1 /* 2 * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 27 package sun.security.ssl; 28 29 import java.util.*; 30 31 import java.security.NoSuchAlgorithmException; 32 import java.security.InvalidKeyException; 33 import java.security.SecureRandom; 34 import java.security.KeyManagementException; 35 36 import javax.crypto.Cipher; 37 import javax.crypto.SecretKey; 38 import javax.crypto.spec.IvParameterSpec; 39 import javax.crypto.spec.SecretKeySpec; 40 41 import static sun.security.ssl.CipherSuite.KeyExchange.*; 42 import static sun.security.ssl.CipherSuite.PRF.*; 43 import static sun.security.ssl.CipherSuite.CipherType.*; 44 import static sun.security.ssl.CipherSuite.MacAlg.*; 45 import static sun.security.ssl.CipherSuite.BulkCipher.*; 46 import static sun.security.ssl.JsseJce.*; 47 import static sun.security.ssl.NamedGroupType.*; 48 49 /** 50 * An SSL/TLS CipherSuite. Constants for the standard key exchange, cipher, 51 * and mac algorithms are also defined in this class. 52 * 53 * The CipherSuite class and the inner classes defined in this file roughly 54 * follow the type safe enum pattern described in Effective Java. This means: 55 * 56 * . instances are immutable, classes are final 57 * 58 * . there is a unique instance of every value, i.e. there are never two 59 * instances representing the same CipherSuite, etc. This means equality 60 * tests can be performed using == instead of equals() (although that works 61 * as well). [A minor exception are *unsupported* CipherSuites read from a 62 * handshake message, but this is usually irrelevant] 63 * 64 * . instances are obtained using the static valueOf() factory methods. 65 * 66 * . properties are defined as final variables and made available as 67 * package private variables without method accessors 68 * 69 * . if the member variable allowed is false, the given algorithm is either 70 * unavailable or disabled at compile time 71 * 72 */ 73 final class CipherSuite implements Comparable<CipherSuite> { 74 75 // minimum priority for supported CipherSuites 76 static final int SUPPORTED_SUITES_PRIORITY = 1; 77 78 // minimum priority for default enabled CipherSuites 79 static final int DEFAULT_SUITES_PRIORITY = 300; 80 81 private static final boolean ALLOW_ECC = Debug.getBooleanProperty 82 ("com.sun.net.ssl.enableECC", true); 83 84 // Map Integer(id) -> CipherSuite 85 // contains all known CipherSuites 86 private static final Map<Integer,CipherSuite> idMap; 87 88 // Map String(name) -> CipherSuite 89 // contains only supported CipherSuites (i.e. allowed == true) 90 private static final Map<String,CipherSuite> nameMap; 91 92 // Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5 93 // we use TLS_* only for new CipherSuites, still SSL_* for old ones 94 final String name; 95 96 // id in 16 bit MSB format, i.e. 0x0004 for SSL_RSA_WITH_RC4_128_MD5 97 final int id; 98 99 // priority for the internal default preference order. the higher the 100 // better. Each supported CipherSuite *must* have a unique priority. 101 // Ciphersuites with priority >= DEFAULT_SUITES_PRIORITY are enabled 102 // by default 103 final int priority; 104 105 // key exchange, bulk cipher, mac and prf algorithms. See those 106 // classes below. 107 final KeyExchange keyExchange; 108 final BulkCipher cipher; 109 final MacAlg macAlg; 110 final PRF prfAlg; 111 112 // whether a CipherSuite qualifies as exportable under 512/40 bit rules. 113 // TLS 1.1+ (RFC 4346) must not negotiate to these suites. 114 final boolean exportable; 115 116 // true iff implemented and enabled at compile time 117 final boolean allowed; 118 119 // obsoleted since protocol version 120 // 121 // TLS version is used. If checking DTLS versions, please map to 122 // TLS version firstly. See ProtocolVersion.mapToTLSProtocol(). 123 final int obsoleted; 124 125 // supported since protocol version (TLS version is used) 126 // 127 // TLS version is used. If checking DTLS versions, please map to 128 // TLS version firstly. See ProtocolVersion.mapToTLSProtocol(). 129 final int supported; 130 131 /** 132 * Constructor for implemented CipherSuites. 133 */ 134 private CipherSuite(String name, int id, int priority, 135 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 136 boolean allowed, int obsoleted, int supported, PRF prfAlg) { 137 this.name = name; 138 this.id = id; 139 this.priority = priority; 140 this.keyExchange = keyExchange; 141 this.cipher = cipher; 142 this.macAlg = mac; 143 this.exportable = cipher.exportable; 144 allowed &= keyExchange.allowed; 145 allowed &= cipher.allowed; 146 this.allowed = allowed; 147 this.obsoleted = obsoleted; 148 this.supported = supported; 149 this.prfAlg = prfAlg; 150 } 151 152 /** 153 * Constructor for unimplemented CipherSuites. 154 */ 155 private CipherSuite(String name, int id) { 156 this.name = name; 157 this.id = id; 158 this.allowed = false; 159 160 this.priority = 0; 161 this.keyExchange = null; 162 this.cipher = null; 163 this.macAlg = null; 164 this.exportable = false; 165 this.obsoleted = ProtocolVersion.LIMIT_MAX_VALUE; 166 this.supported = ProtocolVersion.LIMIT_MIN_VALUE; 167 this.prfAlg = P_NONE; 168 } 169 170 /** 171 * Return whether this CipherSuite is available for use. A 172 * CipherSuite may be unavailable even if it is supported 173 * (i.e. allowed == true) if the required JCE cipher is not installed. 174 */ 175 boolean isAvailable() { 176 return allowed && keyExchange.isAvailable() && cipher.isAvailable(); 177 } 178 179 boolean isNegotiable() { 180 return this != C_SCSV && isAvailable(); 181 } 182 183 // See also CipherBox.calculatePacketSize(). 184 int calculatePacketSize(int fragmentSize, 185 ProtocolVersion protocolVersion, boolean isDTLS) { 186 187 int packetSize = fragmentSize; 188 if (cipher != B_NULL) { 189 int blockSize = cipher.ivSize; 190 switch (cipher.cipherType) { 191 case BLOCK_CIPHER: 192 packetSize += macAlg.size; 193 packetSize += 1; // 1 byte padding length field 194 packetSize += // use the minimal padding 195 (blockSize - (packetSize % blockSize)) % blockSize; 196 if (protocolVersion.useTLS11PlusSpec()) { 197 packetSize += blockSize; // explicit IV 198 } 199 200 break; 201 case AEAD_CIPHER: 202 packetSize += cipher.ivSize - cipher.fixedIvSize; // record IV 203 packetSize += cipher.tagSize; 204 205 break; 206 default: // NULL_CIPHER or STREAM_CIPHER 207 packetSize += macAlg.size; 208 } 209 } 210 211 return packetSize + 212 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 213 } 214 215 // See also CipherBox.calculateFragmentSize(). 216 int calculateFragSize(int packetLimit, 217 ProtocolVersion protocolVersion, boolean isDTLS) { 218 219 int fragSize = packetLimit - 220 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 221 if (cipher != B_NULL) { 222 int blockSize = cipher.ivSize; 223 switch (cipher.cipherType) { 224 case BLOCK_CIPHER: 225 if (protocolVersion.useTLS11PlusSpec()) { 226 fragSize -= blockSize; // explicit IV 227 } 228 fragSize -= (fragSize % blockSize); // cannot hold a block 229 // No padding for a maximum fragment. 230 fragSize -= 1; // 1 byte padding length field: 0x00 231 fragSize -= macAlg.size; 232 233 break; 234 case AEAD_CIPHER: 235 fragSize -= cipher.tagSize; 236 fragSize -= cipher.ivSize - cipher.fixedIvSize; // record IV 237 238 break; 239 default: // NULL_CIPHER or STREAM_CIPHER 240 fragSize -= macAlg.size; 241 } 242 } 243 244 return fragSize; 245 } 246 247 /** 248 * Compares CipherSuites based on their priority. Has the effect of 249 * sorting CipherSuites when put in a sorted collection, which is 250 * used by CipherSuiteList. Follows standard Comparable contract. 251 * 252 * Note that for unsupported CipherSuites parsed from a handshake 253 * message we violate the equals() contract. 254 */ 255 @Override 256 public int compareTo(CipherSuite o) { 257 return o.priority - priority; 258 } 259 260 /** 261 * Returns this.name. 262 */ 263 @Override 264 public String toString() { 265 return name; 266 } 267 268 /** 269 * Return a CipherSuite for the given name. The returned CipherSuite 270 * is supported by this implementation but may not actually be 271 * currently useable. See isAvailable(). 272 * 273 * @exception IllegalArgumentException if the CipherSuite is unknown or 274 * unsupported. 275 */ 276 static CipherSuite valueOf(String s) { 277 if (s == null) { 278 throw new IllegalArgumentException("Name must not be null"); 279 } 280 281 CipherSuite c = nameMap.get(s); 282 if ((c == null) || (c.allowed == false)) { 283 throw new IllegalArgumentException("Unsupported ciphersuite " + s); 284 } 285 286 return c; 287 } 288 289 /** 290 * Return a CipherSuite with the given ID. A temporary object is 291 * constructed if the ID is unknown. Use isAvailable() to verify that 292 * the CipherSuite can actually be used. 293 */ 294 static CipherSuite valueOf(int id1, int id2) { 295 id1 &= 0xff; 296 id2 &= 0xff; 297 int id = (id1 << 8) | id2; 298 CipherSuite c = idMap.get(id); 299 if (c == null) { 300 String h1 = Integer.toString(id1, 16); 301 String h2 = Integer.toString(id2, 16); 302 c = new CipherSuite("Unknown 0x" + h1 + ":0x" + h2, id); 303 } 304 return c; 305 } 306 307 // for use by SSLContextImpl only 308 static Collection<CipherSuite> allowedCipherSuites() { 309 return nameMap.values(); 310 } 311 312 /* 313 * Use this method when all of the values need to be specified. 314 * This is primarily used when defining a new ciphersuite for 315 * TLS 1.2+ that doesn't use the "default" PRF. 316 */ 317 private static void add(String name, int id, int priority, 318 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 319 boolean allowed, int obsoleted, int supported, PRF prf) { 320 321 CipherSuite c = new CipherSuite(name, id, priority, keyExchange, 322 cipher, mac, allowed, obsoleted, supported, prf); 323 if (idMap.put(id, c) != null) { 324 throw new RuntimeException("Duplicate ciphersuite definition: " 325 + id + ", " + name); 326 } 327 if (c.allowed) { 328 if (nameMap.put(name, c) != null) { 329 throw new RuntimeException("Duplicate ciphersuite definition: " 330 + id + ", " + name); 331 } 332 } 333 } 334 335 /* 336 * Use this method when there is no lower protocol limit where this 337 * suite can be used, and the PRF is P_SHA256. That is, the 338 * existing ciphersuites. From RFC 5246: 339 * 340 * All cipher suites in this document use P_SHA256. 341 */ 342 private static void add(String name, int id, int priority, 343 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 344 boolean allowed, int obsoleted) { 345 PRF prf = obsoleted < ProtocolVersion.TLS12.v ? P_NONE : P_SHA256; 346 347 add(name, id, priority, keyExchange, cipher, mac, allowed, obsoleted, 348 ProtocolVersion.LIMIT_MIN_VALUE, prf); 349 } 350 351 /* 352 * Use this method when there is no upper protocol limit. That is, 353 * suites which have not been obsoleted. 354 */ 355 private static void add(String name, int id, int priority, 356 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 357 boolean allowed) { 358 add(name, id, priority, keyExchange, cipher, mac, allowed, 359 ProtocolVersion.LIMIT_MAX_VALUE); 360 } 361 362 /* 363 * Use this method to define an unimplemented suite. This provides 364 * a number<->name mapping that can be used for debugging. 365 */ 366 private static void add(String name, int id) { 367 CipherSuite c = new CipherSuite(name, id); 368 if (idMap.put(id, c) != null) { 369 throw new RuntimeException("Duplicate ciphersuite definition: " 370 + id + ", " + name); 371 } 372 } 373 374 /** 375 * An SSL/TLS key exchange algorithm. 376 */ 377 static enum KeyExchange { 378 379 // key exchange algorithms 380 K_NULL ("NULL", false, NAMED_GROUP_NONE), 381 K_RSA ("RSA", true, NAMED_GROUP_NONE), 382 K_RSA_EXPORT ("RSA_EXPORT", true, NAMED_GROUP_NONE), 383 K_DH_RSA ("DH_RSA", false, NAMED_GROUP_NONE), 384 K_DH_DSS ("DH_DSS", false, NAMED_GROUP_NONE), 385 K_DHE_DSS ("DHE_DSS", true, NAMED_GROUP_FFDHE), 386 K_DHE_RSA ("DHE_RSA", true, NAMED_GROUP_FFDHE), 387 K_DH_ANON ("DH_anon", true, NAMED_GROUP_FFDHE), 388 389 K_ECDH_ECDSA ("ECDH_ECDSA", ALLOW_ECC, NAMED_GROUP_ECDHE), 390 K_ECDH_RSA ("ECDH_RSA", ALLOW_ECC, NAMED_GROUP_ECDHE), 391 K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC, NAMED_GROUP_ECDHE), 392 K_ECDHE_RSA ("ECDHE_RSA", ALLOW_ECC, NAMED_GROUP_ECDHE), 393 K_ECDH_ANON ("ECDH_anon", ALLOW_ECC, NAMED_GROUP_ECDHE), 394 395 // Kerberos cipher suites 396 K_KRB5 ("KRB5", true, NAMED_GROUP_NONE), 397 K_KRB5_EXPORT("KRB5_EXPORT", true, NAMED_GROUP_NONE), 398 399 // renegotiation protection request signaling cipher suite 400 K_SCSV ("SCSV", true, NAMED_GROUP_NONE); 401 402 // name of the key exchange algorithm, e.g. DHE_DSS 403 final String name; 404 final boolean allowed; 405 final NamedGroupType groupType; 406 private final boolean alwaysAvailable; 407 408 KeyExchange(String name, boolean allowed, NamedGroupType groupType) { 409 this.name = name; 410 this.allowed = allowed; 411 this.groupType = groupType; 412 this.alwaysAvailable = allowed && 413 (!name.startsWith("EC")) && (!name.startsWith("KRB")); 414 } 415 416 boolean isAvailable() { 417 if (alwaysAvailable) { 418 return true; 419 } 420 421 if (groupType == NAMED_GROUP_ECDHE) { 422 return (allowed && JsseJce.isEcAvailable()); 423 } else if (name.startsWith("KRB")) { 424 return (allowed && JsseJce.isKerberosAvailable()); 425 } else { 426 return allowed; 427 } 428 } 429 430 @Override 431 public String toString() { 432 return name; 433 } 434 } 435 436 static enum CipherType { 437 NULL_CIPHER, // null cipher 438 STREAM_CIPHER, // stream cipher 439 BLOCK_CIPHER, // block cipher in CBC mode 440 AEAD_CIPHER // AEAD cipher 441 } 442 443 /** 444 * An SSL/TLS bulk cipher algorithm. One instance per combination of 445 * cipher and key length. 446 * 447 * Also contains a factory method to obtain in initialized CipherBox 448 * for this algorithm. 449 */ 450 static enum BulkCipher { 451 452 // export strength ciphers 453 B_NULL("NULL", NULL_CIPHER, 0, 0, 0, 0, true), 454 B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true), 455 B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false), 456 B_DES_40(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true), 457 458 // domestic strength ciphers 459 B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true), 460 B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true), 461 B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true), 462 B_IDEA("IDEA", BLOCK_CIPHER, 16, 8, 0, false), 463 B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true), 464 B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true), 465 B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true), 466 B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true); 467 468 // descriptive name including key size, e.g. AES/128 469 final String description; 470 471 // JCE cipher transformation string, e.g. AES/CBC/NoPadding 472 final String transformation; 473 474 // algorithm name, e.g. AES 475 final String algorithm; 476 477 // supported and compile time enabled. Also see isAvailable() 478 final boolean allowed; 479 480 // number of bytes of entropy in the key 481 final int keySize; 482 483 // length of the actual cipher key in bytes. 484 // for non-exportable ciphers, this is the same as keySize 485 final int expandedKeySize; 486 487 // size of the IV 488 final int ivSize; 489 490 // size of fixed IV 491 // 492 // record_iv_length = ivSize - fixedIvSize 493 final int fixedIvSize; 494 495 // exportable under 512/40 bit rules 496 final boolean exportable; 497 498 // Is the cipher algorithm of Cipher Block Chaining (CBC) mode? 499 final CipherType cipherType; 500 501 // size of the authentication tag, only applicable to cipher suites in 502 // Galois Counter Mode (GCM) 503 // 504 // As far as we know, all supported GCM cipher suites use 128-bits 505 // authentication tags. 506 final int tagSize = 16; 507 508 // The secure random used to detect the cipher availability. 509 private static final SecureRandom secureRandom; 510 511 // runtime availability 512 private final boolean isAvailable; 513 514 static { 515 try { 516 secureRandom = JsseJce.getSecureRandom(); 517 } catch (KeyManagementException kme) { 518 throw new RuntimeException(kme); 519 } 520 } 521 522 BulkCipher(String transformation, CipherType cipherType, int keySize, 523 int expandedKeySize, int ivSize, 524 int fixedIvSize, boolean allowed) { 525 526 this.transformation = transformation; 527 String[] splits = transformation.split("/"); 528 this.algorithm = splits[0]; 529 this.cipherType = cipherType; 530 this.description = this.algorithm + "/" + (keySize << 3); 531 this.keySize = keySize; 532 this.ivSize = ivSize; 533 this.fixedIvSize = fixedIvSize; 534 this.allowed = allowed; 535 536 this.expandedKeySize = expandedKeySize; 537 this.exportable = true; 538 539 // availability of this bulk cipher 540 // 541 // Currently all supported ciphers except AES are always available 542 // via the JSSE internal implementations. We also assume AES/128 of 543 // CBC mode is always available since it is shipped with the SunJCE 544 // provider. However, AES/256 is unavailable when the default JCE 545 // policy jurisdiction files are installed because of key length 546 // restrictions. 547 this.isAvailable = 548 allowed ? isUnlimited(keySize, transformation) : false; 549 } 550 551 BulkCipher(String transformation, CipherType cipherType, int keySize, 552 int ivSize, int fixedIvSize, boolean allowed) { 553 this.transformation = transformation; 554 String[] splits = transformation.split("/"); 555 this.algorithm = splits[0]; 556 this.cipherType = cipherType; 557 this.description = this.algorithm + "/" + (keySize << 3); 558 this.keySize = keySize; 559 this.ivSize = ivSize; 560 this.fixedIvSize = fixedIvSize; 561 this.allowed = allowed; 562 563 this.expandedKeySize = keySize; 564 this.exportable = false; 565 566 // availability of this bulk cipher 567 // 568 // Currently all supported ciphers except AES are always available 569 // via the JSSE internal implementations. We also assume AES/128 of 570 // CBC mode is always available since it is shipped with the SunJCE 571 // provider. However, AES/256 is unavailable when the default JCE 572 // policy jurisdiction files are installed because of key length 573 // restrictions. 574 this.isAvailable = 575 allowed ? isUnlimited(keySize, transformation) : false; 576 } 577 578 /** 579 * Return an initialized CipherBox for this BulkCipher. 580 * IV must be null for stream ciphers. 581 * 582 * @exception NoSuchAlgorithmException if anything goes wrong 583 */ 584 CipherBox newCipher(ProtocolVersion version, SecretKey key, 585 IvParameterSpec iv, SecureRandom random, 586 boolean encrypt) throws NoSuchAlgorithmException { 587 return CipherBox.newCipherBox(version, this, 588 key, iv, random, encrypt); 589 } 590 591 /** 592 * Test if this bulk cipher is available. For use by CipherSuite. 593 */ 594 boolean isAvailable() { 595 return this.isAvailable; 596 } 597 598 private static boolean isUnlimited(int keySize, String transformation) { 599 int keySizeInBits = keySize * 8; 600 if (keySizeInBits > 128) { // need the JCE unlimited 601 // strength jurisdiction policy 602 try { 603 if (Cipher.getMaxAllowedKeyLength( 604 transformation) < keySizeInBits) { 605 606 return false; 607 } 608 } catch (Exception e) { 609 return false; 610 } 611 } 612 613 return true; 614 } 615 616 @Override 617 public String toString() { 618 return description; 619 } 620 } 621 622 /** 623 * An SSL/TLS key MAC algorithm. 624 * 625 * Also contains a factory method to obtain an initialized MAC 626 * for this algorithm. 627 */ 628 static enum MacAlg { 629 // MACs 630 M_NULL ("NULL", 0, 0, 0), 631 M_MD5 ("MD5", 16, 64, 9), 632 M_SHA ("SHA", 20, 64, 9), 633 M_SHA256 ("SHA256", 32, 64, 9), 634 M_SHA384 ("SHA384", 48, 128, 17); 635 636 // descriptive name, e.g. MD5 637 final String name; 638 639 // size of the MAC value (and MAC key) in bytes 640 final int size; 641 642 // block size of the underlying hash algorithm 643 final int hashBlockSize; 644 645 // minimal padding size of the underlying hash algorithm 646 final int minimalPaddingSize; 647 648 MacAlg(String name, int size, 649 int hashBlockSize, int minimalPaddingSize) { 650 this.name = name; 651 this.size = size; 652 this.hashBlockSize = hashBlockSize; 653 this.minimalPaddingSize = minimalPaddingSize; 654 } 655 656 /** 657 * Return an initialized MAC for this MacAlg. ProtocolVersion 658 * must either be SSL30 (SSLv3 custom MAC) or TLS10 (std. HMAC). 659 * 660 * @exception NoSuchAlgorithmException if anything goes wrong 661 */ 662 MAC newMac(ProtocolVersion protocolVersion, SecretKey secret) 663 throws NoSuchAlgorithmException, InvalidKeyException { 664 return new MAC(this, protocolVersion, secret); 665 } 666 667 @Override 668 public String toString() { 669 return name; 670 } 671 } 672 673 /** 674 * PRFs (PseudoRandom Function) from TLS specifications. 675 * 676 * TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for generating 677 * the necessary material. 678 * 679 * In TLS 1.2+, all existing/known CipherSuites use SHA256, however 680 * new Ciphersuites (e.g. RFC 5288) can define specific PRF hash 681 * algorithms. 682 */ 683 static enum PRF { 684 685 // PRF algorithms 686 P_NONE( "NONE", 0, 0), 687 P_SHA256("SHA-256", 32, 64), 688 P_SHA384("SHA-384", 48, 128), 689 P_SHA512("SHA-512", 64, 128); // not currently used. 690 691 // PRF characteristics 692 private final String prfHashAlg; 693 private final int prfHashLength; 694 private final int prfBlockSize; 695 696 PRF(String prfHashAlg, int prfHashLength, int prfBlockSize) { 697 this.prfHashAlg = prfHashAlg; 698 this.prfHashLength = prfHashLength; 699 this.prfBlockSize = prfBlockSize; 700 } 701 702 String getPRFHashAlg() { 703 return prfHashAlg; 704 } 705 706 int getPRFHashLength() { 707 return prfHashLength; 708 } 709 710 int getPRFBlockSize() { 711 return prfBlockSize; 712 } 713 } 714 715 static { 716 idMap = new HashMap<Integer,CipherSuite>(); 717 nameMap = new HashMap<String,CipherSuite>(); 718 719 final boolean F = false; 720 final boolean T = true; 721 // N: ciphersuites only allowed if we are not in FIPS mode 722 final boolean N = (SunJSSE.isFIPS() == false); 723 724 /* 725 * TLS Cipher Suite Registry, as of November 2015. 726 * 727 * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 728 * 729 * Range Registration Procedures Notes 730 * 000-191 Standards Action Refers to value of first byte 731 * 192-254 Specification Required Refers to value of first byte 732 * 255 Reserved for Private Use Refers to value of first byte 733 * 734 * Value Description Reference 735 * 0x00,0x00 TLS_NULL_WITH_NULL_NULL [RFC5246] 736 * 0x00,0x01 TLS_RSA_WITH_NULL_MD5 [RFC5246] 737 * 0x00,0x02 TLS_RSA_WITH_NULL_SHA [RFC5246] 738 * 0x00,0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 [RFC4346] 739 * 0x00,0x04 TLS_RSA_WITH_RC4_128_MD5 [RFC5246] 740 * 0x00,0x05 TLS_RSA_WITH_RC4_128_SHA [RFC5246] 741 * 0x00,0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 [RFC4346] 742 * 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469] 743 * 0x00,0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 744 * 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469] 745 * 0x00,0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 746 * 0x00,0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 747 * 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469] 748 * 0x00,0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246] 749 * 0x00,0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 750 * 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469] 751 * 0x00,0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 752 * 0x00,0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 753 * 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469] 754 * 0x00,0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246] 755 * 0x00,0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 756 * 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469] 757 * 0x00,0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 758 * 0x00,0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 [RFC4346] 759 * 0x00,0x18 TLS_DH_anon_WITH_RC4_128_MD5 [RFC5246] 760 * 0x00,0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 761 * 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469] 762 * 0x00,0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [RFC5246] 763 * 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3 [RFC5246] 764 * 0x00,0x1E TLS_KRB5_WITH_DES_CBC_SHA [RFC2712] 765 * 0x00,0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA [RFC2712] 766 * 0x00,0x20 TLS_KRB5_WITH_RC4_128_SHA [RFC2712] 767 * 0x00,0x21 TLS_KRB5_WITH_IDEA_CBC_SHA [RFC2712] 768 * 0x00,0x22 TLS_KRB5_WITH_DES_CBC_MD5 [RFC2712] 769 * 0x00,0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 [RFC2712] 770 * 0x00,0x24 TLS_KRB5_WITH_RC4_128_MD5 [RFC2712] 771 * 0x00,0x25 TLS_KRB5_WITH_IDEA_CBC_MD5 [RFC2712] 772 * 0x00,0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA [RFC2712] 773 * 0x00,0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA [RFC2712] 774 * 0x00,0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA [RFC2712] 775 * 0x00,0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [RFC2712] 776 * 0x00,0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 [RFC2712] 777 * 0x00,0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 [RFC2712] 778 * 0x00,0x2C TLS_PSK_WITH_NULL_SHA [RFC4785] 779 * 0x00,0x2D TLS_DHE_PSK_WITH_NULL_SHA [RFC4785] 780 * 0x00,0x2E TLS_RSA_PSK_WITH_NULL_SHA [RFC4785] 781 * 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246] 782 * 0x00,0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA [RFC5246] 783 * 0x00,0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA [RFC5246] 784 * 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA [RFC5246] 785 * 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246] 786 * 0x00,0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA [RFC5246] 787 * 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246] 788 * 0x00,0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA [RFC5246] 789 * 0x00,0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA [RFC5246] 790 * 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA [RFC5246] 791 * 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246] 792 * 0x00,0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA [RFC5246] 793 * 0x00,0x3B TLS_RSA_WITH_NULL_SHA256 [RFC5246] 794 * 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 795 * 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 796 * 0x00,0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 [RFC5246] 797 * 0x00,0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 798 * 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [RFC5246] 799 * 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 800 * 0x00,0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 801 * 0x00,0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 802 * 0x00,0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 803 * 0x00,0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 804 * 0x00,0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 805 * 0x00,0x47-4F Reserved to avoid conflicts with 806 * deployed implementations [Pasi_Eronen] 807 * 0x00,0x50-58 Reserved to avoid conflicts [Pasi Eronen] 808 * 0x00,0x59-5C Reserved to avoid conflicts with 809 * deployed implementations [Pasi_Eronen] 810 * 0x00,0x5D-5F Unassigned 811 * 0x00,0x60-66 Reserved to avoid conflicts with widely 812 * deployed implementations [Pasi_Eronen] 813 * 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 814 * 0x00,0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 [RFC5246] 815 * 0x00,0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 816 * 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [RFC5246] 817 * 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 818 * 0x00,0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 [RFC5246] 819 * 0x00,0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 [RFC5246] 820 * 0x00,0x6E-83 Unassigned 821 * 0x00,0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 822 * 0x00,0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 823 * 0x00,0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 824 * 0x00,0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 825 * 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 826 * 0x00,0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 827 * 0x00,0x8A TLS_PSK_WITH_RC4_128_SHA [RFC4279] 828 * 0x00,0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 829 * 0x00,0x8C TLS_PSK_WITH_AES_128_CBC_SHA [RFC4279] 830 * 0x00,0x8D TLS_PSK_WITH_AES_256_CBC_SHA [RFC4279] 831 * 0x00,0x8E TLS_DHE_PSK_WITH_RC4_128_SHA [RFC4279] 832 * 0x00,0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 833 * 0x00,0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC4279] 834 * 0x00,0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC4279] 835 * 0x00,0x92 TLS_RSA_PSK_WITH_RC4_128_SHA [RFC4279] 836 * 0x00,0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 837 * 0x00,0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA [RFC4279] 838 * 0x00,0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA [RFC4279] 839 * 0x00,0x96 TLS_RSA_WITH_SEED_CBC_SHA [RFC4162] 840 * 0x00,0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA [RFC4162] 841 * 0x00,0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA [RFC4162] 842 * 0x00,0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA [RFC4162] 843 * 0x00,0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA [RFC4162] 844 * 0x00,0x9B TLS_DH_anon_WITH_SEED_CBC_SHA [RFC4162] 845 * 0x00,0x9C TLS_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 846 * 0x00,0x9D TLS_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 847 * 0x00,0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 848 * 0x00,0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 849 * 0x00,0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 850 * 0x00,0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 851 * 0x00,0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [RFC5288] 852 * 0x00,0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 [RFC5288] 853 * 0x00,0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 [RFC5288] 854 * 0x00,0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 [RFC5288] 855 * 0x00,0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 [RFC5288] 856 * 0x00,0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 [RFC5288] 857 * 0x00,0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 858 * 0x00,0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 859 * 0x00,0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 860 * 0x00,0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 861 * 0x00,0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 862 * 0x00,0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 863 * 0x00,0xAE TLS_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 864 * 0x00,0xAF TLS_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 865 * 0x00,0xB0 TLS_PSK_WITH_NULL_SHA256 [RFC5487] 866 * 0x00,0xB1 TLS_PSK_WITH_NULL_SHA384 [RFC5487] 867 * 0x00,0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 868 * 0x00,0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 869 * 0x00,0xB4 TLS_DHE_PSK_WITH_NULL_SHA256 [RFC5487] 870 * 0x00,0xB5 TLS_DHE_PSK_WITH_NULL_SHA384 [RFC5487] 871 * 0x00,0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 872 * 0x00,0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 873 * 0x00,0xB8 TLS_RSA_PSK_WITH_NULL_SHA256 [RFC5487] 874 * 0x00,0xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [RFC5487] 875 * 0x00,0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 876 * 0x00,0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 877 * 0x00,0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 878 * 0x00,0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 879 * 0x00,0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 880 * 0x00,0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 881 * 0x00,0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 882 * 0x00,0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 883 * 0x00,0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 884 * 0x00,0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 885 * 0x00,0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 886 * 0x00,0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 887 * 0x00,0xC6-FE Unassigned 888 * 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [RFC5746] 889 * 0x01-55,* Unassigned 890 * 0x56,0x00 TLS_FALLBACK_SCSV [RFC7507] 891 * 0x56,0x01-0xC0,0x00 Unassigned 892 * 0xC0,0x01 TLS_ECDH_ECDSA_WITH_NULL_SHA [RFC4492] 893 * 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA [RFC4492] 894 * 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 895 * 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [RFC4492] 896 * 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA [RFC4492] 897 * 0xC0,0x06 TLS_ECDHE_ECDSA_WITH_NULL_SHA [RFC4492] 898 * 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [RFC4492] 899 * 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 900 * 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [RFC4492] 901 * 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [RFC4492] 902 * 0xC0,0x0B TLS_ECDH_RSA_WITH_NULL_SHA [RFC4492] 903 * 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA [RFC4492] 904 * 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 905 * 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [RFC4492] 906 * 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA [RFC4492] 907 * 0xC0,0x10 TLS_ECDHE_RSA_WITH_NULL_SHA [RFC4492] 908 * 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA [RFC4492] 909 * 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 910 * 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [RFC4492] 911 * 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [RFC4492] 912 * 0xC0,0x15 TLS_ECDH_anon_WITH_NULL_SHA [RFC4492] 913 * 0xC0,0x16 TLS_ECDH_anon_WITH_RC4_128_SHA [RFC4492] 914 * 0xC0,0x17 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [RFC4492] 915 * 0xC0,0x18 TLS_ECDH_anon_WITH_AES_128_CBC_SHA [RFC4492] 916 * 0xC0,0x19 TLS_ECDH_anon_WITH_AES_256_CBC_SHA [RFC4492] 917 * 0xC0,0x1A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA [RFC5054] 918 * 0xC0,0x1B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA [RFC5054] 919 * 0xC0,0x1C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA [RFC5054] 920 * 0xC0,0x1D TLS_SRP_SHA_WITH_AES_128_CBC_SHA [RFC5054] 921 * 0xC0,0x1E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA [RFC5054] 922 * 0xC0,0x1F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA [RFC5054] 923 * 0xC0,0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA [RFC5054] 924 * 0xC0,0x21 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA [RFC5054] 925 * 0xC0,0x22 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA [RFC5054] 926 * 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289] 927 * 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289] 928 * 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289] 929 * 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289] 930 * 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5289] 931 * 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] 932 * 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [RFC5289] 933 * 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] 934 * 0xC0,0x2B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289] 935 * 0xC0,0x2C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289] 936 * 0xC0,0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289] 937 * 0xC0,0x2E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289] 938 * 0xC0,0x2F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5289] 939 * 0xC0,0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5289] 940 * 0xC0,0x31 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [RFC5289] 941 * 0xC0,0x32 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 [RFC5289] 942 * 0xC0,0x33 TLS_ECDHE_PSK_WITH_RC4_128_SHA [RFC5489] 943 * 0xC0,0x34 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC5489] 944 * 0xC0,0x35 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA [RFC5489] 945 * 0xC0,0x36 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA [RFC5489] 946 * 0xC0,0x37 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5489] 947 * 0xC0,0x38 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5489] 948 * 0xC0,0x39 TLS_ECDHE_PSK_WITH_NULL_SHA [RFC5489] 949 * 0xC0,0x3A TLS_ECDHE_PSK_WITH_NULL_SHA256 [RFC5489] 950 * 0xC0,0x3B TLS_ECDHE_PSK_WITH_NULL_SHA384 [RFC5489] 951 * 0xC0,0x3C TLS_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209] 952 * 0xC0,0x3D TLS_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209] 953 * 0xC0,0x3E TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 [RFC6209] 954 * 0xC0,0x3F TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 [RFC6209] 955 * 0xC0,0x40 TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209] 956 * 0xC0,0x41 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209] 957 * 0xC0,0x42 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 [RFC6209] 958 * 0xC0,0x43 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 [RFC6209] 959 * 0xC0,0x44 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209] 960 * 0xC0,0x45 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209] 961 * 0xC0,0x46 TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 [RFC6209] 962 * 0xC0,0x47 TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 [RFC6209] 963 * 0xC0,0x48 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 [RFC6209] 964 * 0xC0,0x49 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 [RFC6209] 965 * 0xC0,0x4A TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 [RFC6209] 966 * 0xC0,0x4B TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 [RFC6209] 967 * 0xC0,0x4C TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209] 968 * 0xC0,0x4D TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209] 969 * 0xC0,0x4E TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209] 970 * 0xC0,0x4F TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209] 971 * 0xC0,0x50 TLS_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209] 972 * 0xC0,0x51 TLS_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209] 973 * 0xC0,0x52 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209] 974 * 0xC0,0x53 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209] 975 * 0xC0,0x54 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209] 976 * 0xC0,0x55 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209] 977 * 0xC0,0x56 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 [RFC6209] 978 * 0xC0,0x57 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 [RFC6209] 979 * 0xC0,0x58 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 [RFC6209] 980 * 0xC0,0x59 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 [RFC6209] 981 * 0xC0,0x5A TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 [RFC6209] 982 * 0xC0,0x5B TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 [RFC6209] 983 * 0xC0,0x5C TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 [RFC6209] 984 * 0xC0,0x5D TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 [RFC6209] 985 * 0xC0,0x5E TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 [RFC6209] 986 * 0xC0,0x5F TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 [RFC6209] 987 * 0xC0,0x60 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209] 988 * 0xC0,0x61 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209] 989 * 0xC0,0x62 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209] 990 * 0xC0,0x63 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209] 991 * 0xC0,0x64 TLS_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209] 992 * 0xC0,0x65 TLS_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209] 993 * 0xC0,0x66 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209] 994 * 0xC0,0x67 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209] 995 * 0xC0,0x68 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209] 996 * 0xC0,0x69 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209] 997 * 0xC0,0x6A TLS_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209] 998 * 0xC0,0x6B TLS_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209] 999 * 0xC0,0x6C TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209] 1000 * 0xC0,0x6D TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209] 1001 * 0xC0,0x6E TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209] 1002 * 0xC0,0x6F TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209] 1003 * 0xC0,0x70 TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209] 1004 * 0xC0,0x71 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209] 1005 * 0xC0,0x72 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367] 1006 * 0xC0,0x73 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367] 1007 * 0xC0,0x74 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367] 1008 * 0xC0,0x75 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367] 1009 * 0xC0,0x76 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367] 1010 * 0xC0,0x77 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367] 1011 * 0xC0,0x78 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367] 1012 * 0xC0,0x79 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367] 1013 * 0xC0,0x7A TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1014 * 0xC0,0x7B TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1015 * 0xC0,0x7C TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1016 * 0xC0,0x7D TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1017 * 0xC0,0x7E TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1018 * 0xC0,0x7F TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1019 * 0xC0,0x80 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1020 * 0xC0,0x81 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1021 * 0xC0,0x82 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1022 * 0xC0,0x83 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1023 * 0xC0,0x84 TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1024 * 0xC0,0x85 TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1025 * 0xC0,0x86 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1026 * 0xC0,0x87 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1027 * 0xC0,0x88 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1028 * 0xC0,0x89 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1029 * 0xC0,0x8A TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1030 * 0xC0,0x8B TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1031 * 0xC0,0x8C TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1032 * 0xC0,0x8D TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1033 * 0xC0,0x8E TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1034 * 0xC0,0x8F TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1035 * 0xC0,0x90 TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1036 * 0xC0,0x91 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1037 * 0xC0,0x92 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367] 1038 * 0xC0,0x93 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367] 1039 * 0xC0,0x94 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367] 1040 * 0xC0,0x95 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367] 1041 * 0xC0,0x96 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367] 1042 * 0xC0,0x97 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367] 1043 * 0xC0,0x98 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367] 1044 * 0xC0,0x99 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367] 1045 * 0xC0,0x9A TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367] 1046 * 0xC0,0x9B TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367] 1047 * 0xC0,0x9C TLS_RSA_WITH_AES_128_CCM [RFC6655] 1048 * 0xC0,0x9D TLS_RSA_WITH_AES_256_CCM [RFC6655] 1049 * 0xC0,0x9E TLS_DHE_RSA_WITH_AES_128_CCM [RFC6655] 1050 * 0xC0,0x9F TLS_DHE_RSA_WITH_AES_256_CCM [RFC6655] 1051 * 0xC0,0xA0 TLS_RSA_WITH_AES_128_CCM_8 [RFC6655] 1052 * 0xC0,0xA1 TLS_RSA_WITH_AES_256_CCM_8 [RFC6655] 1053 * 0xC0,0xA2 TLS_DHE_RSA_WITH_AES_128_CCM_8 [RFC6655] 1054 * 0xC0,0xA3 TLS_DHE_RSA_WITH_AES_256_CCM_8 [RFC6655] 1055 * 0xC0,0xA4 TLS_PSK_WITH_AES_128_CCM [RFC6655] 1056 * 0xC0,0xA5 TLS_PSK_WITH_AES_256_CCM [RFC6655] 1057 * 0xC0,0xA6 TLS_DHE_PSK_WITH_AES_128_CCM [RFC6655] 1058 * 0xC0,0xA7 TLS_DHE_PSK_WITH_AES_256_CCM [RFC6655] 1059 * 0xC0,0xA8 TLS_PSK_WITH_AES_128_CCM_8 [RFC6655] 1060 * 0xC0,0xA9 TLS_PSK_WITH_AES_256_CCM_8 [RFC6655] 1061 * 0xC0,0xAA TLS_PSK_DHE_WITH_AES_128_CCM_8 [RFC6655] 1062 * 0xC0,0xAB TLS_PSK_DHE_WITH_AES_256_CCM_8 [RFC6655] 1063 * 0xC0,0xAC TLS_ECDHE_ECDSA_WITH_AES_128_CCM [RFC7251] 1064 * 0xC0,0xAD TLS_ECDHE_ECDSA_WITH_AES_256_CCM [RFC7251] 1065 * 0xC0,0xAE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 [RFC7251] 1066 * 0xC0,0xAF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 [RFC7251] 1067 * 0xC0,0xB0-FF Unassigned 1068 * 0xC1-FD,* Unassigned 1069 * 0xFE,0x00-FD Unassigned 1070 * 0xFE,0xFE-FF Reserved to avoid conflicts with widely 1071 * deployed implementations [Pasi_Eronen] 1072 * 0xFF,0x00-FF Reserved for Private Use [RFC5246] 1073 */ 1074 1075 add("SSL_NULL_WITH_NULL_NULL", 0x0000, 1076 1, K_NULL, B_NULL, M_NULL, F); 1077 1078 /* 1079 * Definition of the CipherSuites that are enabled by default. 1080 * They are listed in preference order, most preferred first, using 1081 * the following criteria: 1082 * 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be 1083 * changed later, see below). 1084 * 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM), 1085 * AES_128(GCM), AES_256, AES_128, 3DES-EDE. 1086 * 3. Prefer the stronger MAC algorithm, in the order of SHA384, 1087 * SHA256, SHA, MD5. 1088 * 4. Prefer the better performance of key exchange and digital 1089 * signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 1090 * RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS. 1091 */ 1092 int p = DEFAULT_SUITES_PRIORITY * 2; 1093 1094 // shorten names to fit the following table cleanly. 1095 int max = ProtocolVersion.LIMIT_MAX_VALUE; 1096 int tls11 = ProtocolVersion.TLS11.v; 1097 int tls12 = ProtocolVersion.TLS12.v; 1098 1099 // ID Key Exchange Cipher A obs suprt PRF 1100 // ====== ============ ========= = === ===== ======== 1101 1102 // Suite B compliant cipher suites, see RFC 6460. 1103 // 1104 // Note that, at present this provider is not Suite B compliant. The 1105 // preference order of the GCM cipher suites does not follow the spec 1106 // of RFC 6460. In this section, only two cipher suites are listed 1107 // so that applications can make use of Suite-B compliant cipher 1108 // suite firstly. 1109 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02c, --p, 1110 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1111 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02b, --p, 1112 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1113 1114 // AES_256(GCM) 1115 add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, --p, 1116 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1117 add("TLS_RSA_WITH_AES_256_GCM_SHA384", 0x009d, --p, 1118 K_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1119 add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02e, --p, 1120 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1121 add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, --p, 1122 K_ECDH_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1123 add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 0x009f, --p, 1124 K_DHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1125 add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x00a3, --p, 1126 K_DHE_DSS, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1127 1128 // AES_128(GCM) 1129 add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 0xc02f, --p, 1130 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1131 add("TLS_RSA_WITH_AES_128_GCM_SHA256", 0x009c, --p, 1132 K_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1133 add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02d, --p, 1134 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1135 add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, --p, 1136 K_ECDH_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1137 add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 0x009e, --p, 1138 K_DHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1139 add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x00a2, --p, 1140 K_DHE_DSS, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1141 1142 // AES_256(CBC) 1143 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0xc024, --p, 1144 K_ECDHE_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1145 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0xc028, --p, 1146 K_ECDHE_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1147 add("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x003d, --p, 1148 K_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1149 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0xc026, --p, 1150 K_ECDH_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1151 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0xc02a, --p, 1152 K_ECDH_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1153 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x006b, --p, 1154 K_DHE_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1155 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x006a, --p, 1156 K_DHE_DSS, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1157 1158 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 0xC00A, --p, 1159 K_ECDHE_ECDSA, B_AES_256, M_SHA, T); 1160 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 0xC014, --p, 1161 K_ECDHE_RSA, B_AES_256, M_SHA, T); 1162 add("TLS_RSA_WITH_AES_256_CBC_SHA", 0x0035, --p, 1163 K_RSA, B_AES_256, M_SHA, T); 1164 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 0xC005, --p, 1165 K_ECDH_ECDSA, B_AES_256, M_SHA, T); 1166 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 0xC00F, --p, 1167 K_ECDH_RSA, B_AES_256, M_SHA, T); 1168 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 0x0039, --p, 1169 K_DHE_RSA, B_AES_256, M_SHA, T); 1170 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 0x0038, --p, 1171 K_DHE_DSS, B_AES_256, M_SHA, T); 1172 1173 // AES_128(CBC) 1174 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0xc023, --p, 1175 K_ECDHE_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1176 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0xc027, --p, 1177 K_ECDHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1178 add("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x003c, --p, 1179 K_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1180 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0xc025, --p, 1181 K_ECDH_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1182 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0xc029, --p, 1183 K_ECDH_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1184 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0067, --p, 1185 K_DHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1186 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0040, --p, 1187 K_DHE_DSS, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1188 1189 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 0xC009, --p, 1190 K_ECDHE_ECDSA, B_AES_128, M_SHA, T); 1191 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 0xC013, --p, 1192 K_ECDHE_RSA, B_AES_128, M_SHA, T); 1193 add("TLS_RSA_WITH_AES_128_CBC_SHA", 0x002f, --p, 1194 K_RSA, B_AES_128, M_SHA, T); 1195 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 0xC004, --p, 1196 K_ECDH_ECDSA, B_AES_128, M_SHA, T); 1197 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 0xC00E, --p, 1198 K_ECDH_RSA, B_AES_128, M_SHA, T); 1199 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 0x0033, --p, 1200 K_DHE_RSA, B_AES_128, M_SHA, T); 1201 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 0x0032, --p, 1202 K_DHE_DSS, B_AES_128, M_SHA, T); 1203 1204 // 3DES_EDE 1205 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC008, --p, 1206 K_ECDHE_ECDSA, B_3DES, M_SHA, T); 1207 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 0xC012, --p, 1208 K_ECDHE_RSA, B_3DES, M_SHA, T); 1209 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", 0x000a, --p, 1210 K_RSA, B_3DES, M_SHA, T); 1211 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC003, --p, 1212 K_ECDH_ECDSA, B_3DES, M_SHA, T); 1213 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 0xC00D, --p, 1214 K_ECDH_RSA, B_3DES, M_SHA, T); 1215 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 0x0016, --p, 1216 K_DHE_RSA, B_3DES, M_SHA, T); 1217 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 0x0013, --p, 1218 K_DHE_DSS, B_3DES, M_SHA, N); 1219 1220 // Renegotiation protection request Signalling Cipher Suite Value (SCSV) 1221 add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0x00ff, --p, 1222 K_SCSV, B_NULL, M_NULL, T); 1223 1224 /* 1225 * Definition of the CipherSuites that are supported but not enabled 1226 * by default. 1227 * They are listed in preference order, preferred first, using the 1228 * following criteria: 1229 * 1. CipherSuites for KRB5 need additional KRB5 service 1230 * configuration, and these suites are not common in practice, 1231 * so we put KRB5 based cipher suites at the end of the supported 1232 * list. 1233 * 2. If a cipher suite has been obsoleted, we put it at the end of 1234 * the list. 1235 * 3. Prefer the stronger bulk cipher, in the order of AES_256, 1236 * AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. 1237 * 4. Prefer the stronger MAC algorithm, in the order of SHA384, 1238 * SHA256, SHA, MD5. 1239 * 5. Prefer the better performance of key exchange and digital 1240 * signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 1241 * RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous. 1242 */ 1243 p = DEFAULT_SUITES_PRIORITY; 1244 1245 add("TLS_DH_anon_WITH_AES_256_GCM_SHA384", 0x00a7, --p, 1246 K_DH_ANON, B_AES_256_GCM, M_NULL, N, max, tls12, P_SHA384); 1247 add("TLS_DH_anon_WITH_AES_128_GCM_SHA256", 0x00a6, --p, 1248 K_DH_ANON, B_AES_128_GCM, M_NULL, N, max, tls12, P_SHA256); 1249 1250 add("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x006d, --p, 1251 K_DH_ANON, B_AES_256, M_SHA256, N, max, tls12, P_SHA256); 1252 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 0xC019, --p, 1253 K_ECDH_ANON, B_AES_256, M_SHA, N); 1254 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", 0x003a, --p, 1255 K_DH_ANON, B_AES_256, M_SHA, N); 1256 1257 add("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x006c, --p, 1258 K_DH_ANON, B_AES_128, M_SHA256, N, max, tls12, P_SHA256); 1259 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 0xC018, --p, 1260 K_ECDH_ANON, B_AES_128, M_SHA, N); 1261 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", 0x0034, --p, 1262 K_DH_ANON, B_AES_128, M_SHA, N); 1263 1264 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 0xC017, --p, 1265 K_ECDH_ANON, B_3DES, M_SHA, N); 1266 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 0x001b, --p, 1267 K_DH_ANON, B_3DES, M_SHA, N); 1268 1269 // RC-4 1270 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 0xC007, --p, 1271 K_ECDHE_ECDSA, B_RC4_128, M_SHA, N); 1272 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", 0xC011, --p, 1273 K_ECDHE_RSA, B_RC4_128, M_SHA, N); 1274 add("SSL_RSA_WITH_RC4_128_SHA", 0x0005, --p, 1275 K_RSA, B_RC4_128, M_SHA, N); 1276 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 0xC002, --p, 1277 K_ECDH_ECDSA, B_RC4_128, M_SHA, N); 1278 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", 0xC00C, --p, 1279 K_ECDH_RSA, B_RC4_128, M_SHA, N); 1280 add("SSL_RSA_WITH_RC4_128_MD5", 0x0004, --p, 1281 K_RSA, B_RC4_128, M_MD5, N); 1282 1283 add("TLS_ECDH_anon_WITH_RC4_128_SHA", 0xC016, --p, 1284 K_ECDH_ANON, B_RC4_128, M_SHA, N); 1285 add("SSL_DH_anon_WITH_RC4_128_MD5", 0x0018, --p, 1286 K_DH_ANON, B_RC4_128, M_MD5, N); 1287 1288 // weak cipher suites obsoleted in TLS 1.2 1289 add("SSL_RSA_WITH_DES_CBC_SHA", 0x0009, --p, 1290 K_RSA, B_DES, M_SHA, N, tls12); 1291 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0015, --p, 1292 K_DHE_RSA, B_DES, M_SHA, N, tls12); 1293 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0012, --p, 1294 K_DHE_DSS, B_DES, M_SHA, N, tls12); 1295 add("SSL_DH_anon_WITH_DES_CBC_SHA", 0x001a, --p, 1296 K_DH_ANON, B_DES, M_SHA, N, tls12); 1297 1298 // weak cipher suites obsoleted in TLS 1.1 1299 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0008, --p, 1300 K_RSA_EXPORT, B_DES_40, M_SHA, N, tls11); 1301 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0014, --p, 1302 K_DHE_RSA, B_DES_40, M_SHA, N, tls11); 1303 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0011, --p, 1304 K_DHE_DSS, B_DES_40, M_SHA, N, tls11); 1305 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0019, --p, 1306 K_DH_ANON, B_DES_40, M_SHA, N, tls11); 1307 1308 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0003, --p, 1309 K_RSA_EXPORT, B_RC4_40, M_MD5, N, tls11); 1310 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0017, --p, 1311 K_DH_ANON, B_RC4_40, M_MD5, N, tls11); 1312 1313 add("TLS_RSA_WITH_NULL_SHA256", 0x003b, --p, 1314 K_RSA, B_NULL, M_SHA256, N, max, tls12, P_SHA256); 1315 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", 0xC006, --p, 1316 K_ECDHE_ECDSA, B_NULL, M_SHA, N); 1317 add("TLS_ECDHE_RSA_WITH_NULL_SHA", 0xC010, --p, 1318 K_ECDHE_RSA, B_NULL, M_SHA, N); 1319 add("SSL_RSA_WITH_NULL_SHA", 0x0002, --p, 1320 K_RSA, B_NULL, M_SHA, N); 1321 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", 0xC001, --p, 1322 K_ECDH_ECDSA, B_NULL, M_SHA, N); 1323 add("TLS_ECDH_RSA_WITH_NULL_SHA", 0xC00B, --p, 1324 K_ECDH_RSA, B_NULL, M_SHA, N); 1325 add("TLS_ECDH_anon_WITH_NULL_SHA", 0xC015, --p, 1326 K_ECDH_ANON, B_NULL, M_SHA, N); 1327 add("SSL_RSA_WITH_NULL_MD5", 0x0001, --p, 1328 K_RSA, B_NULL, M_MD5, N); 1329 1330 // Supported Kerberos ciphersuites from RFC2712 1331 add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001f, --p, 1332 K_KRB5, B_3DES, M_SHA, N); 1333 add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023, --p, 1334 K_KRB5, B_3DES, M_MD5, N); 1335 add("TLS_KRB5_WITH_RC4_128_SHA", 0x0020, --p, 1336 K_KRB5, B_RC4_128, M_SHA, N); 1337 add("TLS_KRB5_WITH_RC4_128_MD5", 0x0024, --p, 1338 K_KRB5, B_RC4_128, M_MD5, N); 1339 add("TLS_KRB5_WITH_DES_CBC_SHA", 0x001e, --p, 1340 K_KRB5, B_DES, M_SHA, N, tls12); 1341 add("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022, --p, 1342 K_KRB5, B_DES, M_MD5, N, tls12); 1343 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026, --p, 1344 K_KRB5_EXPORT, B_DES_40, M_SHA, N, tls11); 1345 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029, --p, 1346 K_KRB5_EXPORT, B_DES_40, M_MD5, N, tls11); 1347 add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028, --p, 1348 K_KRB5_EXPORT, B_RC4_40, M_SHA, N, tls11); 1349 add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002b, --p, 1350 K_KRB5_EXPORT, B_RC4_40, M_MD5, N, tls11); 1351 1352 /* 1353 * Other values from the TLS Cipher Suite Registry, as of August 2010. 1354 * 1355 * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 1356 * 1357 * Range Registration Procedures Notes 1358 * 000-191 Standards Action Refers to value of first byte 1359 * 192-254 Specification Required Refers to value of first byte 1360 * 255 Reserved for Private Use Refers to value of first byte 1361 */ 1362 1363 // Register the names of a few additional CipherSuites. 1364 // Makes them show up as names instead of numbers in 1365 // the debug output. 1366 1367 // remaining unsupported ciphersuites defined in RFC2246. 1368 add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006); 1369 add("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007); 1370 add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b); 1371 add("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c); 1372 add("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d); 1373 add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e); 1374 add("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f); 1375 add("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010); 1376 1377 // SSL 3.0 Fortezza ciphersuites 1378 add("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c); 1379 add("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d); 1380 1381 // 1024/56 bit exportable ciphersuites from expired internet draft 1382 add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062); 1383 add("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063); 1384 add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064); 1385 add("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065); 1386 add("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066); 1387 1388 // Netscape old and new SSL 3.0 FIPS ciphersuites 1389 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html 1390 add("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0); 1391 add("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1); 1392 add("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe); 1393 add("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff); 1394 1395 // Unsupported Kerberos cipher suites from RFC 2712 1396 add("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021); 1397 add("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025); 1398 add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027); 1399 add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a); 1400 1401 // Unsupported cipher suites from RFC 4162 1402 add("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096); 1403 add("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097); 1404 add("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098); 1405 add("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099); 1406 add("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a); 1407 add("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b); 1408 1409 // Unsupported cipher suites from RFC 4279 1410 add("TLS_PSK_WITH_RC4_128_SHA", 0x008a); 1411 add("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b); 1412 add("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c); 1413 add("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d); 1414 add("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e); 1415 add("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f); 1416 add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090); 1417 add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091); 1418 add("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092); 1419 add("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093); 1420 add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094); 1421 add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095); 1422 1423 // Unsupported cipher suites from RFC 4785 1424 add("TLS_PSK_WITH_NULL_SHA", 0x002c); 1425 add("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d); 1426 add("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e); 1427 1428 // Unsupported cipher suites from RFC 5246 1429 add("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030); 1430 add("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031); 1431 add("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036); 1432 add("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037); 1433 add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e); 1434 add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f); 1435 add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068); 1436 add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069); 1437 1438 // Unsupported cipher suites from RFC 5288 1439 add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0); 1440 add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1); 1441 add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4); 1442 add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5); 1443 1444 // Unsupported cipher suites from RFC 5487 1445 add("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8); 1446 add("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9); 1447 add("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa); 1448 add("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab); 1449 add("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac); 1450 add("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad); 1451 add("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae); 1452 add("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af); 1453 add("TLS_PSK_WITH_NULL_SHA256", 0x00b0); 1454 add("TLS_PSK_WITH_NULL_SHA384", 0x00b1); 1455 add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2); 1456 add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3); 1457 add("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4); 1458 add("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5); 1459 add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6); 1460 add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7); 1461 add("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8); 1462 add("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9); 1463 1464 // Unsupported cipher suites from RFC 5932 1465 add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041); 1466 add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042); 1467 add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043); 1468 add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044); 1469 add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045); 1470 add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046); 1471 add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084); 1472 add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085); 1473 add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086); 1474 add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087); 1475 add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088); 1476 add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089); 1477 add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba); 1478 add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb); 1479 add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc); 1480 add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd); 1481 add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be); 1482 add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf); 1483 add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0); 1484 add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1); 1485 add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2); 1486 add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3); 1487 add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4); 1488 add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5); 1489 1490 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507 1491 add("TLS_FALLBACK_SCSV", 0x5600); 1492 1493 // Unsupported cipher suites from RFC 5054 1494 add("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a); 1495 add("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b); 1496 add("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c); 1497 add("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d); 1498 add("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e); 1499 add("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f); 1500 add("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020); 1501 add("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021); 1502 add("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022); 1503 1504 // Unsupported cipher suites from RFC 5489 1505 add("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033); 1506 add("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034); 1507 add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035); 1508 add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036); 1509 add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037); 1510 add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038); 1511 add("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039); 1512 add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a); 1513 add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b); 1514 1515 // Unsupported cipher suites from RFC 6209 1516 add("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c); 1517 add("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d); 1518 add("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e); 1519 add("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f); 1520 add("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040); 1521 add("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041); 1522 add("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042); 1523 add("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043); 1524 add("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044); 1525 add("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045); 1526 add("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046); 1527 add("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047); 1528 add("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048); 1529 add("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049); 1530 add("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a); 1531 add("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b); 1532 add("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c); 1533 add("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d); 1534 add("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e); 1535 add("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f); 1536 add("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050); 1537 add("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051); 1538 add("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052); 1539 add("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053); 1540 add("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054); 1541 add("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055); 1542 add("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056); 1543 add("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057); 1544 add("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058); 1545 add("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059); 1546 add("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a); 1547 add("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b); 1548 add("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c); 1549 add("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d); 1550 add("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e); 1551 add("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f); 1552 add("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060); 1553 add("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061); 1554 add("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062); 1555 add("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063); 1556 add("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064); 1557 add("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065); 1558 add("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066); 1559 add("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067); 1560 add("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068); 1561 add("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069); 1562 add("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a); 1563 add("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b); 1564 add("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c); 1565 add("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d); 1566 add("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e); 1567 add("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f); 1568 add("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070); 1569 add("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071); 1570 1571 // Unsupported cipher suites from RFC 6367 1572 add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072); 1573 add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073); 1574 add("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074); 1575 add("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075); 1576 add("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076); 1577 add("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077); 1578 add("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078); 1579 add("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079); 1580 add("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a); 1581 add("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b); 1582 add("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c); 1583 add("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d); 1584 add("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e); 1585 add("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f); 1586 add("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080); 1587 add("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081); 1588 add("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082); 1589 add("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083); 1590 add("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084); 1591 add("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085); 1592 add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086); 1593 add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087); 1594 add("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088); 1595 add("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089); 1596 add("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a); 1597 add("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b); 1598 add("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c); 1599 add("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d); 1600 add("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e); 1601 add("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f); 1602 add("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090); 1603 add("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091); 1604 add("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092); 1605 add("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093); 1606 add("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094); 1607 add("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095); 1608 add("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096); 1609 add("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097); 1610 add("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098); 1611 add("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099); 1612 add("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a); 1613 add("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b); 1614 1615 // Unsupported cipher suites from RFC 6655 1616 add("TLS_RSA_WITH_AES_128_CCM", 0xc09c); 1617 add("TLS_RSA_WITH_AES_256_CCM", 0xc09d); 1618 add("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e); 1619 add("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f); 1620 add("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0); 1621 add("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1); 1622 add("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2); 1623 add("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3); 1624 add("TLS_PSK_WITH_AES_128_CCM", 0xc0A4); 1625 add("TLS_PSK_WITH_AES_256_CCM", 0xc0A5); 1626 add("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6); 1627 add("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7); 1628 add("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8); 1629 add("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9); 1630 add("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa); 1631 add("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab); 1632 1633 // Unsupported cipher suites from RFC 7251 1634 add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac); 1635 add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad); 1636 add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae); 1637 add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af); 1638 } 1639 1640 // ciphersuite SSL_NULL_WITH_NULL_NULL 1641 static final CipherSuite C_NULL = CipherSuite.valueOf(0, 0); 1642 1643 // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV 1644 static final CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff); 1645 } | 1 /* 2 * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.util.ArrayList; 29 import java.util.Arrays; 30 import java.util.Collection; 31 import java.util.Collections; 32 import java.util.LinkedList; 33 import java.util.List; 34 import static sun.security.ssl.CipherSuite.HashAlg.*; 35 import static sun.security.ssl.CipherSuite.KeyExchange.*; 36 import static sun.security.ssl.CipherSuite.MacAlg.*; 37 import static sun.security.ssl.SSLCipher.*; 38 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType; 39 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*; 40 41 enum CipherSuite { 42 // 43 // in preference order 44 // 45 46 // Definition of the CipherSuites that are enabled by default. 47 // 48 // They are listed in preference order, most preferred first, using 49 // the following criteria: 50 // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be 51 // changed later, see below). 52 // 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM), 53 // AES_128(GCM), AES_256, AES_128, 3DES-EDE. 54 // 3. Prefer the stronger MAC algorithm, in the order of SHA384, 55 // SHA256, SHA, MD5. 56 // 4. Prefer the better performance of key exchange and digital 57 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 58 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS. 59 60 TLS_AES_128_GCM_SHA256( 61 0x1301, true, "TLS_AES_128_GCM_SHA256", 62 ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256), 63 TLS_AES_256_GCM_SHA384( 64 0x1302, true, "TLS_AES_256_GCM_SHA384", 65 ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384), 66 67 // Suite B compliant cipher suites, see RFC 6460. 68 // 69 // Note that, at present this provider is not Suite B compliant. The 70 // preference order of the GCM cipher suites does not follow the spec 71 // of RFC 6460. In this section, only two cipher suites are listed 72 // so that applications can make use of Suite-B compliant cipher 73 // suite firstly. 74 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384( 75 0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "", 76 ProtocolVersion.PROTOCOLS_OF_12, 77 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 78 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256( 79 0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "", 80 ProtocolVersion.PROTOCOLS_OF_12, 81 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 82 83 // AES_256(GCM) 84 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 85 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "", 86 ProtocolVersion.PROTOCOLS_OF_12, 87 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 88 TLS_RSA_WITH_AES_256_GCM_SHA384( 89 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "", 90 ProtocolVersion.PROTOCOLS_OF_12, 91 K_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 92 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 93 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", 94 ProtocolVersion.PROTOCOLS_OF_12, 95 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 96 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( 97 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "", 98 ProtocolVersion.PROTOCOLS_OF_12, 99 K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 100 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 101 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "", 102 ProtocolVersion.PROTOCOLS_OF_12, 103 K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 104 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 105 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "", 106 ProtocolVersion.PROTOCOLS_OF_12, 107 K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384), 108 109 // AES_128(GCM) 110 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( 111 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "", 112 ProtocolVersion.PROTOCOLS_OF_12, 113 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 114 TLS_RSA_WITH_AES_128_GCM_SHA256( 115 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "", 116 ProtocolVersion.PROTOCOLS_OF_12, 117 K_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 118 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( 119 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "", 120 ProtocolVersion.PROTOCOLS_OF_12, 121 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 122 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( 123 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "", 124 ProtocolVersion.PROTOCOLS_OF_12, 125 K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 126 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 127 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "", 128 ProtocolVersion.PROTOCOLS_OF_12, 129 K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 130 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 131 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "", 132 ProtocolVersion.PROTOCOLS_OF_12, 133 K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256), 134 135 // AES_256(CBC) 136 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 137 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "", 138 ProtocolVersion.PROTOCOLS_OF_12, 139 K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384), 140 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 141 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "", 142 ProtocolVersion.PROTOCOLS_OF_12, 143 K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384), 144 TLS_RSA_WITH_AES_256_CBC_SHA256( 145 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "", 146 ProtocolVersion.PROTOCOLS_OF_12, 147 K_RSA, B_AES_256, M_SHA384, H_SHA384), 148 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 149 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "", 150 ProtocolVersion.PROTOCOLS_OF_12, 151 K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384), 152 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 153 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "", 154 ProtocolVersion.PROTOCOLS_OF_12, 155 K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384), 156 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( 157 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "", 158 ProtocolVersion.PROTOCOLS_OF_12, 159 K_DHE_RSA, B_AES_256, M_SHA384, H_SHA256), 160 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( 161 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "", 162 ProtocolVersion.PROTOCOLS_OF_12, 163 K_DHE_DSS, B_AES_256, M_SHA384, H_SHA256), 164 165 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( 166 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "", 167 ProtocolVersion.PROTOCOLS_TO_12, 168 K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256), 169 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( 170 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "", 171 ProtocolVersion.PROTOCOLS_TO_12, 172 K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256), 173 TLS_RSA_WITH_AES_256_CBC_SHA( 174 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "", 175 ProtocolVersion.PROTOCOLS_TO_12, 176 K_RSA, B_AES_256, M_SHA, H_SHA256), 177 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( 178 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "", 179 ProtocolVersion.PROTOCOLS_TO_12, 180 K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256), 181 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( 182 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "", 183 ProtocolVersion.PROTOCOLS_TO_12, 184 K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256), 185 TLS_DHE_RSA_WITH_AES_256_CBC_SHA( 186 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "", 187 ProtocolVersion.PROTOCOLS_TO_12, 188 K_DHE_RSA, B_AES_256, M_SHA, H_SHA256), 189 TLS_DHE_DSS_WITH_AES_256_CBC_SHA( 190 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "", 191 ProtocolVersion.PROTOCOLS_TO_12, 192 K_DHE_DSS, B_AES_256, M_SHA, H_SHA256), 193 194 // AES_128(CBC) 195 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( 196 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "", 197 ProtocolVersion.PROTOCOLS_OF_12, 198 K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256), 199 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( 200 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "", 201 ProtocolVersion.PROTOCOLS_OF_12, 202 K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256), 203 TLS_RSA_WITH_AES_128_CBC_SHA256( 204 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "", 205 ProtocolVersion.PROTOCOLS_OF_12, 206 K_RSA, B_AES_128, M_SHA256, H_SHA256), 207 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( 208 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "", 209 ProtocolVersion.PROTOCOLS_OF_12, 210 K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256), 211 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( 212 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "", 213 ProtocolVersion.PROTOCOLS_OF_12, 214 K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256), 215 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( 216 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "", 217 ProtocolVersion.PROTOCOLS_OF_12, 218 K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256), 219 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( 220 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", 221 ProtocolVersion.PROTOCOLS_OF_12, 222 K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), 223 224 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( 225 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "", 226 ProtocolVersion.PROTOCOLS_TO_12, 227 K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256), 228 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( 229 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "", 230 ProtocolVersion.PROTOCOLS_TO_12, 231 K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256), 232 TLS_RSA_WITH_AES_128_CBC_SHA( 233 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "", 234 ProtocolVersion.PROTOCOLS_TO_12, 235 K_RSA, B_AES_128, M_SHA, H_SHA256), 236 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( 237 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "", 238 ProtocolVersion.PROTOCOLS_TO_12, 239 K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256), 240 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( 241 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "", 242 ProtocolVersion.PROTOCOLS_TO_12, 243 K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256), 244 TLS_DHE_RSA_WITH_AES_128_CBC_SHA( 245 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "", 246 ProtocolVersion.PROTOCOLS_TO_12, 247 K_DHE_RSA, B_AES_128, M_SHA, H_SHA256), 248 TLS_DHE_DSS_WITH_AES_128_CBC_SHA( 249 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "", 250 ProtocolVersion.PROTOCOLS_TO_12, 251 K_DHE_DSS, B_AES_128, M_SHA, H_SHA256), 252 253 // 3DES_EDE 254 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( 255 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 256 ProtocolVersion.PROTOCOLS_TO_12, 257 K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256), 258 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( 259 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "", 260 ProtocolVersion.PROTOCOLS_TO_12, 261 K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256), 262 SSL_RSA_WITH_3DES_EDE_CBC_SHA( 263 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "", 264 ProtocolVersion.PROTOCOLS_TO_12, 265 K_RSA, B_3DES, M_SHA, H_SHA256), 266 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( 267 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 268 ProtocolVersion.PROTOCOLS_TO_12, 269 K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256), 270 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( 271 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "", 272 ProtocolVersion.PROTOCOLS_TO_12, 273 K_ECDH_RSA, B_3DES, M_SHA, H_SHA256), 274 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( 275 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "", 276 ProtocolVersion.PROTOCOLS_TO_12, 277 K_DHE_RSA, B_3DES, M_SHA, H_SHA256), 278 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( 279 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "", 280 ProtocolVersion.PROTOCOLS_TO_12, 281 K_DHE_DSS, B_3DES, M_SHA, H_SHA256), 282 283 // Renegotiation protection request Signalling Cipher Suite Value (SCSV). 284 TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior 285 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "", 286 ProtocolVersion.PROTOCOLS_TO_12, 287 K_SCSV, B_NULL, M_NULL, H_NONE), 288 289 // Definition of the CipherSuites that are supported but not enabled 290 // by default. 291 // They are listed in preference order, preferred first, using the 292 // following criteria: 293 // 1. CipherSuites for KRB5 need additional KRB5 service 294 // configuration, and these suites are not common in practice, 295 // so we put KRB5 based cipher suites at the end of the supported 296 // list. 297 // 2. If a cipher suite has been obsoleted, we put it at the end of 298 // the list. 299 // 3. Prefer the stronger bulk cipher, in the order of AES_256, 300 // AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. 301 // 4. Prefer the stronger MAC algorithm, in the order of SHA384, 302 // SHA256, SHA, MD5. 303 // 5. Prefer the better performance of key exchange and digital 304 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 305 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous. 306 TLS_DH_anon_WITH_AES_256_GCM_SHA384( 307 0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "", 308 ProtocolVersion.PROTOCOLS_OF_12, 309 K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384), 310 TLS_DH_anon_WITH_AES_128_GCM_SHA256( 311 0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "", 312 ProtocolVersion.PROTOCOLS_OF_12, 313 K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256), 314 TLS_DH_anon_WITH_AES_256_CBC_SHA256( 315 0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "", 316 ProtocolVersion.PROTOCOLS_OF_12, 317 K_DH_ANON, B_AES_256, M_SHA256, H_SHA256), 318 TLS_ECDH_anon_WITH_AES_256_CBC_SHA( 319 0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "", 320 ProtocolVersion.PROTOCOLS_TO_12, 321 K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256), 322 TLS_DH_anon_WITH_AES_256_CBC_SHA( 323 0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "", 324 ProtocolVersion.PROTOCOLS_TO_12, 325 K_DH_ANON, B_AES_256, M_SHA, H_SHA256), 326 TLS_DH_anon_WITH_AES_128_CBC_SHA256( 327 0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "", 328 ProtocolVersion.PROTOCOLS_OF_12, 329 K_DH_ANON, B_AES_128, M_SHA256, H_SHA256), 330 TLS_ECDH_anon_WITH_AES_128_CBC_SHA( 331 0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "", 332 ProtocolVersion.PROTOCOLS_TO_12, 333 K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256), 334 TLS_DH_anon_WITH_AES_128_CBC_SHA( 335 0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "", 336 ProtocolVersion.PROTOCOLS_TO_12, 337 K_DH_ANON, B_AES_128, M_SHA, H_SHA256), 338 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA( 339 0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "", 340 ProtocolVersion.PROTOCOLS_TO_12, 341 K_ECDH_ANON, B_3DES, M_SHA, H_SHA256), 342 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA( 343 0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "", 344 ProtocolVersion.PROTOCOLS_TO_12, 345 K_DH_ANON, B_3DES, M_SHA, H_SHA256), 346 347 // RC-4 348 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( 349 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "", 350 ProtocolVersion.PROTOCOLS_TO_12, 351 K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256), 352 TLS_ECDHE_RSA_WITH_RC4_128_SHA( 353 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "", 354 ProtocolVersion.PROTOCOLS_TO_12, 355 K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256), 356 SSL_RSA_WITH_RC4_128_SHA( 357 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", "", 358 ProtocolVersion.PROTOCOLS_TO_12, 359 K_RSA, B_RC4_128, M_SHA, H_SHA256), 360 TLS_ECDH_ECDSA_WITH_RC4_128_SHA( 361 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "", 362 ProtocolVersion.PROTOCOLS_TO_12, 363 K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256), 364 TLS_ECDH_RSA_WITH_RC4_128_SHA( 365 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "", 366 ProtocolVersion.PROTOCOLS_TO_12, 367 K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256), 368 SSL_RSA_WITH_RC4_128_MD5( 369 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", "", 370 ProtocolVersion.PROTOCOLS_TO_12, 371 K_RSA, B_RC4_128, M_MD5, H_SHA256), 372 TLS_ECDH_anon_WITH_RC4_128_SHA( 373 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "", 374 ProtocolVersion.PROTOCOLS_TO_12, 375 K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256), 376 SSL_DH_anon_WITH_RC4_128_MD5( 377 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", "", 378 ProtocolVersion.PROTOCOLS_TO_12, 379 K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), 380 381 // weak cipher suites obsoleted in TLS 1.2 382 SSL_RSA_WITH_DES_CBC_SHA( 383 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", "", 384 ProtocolVersion.PROTOCOLS_TO_11, 385 K_RSA, B_DES, M_SHA, H_NONE), 386 SSL_DHE_RSA_WITH_DES_CBC_SHA( 387 0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA", "", 388 ProtocolVersion.PROTOCOLS_TO_11, 389 K_DHE_RSA, B_DES, M_SHA, H_NONE), 390 SSL_DHE_DSS_WITH_DES_CBC_SHA( 391 0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA", "", 392 ProtocolVersion.PROTOCOLS_TO_11, 393 K_DHE_DSS, B_DES, M_SHA, H_NONE), 394 SSL_DH_anon_WITH_DES_CBC_SHA( 395 0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA", "", 396 ProtocolVersion.PROTOCOLS_TO_11, 397 K_DH_ANON, B_DES, M_SHA, H_NONE), 398 399 // weak cipher suites obsoleted in TLS 1.1 400 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA( 401 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "", 402 ProtocolVersion.PROTOCOLS_TO_10, 403 K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 404 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA( 405 0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "", 406 ProtocolVersion.PROTOCOLS_TO_10, 407 K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 408 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA( 409 0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "", 410 ProtocolVersion.PROTOCOLS_TO_10, 411 K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE), 412 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA( 413 0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "", 414 ProtocolVersion.PROTOCOLS_TO_10, 415 K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE), 416 SSL_RSA_EXPORT_WITH_RC4_40_MD5( 417 0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "", 418 ProtocolVersion.PROTOCOLS_TO_10, 419 K_RSA_EXPORT, B_DES_40, M_MD5, H_NONE), 420 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5( 421 0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "", 422 ProtocolVersion.PROTOCOLS_TO_10, 423 K_DH_ANON, B_DES_40, M_MD5, H_NONE), 424 425 // no traffic encryption cipher suites 426 TLS_RSA_WITH_NULL_SHA256( 427 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "", 428 ProtocolVersion.PROTOCOLS_OF_12, 429 K_RSA, B_NULL, M_SHA256, H_SHA256), 430 TLS_ECDHE_ECDSA_WITH_NULL_SHA( 431 0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "", 432 ProtocolVersion.PROTOCOLS_TO_12, 433 K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256), 434 TLS_ECDHE_RSA_WITH_NULL_SHA( 435 0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "", 436 ProtocolVersion.PROTOCOLS_TO_12, 437 K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256), 438 SSL_RSA_WITH_NULL_SHA( 439 0x0002, false, "SSL_RSA_WITH_NULL_SHA", "", 440 ProtocolVersion.PROTOCOLS_TO_12, 441 K_RSA, B_NULL, M_SHA, H_SHA256), 442 TLS_ECDH_ECDSA_WITH_NULL_SHA( 443 0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "", 444 ProtocolVersion.PROTOCOLS_TO_12, 445 K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256), 446 TLS_ECDH_RSA_WITH_NULL_SHA( 447 0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "", 448 ProtocolVersion.PROTOCOLS_TO_12, 449 K_ECDH_RSA, B_NULL, M_SHA, H_SHA256), 450 TLS_ECDH_anon_WITH_NULL_SHA( 451 0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "", 452 ProtocolVersion.PROTOCOLS_TO_12, 453 K_ECDH_ANON, B_NULL, M_SHA, H_SHA256), 454 SSL_RSA_WITH_NULL_MD5( 455 0x0001, false, "SSL_RSA_WITH_NULL_MD5", "", 456 ProtocolVersion.PROTOCOLS_TO_12, 457 K_RSA, B_NULL, M_MD5, H_SHA256), 458 459 // supported Kerberos ciphersuites from RFC2712 460 TLS_KRB5_WITH_3DES_EDE_CBC_SHA( 461 0x001F, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "", 462 ProtocolVersion.PROTOCOLS_TO_12, 463 K_KRB5, B_3DES, M_SHA, H_SHA256), 464 TLS_KRB5_WITH_3DES_EDE_CBC_MD5( 465 0x0023, false, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "", 466 ProtocolVersion.PROTOCOLS_TO_12, 467 K_KRB5, B_3DES, M_MD5, H_SHA256), 468 TLS_KRB5_WITH_RC4_128_SHA( 469 0x0020, false, "TLS_KRB5_WITH_RC4_128_SHA", "", 470 ProtocolVersion.PROTOCOLS_TO_12, 471 K_KRB5, B_RC4_128, M_SHA, H_SHA256), 472 TLS_KRB5_WITH_RC4_128_MD5( 473 0x0024, false, "TLS_KRB5_WITH_RC4_128_MD5", "", 474 ProtocolVersion.PROTOCOLS_TO_12, 475 K_KRB5, B_RC4_128, M_MD5, H_SHA256), 476 TLS_KRB5_WITH_DES_CBC_SHA( 477 0x001e, false, "TLS_KRB5_WITH_DES_CBC_SHA", "", 478 ProtocolVersion.PROTOCOLS_TO_11, 479 K_KRB5, B_DES, M_SHA, H_NONE), 480 TLS_KRB5_WITH_DES_CBC_MD5( 481 0x0022, false, "TLS_KRB5_WITH_DES_CBC_MD5", "", 482 ProtocolVersion.PROTOCOLS_TO_11, 483 K_KRB5, B_DES, M_MD5, H_NONE), 484 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA( 485 0x0026, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "", 486 ProtocolVersion.PROTOCOLS_TO_10, 487 K_KRB5_EXPORT, B_DES_40, M_SHA, H_NONE), 488 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5( 489 0x0029, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "", 490 ProtocolVersion.PROTOCOLS_TO_10, 491 K_KRB5_EXPORT, B_DES_40, M_MD5, H_NONE), 492 TLS_KRB5_EXPORT_WITH_RC4_40_SHA( 493 0x0028, false, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "", 494 ProtocolVersion.PROTOCOLS_TO_10, 495 K_KRB5_EXPORT, B_RC4_40, M_SHA, H_NONE), 496 TLS_KRB5_EXPORT_WITH_RC4_40_MD5( 497 0x002B, false, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "", 498 ProtocolVersion.PROTOCOLS_TO_10, 499 K_KRB5_EXPORT, B_RC4_40, M_MD5, H_NONE), 500 501 // Other values from the TLS Cipher Suite Registry, as of August 2010. 502 // 503 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 504 // 505 // Range Registration Procedures Notes 506 // 000-191 Standards Action Refers to value of first byte 507 // 192-254 Specification Required Refers to value of first byte 508 // 255 Reserved for Private Use Refers to value of first byte 509 510 TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3 511 "TLS_CHACHA20_POLY1305_SHA256", 0x1303), 512 TLS_AES_128_CCM_SHA256( // TLS 1.3 513 "TLS_AES_128_CCM_SHA256", 0x1304), 514 TLS_AES_128_CCM_8_SHA256( // TLS 1.3 515 "TLS_AES_128_CCM_8_SHA256", 0x1305), 516 517 // remaining unsupported ciphersuites defined in RFC2246. 518 CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006), 519 CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007), 520 CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b), 521 CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c), 522 CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d), 523 CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e), 524 CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f), 525 CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010), 526 527 // SSL 3.0 Fortezza ciphersuites 528 CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c), 529 CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d), 530 531 // 1024/56 bit exportable ciphersuites from expired internet draft 532 CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062), 533 CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063), 534 CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064), 535 CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065), 536 CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066), 537 538 // Netscape old and new SSL 3.0 FIPS ciphersuites 539 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html 540 CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0), 541 CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1), 542 CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe), 543 CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff), 544 545 // Unsupported Kerberos cipher suites from RFC 2712 546 CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021), 547 CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025), 548 CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027), 549 CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a), 550 551 // Unsupported cipher suites from RFC 4162 552 CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096), 553 CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097), 554 CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098), 555 CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099), 556 CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a), 557 CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b), 558 559 // Unsupported cipher suites from RFC 4279 560 CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a), 561 CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b), 562 CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c), 563 CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d), 564 CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e), 565 CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f), 566 CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090), 567 CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091), 568 CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092), 569 CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093), 570 CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094), 571 CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095), 572 573 // Unsupported cipher suites from RFC 4785 574 CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c), 575 CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d), 576 CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e), 577 578 // Unsupported cipher suites from RFC 5246 579 CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030), 580 CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031), 581 CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036), 582 CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037), 583 CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e), 584 CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f), 585 CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068), 586 CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069), 587 588 // Unsupported cipher suites from RFC 5288 589 CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0), 590 CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1), 591 CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4), 592 CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5), 593 594 // Unsupported cipher suites from RFC 5487 595 CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8), 596 CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9), 597 CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa), 598 CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab), 599 CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac), 600 CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad), 601 CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae), 602 CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af), 603 CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0), 604 CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1), 605 CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2), 606 CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3), 607 CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4), 608 CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5), 609 CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6), 610 CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7), 611 CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8), 612 CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9), 613 614 // Unsupported cipher suites from RFC 5932 615 CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041), 616 CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042), 617 CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043), 618 CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044), 619 CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045), 620 CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046), 621 CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084), 622 CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085), 623 CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086), 624 CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087), 625 CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088), 626 CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089), 627 CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba), 628 CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb), 629 CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc), 630 CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd), 631 CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be), 632 CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf), 633 CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0), 634 CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1), 635 CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2), 636 CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3), 637 CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4), 638 CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5), 639 640 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507 641 CS_5600("TLS_FALLBACK_SCSV", 0x5600), 642 643 // Unsupported cipher suites from RFC 5054 644 CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a), 645 CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b), 646 CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c), 647 CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d), 648 CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e), 649 CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f), 650 CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020), 651 CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021), 652 CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022), 653 654 // Unsupported cipher suites from RFC 5489 655 CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033), 656 CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034), 657 CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035), 658 CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036), 659 CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037), 660 CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038), 661 CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039), 662 CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a), 663 CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b), 664 665 // Unsupported cipher suites from RFC 6209 666 CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c), 667 CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d), 668 CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e), 669 CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f), 670 CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040), 671 CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041), 672 CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042), 673 CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043), 674 CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044), 675 CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045), 676 CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046), 677 CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047), 678 CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048), 679 CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049), 680 CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a), 681 CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b), 682 CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c), 683 CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d), 684 CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e), 685 CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f), 686 CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050), 687 CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051), 688 CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052), 689 CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053), 690 CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054), 691 CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055), 692 CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056), 693 CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057), 694 CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058), 695 CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059), 696 CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a), 697 CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b), 698 CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c), 699 CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d), 700 CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e), 701 CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f), 702 CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060), 703 CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061), 704 CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062), 705 CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063), 706 CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064), 707 CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065), 708 CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066), 709 CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067), 710 CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068), 711 CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069), 712 CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a), 713 CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b), 714 CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c), 715 CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d), 716 CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e), 717 CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f), 718 CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070), 719 CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071), 720 721 // Unsupported cipher suites from RFC 6367 722 CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072), 723 CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073), 724 CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074), 725 CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075), 726 CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076), 727 CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077), 728 CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078), 729 CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079), 730 CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a), 731 CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b), 732 CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c), 733 CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d), 734 CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e), 735 CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f), 736 CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080), 737 CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081), 738 CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082), 739 CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083), 740 CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084), 741 CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085), 742 CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086), 743 CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087), 744 CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088), 745 CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089), 746 CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a), 747 CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b), 748 CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c), 749 CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d), 750 CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e), 751 CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f), 752 CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090), 753 CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091), 754 CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092), 755 CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093), 756 CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094), 757 CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095), 758 CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096), 759 CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097), 760 CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098), 761 CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099), 762 CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a), 763 CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b), 764 765 // Unsupported cipher suites from RFC 6655 766 CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c), 767 CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d), 768 CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e), 769 CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f), 770 CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0), 771 CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1), 772 CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2), 773 CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3), 774 CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4), 775 CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5), 776 CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6), 777 CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7), 778 CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8), 779 CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9), 780 CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa), 781 CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab), 782 783 // Unsupported cipher suites from RFC 7251 784 CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac), 785 CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad), 786 CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae), 787 CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af), 788 789 C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000); 790 791 final int id; 792 final boolean isDefaultEnabled; 793 final String name; 794 final List<String> aliases; 795 final List<ProtocolVersion> supportedProtocols; 796 final KeyExchange keyExchange; 797 final SSLCipher bulkCipher; 798 final MacAlg macAlg; 799 final HashAlg hashAlg; 800 801 final boolean exportable; 802 803 // known but unsupported cipher suite 804 private CipherSuite(String name, int id) { 805 this(id, false, name, "", 806 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null); 807 } 808 809 // TLS 1.3 cipher suite 810 private CipherSuite(int id, boolean isDefaultEnabled, 811 String name, ProtocolVersion[] supportedProtocols, 812 SSLCipher bulkCipher, HashAlg hashAlg) { 813 this(id, isDefaultEnabled, name, "", 814 supportedProtocols, null, bulkCipher, M_NULL, hashAlg); 815 } 816 817 private CipherSuite(int id, boolean isDefaultEnabled, 818 String name, String aliases, 819 ProtocolVersion[] supportedProtocols, 820 KeyExchange keyExchange, SSLCipher cipher, 821 MacAlg macAlg, HashAlg hashAlg) { 822 this.id = id; 823 this.isDefaultEnabled = isDefaultEnabled; 824 this.name = name; 825 if (aliases.isEmpty()) { 826 this.aliases = Arrays.asList(aliases.split(",")); 827 } else { 828 this.aliases = Collections.emptyList(); 829 } 830 this.supportedProtocols = Arrays.asList(supportedProtocols); 831 this.keyExchange = keyExchange; 832 this.bulkCipher = cipher; 833 this.macAlg = macAlg; 834 this.hashAlg = hashAlg; 835 836 this.exportable = (cipher == null ? false : cipher.exportable); 837 } 838 839 static CipherSuite nameOf(String ciperSuiteName) { 840 for (CipherSuite cs : CipherSuite.values()) { 841 if (cs.name.equals(ciperSuiteName) || 842 cs.aliases.contains(ciperSuiteName)) { 843 return cs; 844 } 845 } 846 847 return null; 848 } 849 850 static CipherSuite valueOf(int id) { 851 for (CipherSuite cs : CipherSuite.values()) { 852 if (cs.id == id) { 853 return cs; 854 } 855 } 856 857 return null; 858 } 859 860 static String nameOf(int id) { 861 for (CipherSuite cs : CipherSuite.values()) { 862 if (cs.id == id) { 863 return cs.name; 864 } 865 } 866 867 return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")"; 868 } 869 870 static Collection<CipherSuite> allowedCipherSuites() { 871 Collection<CipherSuite> cipherSuites = new LinkedList<>(); 872 for (CipherSuite cs : CipherSuite.values()) { 873 if (!cs.supportedProtocols.isEmpty()) { 874 cipherSuites.add(cs); 875 } else { 876 // The following cipher suites are not supported. 877 break; 878 } 879 } 880 return cipherSuites; 881 } 882 883 static Collection<CipherSuite> defaultCipherSuites() { 884 Collection<CipherSuite> cipherSuites = new LinkedList<>(); 885 for (CipherSuite cs : CipherSuite.values()) { 886 if (cs.isDefaultEnabled) { 887 cipherSuites.add(cs); 888 } else { 889 // The following cipher suites are not default enabled.. 890 break; 891 } 892 } 893 return cipherSuites; 894 } 895 896 /** 897 * Validates and converts an array of cipher suite names. 898 * 899 * @throws IllegalArgumentException if the array or any of its elements 900 * is null or if the ciphersuite name is unrecognized or 901 * unsupported using currently installed providers 902 */ 903 static List<CipherSuite> validValuesOf(String[] names) { 904 if (names == null || names.length == 0) { 905 return Collections.emptyList(); 906 } 907 908 List<CipherSuite> cipherSuites = new ArrayList<>(names.length); 909 for (String name : names) { 910 boolean found = false; 911 for (CipherSuite cs : CipherSuite.values()) { 912 if (!cs.supportedProtocols.isEmpty()) { 913 if (cs.name.equals(name) || 914 cs.aliases.contains(name)) { 915 cipherSuites.add(cs); 916 found = true; 917 break; 918 } 919 } else { 920 // The following cipher suites are not supported. 921 break; 922 } 923 } 924 if (!found) { 925 throw new IllegalArgumentException( 926 "Cannot support " + name + 927 " with currently installed providers"); 928 } 929 } 930 931 return Collections.unmodifiableList(cipherSuites); 932 } 933 934 static String[] namesOf(List<CipherSuite> cipherSuites) { 935 String[] names = new String[cipherSuites.size()]; 936 int i = 0; 937 for (CipherSuite cipherSuite : cipherSuites) { 938 names[i++] = cipherSuite.name; 939 } 940 941 return names; 942 } 943 944 boolean isAvailable() { 945 return !supportedProtocols.isEmpty() && 946 (keyExchange == null || keyExchange.isAvailable()) && 947 bulkCipher != null && bulkCipher.isAvailable(); 948 } 949 950 public boolean supports(ProtocolVersion protocolVersion) { 951 return supportedProtocols.contains(protocolVersion); 952 } 953 954 boolean isNegotiable() { 955 return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable(); 956 } 957 958 boolean isAnonymous() { 959 return (keyExchange != null && keyExchange.isAnonymous); 960 } 961 962 // See also SSLWriteCipher.calculatePacketSize(). 963 int calculatePacketSize(int fragmentSize, 964 ProtocolVersion protocolVersion, boolean isDTLS) { 965 int packetSize = fragmentSize; 966 if (bulkCipher != null && bulkCipher != B_NULL) { 967 int blockSize = bulkCipher.ivSize; 968 switch (bulkCipher.cipherType) { 969 case BLOCK_CIPHER: 970 packetSize += macAlg.size; 971 packetSize += 1; // 1 byte padding length field 972 packetSize += // use the minimal padding 973 (blockSize - (packetSize % blockSize)) % blockSize; 974 if (protocolVersion.useTLS11PlusSpec()) { 975 packetSize += blockSize; // explicit IV 976 } 977 978 break; 979 case AEAD_CIPHER: 980 if (protocolVersion == ProtocolVersion.TLS12 || 981 protocolVersion == ProtocolVersion.DTLS12) { 982 packetSize += bulkCipher.ivSize - bulkCipher.fixedIvSize; 983 } 984 packetSize += bulkCipher.tagSize; 985 986 break; 987 default: // NULL_CIPHER or STREAM_CIPHER 988 packetSize += macAlg.size; 989 } 990 } 991 992 return packetSize + 993 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 994 } 995 996 // See also CipherBox.calculateFragmentSize(). 997 int calculateFragSize(int packetLimit, 998 ProtocolVersion protocolVersion, boolean isDTLS) { 999 int fragSize = packetLimit - 1000 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 1001 if (bulkCipher != null && bulkCipher != B_NULL) { 1002 int blockSize = bulkCipher.ivSize; 1003 switch (bulkCipher.cipherType) { 1004 case BLOCK_CIPHER: 1005 if (protocolVersion.useTLS11PlusSpec()) { 1006 fragSize -= blockSize; // explicit IV 1007 } 1008 fragSize -= (fragSize % blockSize); // cannot hold a block 1009 // No padding for a maximum fragment. 1010 fragSize -= 1; // 1 byte padding length field: 0x00 1011 fragSize -= macAlg.size; 1012 1013 break; 1014 case AEAD_CIPHER: 1015 fragSize -= bulkCipher.tagSize; 1016 fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize; 1017 1018 break; 1019 default: // NULL_CIPHER or STREAM_CIPHER 1020 fragSize -= macAlg.size; 1021 } 1022 } 1023 1024 return fragSize; 1025 } 1026 1027 /** 1028 * An SSL/TLS key exchange algorithm. 1029 */ 1030 static enum KeyExchange { 1031 K_NULL ("NULL", false, true, NAMED_GROUP_NONE), 1032 K_RSA ("RSA", true, false, NAMED_GROUP_NONE), 1033 K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1034 K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE), 1035 K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE), 1036 K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE), 1037 K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE), 1038 K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE), 1039 K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1040 K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE), 1041 K_DH_ANON_EXPORT("DH_anon_EXPORT",true, true, NAMED_GROUP_NONE), 1042 1043 K_ECDH_ECDSA ("ECDH_ECDSA", true, false, NAMED_GROUP_ECDHE), 1044 K_ECDH_RSA ("ECDH_RSA", true, false, NAMED_GROUP_ECDHE), 1045 K_ECDHE_ECDSA("ECDHE_ECDSA", true, false, NAMED_GROUP_ECDHE), 1046 K_ECDHE_RSA ("ECDHE_RSA", true, false, NAMED_GROUP_ECDHE), 1047 K_ECDH_ANON ("ECDH_anon", true, true, NAMED_GROUP_ECDHE), 1048 1049 // Kerberos cipher suites 1050 K_KRB5 ("KRB5", true, false, NAMED_GROUP_NONE), 1051 K_KRB5_EXPORT("KRB5_EXPORT", true, false, NAMED_GROUP_NONE), 1052 1053 // renegotiation protection request signaling cipher suite 1054 K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE); 1055 1056 // name of the key exchange algorithm, e.g. DHE_DSS 1057 final String name; 1058 final boolean allowed; 1059 final NamedGroupType groupType; 1060 private final boolean alwaysAvailable; 1061 private final boolean isAnonymous; 1062 1063 KeyExchange(String name, boolean allowed, 1064 boolean isAnonymous, NamedGroupType groupType) { 1065 this.name = name; 1066 if (groupType == NAMED_GROUP_ECDHE) { 1067 this.allowed = JsseJce.ALLOW_ECC; 1068 } else { 1069 this.allowed = allowed; 1070 } 1071 this.groupType = groupType; 1072 this.alwaysAvailable = allowed && 1073 (!name.startsWith("EC")) && (!name.startsWith("KRB")); 1074 this.isAnonymous = isAnonymous; 1075 } 1076 1077 boolean isAvailable() { 1078 if (alwaysAvailable) { 1079 return true; 1080 } 1081 1082 if (groupType == NAMED_GROUP_ECDHE) { 1083 return (allowed && JsseJce.isEcAvailable()); 1084 } else if (name.startsWith("KRB")) { 1085 return (allowed && JsseJce.isKerberosAvailable()); 1086 } else { 1087 return allowed; 1088 } 1089 } 1090 1091 @Override 1092 public String toString() { 1093 return name; 1094 } 1095 } 1096 1097 /** 1098 * An SSL/TLS key MAC algorithm. 1099 * 1100 * Also contains a factory method to obtain an initialized MAC 1101 * for this algorithm. 1102 */ 1103 static enum MacAlg { 1104 // MACs 1105 M_NULL ("NULL", 0, 0, 0), 1106 M_MD5 ("MD5", 16, 64, 9), 1107 M_SHA ("SHA", 20, 64, 9), 1108 M_SHA256 ("SHA256", 32, 64, 9), 1109 M_SHA384 ("SHA384", 48, 128, 17); 1110 1111 // descriptive name, e.g. MD5 1112 final String name; 1113 1114 // size of the MAC value (and MAC key) in bytes 1115 final int size; 1116 1117 // block size of the underlying hash algorithm 1118 final int hashBlockSize; 1119 1120 // minimal padding size of the underlying hash algorithm 1121 final int minimalPaddingSize; 1122 1123 MacAlg(String name, int size, 1124 int hashBlockSize, int minimalPaddingSize) { 1125 this.name = name; 1126 this.size = size; 1127 this.hashBlockSize = hashBlockSize; 1128 this.minimalPaddingSize = minimalPaddingSize; 1129 } 1130 1131 @Override 1132 public String toString() { 1133 return name; 1134 } 1135 } 1136 1137 /** 1138 * The hash algorithms used for PRF (PseudoRandom Function) or HKDF. 1139 * 1140 * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for 1141 * generating the necessary material. 1142 */ 1143 static enum HashAlg { 1144 1145 // PRF algorithms 1146 H_NONE( "NONE", 0, 0), 1147 H_SHA256("SHA-256", 32, 64), 1148 H_SHA384("SHA-384", 48, 128); 1149 1150 // PRF characteristics 1151 final String name; 1152 final int hashLength; 1153 final int blockSize; 1154 1155 HashAlg(String hashAlg, int hashLength, int blockSize) { 1156 this.name = hashAlg; 1157 this.hashLength = hashLength; 1158 this.blockSize = blockSize; 1159 } 1160 1161 @Override 1162 public String toString() { 1163 return name; 1164 } 1165 } 1166 } |