1 /* 2 * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.util.ArrayList; 29 import java.util.Arrays; 30 import java.util.Collection; 31 import java.util.Collections; 32 import java.util.LinkedList; 33 import java.util.List; 34 import static sun.security.ssl.CipherSuite.HashAlg.*; 35 import static sun.security.ssl.CipherSuite.KeyExchange.*; 36 import static sun.security.ssl.CipherSuite.MacAlg.*; 37 import static sun.security.ssl.SSLCipher.*; 38 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType; 39 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*; 40 41 /** 42 * Enum for SSL/TLS cipher suites. 43 * 44 * Please refer to the "TLS Cipher Suite Registry" section for more details 45 * about each cipher suite: 46 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xml 47 */ 48 enum CipherSuite { 49 // 50 // in preference order 51 // 52 53 // Definition of the CipherSuites that are enabled by default. 54 // 55 // They are listed in preference order, most preferred first, using 56 // the following criteria: 57 // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be 58 // changed later, see below). 59 // 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM), 60 // AES_128(GCM), AES_256, AES_128, 3DES-EDE. 61 // 3. Prefer the stronger MAC algorithm, in the order of SHA384, 62 // SHA256, SHA, MD5. 63 // 4. Prefer the better performance of key exchange and digital 64 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 65 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS. 66 67 TLS_AES_128_GCM_SHA256( 68 0x1301, true, "TLS_AES_128_GCM_SHA256", 69 ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256), 70 TLS_AES_256_GCM_SHA384( 71 0x1302, true, "TLS_AES_256_GCM_SHA384", 72 ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384), 73 74 // Suite B compliant cipher suites, see RFC 6460. 75 // 76 // Note that, at present this provider is not Suite B compliant. The 77 // preference order of the GCM cipher suites does not follow the spec 78 // of RFC 6460. In this section, only two cipher suites are listed 79 // so that applications can make use of Suite-B compliant cipher 80 // suite firstly. 81 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384( 82 0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "", 83 ProtocolVersion.PROTOCOLS_OF_12, 84 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 85 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256( 86 0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "", 87 ProtocolVersion.PROTOCOLS_OF_12, 88 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 89 90 // AES_256(GCM) 91 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 92 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "", 93 ProtocolVersion.PROTOCOLS_OF_12, 94 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 95 TLS_RSA_WITH_AES_256_GCM_SHA384( 96 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "", 97 ProtocolVersion.PROTOCOLS_OF_12, 98 K_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 99 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 100 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", 101 ProtocolVersion.PROTOCOLS_OF_12, 102 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 103 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( 104 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "", 105 ProtocolVersion.PROTOCOLS_OF_12, 106 K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 107 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 108 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "", 109 ProtocolVersion.PROTOCOLS_OF_12, 110 K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 111 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 112 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "", 113 ProtocolVersion.PROTOCOLS_OF_12, 114 K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384), 115 116 // AES_128(GCM) 117 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( 118 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "", 119 ProtocolVersion.PROTOCOLS_OF_12, 120 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 121 TLS_RSA_WITH_AES_128_GCM_SHA256( 122 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "", 123 ProtocolVersion.PROTOCOLS_OF_12, 124 K_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 125 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( 126 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "", 127 ProtocolVersion.PROTOCOLS_OF_12, 128 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 129 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( 130 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "", 131 ProtocolVersion.PROTOCOLS_OF_12, 132 K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 133 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 134 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "", 135 ProtocolVersion.PROTOCOLS_OF_12, 136 K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 137 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 138 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "", 139 ProtocolVersion.PROTOCOLS_OF_12, 140 K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256), 141 142 // AES_256(CBC) 143 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 144 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "", 145 ProtocolVersion.PROTOCOLS_OF_12, 146 K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384), 147 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 148 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "", 149 ProtocolVersion.PROTOCOLS_OF_12, 150 K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384), 151 TLS_RSA_WITH_AES_256_CBC_SHA256( 152 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "", 153 ProtocolVersion.PROTOCOLS_OF_12, 154 K_RSA, B_AES_256, M_SHA256, H_SHA256), 155 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 156 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "", 157 ProtocolVersion.PROTOCOLS_OF_12, 158 K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384), 159 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 160 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "", 161 ProtocolVersion.PROTOCOLS_OF_12, 162 K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384), 163 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( 164 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "", 165 ProtocolVersion.PROTOCOLS_OF_12, 166 K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256), 167 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( 168 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "", 169 ProtocolVersion.PROTOCOLS_OF_12, 170 K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256), 171 172 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( 173 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "", 174 ProtocolVersion.PROTOCOLS_TO_12, 175 K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256), 176 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( 177 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "", 178 ProtocolVersion.PROTOCOLS_TO_12, 179 K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256), 180 TLS_RSA_WITH_AES_256_CBC_SHA( 181 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "", 182 ProtocolVersion.PROTOCOLS_TO_12, 183 K_RSA, B_AES_256, M_SHA, H_SHA256), 184 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( 185 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "", 186 ProtocolVersion.PROTOCOLS_TO_12, 187 K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256), 188 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( 189 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "", 190 ProtocolVersion.PROTOCOLS_TO_12, 191 K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256), 192 TLS_DHE_RSA_WITH_AES_256_CBC_SHA( 193 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "", 194 ProtocolVersion.PROTOCOLS_TO_12, 195 K_DHE_RSA, B_AES_256, M_SHA, H_SHA256), 196 TLS_DHE_DSS_WITH_AES_256_CBC_SHA( 197 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "", 198 ProtocolVersion.PROTOCOLS_TO_12, 199 K_DHE_DSS, B_AES_256, M_SHA, H_SHA256), 200 201 // AES_128(CBC) 202 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( 203 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "", 204 ProtocolVersion.PROTOCOLS_OF_12, 205 K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256), 206 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( 207 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "", 208 ProtocolVersion.PROTOCOLS_OF_12, 209 K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256), 210 TLS_RSA_WITH_AES_128_CBC_SHA256( 211 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "", 212 ProtocolVersion.PROTOCOLS_OF_12, 213 K_RSA, B_AES_128, M_SHA256, H_SHA256), 214 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( 215 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "", 216 ProtocolVersion.PROTOCOLS_OF_12, 217 K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256), 218 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( 219 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "", 220 ProtocolVersion.PROTOCOLS_OF_12, 221 K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256), 222 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( 223 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "", 224 ProtocolVersion.PROTOCOLS_OF_12, 225 K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256), 226 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( 227 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", 228 ProtocolVersion.PROTOCOLS_OF_12, 229 K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), 230 231 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( 232 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "", 233 ProtocolVersion.PROTOCOLS_TO_12, 234 K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256), 235 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( 236 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "", 237 ProtocolVersion.PROTOCOLS_TO_12, 238 K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256), 239 TLS_RSA_WITH_AES_128_CBC_SHA( 240 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "", 241 ProtocolVersion.PROTOCOLS_TO_12, 242 K_RSA, B_AES_128, M_SHA, H_SHA256), 243 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( 244 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "", 245 ProtocolVersion.PROTOCOLS_TO_12, 246 K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256), 247 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( 248 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "", 249 ProtocolVersion.PROTOCOLS_TO_12, 250 K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256), 251 TLS_DHE_RSA_WITH_AES_128_CBC_SHA( 252 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "", 253 ProtocolVersion.PROTOCOLS_TO_12, 254 K_DHE_RSA, B_AES_128, M_SHA, H_SHA256), 255 TLS_DHE_DSS_WITH_AES_128_CBC_SHA( 256 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "", 257 ProtocolVersion.PROTOCOLS_TO_12, 258 K_DHE_DSS, B_AES_128, M_SHA, H_SHA256), 259 260 // 3DES_EDE 261 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( 262 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 263 ProtocolVersion.PROTOCOLS_TO_12, 264 K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256), 265 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( 266 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "", 267 ProtocolVersion.PROTOCOLS_TO_12, 268 K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256), 269 SSL_RSA_WITH_3DES_EDE_CBC_SHA( 270 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 271 "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 272 ProtocolVersion.PROTOCOLS_TO_12, 273 K_RSA, B_3DES, M_SHA, H_SHA256), 274 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( 275 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 276 ProtocolVersion.PROTOCOLS_TO_12, 277 K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256), 278 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( 279 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "", 280 ProtocolVersion.PROTOCOLS_TO_12, 281 K_ECDH_RSA, B_3DES, M_SHA, H_SHA256), 282 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( 283 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 284 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 285 ProtocolVersion.PROTOCOLS_TO_12, 286 K_DHE_RSA, B_3DES, M_SHA, H_SHA256), 287 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( 288 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 289 "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 290 ProtocolVersion.PROTOCOLS_TO_12, 291 K_DHE_DSS, B_3DES, M_SHA, H_SHA256), 292 293 // Renegotiation protection request Signalling Cipher Suite Value (SCSV). 294 TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior 295 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "", 296 ProtocolVersion.PROTOCOLS_TO_12, 297 K_SCSV, B_NULL, M_NULL, H_NONE), 298 299 // Definition of the CipherSuites that are supported but not enabled 300 // by default. 301 // They are listed in preference order, preferred first, using the 302 // following criteria: 303 // 1. If a cipher suite has been obsoleted, we put it at the end of 304 // the list. 305 // 2. Prefer the stronger bulk cipher, in the order of AES_256, 306 // AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. 307 // 3. Prefer the stronger MAC algorithm, in the order of SHA384, 308 // SHA256, SHA, MD5. 309 // 4. Prefer the better performance of key exchange and digital 310 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 311 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous. 312 TLS_DH_anon_WITH_AES_256_GCM_SHA384( 313 0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "", 314 ProtocolVersion.PROTOCOLS_OF_12, 315 K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384), 316 TLS_DH_anon_WITH_AES_128_GCM_SHA256( 317 0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "", 318 ProtocolVersion.PROTOCOLS_OF_12, 319 K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256), 320 TLS_DH_anon_WITH_AES_256_CBC_SHA256( 321 0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "", 322 ProtocolVersion.PROTOCOLS_OF_12, 323 K_DH_ANON, B_AES_256, M_SHA256, H_SHA256), 324 TLS_ECDH_anon_WITH_AES_256_CBC_SHA( 325 0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "", 326 ProtocolVersion.PROTOCOLS_TO_12, 327 K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256), 328 TLS_DH_anon_WITH_AES_256_CBC_SHA( 329 0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "", 330 ProtocolVersion.PROTOCOLS_TO_12, 331 K_DH_ANON, B_AES_256, M_SHA, H_SHA256), 332 TLS_DH_anon_WITH_AES_128_CBC_SHA256( 333 0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "", 334 ProtocolVersion.PROTOCOLS_OF_12, 335 K_DH_ANON, B_AES_128, M_SHA256, H_SHA256), 336 TLS_ECDH_anon_WITH_AES_128_CBC_SHA( 337 0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "", 338 ProtocolVersion.PROTOCOLS_TO_12, 339 K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256), 340 TLS_DH_anon_WITH_AES_128_CBC_SHA( 341 0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "", 342 ProtocolVersion.PROTOCOLS_TO_12, 343 K_DH_ANON, B_AES_128, M_SHA, H_SHA256), 344 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA( 345 0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "", 346 ProtocolVersion.PROTOCOLS_TO_12, 347 K_ECDH_ANON, B_3DES, M_SHA, H_SHA256), 348 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA( 349 0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 350 "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", 351 ProtocolVersion.PROTOCOLS_TO_12, 352 K_DH_ANON, B_3DES, M_SHA, H_SHA256), 353 354 // RC4 355 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( 356 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "", 357 ProtocolVersion.PROTOCOLS_TO_TLS12, 358 K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256), 359 TLS_ECDHE_RSA_WITH_RC4_128_SHA( 360 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "", 361 ProtocolVersion.PROTOCOLS_TO_TLS12, 362 K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256), 363 SSL_RSA_WITH_RC4_128_SHA( 364 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", 365 "TLS_RSA_WITH_RC4_128_SHA", 366 ProtocolVersion.PROTOCOLS_TO_TLS12, 367 K_RSA, B_RC4_128, M_SHA, H_SHA256), 368 TLS_ECDH_ECDSA_WITH_RC4_128_SHA( 369 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "", 370 ProtocolVersion.PROTOCOLS_TO_TLS12, 371 K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256), 372 TLS_ECDH_RSA_WITH_RC4_128_SHA( 373 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "", 374 ProtocolVersion.PROTOCOLS_TO_TLS12, 375 K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256), 376 SSL_RSA_WITH_RC4_128_MD5( 377 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", 378 "TLS_RSA_WITH_RC4_128_MD5", 379 ProtocolVersion.PROTOCOLS_TO_TLS12, 380 K_RSA, B_RC4_128, M_MD5, H_SHA256), 381 TLS_ECDH_anon_WITH_RC4_128_SHA( 382 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "", 383 ProtocolVersion.PROTOCOLS_TO_TLS12, 384 K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256), 385 SSL_DH_anon_WITH_RC4_128_MD5( 386 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", 387 "TLS_DH_anon_WITH_RC4_128_MD5", 388 ProtocolVersion.PROTOCOLS_TO_TLS12, 389 K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), 390 391 // weak cipher suites obsoleted in TLS 1.2 [RFC 5246] 392 SSL_RSA_WITH_DES_CBC_SHA( 393 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", 394 "TLS_RSA_WITH_DES_CBC_SHA", 395 ProtocolVersion.PROTOCOLS_TO_11, 396 K_RSA, B_DES, M_SHA, H_NONE), 397 SSL_DHE_RSA_WITH_DES_CBC_SHA( 398 0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA", 399 "TLS_DHE_RSA_WITH_DES_CBC_SHA", 400 ProtocolVersion.PROTOCOLS_TO_11, 401 K_DHE_RSA, B_DES, M_SHA, H_NONE), 402 SSL_DHE_DSS_WITH_DES_CBC_SHA( 403 0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA", 404 "TLS_DHE_DSS_WITH_DES_CBC_SHA", 405 ProtocolVersion.PROTOCOLS_TO_11, 406 K_DHE_DSS, B_DES, M_SHA, H_NONE), 407 SSL_DH_anon_WITH_DES_CBC_SHA( 408 0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA", 409 "TLS_DH_anon_WITH_DES_CBC_SHA", 410 ProtocolVersion.PROTOCOLS_TO_11, 411 K_DH_ANON, B_DES, M_SHA, H_NONE), 412 413 // weak cipher suites obsoleted in TLS 1.1 [RFC 4346] 414 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA( 415 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 416 "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", 417 ProtocolVersion.PROTOCOLS_TO_10, 418 K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 419 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA( 420 0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 421 "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 422 ProtocolVersion.PROTOCOLS_TO_10, 423 K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 424 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA( 425 0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 426 "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 427 ProtocolVersion.PROTOCOLS_TO_10, 428 K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE), 429 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA( 430 0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 431 "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 432 ProtocolVersion.PROTOCOLS_TO_10, 433 K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE), 434 SSL_RSA_EXPORT_WITH_RC4_40_MD5( 435 0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 436 "TLS_RSA_EXPORT_WITH_RC4_40_MD5", 437 ProtocolVersion.PROTOCOLS_TO_10, 438 K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE), 439 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5( 440 0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 441 "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", 442 ProtocolVersion.PROTOCOLS_TO_10, 443 K_DH_ANON, B_RC4_40, M_MD5, H_NONE), 444 445 // no traffic encryption cipher suites 446 TLS_RSA_WITH_NULL_SHA256( 447 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "", 448 ProtocolVersion.PROTOCOLS_OF_12, 449 K_RSA, B_NULL, M_SHA256, H_SHA256), 450 TLS_ECDHE_ECDSA_WITH_NULL_SHA( 451 0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "", 452 ProtocolVersion.PROTOCOLS_TO_12, 453 K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256), 454 TLS_ECDHE_RSA_WITH_NULL_SHA( 455 0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "", 456 ProtocolVersion.PROTOCOLS_TO_12, 457 K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256), 458 SSL_RSA_WITH_NULL_SHA( 459 0x0002, false, "SSL_RSA_WITH_NULL_SHA", 460 "TLS_RSA_WITH_NULL_SHA", 461 ProtocolVersion.PROTOCOLS_TO_12, 462 K_RSA, B_NULL, M_SHA, H_SHA256), 463 TLS_ECDH_ECDSA_WITH_NULL_SHA( 464 0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "", 465 ProtocolVersion.PROTOCOLS_TO_12, 466 K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256), 467 TLS_ECDH_RSA_WITH_NULL_SHA( 468 0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "", 469 ProtocolVersion.PROTOCOLS_TO_12, 470 K_ECDH_RSA, B_NULL, M_SHA, H_SHA256), 471 TLS_ECDH_anon_WITH_NULL_SHA( 472 0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "", 473 ProtocolVersion.PROTOCOLS_TO_12, 474 K_ECDH_ANON, B_NULL, M_SHA, H_SHA256), 475 SSL_RSA_WITH_NULL_MD5( 476 0x0001, false, "SSL_RSA_WITH_NULL_MD5", 477 "TLS_RSA_WITH_NULL_MD5", 478 ProtocolVersion.PROTOCOLS_TO_12, 479 K_RSA, B_NULL, M_MD5, H_SHA256), 480 481 482 // Supported Kerberos ciphersuites from RFC2712 483 TLS_KRB5_WITH_3DES_EDE_CBC_SHA( 484 0x001f, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "", 485 ProtocolVersion.PROTOCOLS_TO_12, 486 K_KRB5, B_3DES, M_SHA, H_SHA256), 487 TLS_KRB5_WITH_3DES_EDE_CBC_MD5( 488 0x0023, false, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "", 489 ProtocolVersion.PROTOCOLS_TO_12, 490 K_KRB5, B_3DES, M_MD5, H_SHA256), 491 TLS_KRB5_WITH_RC4_128_SHA( 492 0x0020, false, "TLS_KRB5_WITH_RC4_128_SHA", "", 493 ProtocolVersion.PROTOCOLS_TO_12, 494 K_KRB5, B_RC4_128, M_SHA, H_SHA256), 495 TLS_KRB5_WITH_RC4_128_MD5( 496 0x0024, false, "TLS_KRB5_WITH_RC4_128_MD5", "", 497 ProtocolVersion.PROTOCOLS_TO_12, 498 K_KRB5, B_RC4_128, M_MD5, H_SHA256), 499 TLS_KRB5_WITH_DES_CBC_SHA( 500 0x001e, false, "TLS_KRB5_WITH_DES_CBC_SHA", "", 501 ProtocolVersion.PROTOCOLS_TO_11, 502 K_KRB5, B_DES, M_SHA, H_SHA256), 503 TLS_KRB5_WITH_DES_CBC_MD5( 504 0x0022, false, "TLS_KRB5_WITH_DES_CBC_MD5", "", 505 ProtocolVersion.PROTOCOLS_TO_11, 506 K_KRB5, B_DES, M_MD5, H_SHA256), 507 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA( 508 0x0026, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "", 509 ProtocolVersion.PROTOCOLS_TO_10, 510 K_KRB5_EXPORT, B_DES_40, M_SHA, H_SHA256), 511 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5( 512 0x0029, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "", 513 ProtocolVersion.PROTOCOLS_TO_10, 514 K_KRB5_EXPORT, B_DES_40, M_MD5, H_SHA256), 515 TLS_KRB5_EXPORT_WITH_RC4_40_SHA( 516 0x0028, false, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "", 517 ProtocolVersion.PROTOCOLS_TO_10, 518 K_KRB5_EXPORT, B_RC4_40, M_SHA, H_SHA256), 519 TLS_KRB5_EXPORT_WITH_RC4_40_MD5( 520 0x002B, false, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "", 521 ProtocolVersion.PROTOCOLS_TO_10, 522 K_KRB5_EXPORT, B_RC4_40, M_MD5, H_SHA256), 523 524 // Definition of the CipherSuites that are not supported but the names 525 // are known. 526 TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3 527 "TLS_CHACHA20_POLY1305_SHA256", 0x1303), 528 TLS_AES_128_CCM_SHA256( // TLS 1.3 529 "TLS_AES_128_CCM_SHA256", 0x1304), 530 TLS_AES_128_CCM_8_SHA256( // TLS 1.3 531 "TLS_AES_128_CCM_8_SHA256", 0x1305), 532 533 // remaining unsupported ciphersuites defined in RFC2246. 534 CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006), 535 CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007), 536 CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b), 537 CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c), 538 CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d), 539 CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e), 540 CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f), 541 CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010), 542 543 // SSL 3.0 Fortezza ciphersuites 544 CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c), 545 CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d), 546 547 // 1024/56 bit exportable ciphersuites from expired internet draft 548 CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062), 549 CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063), 550 CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064), 551 CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065), 552 CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066), 553 554 // Netscape old and new SSL 3.0 FIPS ciphersuites 555 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html 556 CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0), 557 CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1), 558 CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe), 559 CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff), 560 561 // Unsupported Kerberos cipher suites from RFC 2712 562 CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021), 563 CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025), 564 CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027), 565 CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a), 566 567 // Unsupported cipher suites from RFC 4162 568 CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096), 569 CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097), 570 CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098), 571 CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099), 572 CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a), 573 CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b), 574 575 // Unsupported cipher suites from RFC 4279 576 CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a), 577 CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b), 578 CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c), 579 CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d), 580 CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e), 581 CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f), 582 CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090), 583 CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091), 584 CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092), 585 CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093), 586 CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094), 587 CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095), 588 589 // Unsupported cipher suites from RFC 4785 590 CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c), 591 CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d), 592 CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e), 593 594 // Unsupported cipher suites from RFC 5246 595 CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030), 596 CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031), 597 CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036), 598 CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037), 599 CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e), 600 CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f), 601 CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068), 602 CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069), 603 604 // Unsupported cipher suites from RFC 5288 605 CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0), 606 CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1), 607 CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4), 608 CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5), 609 610 // Unsupported cipher suites from RFC 5487 611 CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8), 612 CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9), 613 CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa), 614 CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab), 615 CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac), 616 CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad), 617 CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae), 618 CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af), 619 CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0), 620 CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1), 621 CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2), 622 CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3), 623 CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4), 624 CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5), 625 CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6), 626 CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7), 627 CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8), 628 CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9), 629 630 // Unsupported cipher suites from RFC 5932 631 CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041), 632 CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042), 633 CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043), 634 CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044), 635 CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045), 636 CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046), 637 CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084), 638 CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085), 639 CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086), 640 CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087), 641 CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088), 642 CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089), 643 CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba), 644 CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb), 645 CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc), 646 CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd), 647 CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be), 648 CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf), 649 CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0), 650 CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1), 651 CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2), 652 CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3), 653 CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4), 654 CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5), 655 656 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507 657 CS_5600("TLS_FALLBACK_SCSV", 0x5600), 658 659 // Unsupported cipher suites from RFC 5054 660 CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a), 661 CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b), 662 CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c), 663 CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d), 664 CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e), 665 CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f), 666 CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020), 667 CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021), 668 CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022), 669 670 // Unsupported cipher suites from RFC 5489 671 CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033), 672 CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034), 673 CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035), 674 CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036), 675 CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037), 676 CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038), 677 CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039), 678 CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a), 679 CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b), 680 681 // Unsupported cipher suites from RFC 6209 682 CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c), 683 CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d), 684 CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e), 685 CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f), 686 CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040), 687 CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041), 688 CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042), 689 CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043), 690 CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044), 691 CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045), 692 CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046), 693 CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047), 694 CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048), 695 CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049), 696 CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a), 697 CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b), 698 CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c), 699 CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d), 700 CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e), 701 CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f), 702 CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050), 703 CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051), 704 CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052), 705 CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053), 706 CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054), 707 CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055), 708 CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056), 709 CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057), 710 CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058), 711 CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059), 712 CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a), 713 CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b), 714 CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c), 715 CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d), 716 CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e), 717 CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f), 718 CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060), 719 CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061), 720 CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062), 721 CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063), 722 CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064), 723 CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065), 724 CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066), 725 CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067), 726 CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068), 727 CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069), 728 CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a), 729 CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b), 730 CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c), 731 CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d), 732 CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e), 733 CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f), 734 CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070), 735 CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071), 736 737 // Unsupported cipher suites from RFC 6367 738 CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072), 739 CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073), 740 CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074), 741 CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075), 742 CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076), 743 CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077), 744 CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078), 745 CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079), 746 CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a), 747 CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b), 748 CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c), 749 CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d), 750 CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e), 751 CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f), 752 CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080), 753 CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081), 754 CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082), 755 CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083), 756 CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084), 757 CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085), 758 CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086), 759 CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087), 760 CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088), 761 CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089), 762 CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a), 763 CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b), 764 CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c), 765 CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d), 766 CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e), 767 CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f), 768 CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090), 769 CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091), 770 CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092), 771 CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093), 772 CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094), 773 CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095), 774 CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096), 775 CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097), 776 CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098), 777 CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099), 778 CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a), 779 CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b), 780 781 // Unsupported cipher suites from RFC 6655 782 CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c), 783 CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d), 784 CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e), 785 CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f), 786 CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0), 787 CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1), 788 CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2), 789 CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3), 790 CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4), 791 CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5), 792 CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6), 793 CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7), 794 CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8), 795 CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9), 796 CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa), 797 CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab), 798 799 // Unsupported cipher suites from RFC 7251 800 CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac), 801 CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad), 802 CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae), 803 CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af), 804 805 C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000); 806 807 final int id; 808 final boolean isDefaultEnabled; 809 final String name; 810 final List<String> aliases; 811 final List<ProtocolVersion> supportedProtocols; 812 final KeyExchange keyExchange; 813 final SSLCipher bulkCipher; 814 final MacAlg macAlg; 815 final HashAlg hashAlg; 816 817 final boolean exportable; 818 819 // known but unsupported cipher suite 820 private CipherSuite(String name, int id) { 821 this(id, false, name, "", 822 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null); 823 } 824 825 // TLS 1.3 cipher suite 826 private CipherSuite(int id, boolean isDefaultEnabled, 827 String name, ProtocolVersion[] supportedProtocols, 828 SSLCipher bulkCipher, HashAlg hashAlg) { 829 this(id, isDefaultEnabled, name, "", 830 supportedProtocols, null, bulkCipher, M_NULL, hashAlg); 831 } 832 833 private CipherSuite(int id, boolean isDefaultEnabled, 834 String name, String aliases, 835 ProtocolVersion[] supportedProtocols, 836 KeyExchange keyExchange, SSLCipher cipher, 837 MacAlg macAlg, HashAlg hashAlg) { 838 this.id = id; 839 this.isDefaultEnabled = isDefaultEnabled; 840 this.name = name; 841 if (!aliases.isEmpty()) { 842 this.aliases = Arrays.asList(aliases.split(",")); 843 } else { 844 this.aliases = Collections.emptyList(); 845 } 846 this.supportedProtocols = Arrays.asList(supportedProtocols); 847 this.keyExchange = keyExchange; 848 this.bulkCipher = cipher; 849 this.macAlg = macAlg; 850 this.hashAlg = hashAlg; 851 852 this.exportable = (cipher == null ? false : cipher.exportable); 853 } 854 855 static CipherSuite nameOf(String ciperSuiteName) { 856 for (CipherSuite cs : CipherSuite.values()) { 857 if (cs.name.equals(ciperSuiteName) || 858 cs.aliases.contains(ciperSuiteName)) { 859 return cs; 860 } 861 } 862 863 return null; 864 } 865 866 static CipherSuite valueOf(int id) { 867 for (CipherSuite cs : CipherSuite.values()) { 868 if (cs.id == id) { 869 return cs; 870 } 871 } 872 873 return null; 874 } 875 876 static String nameOf(int id) { 877 for (CipherSuite cs : CipherSuite.values()) { 878 if (cs.id == id) { 879 return cs.name; 880 } 881 } 882 883 return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")"; 884 } 885 886 static Collection<CipherSuite> allowedCipherSuites() { 887 Collection<CipherSuite> cipherSuites = new LinkedList<>(); 888 for (CipherSuite cs : CipherSuite.values()) { 889 if (!cs.supportedProtocols.isEmpty()) { 890 cipherSuites.add(cs); 891 } else { 892 // values() is ordered, remaining cipher suites are 893 // not supported. 894 break; 895 } 896 } 897 return cipherSuites; 898 } 899 900 static Collection<CipherSuite> defaultCipherSuites() { 901 Collection<CipherSuite> cipherSuites = new LinkedList<>(); 902 for (CipherSuite cs : CipherSuite.values()) { 903 if (cs.isDefaultEnabled) { 904 cipherSuites.add(cs); 905 } else { 906 // values() is ordered, remaining cipher suites are 907 // not enabled. 908 break; 909 } 910 } 911 return cipherSuites; 912 } 913 914 /** 915 * Validates and converts an array of cipher suite names. 916 * 917 * @throws IllegalArgumentException when one or more of the ciphers named 918 * by the parameter is not supported, or when the parameter is null. 919 */ 920 static List<CipherSuite> validValuesOf(String[] names) { 921 if (names == null) { 922 throw new IllegalArgumentException("CipherSuites cannot be null"); 923 } 924 925 List<CipherSuite> cipherSuites = new ArrayList<>(names.length); 926 for (String name : names) { 927 if (name == null || name.isEmpty()) { 928 throw new IllegalArgumentException( 929 "The specified CipherSuites array contains " + 930 "invalid null or empty string elements"); 931 } 932 933 boolean found = false; 934 for (CipherSuite cs : CipherSuite.values()) { 935 if (!cs.supportedProtocols.isEmpty()) { 936 if (cs.name.equals(name) || 937 cs.aliases.contains(name)) { 938 cipherSuites.add(cs); 939 found = true; 940 break; 941 } 942 } else { 943 // values() is ordered, remaining cipher suites are 944 // not supported. 945 break; 946 } 947 } 948 if (!found) { 949 throw new IllegalArgumentException( 950 "Unsupported CipherSuite: " + name); 951 } 952 } 953 954 return Collections.unmodifiableList(cipherSuites); 955 } 956 957 static String[] namesOf(List<CipherSuite> cipherSuites) { 958 String[] names = new String[cipherSuites.size()]; 959 int i = 0; 960 for (CipherSuite cipherSuite : cipherSuites) { 961 names[i++] = cipherSuite.name; 962 } 963 964 return names; 965 } 966 967 boolean isAvailable() { 968 // Note: keyExchange is null for TLS 1.3 CipherSuites. 969 return !supportedProtocols.isEmpty() && 970 (keyExchange == null || keyExchange.isAvailable()) && 971 bulkCipher != null && bulkCipher.isAvailable(); 972 } 973 974 public boolean supports(ProtocolVersion protocolVersion) { 975 return supportedProtocols.contains(protocolVersion); 976 } 977 978 boolean isNegotiable() { 979 return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable(); 980 } 981 982 boolean isAnonymous() { 983 return (keyExchange != null && keyExchange.isAnonymous); 984 } 985 986 // See also SSLWriteCipher.calculatePacketSize(). 987 int calculatePacketSize(int fragmentSize, 988 ProtocolVersion protocolVersion) { 989 int packetSize = fragmentSize; 990 if (bulkCipher != null && bulkCipher != B_NULL) { 991 int blockSize = bulkCipher.ivSize; 992 switch (bulkCipher.cipherType) { 993 case BLOCK_CIPHER: 994 packetSize += macAlg.size; 995 packetSize += 1; // 1 byte padding length field 996 packetSize += // use the minimal padding 997 (blockSize - (packetSize % blockSize)) % blockSize; 998 if (protocolVersion.useTLS11PlusSpec()) { 999 packetSize += blockSize; // explicit IV 1000 } 1001 1002 break; 1003 case AEAD_CIPHER: 1004 if (protocolVersion == ProtocolVersion.TLS12) { 1005 packetSize += 1006 bulkCipher.ivSize - bulkCipher.fixedIvSize; 1007 } 1008 packetSize += bulkCipher.tagSize; 1009 1010 break; 1011 default: // NULL_CIPHER or STREAM_CIPHER 1012 packetSize += macAlg.size; 1013 } 1014 } 1015 1016 return packetSize + SSLRecord.headerSize; 1017 } 1018 1019 // See also CipherBox.calculateFragmentSize(). 1020 int calculateFragSize(int packetLimit, 1021 ProtocolVersion protocolVersion) { 1022 int fragSize = packetLimit - SSLRecord.headerSize; 1023 if (bulkCipher != null && bulkCipher != B_NULL) { 1024 int blockSize = bulkCipher.ivSize; 1025 switch (bulkCipher.cipherType) { 1026 case BLOCK_CIPHER: 1027 if (protocolVersion.useTLS11PlusSpec()) { 1028 fragSize -= blockSize; // explicit IV 1029 } 1030 fragSize -= (fragSize % blockSize); // cannot hold a block 1031 // No padding for a maximum fragment. 1032 fragSize -= 1; // 1 byte padding length field: 0x00 1033 fragSize -= macAlg.size; 1034 1035 break; 1036 case AEAD_CIPHER: 1037 fragSize -= bulkCipher.tagSize; 1038 fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize; 1039 1040 break; 1041 default: // NULL_CIPHER or STREAM_CIPHER 1042 fragSize -= macAlg.size; 1043 } 1044 } 1045 1046 return fragSize; 1047 } 1048 1049 /** 1050 * An SSL/TLS key exchange algorithm. 1051 */ 1052 static enum KeyExchange { 1053 K_NULL ("NULL", false, true, NAMED_GROUP_NONE), 1054 K_RSA ("RSA", true, false, NAMED_GROUP_NONE), 1055 K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1056 K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE), 1057 K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE), 1058 K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE), 1059 K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE), 1060 K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE), 1061 K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1062 K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE), 1063 K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE), 1064 1065 K_ECDH_ECDSA ("ECDH_ECDSA", true, false, NAMED_GROUP_ECDHE), 1066 K_ECDH_RSA ("ECDH_RSA", true, false, NAMED_GROUP_ECDHE), 1067 K_ECDHE_ECDSA ("ECDHE_ECDSA", true, false, NAMED_GROUP_ECDHE), 1068 K_ECDHE_RSA ("ECDHE_RSA", true, false, NAMED_GROUP_ECDHE), 1069 K_ECDH_ANON ("ECDH_anon", true, true, NAMED_GROUP_ECDHE), 1070 1071 // Kerberos cipher suites 1072 K_KRB5 ("KRB5", true, false, NAMED_GROUP_NONE), 1073 K_KRB5_EXPORT ("KRB5_EXPORT", true, false, NAMED_GROUP_NONE), 1074 1075 // renegotiation protection request signaling cipher suite 1076 K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE); 1077 1078 // name of the key exchange algorithm, e.g. DHE_DSS 1079 final String name; 1080 final boolean allowed; 1081 final NamedGroupType groupType; 1082 private final boolean alwaysAvailable; 1083 private final boolean isAnonymous; 1084 1085 KeyExchange(String name, boolean allowed, 1086 boolean isAnonymous, NamedGroupType groupType) { 1087 this.name = name; 1088 if (groupType == NAMED_GROUP_ECDHE) { 1089 this.allowed = JsseJce.ALLOW_ECC; 1090 } else { 1091 this.allowed = allowed; 1092 } 1093 this.groupType = groupType; 1094 this.alwaysAvailable = allowed && (!name.startsWith("EC")); 1095 this.isAnonymous = isAnonymous; 1096 } 1097 1098 boolean isAvailable() { 1099 if (alwaysAvailable) { 1100 return true; 1101 } 1102 1103 if (groupType == NAMED_GROUP_ECDHE) { 1104 return (allowed && JsseJce.isEcAvailable()); 1105 } else if (name.startsWith("KRB")) { 1106 return (allowed && JsseJce.isKerberosAvailable()); 1107 } else { 1108 return allowed; 1109 } 1110 } 1111 1112 @Override 1113 public String toString() { 1114 return name; 1115 } 1116 } 1117 1118 /** 1119 * An SSL/TLS key MAC algorithm. 1120 * 1121 * Also contains a factory method to obtain an initialized MAC 1122 * for this algorithm. 1123 */ 1124 static enum MacAlg { 1125 M_NULL ("NULL", 0, 0, 0), 1126 M_MD5 ("MD5", 16, 64, 9), 1127 M_SHA ("SHA", 20, 64, 9), 1128 M_SHA256 ("SHA256", 32, 64, 9), 1129 M_SHA384 ("SHA384", 48, 128, 17); 1130 1131 // descriptive name, e.g. MD5 1132 final String name; 1133 1134 // size of the MAC value (and MAC key) in bytes 1135 final int size; 1136 1137 // block size of the underlying hash algorithm 1138 final int hashBlockSize; 1139 1140 // minimal padding size of the underlying hash algorithm 1141 final int minimalPaddingSize; 1142 1143 MacAlg(String name, int size, 1144 int hashBlockSize, int minimalPaddingSize) { 1145 this.name = name; 1146 this.size = size; 1147 this.hashBlockSize = hashBlockSize; 1148 this.minimalPaddingSize = minimalPaddingSize; 1149 } 1150 1151 @Override 1152 public String toString() { 1153 return name; 1154 } 1155 } 1156 1157 /** 1158 * The hash algorithms used for PRF (PseudoRandom Function) or HKDF. 1159 * 1160 * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for 1161 * generating the necessary material. 1162 */ 1163 static enum HashAlg { 1164 H_NONE ("NONE", 0, 0), 1165 H_SHA256 ("SHA-256", 32, 64), 1166 H_SHA384 ("SHA-384", 48, 128); 1167 1168 final String name; 1169 final int hashLength; 1170 final int blockSize; 1171 1172 HashAlg(String hashAlg, int hashLength, int blockSize) { 1173 this.name = hashAlg; 1174 this.hashLength = hashLength; 1175 this.blockSize = blockSize; 1176 } 1177 1178 @Override 1179 public String toString() { 1180 return name; 1181 } 1182 } 1183 }