_NULL = CipherSuite.valueOf(0, 0);
1642
1643 // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV
1644 static final CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff);
1645 }