/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.util.net.openssl.ciphers;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
/**
* All the standard cipher suites for SSL/TSL.
*
* @see <a href="https://github.com/openssl/openssl/blob/master/ssl/s3_lib.c"
* >OpenSSL cipher definitions</a>
* @see <a href="http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4"
* >The cipher suite registry</a>
* @see <a href="https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/"
* >Another list of cipher suites with some non-standard IDs</a>
* @see <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites"
* >Oracle standard names for cipher suites</a>
* @see <a href="https://www.openssl.org/docs/apps/ciphers.html"
* >Mapping of OpenSSL cipher suites names to registry names</a>
* @see <a href="https://github.com/ssllabs/sslhaf/blob/0.1.x/suites.csv"
* >SSL Labs tool - list of ciphers</a>
* @see <a href="http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/e30cd0d37abf/src/java.base/share/classes/sun/security/ssl/CipherSuite.java"
* >OpenJDK source code</a>
*/
public enum Cipher {
/* Cipher 0
* TLS_NULL_WITH_NULL_NULL
* Must never be negotiated. Used internally to represent the initial
* unprotected state of a connection.
*/
/* The RSA ciphers */
// Cipher 01
TLS_RSA_WITH_NULL_MD5(
0x0001,
"NULL-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.eNULL,
MessageDigest.MD5,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
false,
0,
0,
new String[] {"SSL_RSA_WITH_NULL_MD5"},
null
),
// Cipher 02
TLS_RSA_WITH_NULL_SHA(
0x0002,
"NULL-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
new String[] {"SSL_RSA_WITH_NULL_SHA"},
null
),
// Cipher 03
TLS_RSA_EXPORT_WITH_RC4_40_MD5(
0x0003,
"EXP-RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
MessageDigest.MD5,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
128,
new String[] {"SSL_RSA_EXPORT_WITH_RC4_40_MD5"},
null
),
// Cipher 04
TLS_RSA_WITH_RC4_128_MD5(
0x0004,
"RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
MessageDigest.MD5,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
new String[] {"SSL_RSA_WITH_RC4_128_MD5"},
null
),
// Cipher 05
TLS_RSA_WITH_RC4_128_SHA(
0x0005,
"RC4-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
new String[] {"SSL_RSA_WITH_RC4_128_SHA"},
null
),
// Cipher 06
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(
0x0006,
"EXP-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
MessageDigest.MD5,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
128,
new String[] {"SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
null
),
// Cipher 07
TLS_RSA_WITH_IDEA_CBC_SHA(
0x0007,
"IDEA-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.IDEA,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
new String[] {"SSL_RSA_WITH_IDEA_CBC_SHA"},
null
),
// Cipher 08
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(
0x0008,
"EXP-DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
56,
new String[] {"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},
null
),
// Cipher 09
TLS_RSA_WITH_DES_CBC_SHA(
0x0009,
"DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.LOW,
false,
56,
56,
new String[] {"SSL_RSA_WITH_DES_CBC_SHA"},
null
),
// Cipher 0A
TLS_RSA_WITH_3DES_EDE_CBC_SHA(
0x000A,
"DES-CBC3-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
new String[] {"SSL_RSA_WITH_3DES_EDE_CBC_SHA"},
null
),
/* The DH ciphers */
// Cipher 0B
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(
0x000B,
"EXP-DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
56,
new String[] {"SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
null
),
// Cipher 0C
TLS_DH_DSS_WITH_DES_CBC_SHA(
0x000C,
"DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.LOW,
false,
56,
56,
new String[] {"SSL_DH_DSS_WITH_DES_CBC_SHA"},
null
),
// Cipher 0D
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA(
0x000D,
"DH-DSS-DES-CBC3-SHA",
KeyExchange.DHd,
Authentication.DH,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
new String[] {"SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
null
),
// Cipher 0E
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA(
0x000E,
"EXP-DH-RSA-DES-CBC-SHA",
KeyExchange.DHr,
Authentication.DH,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
56,
new String[] {"SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
null
),
// Cipher 0F
TLS_DH_RSA_WITH_DES_CBC_SHA(
0x000F,
"DH-RSA-DES-CBC-SHA",
KeyExchange.DHr,
Authentication.DH,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.LOW,
false,
56,
56,
new String[] {"SSL_DH_RSA_WITH_DES_CBC_SHA"},
null
),
// Cipher 10
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA(
0x0010,
"DH-RSA-DES-CBC3-SHA",
KeyExchange.DHr,
Authentication.DH,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
new String[] {"SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
null
),
/* The Ephemeral DH ciphers */
// Cipher 11
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
0x0011,
"EXP-DHE-DSS-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
56,
new String[] {"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
new String[] {"EXP-EDH-DSS-DES-CBC-SHA"}
),
// Cipher 12
TLS_DHE_DSS_WITH_DES_CBC_SHA(
0x0012,
"DHE-DSS-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.LOW,
false,
56,
56,
new String[] {"SSL_DHE_DSS_WITH_DES_CBC_SHA"},
new String[] {"EDH-DSS-DES-CBC-SHA"}
),
// Cipher 13
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
0x0013,
"DHE-DSS-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
new String[] {"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
new String[] {"EDH-DSS-DES-CBC3-SHA"}
),
// Cipher 14
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
0x0014,
"EXP-DHE-RSA-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.RSA,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
56,
new String[] {"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
new String[] {"EXP-EDH-RSA-DES-CBC-SHA"}
),
// Cipher 15
TLS_DHE_RSA_WITH_DES_CBC_SHA(
0x0015,
"DHE-RSA-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.RSA,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.LOW,
false,
56,
56,
new String[] {"SSL_DHE_RSA_WITH_DES_CBC_SHA"},
new String[] {"EDH-RSA-DES-CBC-SHA"}
),
// Cipher 16
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
0x0016,
"DHE-RSA-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.RSA,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
new String[] {"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
new String[] {"EDH-RSA-DES-CBC3-SHA"}
),
// Cipher 17
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5(
0x0017,
"EXP-ADH-RC4-MD5",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.RC4,
MessageDigest.MD5,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
128,
new String[] {"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},
null
),
// Cipher 18
TLS_DH_anon_WITH_RC4_128_MD5(
0x0018,
"ADH-RC4-MD5",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.RC4,
MessageDigest.MD5,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
new String[] {"SSL_DH_anon_WITH_RC4_128_MD5"},
null
),
// Cipher 19
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
0x0019,
"EXP-ADH-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
128,
new String[] {"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
null
),
// Cipher 1A
TLS_DH_anon_WITH_DES_CBC_SHA(
0x001A,
"ADH-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.LOW,
false,
56,
56,
new String[] {"SSL_DH_anon_WITH_DES_CBC_SHA"},
null
),
// Cipher 1B
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA(
0x001B,
"ADH-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
new String[] {"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},
null
),
/* Fortezza ciphersuite from SSL 3.0 spec
* Neither OpenSSL nor Java implement these ciphers and the IDs used
* overlap partially with the IDs used by the Kerberos ciphers
// Cipher 1C
SSL_FORTEZZA_DMS_WITH_NULL_SHA(
"FZA-NULL-SHA",
KeyExchange.FZA,
Authentication.FZA,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
false,
0,
0,
null,
null
),
// Cipher 1D
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA(
"FZA-FZA-CBC-SHA",
KeyExchange.FZA,
Authentication.FZA,
Encryption.FZA,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
false,
0,
0,
null,
null
),
// Cipher 1E - overlaps with Kerberos below
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA(
"FZA-RC4-SHA",
KeyExchange.FZA,
Authentication.FZA,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
*/
/* The Kerberos ciphers. OpenSSL doesn't support these. Java does but they
* are used for Kerberos authentication.
*/
// Cipher 1E - overlaps with Fortezza above
/*TLS_KRB5_WITH_DES_CBC_SHA(
"KRB5-DES-CBC-SHA",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.LOW,
false,
56,
56,
null,
null
),
// Cipher 1F
TLS_KRB5_WITH_3DES_EDE_CBC_SHA(
"KRB5-DES-CBC3-SHA",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
112,
168,
null,
null
),
// Cipher 20
TLS_KRB5_WITH_RC4_128_SHA(
"KRB5-RC4-SHA",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 21
TLS_KRB5_WITH_IDEA_CBC_SHA(
"KRB5-IDEA-CBC-SHA",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.IDEA,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 22
TLS_KRB5_WITH_DES_CBC_MD5(
"KRB5-DES-CBC-MD5",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.DES,
MessageDigest.MD5,
Protocol.SSLv3,
false,
EncryptionLevel.LOW,
false,
56,
56,
null,
null
),
// Cipher 23
TLS_KRB5_WITH_3DES_EDE_CBC_MD5(
"KRB5-DES-CBC3-MD5",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.TRIPLE_DES,
MessageDigest.MD5,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
112,
168,
null,
null
),
// Cipher 24
TLS_KRB5_WITH_RC4_128_MD5(
"KRB5-RC4-MD5",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC4,
MessageDigest.MD5,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 25
TLS_KRB5_WITH_IDEA_CBC_MD5(
"KRB5-IDEA-CBC-MD5",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.IDEA,
MessageDigest.MD5,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 26
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA(
"EXP-KRB5-DES-CBC-SHA",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.DES,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
56,
null,
null
),
// Cipher 27
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA(
"EXP-KRB5-RC2-CBC-SHA",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC2,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
128,
null,
null
),
// Cipher 28
TLS_KRB5_EXPORT_WITH_RC4_40_SHA(
"EXP-KRB5-RC4-SHA",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
128,
null,
null
),
// Cipher 29
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5(
"EXP-KRB5-DES-CBC-MD5",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.DES,
MessageDigest.MD5,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
56,
null,
null
),
// Cipher 2A
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5(
"EXP-KRB5-RC2-CBC-MD5",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC2,
MessageDigest.MD5,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
128,
null,
null
),
// Cipher 2B
TLS_KRB5_EXPORT_WITH_RC4_40_MD5(
"EXP-KRB5-RC4-MD5",
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC4,
MessageDigest.MD5,
Protocol.SSLv3,
true,
EncryptionLevel.EXP40,
false,
40,
128,
null,
null
),*/
/* PSK cipher suites from RFC 4785 */
// Cipher 2C
TLS_PSK_WITH_NULL_SHA(
0x002c,
"PSK-NULL-SHA",
KeyExchange.PSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher 2D
TLS_DHE_PSK_WITH_NULL_SHA(
0x002d,
"DHE-PSK-NULL-SHA",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher 2E
TLS_RSA_PSK_WITH_NULL_SHA(
0x002e,
"RSA-PSK-NULL-SHA",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
/* New AES ciphersuites */
// Cipher 2F
TLS_RSA_WITH_AES_128_CBC_SHA(
0x002f,
"AES128-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 30
TLS_DH_DSS_WITH_AES_128_CBC_SHA(
0x0030,
"DH-DSS-AES128-SHA",
KeyExchange.DHd,
Authentication.DH,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 31
TLS_DH_RSA_WITH_AES_128_CBC_SHA(
0x0031,
"DH-RSA-AES128-SHA",
KeyExchange.DHr,
Authentication.DH,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 32
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
0x0032,
"DHE-DSS-AES128-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 33
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
0x0033,
"DHE-RSA-AES128-SHA",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 34
TLS_DH_anon_WITH_AES_128_CBC_SHA(
0x0034,
"ADH-AES128-SHA",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 35
TLS_RSA_WITH_AES_256_CBC_SHA(
0x0035,
"AES256-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 36
TLS_DH_DSS_WITH_AES_256_CBC_SHA(
0x0036,
"DH-DSS-AES256-SHA",
KeyExchange.DHd,
Authentication.DH,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 37
TLS_DH_RSA_WITH_AES_256_CBC_SHA(
0x0037,
"DH-RSA-AES256-SHA",
KeyExchange.DHr,
Authentication.DH,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 38
TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
0x0038,
"DHE-DSS-AES256-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 39
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
0x0039,
"DHE-RSA-AES256-SHA",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 3A
TLS_DH_anon_WITH_AES_256_CBC_SHA(
0x003A,
"ADH-AES256-SHA",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
/* TLS v1.2 ciphersuites */
// Cipher 3B
TLS_RSA_WITH_NULL_SHA256(
0x003B,
"NULL-SHA256",
KeyExchange.RSA,
Authentication.RSA,
Encryption.eNULL,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher 3C
TLS_RSA_WITH_AES_128_CBC_SHA256(
0x003C,
"AES128-SHA256",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 3D
TLS_RSA_WITH_AES_256_CBC_SHA256(
0x003D,
"AES256-SHA256",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 3E
TLS_DH_DSS_WITH_AES_128_CBC_SHA256(
0x003E,
"DH-DSS-AES128-SHA256",
KeyExchange.DHd,
Authentication.DH,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 3F
TLS_DH_RSA_WITH_AES_128_CBC_SHA256(
0x003F,
"DH-RSA-AES128-SHA256",
KeyExchange.DHr,
Authentication.DH,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 40
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
0x0040,
"DHE-DSS-AES128-SHA256",
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
/* Camellia ciphersuites from RFC4132 (
128-bit portion) */
// Cipher 41
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(
0x0041,
"CAMELLIA128-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.CAMELLIA128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher 42
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA(
0x0042,
"DH-DSS-CAMELLIA128-SHA",
KeyExchange.DHd,
Authentication.DH,
Encryption.CAMELLIA128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher 43
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA(
0x0043,
"DH-RSA-CAMELLIA128-SHA",
KeyExchange.DHr,
Authentication.DH,
Encryption.CAMELLIA128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher 44
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA(
0x0044,
"DHE-DSS-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.CAMELLIA128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher 45
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(
0x0045,
"DHE-RSA-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.RSA,
Encryption.CAMELLIA128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher 46
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA(
0x0046,
"ADH-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.CAMELLIA128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
/* Experimental (and now expired) TLSv1 versions of SSLv3 ciphers.
* Unsupported by Java and OpenSSL 1.1.x onwards. Some earlier OpenSSL
* versions do support these. */
// Cipher 60
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5(
0x0060,
"EXP1024-RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
MessageDigest.MD5,
Protocol.TLSv1,
true,
EncryptionLevel.EXP56,
false,
56,
128,
new String[] {"SSL_RSA_EXPORT1024_WITH_RC4_56_MD5"},
null
),
// Cipher 61
TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5(
0x0061,
"EXP1024-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
MessageDigest.MD5,
Protocol.TLSv1,
true,
EncryptionLevel.EXP56,
false,
56,
128,
new String[] {"SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"},
null
),
// Cipher 62
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA(
0x0062,
"EXP1024-DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.DES,
MessageDigest.SHA1,
Protocol.TLSv1,
true,
EncryptionLevel.EXP56,
false,
56,
56,
new String[] {"SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"},
null
),
// Cipher 63
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA(
0x0063,
"EXP1024-DHE-DSS-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.DES,
MessageDigest.SHA1,
Protocol.TLSv1,
true,
EncryptionLevel.EXP56,
false,
56,
56,
new String[] {"SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"},
null
),
// Cipher 64
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA(
0x0064,
"EXP1024-RC4-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.TLSv1,
true,
EncryptionLevel.EXP56,
false,
56,
128,
new String[] {"SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"},
null
),
// Cipher 65
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA(
0x0065,
"EXP1024-DHE-DSS-RC4-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.TLSv1,
true,
EncryptionLevel.EXP56,
false,
56,
128,
new String[] {"SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"},
null
),
// Cipher 66
TLS_DHE_DSS_WITH_RC4_128_SHA(
0x0066,
"DHE-DSS-RC4-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
new String[] {"SSL_DHE_DSS_WITH_RC4_128_SHA"},
null
),
/* TLS v1.2 ciphersuites */
// Cipher 67
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
0x0067,
"DHE-RSA-AES128-SHA256",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 68
TLS_DH_DSS_WITH_AES_256_CBC_SHA256(
0x0068,
"DH-DSS-AES256-SHA256",
KeyExchange.DHd,
Authentication.DH,
Encryption.AES256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 69
TLS_DH_RSA_WITH_AES_256_CBC_SHA256(
0x0069,
"DH-RSA-AES256-SHA256",
KeyExchange.DHr,
Authentication.DH,
Encryption.AES256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 6A
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
0x006A,
"DHE-DSS-AES256-SHA256",
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 6B
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
0x006B,
"DHE-RSA-AES256-SHA256",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 6C
TLS_DH_anon_WITH_AES_128_CBC_SHA256(
0x006C,
"ADH-AES128-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 6D
TLS_DH_anon_WITH_AES_256_CBC_SHA256(
0x006D,
"ADH-AES256-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
/* GOST Ciphersuites. Unsupported by Java. OpenSSl lists them with IDs
* 0x3000080 to 0x3000083 */
/*
// Cipher 80
TLS_GOSTR341094_WITH_28147_CNT_IMIT(
"GOST94-GOST89-GOST89",
KeyExchange.GOST,
Authentication.GOST94,
Encryption.eGOST2814789CNT,
MessageDigest.GOST89MAC,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 81
TLS_GOSTR341001_WITH_28147_CNT_IMIT(
"GOST2001-GOST89-GOST89",
KeyExchange.GOST,
Authentication.GOST01,
Encryption.eGOST2814789CNT,
MessageDigest.GOST89MAC,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 82
TLS_GOSTR341094_WITH_NULL_GOSTR3411(
"GOST94-NULL-GOST94",
KeyExchange.GOST,
Authentication.GOST94,
Encryption.eNULL,
MessageDigest.GOST94,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
false,
0,
0,
null,
null
),
// Cipher 83
TLS_GOSTR341001_WITH_NULL_GOSTR3411(
"GOST2001-NULL-GOST94",
KeyExchange.GOST,
Authentication.GOST01,
Encryption.eNULL,
MessageDigest.GOST94,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
false,
0,
0,
null,
null
),*/
/* Camellia ciphersuites from RFC4132 (
256-bit portion) */
// Cipher 84
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(
0x0084,
"CAMELLIA256-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.CAMELLIA256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 85
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA(
0x0085,
"DH-DSS-CAMELLIA256-SHA",
KeyExchange.DHd,
Authentication.DH,
Encryption.CAMELLIA256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 86
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA(
0x0086,
"DH-RSA-CAMELLIA256-SHA",
KeyExchange.DHr,
Authentication.DH,
Encryption.CAMELLIA256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 87
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA(
0x0087,
"DHE-DSS-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.CAMELLIA256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 88
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(
0x0088,
"DHE-RSA-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.RSA,
Encryption.CAMELLIA256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 89
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA(
0x0089,
"ADH-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.CAMELLIA256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 8A
TLS_PSK_WITH_RC4_128_SHA(
0x008A,
"PSK-RC4-SHA",
KeyExchange.PSK,
Authentication.PSK,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 8B
TLS_PSK_WITH_3DES_EDE_CBC_SHA(
0x008B,
"PSK-3DES-EDE-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher 8C
TLS_PSK_WITH_AES_128_CBC_SHA(
0x008C,
"PSK-AES128-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 8D
TLS_PSK_WITH_AES_256_CBC_SHA(
0x008D,
"PSK-AES256-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 8E
TLS_DHE_PSK_WITH_RC4_128_SHA(
0x008E,
"DHE-PSK-RC4-SHA",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 8F
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA(
0x008F,
"DHE-PSK-3DES-EDE-CBC-SHA",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher 90
TLS_DHE_PSK_WITH_AES_128_CBC_SHA(
0x0090,
"DHE-PSK-AES128-CBC-SHA",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 91
TLS_DHE_PSK_WITH_AES_256_CBC_SHA(
0x0091,
"DHE-PSK-AES256-CBC-SHA",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 92
TLS_RSA_PSK_WITH_RC4_128_SHA(
0x0092,
"RSA-PSK-RC4-SHA",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 93
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA(
0x0093,
"RSA-PSK-3DES-EDE-CBC-SHA",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher 94
TLS_RSA_PSK_WITH_AES_128_CBC_SHA(
0x0094,
"RSA-PSK-AES128-CBC-SHA",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 95
TLS_RSA_PSK_WITH_AES_256_CBC_SHA(
0x0095,
"RSA-PSK-AES256-CBC-SHA",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
/* SEED ciphersuites from RFC4162 */
// Cipher 96
TLS_RSA_WITH_SEED_CBC_SHA(
0x0096,
"SEED-SHA",
KeyExchange.RSA,
Authentication.RSA,
Encryption.SEED,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 97
TLS_DH_DSS_WITH_SEED_CBC_SHA(
0x0097,
"DH-DSS-SEED-SHA",
KeyExchange.DHd,
Authentication.DH,
Encryption.SEED,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 98
TLS_DH_RSA_WITH_SEED_CBC_SHA(
0x0098,
"DH-RSA-SEED-SHA",
KeyExchange.DHr,
Authentication.DH,
Encryption.SEED,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 99
TLS_DHE_DSS_WITH_SEED_CBC_SHA(
0x0099,
"DHE-DSS-SEED-SHA",
KeyExchange.EDH,
Authentication.DSS,
Encryption.SEED,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 9A
TLS_DHE_RSA_WITH_SEED_CBC_SHA(
0x009A,
"DHE-RSA-SEED-SHA",
KeyExchange.EDH,
Authentication.RSA,
Encryption.SEED,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 9B
TLS_DH_anon_WITH_SEED_CBC_SHA(
0x009B,
"ADH-SEED-SHA",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.SEED,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
/* GCM ciphersuites from RFC5288 */
// Cipher 9C
TLS_RSA_WITH_AES_128_GCM_SHA256(
0x009C,
"AES128-GCM-SHA256",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 9D
TLS_RSA_WITH_AES_256_GCM_SHA384(
0x009D,
"AES256-GCM-SHA384",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher 9E
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
0x009E,
"DHE-RSA-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher 9F
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
0x009F,
"DHE-RSA-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher A0
TLS_DH_RSA_WITH_AES_128_GCM_SHA256(
0x00A0,
"DH-RSA-AES128-GCM-SHA256",
KeyExchange.DHr,
Authentication.DH,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher A1
TLS_DH_RSA_WITH_AES_256_GCM_SHA384(
0x00A1,
"DH-RSA-AES256-GCM-SHA384",
KeyExchange.DHr,
Authentication.DH,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher A2
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
0x00A2,
"DHE-DSS-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher A3
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
0x00A3,
"DHE-DSS-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher A4
TLS_DH_DSS_WITH_AES_128_GCM_SHA256(
0x00A4,
"DH-DSS-AES128-GCM-SHA256",
KeyExchange.DHd,
Authentication.DH,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher A5
TLS_DH_DSS_WITH_AES_256_GCM_SHA384(
0x00A5,
"DH-DSS-AES256-GCM-SHA384",
KeyExchange.DHd,
Authentication.DH,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher A6
TLS_DH_anon_WITH_AES_128_GCM_SHA256(
0x00A6,
"ADH-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher A7
TLS_DH_anon_WITH_AES_256_GCM_SHA384(
0x00A7,
"ADH-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher A8
TLS_PSK_WITH_AES_128_GCM_SHA256(
0x00A8,
"PSK-AES128-GCM-SHA256",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher A9
TLS_PSK_WITH_AES_256_GCM_SHA384(
0x00A9,
"PSK-AES256-GCM-SHA384",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher AA
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256(
0x00AA,
"DHE-PSK-AES128-GCM-SHA256",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher AB
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384(
0x00AB,
"DHE-PSK-AES256-GCM-SHA384",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher AC
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256(
0x00AC,
"RSA-PSK-AES128-GCM-SHA256",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher AD
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384(
0x00AD,
"RSA-PSK-AES256-GCM-SHA384",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher AE
TLS_PSK_WITH_AES_128_CBC_SHA256 (
0x00AE,
"PSK-AES128-CBC-SHA256",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher AF
TLS_PSK_WITH_AES_256_CBC_SHA384 (
0x00AF,
"PSK-AES256-CBC-SHA384",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES256,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher B0
TLS_PSK_WITH_NULL_SHA256 (
0x00B0,
"PSK-NULL-SHA256",
KeyExchange.PSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher B1
TLS_PSK_WITH_NULL_SHA384 (
0x00B1,
"PSK-NULL-SHA384",
KeyExchange.PSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher B2
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256(
0x00B2,
"DHE-PSK-AES128-CBC-SHA256",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher B3
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384(
0x00B3,
"DHE-PSK-AES256-CBC-SHA384",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES256,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher B4
TLS_DHE_PSK_WITH_NULL_SHA256 (
0x00B4,
"DHE-PSK-NULL-SHA256",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher B5
TLS_DHE_PSK_WITH_NULL_SHA384 (
0x00B5,
"DHE-PSK-NULL-SHA384",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher B6
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256(
0x00B6,
"RSA-PSK-AES128-CBC-SHA256",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher B7
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384(
0x00B7,
"RSA-PSK-AES256-CBC-SHA384",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher B8
TLS_RSA_PSK_WITH_NULL_SHA256 (
0x00B8,
"RSA-PSK-NULL-SHA256",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.eNULL,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher B9
TLS_RSA_PSK_WITH_NULL_SHA384 (
0x00B9,
"RSA-PSK-NULL-SHA384",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.eNULL,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher BA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256(
0x00BA,
"CAMELLIA128-SHA256",
KeyExchange.RSA,
Authentication.RSA,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher BB
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256(
0x00BB,
"DH-DSS-CAMELLIA128-SHA256",
KeyExchange.DHd,
Authentication.DH,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher BC
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256(
0x00BC,
"DH-RSA-CAMELLIA128-SHA256",
KeyExchange.DHr,
Authentication.DH,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher BD
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256(
0x00BD,
"DHE-DSS-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.DSS,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher BE
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(
0x00BE,
"DHE-RSA-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.RSA,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher BF
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256(
0x00BF,
"ADH-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256(
0x00C0,
"CAMELLIA256-SHA256",
KeyExchange.RSA,
Authentication.RSA,
Encryption.CAMELLIA256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C1
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256(
0x00C1,
"DH-DSS-CAMELLIA256-SHA256",
KeyExchange.DHd,
Authentication.DH,
Encryption.CAMELLIA256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C2
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256(
0x00C2,
"DH-RSA-CAMELLIA256-SHA256",
KeyExchange.DHr,
Authentication.DH,
Encryption.CAMELLIA256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C3
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256(
0x00C3,
"DHE-DSS-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.DSS,
Encryption.CAMELLIA256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C4
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256(
0x00C4,
"DHE-RSA-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.RSA,
Encryption.CAMELLIA256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C5
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256(
0x00C5,
"ADH-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
Encryption.CAMELLIA256,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
/* Cipher 0x00FF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
* Cipher 0x5600 TLS_FALLBACK_SCSV
*
* No other ciphers defined until 0xC001 below
*/
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (
Mar 15, 2001) */
// Cipher C001
TLS_ECDH_ECDSA_WITH_NULL_SHA(
0xC001,
"ECDH-ECDSA-NULL-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher C002
TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
0xC002,
"ECDH-ECDSA-RC4-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher C003
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
0xC003,
"ECDH-ECDSA-DES-CBC3-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher C004
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
0xC004,
"ECDH-ECDSA-AES128-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C005
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
0xC005,
"ECDH-ECDSA-AES256-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C006
TLS_ECDHE_ECDSA_WITH_NULL_SHA(
0xC006,
"ECDHE-ECDSA-NULL-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher C007
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
0xC007,
"ECDHE-ECDSA-RC4-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher C008
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
0xC008,
"ECDHE-ECDSA-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher C009
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
0xC009,
"ECDHE-ECDSA-AES128-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C00A
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
0xC00A,
"ECDHE-ECDSA-AES256-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C00B
TLS_ECDH_RSA_WITH_NULL_SHA(
0xC00B,
"ECDH-RSA-NULL-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher C00C
TLS_ECDH_RSA_WITH_RC4_128_SHA(
0xC00C,
"ECDH-RSA-RC4-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher C00D
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
0xC00D,
"ECDH-RSA-DES-CBC3-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher C00E
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
0xC00E,
"ECDH-RSA-AES128-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C00F
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
0xC00F,
"ECDH-RSA-AES256-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C010
TLS_ECDHE_RSA_WITH_NULL_SHA(
0xC010,
"ECDHE-RSA-NULL-SHA",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher C011
TLS_ECDHE_RSA_WITH_RC4_128_SHA(
0xC011,
"ECDHE-RSA-RC4-SHA",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher C012
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
0xC012,
"ECDHE-RSA-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher C013
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
0xC013,
"ECDHE-RSA-AES128-SHA",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C014
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
0xC014,
"ECDHE-RSA-AES256-SHA",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C015
TLS_ECDH_anon_WITH_NULL_SHA(
0xC015,
"AECDH-NULL-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
// Cipher C016
TLS_ECDH_anon_WITH_RC4_128_SHA(
0xC016,
"AECDH-RC4-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher C017
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
0xC017,
"AECDH-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher C018
TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
0xC018,
"AECDH-AES128-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C019
TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
0xC019,
"AECDH-AES256-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
/* SRP ciphersuite from RFC 5054 */
// Cipher C01A
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA(
0xC01A,
"SRP-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
112,
168,
null,
null
),
// Cipher C01B
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA(
0xC01B,
"SRP-RSA-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
112,
168,
null,
null
),
// Cipher C01C
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA(
0xC01C,
"SRP-DSS-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.MEDIUM,
false,
112,
168,
null,
null
),
// Cipher C01D
TLS_SRP_SHA_WITH_AES_128_CBC_SHA(
0xC01D,
"SRP-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C01E
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA(
0xC01E,
"SRP-RSA-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C01F
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA(
0xC01F,
"SRP-DSS-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C020
TLS_SRP_SHA_WITH_AES_256_CBC_SHA(
0xC020,
"SRP-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C021
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA(
0xC021,
"SRP-RSA-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C022
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA(
0xC022,
"SRP-DSS-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.SSLv3,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
// Cipher C023
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
0xC023,
"ECDHE-ECDSA-AES128-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C024
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
0xC024,
"ECDHE-ECDSA-AES256-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES256,
MessageDigest.SHA384,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C025
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
0xC025,
"ECDH-ECDSA-AES128-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C026
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
0xC026,
"ECDH-ECDSA-AES256-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES256,
MessageDigest.SHA384,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C027
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
0xC027,
"ECDHE-RSA-AES128-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C028
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
0xC028,
"ECDHE-RSA-AES256-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES256,
MessageDigest.SHA384,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C029
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
0xC029,
"ECDH-RSA-AES128-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C02A
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
0xC02A,
"ECDH-RSA-AES256-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES256,
MessageDigest.SHA384,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
// Cipher C02B
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
0xC02B,
"ECDHE-ECDSA-AES128-GCM-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C02C
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
0xC02C,
"ECDHE-ECDSA-AES256-GCM-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C02D
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
0xC02D,
"ECDH-ECDSA-AES128-GCM-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C02E
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
0xC02E,
"ECDH-ECDSA-AES256-GCM-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C02F
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
0xC02F,
"ECDHE-RSA-AES128-GCM-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C030
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
0xC030,
"ECDHE-RSA-AES256-GCM-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C031
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
0xC031,
"ECDH-RSA-AES128-GCM-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES128GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C032
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
0xC032,
"ECDH-RSA-AES256-GCM-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES256GCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C033
TLS_ECDHE_PSK_WITH_RC4_128_SHA(
0xC033,
"ECDHE-PSK-RC4-SHA",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.RC4,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher C034
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA(
0xC034,
"ECDHE-PSK-3DES-EDE-CBC-SHA",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.TRIPLE_DES,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.MEDIUM,
true,
112,
168,
null,
null
),
// Cipher C035
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA(
0xC035,
"ECDHE-PSK-AES128-CBC-SHA",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.AES128,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C036
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA(
0xC036,
"ECDHE-PSK-AES256-CBC-SHA",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.AES256,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256(
0xC037,
"ECDHE-PSK-AES128-CBC-SHA256",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.AES128,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384(
0xC038,
"ECDHE-PSK-AES256-CBC-SHA384",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.AES256,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
TLS_ECDHE_PSK_WITH_NULL_SHA(
0xC039,
"ECDHE-PSK-NULL-SHA",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA1,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
TLS_ECDHE_PSK_WITH_NULL_SHA256(
0xC03A,
"ECDHE-PSK-NULL-SHA256",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
TLS_ECDHE_PSK_WITH_NULL_SHA384(
0xC03B,
"ECDHE-PSK-NULL-SHA384",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.eNULL,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.STRONG_NONE,
true,
0,
0,
null,
null
),
/* ARIA ciphers 0xC03C to 0xC071
* Unsupported by both Java and OpenSSL
*/
// Cipher C072
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(
0xC072,
"ECDHE-ECDSA-CAMELLIA128-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C073
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(
0xC073,
"ECDHE-ECDSA-CAMELLIA256-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.CAMELLIA256,
MessageDigest.SHA384,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C074
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(
0xC074,
"ECDH-ECDSA-CAMELLIA128-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C075
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(
0xC075,
"ECDH-ECDSA-CAMELLIA256-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.CAMELLIA256,
MessageDigest.SHA384,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C076
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(
0xC076,
"ECDHE-RSA-CAMELLIA128-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C077
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384(
0xC077,
"ECDHE-RSA-CAMELLIA256-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.CAMELLIA256,
MessageDigest.SHA384,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C078
TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256(
0xC078,
"ECDH-RSA-CAMELLIA128-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
128,
128,
null,
null
),
// Cipher C079
TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384(
0xC079,
"ECDH-RSA-CAMELLIA256-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.CAMELLIA256,
MessageDigest.SHA384,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
true,
256,
256,
null,
null
),
// Cipher C094
TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256(
0xC094,
"PSK-CAMELLIA128-SHA256",
KeyExchange.PSK,
Authentication.PSK,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C095
TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384(
0xC095,
"PSK-CAMELLIA256-SHA384",
KeyExchange.PSK,
Authentication.PSK,
Encryption.CAMELLIA256,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C096
TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256(
0xC096,
"DHE-PSK-CAMELLIA128-SHA256",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C097
TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384(
0xC097,
"DHE-PSK-CAMELLIA256-SHA384",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.CAMELLIA256,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C098
TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256(
0xC098,
"RSA-PSK-CAMELLIA128-SHA256",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C099
TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384(
0xC099,
"RSA-PSK-CAMELLIA256-SHA384",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.CAMELLIA256,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C09A
TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256(
0xC09A,
"ECDHE-PSK-CAMELLIA128-SHA256",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.CAMELLIA128,
MessageDigest.SHA256,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C09B
TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384(
0xC09B,
"ECDHE-PSK-CAMELLIA256-SHA384",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.CAMELLIA256,
MessageDigest.SHA384,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// CCM ciphersuites from RFC6655
// Cipher C09C
TLS_RSA_WITH_AES_128_CCM(
0xC09C,
"AES128-CCM",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES128CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C09D
TLS_RSA_WITH_AES_256_CCM(
0xC09D,
"AES256-CCM",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES256CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C09E
TLS_DHE_RSA_WITH_AES_128_CCM(
0xC09E,
"DHE-RSA-AES128-CCM",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES128CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C09F
TLS_DHE_RSA_WITH_AES_256_CCM(
0xC09F,
"DHE-RSA-AES256-CCM",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES256CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C0A0
TLS_RSA_WITH_AES_128_CCM_8(
0xC0A0,
"AES128-CCM8",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES128CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0A1
TLS_RSA_WITH_AES_256_CCM_8(
0xC0A1,
"AES256-CCM8",
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES256CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C0A2
TLS_DHE_RSA_WITH_AES_128_CCM_8(
0xC0A2,
"DHE-RSA-AES128-CCM8",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES128CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0A3
TLS_DHE_RSA_WITH_AES_256_CCM_8(
0xC0A3,
"DHE-RSA-AES256-CCM8",
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES256CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C0A4
TLS_PSK_WITH_AES_128_CCM(
0xC0A4,
"PSK-AES128-CCM",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES128CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0A5
TLS_PSK_WITH_AES_256_CCM(
0xC0A5,
"PSK-AES256-CCM",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES256CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C0A6
TLS_DHE_PSK_WITH_AES_128_CCM(
0xC0A6,
"DHE-PSK-AES128-CCM",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES128CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0A7
TLS_DHE_PSK_WITH_AES_256_CCM(
0xC0A7,
"DHE-PSK-AES256-CCM",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES256CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C0A8
TLS_PSK_WITH_AES_128_CCM_8(
0xC0A8,
"PSK-AES128-CCM8",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES128CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0A9
TLS_PSK_WITH_AES_256_CCM_8(
0xC0A9,
"PSK-AES256-CCM8",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES256CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C0AA
TLS_PSK_DHE_WITH_AES_128_CCM_8(
0xC0AA,
"DHE-PSK-AES128-CCM8",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES128CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0AB
TLS_PSK_DHE_WITH_AES_256_CCM_8(
0xC0AB,
"DHE-PSK-AES256-CCM8",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.AES256CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// CCM ciphersuites from RFC7251
// Cipher C0AC
TLS_ECDHE_ECDSA_WITH_AES_128_CCM(
0xC0AC,
"ECDHE-ECDSA-AES128-CCM",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES128CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0AD
TLS_ECDHE_ECDSA_WITH_AES_256_CCM(
0xC0AD,
"ECDHE-ECDSA-AES256-CCM",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES256CCM,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher C0AE
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8(
0xC0AE,
"ECDHE-ECDSA-AES128-CCM8",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES128CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
128,
128,
null,
null
),
// Cipher C0AF
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8(
0xC0AF,
"ECDHE-ECDSA-AES256-CCM8",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES256CCM8,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Draft: https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
0xCCA8,
"ECDHE-RSA-CHACHA20-POLY1305",
KeyExchange.EECDH,
Authentication.RSA,
Encryption.CHACHA20POLY1305,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(
0xCCA9,
"ECDHE-ECDSA-CHACHA20-POLY1305",
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.CHACHA20POLY1305,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
0xCCAA,
"DHE-RSA-CHACHA20-POLY1305",
KeyExchange.EDH,
Authentication.RSA,
Encryption.CHACHA20POLY1305,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
TLS_PSK_WITH_CHACHA20_POLY1305_SHA256(
0xCCAB,
"PSK-CHACHA20-POLY1305",
KeyExchange.PSK,
Authentication.PSK,
Encryption.CHACHA20POLY1305,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256(
0xCCAC,
"ECDHE-PSK-CHACHA20-POLY1305",
KeyExchange.ECDHEPSK,
Authentication.PSK,
Encryption.CHACHA20POLY1305,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256(
0xCCAD,
"DHE-PSK-CHACHA20-POLY1305",
KeyExchange.DHEPSK,
Authentication.PSK,
Encryption.CHACHA20POLY1305,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256(
0xCCAE,
"RSA-PSK-CHACHA20-POLY1305",
KeyExchange.RSAPSK,
Authentication.RSA,
Encryption.CHACHA20POLY1305,
MessageDigest.AEAD,
Protocol.TLSv1_2,
false,
EncryptionLevel.HIGH,
false,
256,
256,
null,
null
),
// Cipher 0x010080 (SSLv2)
// RC4_128_WITH_MD5
SSL_CK_RC4_128_WITH_MD5(
-1,
"RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
MessageDigest.MD5,
Protocol.SSLv2,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 0x020080 (SSLv2)
SSL2_RC4_128_EXPORT40_WITH_MD5(
-1,
"EXP-RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
MessageDigest.MD5,
Protocol.SSLv2,
true,
EncryptionLevel.EXP40,
false,
40,
128,
new String[] {"SSL_RC4_128_EXPORT40_WITH_MD5"},
null
),
// Cipher 0x030080 (SSLv2)
// RC2_128_CBC_WITH_MD5
SSL_CK_RC2_128_CBC_WITH_MD5(
-1,
"RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
MessageDigest.MD5,
Protocol.SSLv2,
false,
EncryptionLevel.MEDIUM,
false,
128,
128,
null,
null
),
// Cipher 0x040080 (SSLv2)
// RC2_128_CBC_EXPORT40_WITH_MD5
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5(
-1,
"EXP-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
MessageDigest.MD5,
Protocol.SSLv2,
true,
EncryptionLevel.EXP40,
false,
40,
128,
null,
null
),
// Cipher 0x050080 (SSLv2)
// IDEA_128_CBC_WITH_MD5
SSL2_IDEA_128_CBC_WITH_MD5(
-1,
"IDEA-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.IDEA,
MessageDigest.MD5,
Protocol.SSLv2,
false, EncryptionLevel.MEDIUM,
false,
128,
128,
new String[] {"SSL_CK_IDEA_128_CBC_WITH_MD5"},
null
),
// Cipher 0x060040 (SSLv2)
// DES_64_CBC_WITH_MD5
SSL2_DES_64_CBC_WITH_MD5(
-1,
"DES-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.DES,
MessageDigest.MD5,
Protocol.SSLv2,
false,
EncryptionLevel.LOW,
false,
56,
56,
new String[] {"SSL_CK_DES_64_CBC_WITH_MD5"},
null
),
// Cipher 0x0700C0 (SSLv2)
// DES_192_EDE3_CBC_WITH_MD5
SSL2_DES_192_EDE3_CBC_WITH_MD5(
-1,
"DES-CBC3-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.TRIPLE_DES,
MessageDigest.MD5,
Protocol.SSLv2,
false,
EncryptionLevel.MEDIUM,
false,
112,
168,
new String[] {"SSL_CK_DES_192_EDE3_CBC_WITH_MD5"},
null
);
/* TEMP_GOST_TLS*/
/*
// Cipher FF00
TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5(
"GOST-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.eGOST2814789CNT,
MessageDigest.MD5,
Protocol.TLSv1,
false,
EncryptionLevel.HIGH,
false,
256,
256
),
TLS_RSA_WITH_28147_CNT_GOST94(
"GOST-GOST94",
KeyExchange.RSA,
Authentication.RSA,
Encryption.eGOST2814789CNT,
MessageDigest.GOST94,
Protocol.TLSv1,
false, EncryptionLevel.HIGH,false,
256,
256
),
{
1,
"GOST-GOST89MAC",
0x0300ff02,
KeyExchange.RSA,
Authentication.RSA,
Encryption.eGOST2814789CNT,
MessageDigest.GOST89MAC,
Protocol.TLSv1,
false, EncryptionLevel.HIGH,false,
256,
256
),
{
1,
"GOST-GOST89STREAM",
0x0300ff03,
KeyExchange.RSA,
Authentication.RSA,
Encryption.eGOST2814789CNT,
MessageDigest.GOST89MAC,
Protocol.TLSv1,
false, EncryptionLevel.HIGH,false,
256,
256
},*/
private final int id;
private final String openSSLAlias;
private final Set<String> openSSLAltNames;
private final Set<String> jsseNames;
private final KeyExchange kx;
private final Authentication au;
private final Encryption enc;
private final MessageDigest mac;
private final Protocol protocol;
private final boolean export;
private final EncryptionLevel level;
private final boolean fipsCompatible;
/**
* Number of bits really used
*/
private final int strength_bits;
/**
* Number of bits for algorithm
*/
private final int alg_bits;
private Cipher(int id, String openSSLAlias, KeyExchange kx, Authentication au, Encryption enc,
MessageDigest mac, Protocol protocol, boolean export, EncryptionLevel level,
boolean fipsCompatible, int strength_bits, int alg_bits, String[] jsseAltNames,
String[] openSSlAltNames) {
this.id = id;
this.openSSLAlias = openSSLAlias;
if (openSSlAltNames != null && openSSlAltNames.length != 0) {
Set<String> altNames = new HashSet<>();
altNames.addAll(Arrays.asList(openSSlAltNames));
this.openSSLAltNames = Collections.unmodifiableSet(altNames);
} else {
this.openSSLAltNames = Collections.emptySet();
}
Set<String> jsseNames = new LinkedHashSet<>();
if (jsseAltNames != null && jsseAltNames.length != 0) {
jsseNames.addAll(Arrays.asList(jsseAltNames));
}
jsseNames.add(name());
this.jsseNames = Collections.unmodifiableSet(jsseNames);
this.kx = kx;
this.au = au;
this.enc = enc;
this.mac = mac;
this.protocol = protocol;
this.export = export;
this.level = level;
this.fipsCompatible = fipsCompatible;
this.strength_bits = strength_bits;
this.alg_bits = alg_bits;
}
public int getId() {
return id;
}
public String getOpenSSLAlias() {
return openSSLAlias;
}
public Set<String> getOpenSSLAltNames() {
return openSSLAltNames;
}
public Set<String> getJsseNames() {
return jsseNames;
}
public KeyExchange getKx() {
return kx;
}
public Authentication getAu() {
return au;
}
public Encryption getEnc() {
return enc;
}
public MessageDigest getMac() {
return mac;
}
public Protocol getProtocol() {
return protocol;
}
public boolean isExport() {
return export;
}
public EncryptionLevel getLevel() {
return level;
}
public boolean isFipsCompatible() {
return fipsCompatible;
}
public int getStrength_bits() {
return strength_bits;
}
public int getAlg_bits() {
return alg_bits;
}
private static final Map<Integer,Cipher> idMap = new HashMap<>();
static {
for (Cipher cipher : Cipher.values()) {
int id = cipher.getId();
if (id > 0 && id < 0xFFFF) {
idMap.put(Integer.valueOf(id), cipher);
}
}
}
public static Cipher valueOf(int cipherId) {
return idMap.get(Integer.valueOf(cipherId));
}
}