1 /*
2 * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.util.ArrayList;
29 import java.util.Arrays;
30 import java.util.Collection;
31 import java.util.Collections;
32 import java.util.LinkedList;
33 import java.util.List;
34 import static sun.security.ssl.CipherSuite.HashAlg.*;
35 import static sun.security.ssl.CipherSuite.KeyExchange.*;
36 import static sun.security.ssl.CipherSuite.MacAlg.*;
37 import static sun.security.ssl.SSLCipher.*;
38 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
39 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*;
40
41 enum CipherSuite {
42 //
43 // in preference order
44 //
45
46 // Definition of the CipherSuites that are enabled by default.
47 //
48 // They are listed in preference order, most preferred first, using
49 // the following criteria:
50 // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
51 // changed later, see below).
52 // 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
53 // AES_128(GCM), AES_256, AES_128, 3DES-EDE.
54 // 3. Prefer the stronger MAC algorithm, in the order of SHA384,
55 // SHA256, SHA, MD5.
56 // 4. Prefer the better performance of key exchange and digital
57 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
58 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.
59
60 TLS_AES_128_GCM_SHA256(
61 0x1301, true, "TLS_AES_128_GCM_SHA256",
62 ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256),
63 TLS_AES_256_GCM_SHA384(
64 0x1302, true, "TLS_AES_256_GCM_SHA384",
65 ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384),
66
67 // Suite B compliant cipher suites, see RFC 6460.
68 //
69 // Note that, at present this provider is not Suite B compliant. The
70 // preference order of the GCM cipher suites does not follow the spec
71 // of RFC 6460. In this section, only two cipher suites are listed
72 // so that applications can make use of Suite-B compliant cipher
73 // suite firstly.
74 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
75 0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "",
76 ProtocolVersion.PROTOCOLS_OF_12,
77 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),
78 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
79 0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "",
80 ProtocolVersion.PROTOCOLS_OF_12,
81 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),
82
83 // AES_256(GCM)
84 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
85 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "",
86 ProtocolVersion.PROTOCOLS_OF_12,
87 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
88 TLS_RSA_WITH_AES_256_GCM_SHA384(
89 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "",
90 ProtocolVersion.PROTOCOLS_OF_12,
91 K_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
92 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
93 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",
94 ProtocolVersion.PROTOCOLS_OF_12,
95 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),
96 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
97 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "",
98 ProtocolVersion.PROTOCOLS_OF_12,
99 K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
100 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
101 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "",
102 ProtocolVersion.PROTOCOLS_OF_12,
103 K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
104 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
105 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "",
106 ProtocolVersion.PROTOCOLS_OF_12,
107 K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384),
108
109 // AES_128(GCM)
110 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
111 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "",
112 ProtocolVersion.PROTOCOLS_OF_12,
113 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
114 TLS_RSA_WITH_AES_128_GCM_SHA256(
115 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "",
116 ProtocolVersion.PROTOCOLS_OF_12,
117 K_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
118 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
119 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "",
120 ProtocolVersion.PROTOCOLS_OF_12,
121 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),
122 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
123 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "",
124 ProtocolVersion.PROTOCOLS_OF_12,
125 K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
126 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
127 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "",
128 ProtocolVersion.PROTOCOLS_OF_12,
129 K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
130 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
131 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "",
132 ProtocolVersion.PROTOCOLS_OF_12,
133 K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256),
134
135 // AES_256(CBC)
136 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
137 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "",
138 ProtocolVersion.PROTOCOLS_OF_12,
139 K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384),
140 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
141 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "",
142 ProtocolVersion.PROTOCOLS_OF_12,
143 K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384),
144 TLS_RSA_WITH_AES_256_CBC_SHA256(
145 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "",
146 ProtocolVersion.PROTOCOLS_OF_12,
147 K_RSA, B_AES_256, M_SHA384, H_SHA384),
148 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
149 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "",
150 ProtocolVersion.PROTOCOLS_OF_12,
151 K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384),
152 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
153 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "",
154 ProtocolVersion.PROTOCOLS_OF_12,
155 K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384),
156 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
157 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "",
158 ProtocolVersion.PROTOCOLS_OF_12,
159 K_DHE_RSA, B_AES_256, M_SHA384, H_SHA256),
160 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
161 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "",
162 ProtocolVersion.PROTOCOLS_OF_12,
163 K_DHE_DSS, B_AES_256, M_SHA384, H_SHA256),
164
165 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
166 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "",
167 ProtocolVersion.PROTOCOLS_TO_12,
168 K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256),
169 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
170 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "",
171 ProtocolVersion.PROTOCOLS_TO_12,
172 K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256),
173 TLS_RSA_WITH_AES_256_CBC_SHA(
174 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",
175 ProtocolVersion.PROTOCOLS_TO_12,
176 K_RSA, B_AES_256, M_SHA, H_SHA256),
177 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
178 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",
179 ProtocolVersion.PROTOCOLS_TO_12,
180 K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256),
181 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
182 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "",
183 ProtocolVersion.PROTOCOLS_TO_12,
184 K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),
185 TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
186 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "",
187 ProtocolVersion.PROTOCOLS_TO_12,
188 K_DHE_RSA, B_AES_256, M_SHA, H_SHA256),
189 TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
190 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "",
191 ProtocolVersion.PROTOCOLS_TO_12,
192 K_DHE_DSS, B_AES_256, M_SHA, H_SHA256),
193
194 // AES_128(CBC)
195 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
196 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "",
197 ProtocolVersion.PROTOCOLS_OF_12,
198 K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256),
199 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
200 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "",
201 ProtocolVersion.PROTOCOLS_OF_12,
202 K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256),
203 TLS_RSA_WITH_AES_128_CBC_SHA256(
204 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "",
205 ProtocolVersion.PROTOCOLS_OF_12,
206 K_RSA, B_AES_128, M_SHA256, H_SHA256),
207 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
208 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "",
209 ProtocolVersion.PROTOCOLS_OF_12,
210 K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256),
211 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
212 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "",
213 ProtocolVersion.PROTOCOLS_OF_12,
214 K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256),
215 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
216 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "",
217 ProtocolVersion.PROTOCOLS_OF_12,
218 K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256),
219 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
220 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "",
221 ProtocolVersion.PROTOCOLS_OF_12,
222 K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256),
223
224 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
225 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "",
226 ProtocolVersion.PROTOCOLS_TO_12,
227 K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256),
228 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
229 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "",
230 ProtocolVersion.PROTOCOLS_TO_12,
231 K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256),
232 TLS_RSA_WITH_AES_128_CBC_SHA(
233 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",
234 ProtocolVersion.PROTOCOLS_TO_12,
235 K_RSA, B_AES_128, M_SHA, H_SHA256),
236 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
237 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",
238 ProtocolVersion.PROTOCOLS_TO_12,
239 K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256),
240 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
241 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "",
242 ProtocolVersion.PROTOCOLS_TO_12,
243 K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256),
244 TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
245 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "",
246 ProtocolVersion.PROTOCOLS_TO_12,
247 K_DHE_RSA, B_AES_128, M_SHA, H_SHA256),
248 TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
249 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "",
250 ProtocolVersion.PROTOCOLS_TO_12,
251 K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),
252
253 // 3DES_EDE
254 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
255 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
256 ProtocolVersion.PROTOCOLS_TO_12,
257 K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),
258 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
259 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",
260 ProtocolVersion.PROTOCOLS_TO_12,
261 K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),
262 SSL_RSA_WITH_3DES_EDE_CBC_SHA(
263 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "",
264 ProtocolVersion.PROTOCOLS_TO_12,
265 K_RSA, B_3DES, M_SHA, H_SHA256),
266 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
267 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
268 ProtocolVersion.PROTOCOLS_TO_12,
269 K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),
270 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
271 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",
272 ProtocolVersion.PROTOCOLS_TO_12,
273 K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),
274 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
275 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "",
276 ProtocolVersion.PROTOCOLS_TO_12,
277 K_DHE_RSA, B_3DES, M_SHA, H_SHA256),
278 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
279 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "",
280 ProtocolVersion.PROTOCOLS_TO_12,
281 K_DHE_DSS, B_3DES, M_SHA, H_SHA256),
282
283 // Renegotiation protection request Signalling Cipher Suite Value (SCSV).
284 TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior
285 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "",
286 ProtocolVersion.PROTOCOLS_TO_12,
287 K_SCSV, B_NULL, M_NULL, H_NONE),
288
289 // Definition of the CipherSuites that are supported but not enabled
290 // by default.
291 // They are listed in preference order, preferred first, using the
292 // following criteria:
293 // 1. CipherSuites for KRB5 need additional KRB5 service
294 // configuration, and these suites are not common in practice,
295 // so we put KRB5 based cipher suites at the end of the supported
296 // list.
297 // 2. If a cipher suite has been obsoleted, we put it at the end of
298 // the list.
299 // 3. Prefer the stronger bulk cipher, in the order of AES_256,
300 // AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
301 // 4. Prefer the stronger MAC algorithm, in the order of SHA384,
302 // SHA256, SHA, MD5.
303 // 5. Prefer the better performance of key exchange and digital
304 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
305 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.
306 TLS_DH_anon_WITH_AES_256_GCM_SHA384(
307 0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "",
308 ProtocolVersion.PROTOCOLS_OF_12,
309 K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384),
310 TLS_DH_anon_WITH_AES_128_GCM_SHA256(
311 0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "",
312 ProtocolVersion.PROTOCOLS_OF_12,
313 K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256),
314 TLS_DH_anon_WITH_AES_256_CBC_SHA256(
315 0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "",
316 ProtocolVersion.PROTOCOLS_OF_12,
317 K_DH_ANON, B_AES_256, M_SHA256, H_SHA256),
318 TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
319 0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "",
320 ProtocolVersion.PROTOCOLS_TO_12,
321 K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256),
322 TLS_DH_anon_WITH_AES_256_CBC_SHA(
323 0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "",
324 ProtocolVersion.PROTOCOLS_TO_12,
325 K_DH_ANON, B_AES_256, M_SHA, H_SHA256),
326 TLS_DH_anon_WITH_AES_128_CBC_SHA256(
327 0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "",
328 ProtocolVersion.PROTOCOLS_OF_12,
329 K_DH_ANON, B_AES_128, M_SHA256, H_SHA256),
330 TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
331 0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "",
332 ProtocolVersion.PROTOCOLS_TO_12,
333 K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256),
334 TLS_DH_anon_WITH_AES_128_CBC_SHA(
335 0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "",
336 ProtocolVersion.PROTOCOLS_TO_12,
337 K_DH_ANON, B_AES_128, M_SHA, H_SHA256),
338 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
339 0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "",
340 ProtocolVersion.PROTOCOLS_TO_12,
341 K_ECDH_ANON, B_3DES, M_SHA, H_SHA256),
342 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA(
343 0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "",
344 ProtocolVersion.PROTOCOLS_TO_12,
345 K_DH_ANON, B_3DES, M_SHA, H_SHA256),
346
347 // RC-4
348 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
349 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",
350 ProtocolVersion.PROTOCOLS_TO_12,
351 K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),
352 TLS_ECDHE_RSA_WITH_RC4_128_SHA(
353 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",
354 ProtocolVersion.PROTOCOLS_TO_12,
355 K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),
356 SSL_RSA_WITH_RC4_128_SHA(
357 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", "",
358 ProtocolVersion.PROTOCOLS_TO_12,
359 K_RSA, B_RC4_128, M_SHA, H_SHA256),
360 TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
361 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",
362 ProtocolVersion.PROTOCOLS_TO_12,
363 K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),
364 TLS_ECDH_RSA_WITH_RC4_128_SHA(
365 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",
366 ProtocolVersion.PROTOCOLS_TO_12,
367 K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),
368 SSL_RSA_WITH_RC4_128_MD5(
369 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", "",
370 ProtocolVersion.PROTOCOLS_TO_12,
371 K_RSA, B_RC4_128, M_MD5, H_SHA256),
372 TLS_ECDH_anon_WITH_RC4_128_SHA(
373 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",
374 ProtocolVersion.PROTOCOLS_TO_12,
375 K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),
376 SSL_DH_anon_WITH_RC4_128_MD5(
377 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", "",
378 ProtocolVersion.PROTOCOLS_TO_12,
379 K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),
380
381 // weak cipher suites obsoleted in TLS 1.2
382 SSL_RSA_WITH_DES_CBC_SHA(
383 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", "",
384 ProtocolVersion.PROTOCOLS_TO_11,
385 K_RSA, B_DES, M_SHA, H_NONE),
386 SSL_DHE_RSA_WITH_DES_CBC_SHA(
387 0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA", "",
388 ProtocolVersion.PROTOCOLS_TO_11,
389 K_DHE_RSA, B_DES, M_SHA, H_NONE),
390 SSL_DHE_DSS_WITH_DES_CBC_SHA(
391 0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA", "",
392 ProtocolVersion.PROTOCOLS_TO_11,
393 K_DHE_DSS, B_DES, M_SHA, H_NONE),
394 SSL_DH_anon_WITH_DES_CBC_SHA(
395 0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA", "",
396 ProtocolVersion.PROTOCOLS_TO_11,
397 K_DH_ANON, B_DES, M_SHA, H_NONE),
398
399 // weak cipher suites obsoleted in TLS 1.1
400 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(
401 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "",
402 ProtocolVersion.PROTOCOLS_TO_10,
403 K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),
404 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
405 0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "",
406 ProtocolVersion.PROTOCOLS_TO_10,
407 K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),
408 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
409 0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "",
410 ProtocolVersion.PROTOCOLS_TO_10,
411 K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE),
412 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
413 0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "",
414 ProtocolVersion.PROTOCOLS_TO_10,
415 K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE),
416 SSL_RSA_EXPORT_WITH_RC4_40_MD5(
417 0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "",
418 ProtocolVersion.PROTOCOLS_TO_10,
419 K_RSA_EXPORT, B_DES_40, M_MD5, H_NONE),
420 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(
421 0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "",
422 ProtocolVersion.PROTOCOLS_TO_10,
423 K_DH_ANON, B_DES_40, M_MD5, H_NONE),
424
425 // no traffic encryption cipher suites
426 TLS_RSA_WITH_NULL_SHA256(
427 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",
428 ProtocolVersion.PROTOCOLS_OF_12,
429 K_RSA, B_NULL, M_SHA256, H_SHA256),
430 TLS_ECDHE_ECDSA_WITH_NULL_SHA(
431 0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "",
432 ProtocolVersion.PROTOCOLS_TO_12,
433 K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256),
434 TLS_ECDHE_RSA_WITH_NULL_SHA(
435 0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "",
436 ProtocolVersion.PROTOCOLS_TO_12,
437 K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256),
438 SSL_RSA_WITH_NULL_SHA(
439 0x0002, false, "SSL_RSA_WITH_NULL_SHA", "",
440 ProtocolVersion.PROTOCOLS_TO_12,
441 K_RSA, B_NULL, M_SHA, H_SHA256),
442 TLS_ECDH_ECDSA_WITH_NULL_SHA(
443 0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "",
444 ProtocolVersion.PROTOCOLS_TO_12,
445 K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256),
446 TLS_ECDH_RSA_WITH_NULL_SHA(
447 0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "",
448 ProtocolVersion.PROTOCOLS_TO_12,
449 K_ECDH_RSA, B_NULL, M_SHA, H_SHA256),
450 TLS_ECDH_anon_WITH_NULL_SHA(
451 0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "",
452 ProtocolVersion.PROTOCOLS_TO_12,
453 K_ECDH_ANON, B_NULL, M_SHA, H_SHA256),
454 SSL_RSA_WITH_NULL_MD5(
455 0x0001, false, "SSL_RSA_WITH_NULL_MD5", "",
456 ProtocolVersion.PROTOCOLS_TO_12,
457 K_RSA, B_NULL, M_MD5, H_SHA256),
458
459 // supported Kerberos ciphersuites from RFC2712
460 TLS_KRB5_WITH_3DES_EDE_CBC_SHA(
461 0x001F, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "",
462 ProtocolVersion.PROTOCOLS_TO_12,
463 K_KRB5, B_3DES, M_SHA, H_SHA256),
464 TLS_KRB5_WITH_3DES_EDE_CBC_MD5(
465 0x0023, false, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "",
466 ProtocolVersion.PROTOCOLS_TO_12,
467 K_KRB5, B_3DES, M_MD5, H_SHA256),
468 TLS_KRB5_WITH_RC4_128_SHA(
469 0x0020, false, "TLS_KRB5_WITH_RC4_128_SHA", "",
470 ProtocolVersion.PROTOCOLS_TO_12,
471 K_KRB5, B_RC4_128, M_SHA, H_SHA256),
472 TLS_KRB5_WITH_RC4_128_MD5(
473 0x0024, false, "TLS_KRB5_WITH_RC4_128_MD5", "",
474 ProtocolVersion.PROTOCOLS_TO_12,
475 K_KRB5, B_RC4_128, M_MD5, H_SHA256),
476 TLS_KRB5_WITH_DES_CBC_SHA(
477 0x001e, false, "TLS_KRB5_WITH_DES_CBC_SHA", "",
478 ProtocolVersion.PROTOCOLS_TO_11,
479 K_KRB5, B_DES, M_SHA, H_NONE),
480 TLS_KRB5_WITH_DES_CBC_MD5(
481 0x0022, false, "TLS_KRB5_WITH_DES_CBC_MD5", "",
482 ProtocolVersion.PROTOCOLS_TO_11,
483 K_KRB5, B_DES, M_MD5, H_NONE),
484 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA(
485 0x0026, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "",
486 ProtocolVersion.PROTOCOLS_TO_10,
487 K_KRB5_EXPORT, B_DES_40, M_SHA, H_NONE),
488 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5(
489 0x0029, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "",
490 ProtocolVersion.PROTOCOLS_TO_10,
491 K_KRB5_EXPORT, B_DES_40, M_MD5, H_NONE),
492 TLS_KRB5_EXPORT_WITH_RC4_40_SHA(
493 0x0028, false, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "",
494 ProtocolVersion.PROTOCOLS_TO_10,
495 K_KRB5_EXPORT, B_RC4_40, M_SHA, H_NONE),
496 TLS_KRB5_EXPORT_WITH_RC4_40_MD5(
497 0x002B, false, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "",
498 ProtocolVersion.PROTOCOLS_TO_10,
499 K_KRB5_EXPORT, B_RC4_40, M_MD5, H_NONE),
500
501 // Other values from the TLS Cipher Suite Registry, as of August 2010.
502 //
503 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
504 //
505 // Range Registration Procedures Notes
506 // 000-191 Standards Action Refers to value of first byte
507 // 192-254 Specification Required Refers to value of first byte
508 // 255 Reserved for Private Use Refers to value of first byte
509
510 TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3
511 "TLS_CHACHA20_POLY1305_SHA256", 0x1303),
512 TLS_AES_128_CCM_SHA256( // TLS 1.3
513 "TLS_AES_128_CCM_SHA256", 0x1304),
514 TLS_AES_128_CCM_8_SHA256( // TLS 1.3
515 "TLS_AES_128_CCM_8_SHA256", 0x1305),
516
517 // remaining unsupported ciphersuites defined in RFC2246.
518 CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006),
519 CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007),
520 CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b),
521 CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c),
522 CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d),
523 CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e),
524 CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f),
525 CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010),
526
527 // SSL 3.0 Fortezza ciphersuites
528 CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c),
529 CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d),
530
531 // 1024/56 bit exportable ciphersuites from expired internet draft
532 CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062),
533 CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063),
534 CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064),
535 CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065),
536 CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066),
537
538 // Netscape old and new SSL 3.0 FIPS ciphersuites
539 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
540 CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0),
541 CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),
542 CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe),
543 CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff),
544
545 // Unsupported Kerberos cipher suites from RFC 2712
546 CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021),
547 CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025),
548 CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027),
549 CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a),
550
551 // Unsupported cipher suites from RFC 4162
552 CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096),
553 CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097),
554 CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098),
555 CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099),
556 CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a),
557 CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b),
558
559 // Unsupported cipher suites from RFC 4279
560 CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a),
561 CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b),
562 CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c),
563 CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d),
564 CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e),
565 CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f),
566 CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090),
567 CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091),
568 CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092),
569 CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093),
570 CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094),
571 CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095),
572
573 // Unsupported cipher suites from RFC 4785
574 CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c),
575 CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d),
576 CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e),
577
578 // Unsupported cipher suites from RFC 5246
579 CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030),
580 CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031),
581 CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036),
582 CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037),
583 CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e),
584 CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f),
585 CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068),
586 CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069),
587
588 // Unsupported cipher suites from RFC 5288
589 CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0),
590 CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1),
591 CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4),
592 CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5),
593
594 // Unsupported cipher suites from RFC 5487
595 CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8),
596 CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9),
597 CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa),
598 CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab),
599 CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac),
600 CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad),
601 CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae),
602 CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af),
603 CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0),
604 CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1),
605 CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2),
606 CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3),
607 CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4),
608 CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5),
609 CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6),
610 CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7),
611 CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8),
612 CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9),
613
614 // Unsupported cipher suites from RFC 5932
615 CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041),
616 CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042),
617 CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043),
618 CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044),
619 CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045),
620 CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046),
621 CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084),
622 CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085),
623 CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086),
624 CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087),
625 CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088),
626 CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089),
627 CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba),
628 CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb),
629 CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc),
630 CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd),
631 CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be),
632 CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf),
633 CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0),
634 CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1),
635 CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2),
636 CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3),
637 CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4),
638 CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5),
639
640 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507
641 CS_5600("TLS_FALLBACK_SCSV", 0x5600),
642
643 // Unsupported cipher suites from RFC 5054
644 CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a),
645 CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b),
646 CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c),
647 CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d),
648 CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e),
649 CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f),
650 CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020),
651 CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021),
652 CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022),
653
654 // Unsupported cipher suites from RFC 5489
655 CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033),
656 CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034),
657 CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035),
658 CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036),
659 CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037),
660 CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038),
661 CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039),
662 CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a),
663 CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b),
664
665 // Unsupported cipher suites from RFC 6209
666 CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c),
667 CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d),
668 CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e),
669 CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f),
670 CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040),
671 CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041),
672 CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042),
673 CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043),
674 CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044),
675 CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045),
676 CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046),
677 CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047),
678 CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048),
679 CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049),
680 CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a),
681 CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b),
682 CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c),
683 CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d),
684 CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e),
685 CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f),
686 CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050),
687 CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051),
688 CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052),
689 CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053),
690 CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054),
691 CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055),
692 CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056),
693 CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057),
694 CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058),
695 CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059),
696 CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a),
697 CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b),
698 CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c),
699 CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d),
700 CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e),
701 CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f),
702 CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060),
703 CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061),
704 CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062),
705 CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063),
706 CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064),
707 CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065),
708 CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066),
709 CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067),
710 CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068),
711 CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069),
712 CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a),
713 CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b),
714 CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c),
715 CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d),
716 CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e),
717 CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f),
718 CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070),
719 CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071),
720
721 // Unsupported cipher suites from RFC 6367
722 CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072),
723 CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073),
724 CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074),
725 CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075),
726 CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076),
727 CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077),
728 CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078),
729 CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079),
730 CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a),
731 CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b),
732 CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c),
733 CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d),
734 CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e),
735 CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f),
736 CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080),
737 CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081),
738 CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082),
739 CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083),
740 CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084),
741 CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085),
742 CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086),
743 CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087),
744 CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088),
745 CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089),
746 CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a),
747 CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b),
748 CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c),
749 CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d),
750 CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e),
751 CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f),
752 CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090),
753 CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091),
754 CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092),
755 CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093),
756 CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094),
757 CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095),
758 CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096),
759 CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097),
760 CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098),
761 CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099),
762 CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a),
763 CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b),
764
765 // Unsupported cipher suites from RFC 6655
766 CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c),
767 CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d),
768 CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e),
769 CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f),
770 CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0),
771 CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1),
772 CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2),
773 CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3),
774 CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4),
775 CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5),
776 CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6),
777 CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7),
778 CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8),
779 CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9),
780 CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa),
781 CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab),
782
783 // Unsupported cipher suites from RFC 7251
784 CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac),
785 CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad),
786 CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae),
787 CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af),
788
789 C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000);
790
791 final int id;
792 final boolean isDefaultEnabled;
793 final String name;
794 final List<String> aliases;
795 final List<ProtocolVersion> supportedProtocols;
796 final KeyExchange keyExchange;
797 final SSLCipher bulkCipher;
798 final MacAlg macAlg;
799 final HashAlg hashAlg;
800
801 final boolean exportable;
802
803 // known but unsupported cipher suite
804 private CipherSuite(String name, int id) {
805 this(id, false, name, "",
806 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null);
807 }
808
809 // TLS 1.3 cipher suite
810 private CipherSuite(int id, boolean isDefaultEnabled,
811 String name, ProtocolVersion[] supportedProtocols,
812 SSLCipher bulkCipher, HashAlg hashAlg) {
813 this(id, isDefaultEnabled, name, "",
814 supportedProtocols, null, bulkCipher, M_NULL, hashAlg);
815 }
816
817 private CipherSuite(int id, boolean isDefaultEnabled,
818 String name, String aliases,
819 ProtocolVersion[] supportedProtocols,
820 KeyExchange keyExchange, SSLCipher cipher,
821 MacAlg macAlg, HashAlg hashAlg) {
822 this.id = id;
823 this.isDefaultEnabled = isDefaultEnabled;
824 this.name = name;
825 if (aliases.isEmpty()) {
826 this.aliases = Arrays.asList(aliases.split(","));
827 } else {
828 this.aliases = Collections.emptyList();
829 }
830 this.supportedProtocols = Arrays.asList(supportedProtocols);
831 this.keyExchange = keyExchange;
832 this.bulkCipher = cipher;
833 this.macAlg = macAlg;
834 this.hashAlg = hashAlg;
835
836 this.exportable = (cipher == null ? false : cipher.exportable);
837 }
838
839 static CipherSuite nameOf(String ciperSuiteName) {
840 for (CipherSuite cs : CipherSuite.values()) {
841 if (cs.name.equals(ciperSuiteName) ||
842 cs.aliases.contains(ciperSuiteName)) {
843 return cs;
844 }
845 }
846
847 return null;
848 }
849
850 static CipherSuite valueOf(int id) {
851 for (CipherSuite cs : CipherSuite.values()) {
852 if (cs.id == id) {
853 return cs;
854 }
855 }
856
857 return null;
858 }
859
860 static String nameOf(int id) {
861 for (CipherSuite cs : CipherSuite.values()) {
862 if (cs.id == id) {
863 return cs.name;
864 }
865 }
866
867 return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")";
868 }
869
870 static Collection<CipherSuite> allowedCipherSuites() {
871 Collection<CipherSuite> cipherSuites = new LinkedList<>();
872 for (CipherSuite cs : CipherSuite.values()) {
873 if (!cs.supportedProtocols.isEmpty()) {
874 cipherSuites.add(cs);
875 } else {
876 // The following cipher suites are not supported.
877 break;
878 }
879 }
880 return cipherSuites;
881 }
882
883 static Collection<CipherSuite> defaultCipherSuites() {
884 Collection<CipherSuite> cipherSuites = new LinkedList<>();
885 for (CipherSuite cs : CipherSuite.values()) {
886 if (cs.isDefaultEnabled) {
887 cipherSuites.add(cs);
888 } else {
889 // The following cipher suites are not default enabled..
890 break;
891 }
892 }
893 return cipherSuites;
894 }
895
896 /**
897 * Validates and converts an array of cipher suite names.
898 *
899 * @throws IllegalArgumentException if the array or any of its elements
900 * is null or if the ciphersuite name is unrecognized or
901 * unsupported using currently installed providers
902 */
903 static List<CipherSuite> validValuesOf(String[] names) {
904 if (names == null || names.length == 0) {
905 return Collections.emptyList();
906 }
907
908 List<CipherSuite> cipherSuites = new ArrayList<>(names.length);
909 for (String name : names) {
910 boolean found = false;
911 for (CipherSuite cs : CipherSuite.values()) {
912 if (!cs.supportedProtocols.isEmpty()) {
913 if (cs.name.equals(name) ||
914 cs.aliases.contains(name)) {
915 cipherSuites.add(cs);
916 found = true;
917 break;
918 }
919 } else {
920 // The following cipher suites are not supported.
921 break;
922 }
923 }
924 if (!found) {
925 throw new IllegalArgumentException(
926 "Cannot support " + name +
927 " with currently installed providers");
928 }
929 }
930
931 return Collections.unmodifiableList(cipherSuites);
932 }
933
934 static String[] namesOf(List<CipherSuite> cipherSuites) {
935 String[] names = new String[cipherSuites.size()];
936 int i = 0;
937 for (CipherSuite cipherSuite : cipherSuites) {
938 names[i++] = cipherSuite.name;
939 }
940
941 return names;
942 }
943
944 boolean isAvailable() {
945 return !supportedProtocols.isEmpty() &&
946 (keyExchange == null || keyExchange.isAvailable()) &&
947 bulkCipher != null && bulkCipher.isAvailable();
948 }
949
950 public boolean supports(ProtocolVersion protocolVersion) {
951 return supportedProtocols.contains(protocolVersion);
952 }
953
954 boolean isNegotiable() {
955 return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable();
956 }
957
958 boolean isAnonymous() {
959 return (keyExchange != null && keyExchange.isAnonymous);
960 }
961
962 // See also SSLWriteCipher.calculatePacketSize().
963 int calculatePacketSize(int fragmentSize,
964 ProtocolVersion protocolVersion, boolean isDTLS) {
965 int packetSize = fragmentSize;
966 if (bulkCipher != null && bulkCipher != B_NULL) {
967 int blockSize = bulkCipher.ivSize;
968 switch (bulkCipher.cipherType) {
969 case BLOCK_CIPHER:
970 packetSize += macAlg.size;
971 packetSize += 1; // 1 byte padding length field
972 packetSize += // use the minimal padding
973 (blockSize - (packetSize % blockSize)) % blockSize;
974 if (protocolVersion.useTLS11PlusSpec()) {
975 packetSize += blockSize; // explicit IV
976 }
977
978 break;
979 case AEAD_CIPHER:
980 if (protocolVersion == ProtocolVersion.TLS12 ||
981 protocolVersion == ProtocolVersion.DTLS12) {
982 packetSize += bulkCipher.ivSize - bulkCipher.fixedIvSize;
983 }
984 packetSize += bulkCipher.tagSize;
985
986 break;
987 default: // NULL_CIPHER or STREAM_CIPHER
988 packetSize += macAlg.size;
989 }
990 }
991
992 return packetSize +
993 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
994 }
995
996 // See also CipherBox.calculateFragmentSize().
997 int calculateFragSize(int packetLimit,
998 ProtocolVersion protocolVersion, boolean isDTLS) {
999 int fragSize = packetLimit -
1000 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
1001 if (bulkCipher != null && bulkCipher != B_NULL) {
1002 int blockSize = bulkCipher.ivSize;
1003 switch (bulkCipher.cipherType) {
1004 case BLOCK_CIPHER:
1005 if (protocolVersion.useTLS11PlusSpec()) {
1006 fragSize -= blockSize; // explicit IV
1007 }
1008 fragSize -= (fragSize % blockSize); // cannot hold a block
1009 // No padding for a maximum fragment.
1010 fragSize -= 1; // 1 byte padding length field: 0x00
1011 fragSize -= macAlg.size;
1012
1013 break;
1014 case AEAD_CIPHER:
1015 fragSize -= bulkCipher.tagSize;
1016 fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize;
1017
1018 break;
1019 default: // NULL_CIPHER or STREAM_CIPHER
1020 fragSize -= macAlg.size;
1021 }
1022 }
1023
1024 return fragSize;
1025 }
1026
1027 /**
1028 * An SSL/TLS key exchange algorithm.
1029 */
1030 static enum KeyExchange {
1031 K_NULL ("NULL", false, true, NAMED_GROUP_NONE),
1032 K_RSA ("RSA", true, false, NAMED_GROUP_NONE),
1033 K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE),
1034 K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE),
1035 K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE),
1036 K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE),
1037 K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE),
1038 K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE),
1039 K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE),
1040 K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE),
1041 K_DH_ANON_EXPORT("DH_anon_EXPORT",true, true, NAMED_GROUP_NONE),
1042
1043 K_ECDH_ECDSA ("ECDH_ECDSA", true, false, NAMED_GROUP_ECDHE),
1044 K_ECDH_RSA ("ECDH_RSA", true, false, NAMED_GROUP_ECDHE),
1045 K_ECDHE_ECDSA("ECDHE_ECDSA", true, false, NAMED_GROUP_ECDHE),
1046 K_ECDHE_RSA ("ECDHE_RSA", true, false, NAMED_GROUP_ECDHE),
1047 K_ECDH_ANON ("ECDH_anon", true, true, NAMED_GROUP_ECDHE),
1048
1049 // Kerberos cipher suites
1050 K_KRB5 ("KRB5", true, false, NAMED_GROUP_NONE),
1051 K_KRB5_EXPORT("KRB5_EXPORT", true, false, NAMED_GROUP_NONE),
1052
1053 // renegotiation protection request signaling cipher suite
1054 K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE);
1055
1056 // name of the key exchange algorithm, e.g. DHE_DSS
1057 final String name;
1058 final boolean allowed;
1059 final NamedGroupType groupType;
1060 private final boolean alwaysAvailable;
1061 private final boolean isAnonymous;
1062
1063 KeyExchange(String name, boolean allowed,
1064 boolean isAnonymous, NamedGroupType groupType) {
1065 this.name = name;
1066 if (groupType == NAMED_GROUP_ECDHE) {
1067 this.allowed = JsseJce.ALLOW_ECC;
1068 } else {
1069 this.allowed = allowed;
1070 }
1071 this.groupType = groupType;
1072 this.alwaysAvailable = allowed &&
1073 (!name.startsWith("EC")) && (!name.startsWith("KRB"));
1074 this.isAnonymous = isAnonymous;
1075 }
1076
1077 boolean isAvailable() {
1078 if (alwaysAvailable) {
1079 return true;
1080 }
1081
1082 if (groupType == NAMED_GROUP_ECDHE) {
1083 return (allowed && JsseJce.isEcAvailable());
1084 } else if (name.startsWith("KRB")) {
1085 return (allowed && JsseJce.isKerberosAvailable());
1086 } else {
1087 return allowed;
1088 }
1089 }
1090
1091 @Override
1092 public String toString() {
1093 return name;
1094 }
1095 }
1096
1097 /**
1098 * An SSL/TLS key MAC algorithm.
1099 *
1100 * Also contains a factory method to obtain an initialized MAC
1101 * for this algorithm.
1102 */
1103 static enum MacAlg {
1104 // MACs
1105 M_NULL ("NULL", 0, 0, 0),
1106 M_MD5 ("MD5", 16, 64, 9),
1107 M_SHA ("SHA", 20, 64, 9),
1108 M_SHA256 ("SHA256", 32, 64, 9),
1109 M_SHA384 ("SHA384", 48, 128, 17);
1110
1111 // descriptive name, e.g. MD5
1112 final String name;
1113
1114 // size of the MAC value (and MAC key) in bytes
1115 final int size;
1116
1117 // block size of the underlying hash algorithm
1118 final int hashBlockSize;
1119
1120 // minimal padding size of the underlying hash algorithm
1121 final int minimalPaddingSize;
1122
1123 MacAlg(String name, int size,
1124 int hashBlockSize, int minimalPaddingSize) {
1125 this.name = name;
1126 this.size = size;
1127 this.hashBlockSize = hashBlockSize;
1128 this.minimalPaddingSize = minimalPaddingSize;
1129 }
1130
1131 @Override
1132 public String toString() {
1133 return name;
1134 }
1135 }
1136
1137 /**
1138 * The hash algorithms used for PRF (PseudoRandom Function) or HKDF.
1139 *
1140 * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for
1141 * generating the necessary material.
1142 */
1143 static enum HashAlg {
1144
1145 // PRF algorithms
1146 H_NONE( "NONE", 0, 0),
1147 H_SHA256("SHA-256", 32, 64),
1148 H_SHA384("SHA-384", 48, 128);
1149
1150 // PRF characteristics
1151 final String name;
1152 final int hashLength;
1153 final int blockSize;
1154
1155 HashAlg(String hashAlg, int hashLength, int blockSize) {
1156 this.name = hashAlg;
1157 this.hashLength = hashLength;
1158 this.blockSize = blockSize;
1159 }
1160
1161 @Override
1162 public String toString() {
1163 return name;
1164 }
1165 }
1166 }