CipherSuite.java revision 12886:9c12c03654a4
1/* 2 * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 27package sun.security.ssl; 28 29import java.util.*; 30 31import java.security.NoSuchAlgorithmException; 32import java.security.InvalidKeyException; 33import java.security.SecureRandom; 34import java.security.KeyManagementException; 35 36import javax.crypto.Cipher; 37import javax.crypto.SecretKey; 38import javax.crypto.spec.IvParameterSpec; 39import javax.crypto.spec.SecretKeySpec; 40 41import static sun.security.ssl.CipherSuite.KeyExchange.*; 42import static sun.security.ssl.CipherSuite.PRF.*; 43import static sun.security.ssl.CipherSuite.CipherType.*; 44import static sun.security.ssl.CipherSuite.MacAlg.*; 45import static sun.security.ssl.CipherSuite.BulkCipher.*; 46import static sun.security.ssl.JsseJce.*; 47 48/** 49 * An SSL/TLS CipherSuite. Constants for the standard key exchange, cipher, 50 * and mac algorithms are also defined in this class. 51 * 52 * The CipherSuite class and the inner classes defined in this file roughly 53 * follow the type safe enum pattern described in Effective Java. This means: 54 * 55 * . instances are immutable, classes are final 56 * 57 * . there is a unique instance of every value, i.e. there are never two 58 * instances representing the same CipherSuite, etc. This means equality 59 * tests can be performed using == instead of equals() (although that works 60 * as well). [A minor exception are *unsupported* CipherSuites read from a 61 * handshake message, but this is usually irrelevant] 62 * 63 * . instances are obtained using the static valueOf() factory methods. 64 * 65 * . properties are defined as final variables and made available as 66 * package private variables without method accessors 67 * 68 * . if the member variable allowed is false, the given algorithm is either 69 * unavailable or disabled at compile time 70 * 71 */ 72final class CipherSuite implements Comparable<CipherSuite> { 73 74 // minimum priority for supported CipherSuites 75 static final int SUPPORTED_SUITES_PRIORITY = 1; 76 77 // minimum priority for default enabled CipherSuites 78 static final int DEFAULT_SUITES_PRIORITY = 300; 79 80 // Flag indicating if CipherSuite availability can change dynamically. 81 // This is the case when we rely on a JCE cipher implementation that 82 // may not be available in the installed JCE providers. 83 // It is true because we might not have an ECC implementation. 84 static final boolean DYNAMIC_AVAILABILITY = true; 85 86 private static final boolean ALLOW_ECC = Debug.getBooleanProperty 87 ("com.sun.net.ssl.enableECC", true); 88 89 // Map Integer(id) -> CipherSuite 90 // contains all known CipherSuites 91 private static final Map<Integer,CipherSuite> idMap; 92 93 // Map String(name) -> CipherSuite 94 // contains only supported CipherSuites (i.e. allowed == true) 95 private static final Map<String,CipherSuite> nameMap; 96 97 // Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5 98 // we use TLS_* only for new CipherSuites, still SSL_* for old ones 99 final String name; 100 101 // id in 16 bit MSB format, i.e. 0x0004 for SSL_RSA_WITH_RC4_128_MD5 102 final int id; 103 104 // priority for the internal default preference order. the higher the 105 // better. Each supported CipherSuite *must* have a unique priority. 106 // Ciphersuites with priority >= DEFAULT_SUITES_PRIORITY are enabled 107 // by default 108 final int priority; 109 110 // key exchange, bulk cipher, mac and prf algorithms. See those 111 // classes below. 112 final KeyExchange keyExchange; 113 final BulkCipher cipher; 114 final MacAlg macAlg; 115 final PRF prfAlg; 116 117 // whether a CipherSuite qualifies as exportable under 512/40 bit rules. 118 // TLS 1.1+ (RFC 4346) must not negotiate to these suites. 119 final boolean exportable; 120 121 // true iff implemented and enabled at compile time 122 final boolean allowed; 123 124 // obsoleted since protocol version 125 // 126 // TLS version is used. If checking DTLS versions, please map to 127 // TLS version firstly. See ProtocolVersion.mapToTLSProtocol(). 128 final int obsoleted; 129 130 // supported since protocol version (TLS version is used) 131 // 132 // TLS version is used. If checking DTLS versions, please map to 133 // TLS version firstly. See ProtocolVersion.mapToTLSProtocol(). 134 final int supported; 135 136 /** 137 * Constructor for implemented CipherSuites. 138 */ 139 private CipherSuite(String name, int id, int priority, 140 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 141 boolean allowed, int obsoleted, int supported, PRF prfAlg) { 142 this.name = name; 143 this.id = id; 144 this.priority = priority; 145 this.keyExchange = keyExchange; 146 this.cipher = cipher; 147 this.macAlg = mac; 148 this.exportable = cipher.exportable; 149 allowed &= keyExchange.allowed; 150 allowed &= cipher.allowed; 151 this.allowed = allowed; 152 this.obsoleted = obsoleted; 153 this.supported = supported; 154 this.prfAlg = prfAlg; 155 } 156 157 /** 158 * Constructor for unimplemented CipherSuites. 159 */ 160 private CipherSuite(String name, int id) { 161 this.name = name; 162 this.id = id; 163 this.allowed = false; 164 165 this.priority = 0; 166 this.keyExchange = null; 167 this.cipher = null; 168 this.macAlg = null; 169 this.exportable = false; 170 this.obsoleted = ProtocolVersion.LIMIT_MAX_VALUE; 171 this.supported = ProtocolVersion.LIMIT_MIN_VALUE; 172 this.prfAlg = P_NONE; 173 } 174 175 /** 176 * Return whether this CipherSuite is available for use. A 177 * CipherSuite may be unavailable even if it is supported 178 * (i.e. allowed == true) if the required JCE cipher is not installed. 179 * In some configuration, this situation may change over time, call 180 * CipherSuiteList.clearAvailableCache() before this method to obtain 181 * the most current status. 182 */ 183 boolean isAvailable() { 184 return allowed && keyExchange.isAvailable() && cipher.isAvailable(); 185 } 186 187 boolean isNegotiable() { 188 return this != C_SCSV && isAvailable(); 189 } 190 191 // See also CipherBox.calculatePacketSize(). 192 int calculatePacketSize(int fragmentSize, 193 ProtocolVersion protocolVersion, boolean isDTLS) { 194 195 int packetSize = fragmentSize; 196 if (cipher != B_NULL) { 197 int blockSize = cipher.ivSize; 198 switch (cipher.cipherType) { 199 case BLOCK_CIPHER: 200 packetSize += macAlg.size; 201 packetSize += 1; // 1 byte padding length field 202 packetSize += // use the minimal padding 203 (blockSize - (packetSize % blockSize)) % blockSize; 204 if (protocolVersion.useTLS11PlusSpec()) { 205 packetSize += blockSize; // explicit IV 206 } 207 208 break; 209 case AEAD_CIPHER: 210 packetSize += cipher.ivSize - cipher.fixedIvSize; // record IV 211 packetSize += cipher.tagSize; 212 213 break; 214 default: // NULL_CIPHER or STREAM_CIPHER 215 packetSize += macAlg.size; 216 } 217 } 218 219 return packetSize + 220 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 221 } 222 223 // See also CipherBox.calculateFragmentSize(). 224 int calculateFragSize(int packetLimit, 225 ProtocolVersion protocolVersion, boolean isDTLS) { 226 227 int fragSize = packetLimit - 228 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 229 if (cipher != B_NULL) { 230 int blockSize = cipher.ivSize; 231 switch (cipher.cipherType) { 232 case BLOCK_CIPHER: 233 if (protocolVersion.useTLS11PlusSpec()) { 234 fragSize -= blockSize; // explicit IV 235 } 236 fragSize -= (fragSize % blockSize); // cannot hold a block 237 // No padding for a maximum fragment. 238 fragSize -= 1; // 1 byte padding length field: 0x00 239 fragSize -= macAlg.size; 240 241 break; 242 case AEAD_CIPHER: 243 fragSize -= cipher.tagSize; 244 fragSize -= cipher.ivSize - cipher.fixedIvSize; // record IV 245 246 break; 247 default: // NULL_CIPHER or STREAM_CIPHER 248 fragSize -= macAlg.size; 249 } 250 } 251 252 return fragSize; 253 } 254 255 /** 256 * Compares CipherSuites based on their priority. Has the effect of 257 * sorting CipherSuites when put in a sorted collection, which is 258 * used by CipherSuiteList. Follows standard Comparable contract. 259 * 260 * Note that for unsupported CipherSuites parsed from a handshake 261 * message we violate the equals() contract. 262 */ 263 @Override 264 public int compareTo(CipherSuite o) { 265 return o.priority - priority; 266 } 267 268 /** 269 * Returns this.name. 270 */ 271 @Override 272 public String toString() { 273 return name; 274 } 275 276 /** 277 * Return a CipherSuite for the given name. The returned CipherSuite 278 * is supported by this implementation but may not actually be 279 * currently useable. See isAvailable(). 280 * 281 * @exception IllegalArgumentException if the CipherSuite is unknown or 282 * unsupported. 283 */ 284 static CipherSuite valueOf(String s) { 285 if (s == null) { 286 throw new IllegalArgumentException("Name must not be null"); 287 } 288 289 CipherSuite c = nameMap.get(s); 290 if ((c == null) || (c.allowed == false)) { 291 throw new IllegalArgumentException("Unsupported ciphersuite " + s); 292 } 293 294 return c; 295 } 296 297 /** 298 * Return a CipherSuite with the given ID. A temporary object is 299 * constructed if the ID is unknown. Use isAvailable() to verify that 300 * the CipherSuite can actually be used. 301 */ 302 static CipherSuite valueOf(int id1, int id2) { 303 id1 &= 0xff; 304 id2 &= 0xff; 305 int id = (id1 << 8) | id2; 306 CipherSuite c = idMap.get(id); 307 if (c == null) { 308 String h1 = Integer.toString(id1, 16); 309 String h2 = Integer.toString(id2, 16); 310 c = new CipherSuite("Unknown 0x" + h1 + ":0x" + h2, id); 311 } 312 return c; 313 } 314 315 // for use by SSLContextImpl only 316 static Collection<CipherSuite> allowedCipherSuites() { 317 return nameMap.values(); 318 } 319 320 /* 321 * Use this method when all of the values need to be specified. 322 * This is primarily used when defining a new ciphersuite for 323 * TLS 1.2+ that doesn't use the "default" PRF. 324 */ 325 private static void add(String name, int id, int priority, 326 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 327 boolean allowed, int obsoleted, int supported, PRF prf) { 328 329 CipherSuite c = new CipherSuite(name, id, priority, keyExchange, 330 cipher, mac, allowed, obsoleted, supported, prf); 331 if (idMap.put(id, c) != null) { 332 throw new RuntimeException("Duplicate ciphersuite definition: " 333 + id + ", " + name); 334 } 335 if (c.allowed) { 336 if (nameMap.put(name, c) != null) { 337 throw new RuntimeException("Duplicate ciphersuite definition: " 338 + id + ", " + name); 339 } 340 } 341 } 342 343 /* 344 * Use this method when there is no lower protocol limit where this 345 * suite can be used, and the PRF is P_SHA256. That is, the 346 * existing ciphersuites. From RFC 5246: 347 * 348 * All cipher suites in this document use P_SHA256. 349 */ 350 private static void add(String name, int id, int priority, 351 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 352 boolean allowed, int obsoleted) { 353 PRF prf = obsoleted < ProtocolVersion.TLS12.v ? P_NONE : P_SHA256; 354 355 add(name, id, priority, keyExchange, cipher, mac, allowed, obsoleted, 356 ProtocolVersion.LIMIT_MIN_VALUE, prf); 357 } 358 359 /* 360 * Use this method when there is no upper protocol limit. That is, 361 * suites which have not been obsoleted. 362 */ 363 private static void add(String name, int id, int priority, 364 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 365 boolean allowed) { 366 add(name, id, priority, keyExchange, cipher, mac, allowed, 367 ProtocolVersion.LIMIT_MAX_VALUE); 368 } 369 370 /* 371 * Use this method to define an unimplemented suite. This provides 372 * a number<->name mapping that can be used for debugging. 373 */ 374 private static void add(String name, int id) { 375 CipherSuite c = new CipherSuite(name, id); 376 if (idMap.put(id, c) != null) { 377 throw new RuntimeException("Duplicate ciphersuite definition: " 378 + id + ", " + name); 379 } 380 } 381 382 /** 383 * An SSL/TLS key exchange algorithm. 384 */ 385 static enum KeyExchange { 386 387 // key exchange algorithms 388 K_NULL ("NULL", false), 389 K_RSA ("RSA", true), 390 K_RSA_EXPORT ("RSA_EXPORT", true), 391 K_DH_RSA ("DH_RSA", false), 392 K_DH_DSS ("DH_DSS", false), 393 K_DHE_DSS ("DHE_DSS", true), 394 K_DHE_RSA ("DHE_RSA", true), 395 K_DH_ANON ("DH_anon", true), 396 397 K_ECDH_ECDSA ("ECDH_ECDSA", ALLOW_ECC), 398 K_ECDH_RSA ("ECDH_RSA", ALLOW_ECC), 399 K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC), 400 K_ECDHE_RSA ("ECDHE_RSA", ALLOW_ECC), 401 K_ECDH_ANON ("ECDH_anon", ALLOW_ECC), 402 403 // Kerberos cipher suites 404 K_KRB5 ("KRB5", true), 405 K_KRB5_EXPORT("KRB5_EXPORT", true), 406 407 // renegotiation protection request signaling cipher suite 408 K_SCSV ("SCSV", true); 409 410 // name of the key exchange algorithm, e.g. DHE_DSS 411 final String name; 412 final boolean allowed; 413 private final boolean alwaysAvailable; 414 415 KeyExchange(String name, boolean allowed) { 416 this.name = name; 417 this.allowed = allowed; 418 this.alwaysAvailable = allowed && 419 (!name.startsWith("EC")) && (!name.startsWith("KRB")); 420 } 421 422 boolean isAvailable() { 423 if (alwaysAvailable) { 424 return true; 425 } 426 427 if (name.startsWith("EC")) { 428 return (allowed && JsseJce.isEcAvailable()); 429 } else if (name.startsWith("KRB")) { 430 return (allowed && JsseJce.isKerberosAvailable()); 431 } else { 432 return allowed; 433 } 434 } 435 436 @Override 437 public String toString() { 438 return name; 439 } 440 } 441 442 static enum CipherType { 443 NULL_CIPHER, // null cipher 444 STREAM_CIPHER, // stream cipher 445 BLOCK_CIPHER, // block cipher in CBC mode 446 AEAD_CIPHER // AEAD cipher 447 } 448 449 /** 450 * An SSL/TLS bulk cipher algorithm. One instance per combination of 451 * cipher and key length. 452 * 453 * Also contains a factory method to obtain in initialized CipherBox 454 * for this algorithm. 455 */ 456 static enum BulkCipher { 457 458 // export strength ciphers 459 B_NULL("NULL", NULL_CIPHER, 0, 0, 0, 0, true), 460 B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true), 461 B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false), 462 B_DES_40(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true), 463 464 // domestic strength ciphers 465 B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true), 466 B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true), 467 B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true), 468 B_IDEA("IDEA", BLOCK_CIPHER, 16, 8, 0, false), 469 B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true), 470 B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true), 471 B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true), 472 B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true); 473 474 // Map BulkCipher -> Boolean(available) 475 private static final Map<BulkCipher,Boolean> availableCache = 476 new HashMap<>(8); 477 478 // descriptive name including key size, e.g. AES/128 479 final String description; 480 481 // JCE cipher transformation string, e.g. AES/CBC/NoPadding 482 final String transformation; 483 484 // algorithm name, e.g. AES 485 final String algorithm; 486 487 // supported and compile time enabled. Also see isAvailable() 488 final boolean allowed; 489 490 // number of bytes of entropy in the key 491 final int keySize; 492 493 // length of the actual cipher key in bytes. 494 // for non-exportable ciphers, this is the same as keySize 495 final int expandedKeySize; 496 497 // size of the IV 498 final int ivSize; 499 500 // size of fixed IV 501 // 502 // record_iv_length = ivSize - fixedIvSize 503 final int fixedIvSize; 504 505 // exportable under 512/40 bit rules 506 final boolean exportable; 507 508 // Is the cipher algorithm of Cipher Block Chaining (CBC) mode? 509 final CipherType cipherType; 510 511 // size of the authentication tag, only applicable to cipher suites in 512 // Galois Counter Mode (GCM) 513 // 514 // As far as we know, all supported GCM cipher suites use 128-bits 515 // authentication tags. 516 final int tagSize = 16; 517 518 // The secure random used to detect the cipher availability. 519 private static final SecureRandom secureRandom; 520 521 static { 522 try { 523 secureRandom = JsseJce.getSecureRandom(); 524 } catch (KeyManagementException kme) { 525 throw new RuntimeException(kme); 526 } 527 } 528 529 BulkCipher(String transformation, CipherType cipherType, int keySize, 530 int expandedKeySize, int ivSize, 531 int fixedIvSize, boolean allowed) { 532 533 this.transformation = transformation; 534 String[] splits = transformation.split("/"); 535 this.algorithm = splits[0]; 536 this.cipherType = cipherType; 537 this.description = this.algorithm + "/" + (keySize << 3); 538 this.keySize = keySize; 539 this.ivSize = ivSize; 540 this.fixedIvSize = fixedIvSize; 541 this.allowed = allowed; 542 543 this.expandedKeySize = expandedKeySize; 544 this.exportable = true; 545 } 546 547 BulkCipher(String transformation, CipherType cipherType, int keySize, 548 int ivSize, int fixedIvSize, boolean allowed) { 549 this.transformation = transformation; 550 String[] splits = transformation.split("/"); 551 this.algorithm = splits[0]; 552 this.cipherType = cipherType; 553 this.description = this.algorithm + "/" + (keySize << 3); 554 this.keySize = keySize; 555 this.ivSize = ivSize; 556 this.fixedIvSize = fixedIvSize; 557 this.allowed = allowed; 558 559 this.expandedKeySize = keySize; 560 this.exportable = false; 561 } 562 563 /** 564 * Return an initialized CipherBox for this BulkCipher. 565 * IV must be null for stream ciphers. 566 * 567 * @exception NoSuchAlgorithmException if anything goes wrong 568 */ 569 CipherBox newCipher(ProtocolVersion version, SecretKey key, 570 IvParameterSpec iv, SecureRandom random, 571 boolean encrypt) throws NoSuchAlgorithmException { 572 return CipherBox.newCipherBox(version, this, 573 key, iv, random, encrypt); 574 } 575 576 /** 577 * Test if this bulk cipher is available. For use by CipherSuite. 578 * 579 * Currently all supported ciphers except AES are always available 580 * via the JSSE internal implementations. We also assume AES/128 of 581 * CBC mode is always available since it is shipped with the SunJCE 582 * provider. However, AES/256 is unavailable when the default JCE 583 * policy jurisdiction files are installed because of key length 584 * restrictions, and AEAD is unavailable when the underlying providers 585 * do not support AEAD/GCM mode. 586 */ 587 boolean isAvailable() { 588 if (allowed == false) { 589 return false; 590 } 591 592 if ((this == B_AES_256) || 593 (this.cipherType == CipherType.AEAD_CIPHER)) { 594 return isAvailable(this); 595 } 596 597 // always available 598 return true; 599 } 600 601 // for use by CipherSuiteList.clearAvailableCache(); 602 static synchronized void clearAvailableCache() { 603 if (DYNAMIC_AVAILABILITY) { 604 availableCache.clear(); 605 } 606 } 607 608 private static synchronized boolean isAvailable(BulkCipher cipher) { 609 Boolean b = availableCache.get(cipher); 610 if (b == null) { 611 int keySizeInBits = cipher.keySize * 8; 612 if (keySizeInBits > 128) { // need the JCE unlimited 613 // strength jurisdiction policy 614 try { 615 if (Cipher.getMaxAllowedKeyLength( 616 cipher.transformation) < keySizeInBits) { 617 b = Boolean.FALSE; 618 } 619 } catch (Exception e) { 620 b = Boolean.FALSE; 621 } 622 } 623 624 if (b == null) { 625 b = Boolean.FALSE; // may be reset to TRUE if 626 // the cipher is available 627 CipherBox temporary = null; 628 try { 629 SecretKey key = new SecretKeySpec( 630 new byte[cipher.expandedKeySize], 631 cipher.algorithm); 632 IvParameterSpec iv; 633 if (cipher.cipherType == CipherType.AEAD_CIPHER) { 634 iv = new IvParameterSpec( 635 new byte[cipher.fixedIvSize]); 636 } else { 637 iv = new IvParameterSpec(new byte[cipher.ivSize]); 638 } 639 temporary = cipher.newCipher( 640 ProtocolVersion.DEFAULT_TLS, 641 key, iv, secureRandom, true); 642 b = temporary.isAvailable(); 643 } catch (NoSuchAlgorithmException e) { 644 // not available 645 } finally { 646 if (temporary != null) { 647 temporary.dispose(); 648 } 649 } 650 } 651 652 availableCache.put(cipher, b); 653 } 654 655 return b.booleanValue(); 656 } 657 658 @Override 659 public String toString() { 660 return description; 661 } 662 } 663 664 /** 665 * An SSL/TLS key MAC algorithm. 666 * 667 * Also contains a factory method to obtain an initialized MAC 668 * for this algorithm. 669 */ 670 static enum MacAlg { 671 // MACs 672 M_NULL ("NULL", 0, 0, 0), 673 M_MD5 ("MD5", 16, 64, 9), 674 M_SHA ("SHA", 20, 64, 9), 675 M_SHA256 ("SHA256", 32, 64, 9), 676 M_SHA384 ("SHA384", 48, 128, 17); 677 678 // descriptive name, e.g. MD5 679 final String name; 680 681 // size of the MAC value (and MAC key) in bytes 682 final int size; 683 684 // block size of the underlying hash algorithm 685 final int hashBlockSize; 686 687 // minimal padding size of the underlying hash algorithm 688 final int minimalPaddingSize; 689 690 MacAlg(String name, int size, 691 int hashBlockSize, int minimalPaddingSize) { 692 this.name = name; 693 this.size = size; 694 this.hashBlockSize = hashBlockSize; 695 this.minimalPaddingSize = minimalPaddingSize; 696 } 697 698 /** 699 * Return an initialized MAC for this MacAlg. ProtocolVersion 700 * must either be SSL30 (SSLv3 custom MAC) or TLS10 (std. HMAC). 701 * 702 * @exception NoSuchAlgorithmException if anything goes wrong 703 */ 704 MAC newMac(ProtocolVersion protocolVersion, SecretKey secret) 705 throws NoSuchAlgorithmException, InvalidKeyException { 706 return new MAC(this, protocolVersion, secret); 707 } 708 709 @Override 710 public String toString() { 711 return name; 712 } 713 } 714 715 /** 716 * PRFs (PseudoRandom Function) from TLS specifications. 717 * 718 * TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for generating 719 * the necessary material. 720 * 721 * In TLS 1.2+, all existing/known CipherSuites use SHA256, however 722 * new Ciphersuites (e.g. RFC 5288) can define specific PRF hash 723 * algorithms. 724 */ 725 static enum PRF { 726 727 // PRF algorithms 728 P_NONE( "NONE", 0, 0), 729 P_SHA256("SHA-256", 32, 64), 730 P_SHA384("SHA-384", 48, 128), 731 P_SHA512("SHA-512", 64, 128); // not currently used. 732 733 // PRF characteristics 734 private final String prfHashAlg; 735 private final int prfHashLength; 736 private final int prfBlockSize; 737 738 PRF(String prfHashAlg, int prfHashLength, int prfBlockSize) { 739 this.prfHashAlg = prfHashAlg; 740 this.prfHashLength = prfHashLength; 741 this.prfBlockSize = prfBlockSize; 742 } 743 744 String getPRFHashAlg() { 745 return prfHashAlg; 746 } 747 748 int getPRFHashLength() { 749 return prfHashLength; 750 } 751 752 int getPRFBlockSize() { 753 return prfBlockSize; 754 } 755 } 756 757 static { 758 idMap = new HashMap<Integer,CipherSuite>(); 759 nameMap = new HashMap<String,CipherSuite>(); 760 761 final boolean F = false; 762 final boolean T = true; 763 // N: ciphersuites only allowed if we are not in FIPS mode 764 final boolean N = (SunJSSE.isFIPS() == false); 765 766 /* 767 * TLS Cipher Suite Registry, as of August 2010. 768 * 769 * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 770 * 771 * Range Registration Procedures Notes 772 * 000-191 Standards Action Refers to value of first byte 773 * 192-254 Specification Required Refers to value of first byte 774 * 255 Reserved for Private Use Refers to value of first byte 775 * 776 * Value Description Reference 777 * 0x00,0x00 TLS_NULL_WITH_NULL_NULL [RFC5246] 778 * 0x00,0x01 TLS_RSA_WITH_NULL_MD5 [RFC5246] 779 * 0x00,0x02 TLS_RSA_WITH_NULL_SHA [RFC5246] 780 * 0x00,0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 [RFC4346] 781 * 0x00,0x04 TLS_RSA_WITH_RC4_128_MD5 [RFC5246] 782 * 0x00,0x05 TLS_RSA_WITH_RC4_128_SHA [RFC5246] 783 * 0x00,0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 [RFC4346] 784 * 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469] 785 * 0x00,0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 786 * 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469] 787 * 0x00,0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 788 * 0x00,0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 789 * 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469] 790 * 0x00,0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246] 791 * 0x00,0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 792 * 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469] 793 * 0x00,0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 794 * 0x00,0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 795 * 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469] 796 * 0x00,0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246] 797 * 0x00,0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 798 * 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469] 799 * 0x00,0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 800 * 0x00,0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 [RFC4346] 801 * 0x00,0x18 TLS_DH_anon_WITH_RC4_128_MD5 [RFC5246] 802 * 0x00,0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 803 * 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469] 804 * 0x00,0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [RFC5246] 805 * 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3 [RFC5246] 806 * 0x00,0x1E TLS_KRB5_WITH_DES_CBC_SHA [RFC2712] 807 * 0x00,0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA [RFC2712] 808 * 0x00,0x20 TLS_KRB5_WITH_RC4_128_SHA [RFC2712] 809 * 0x00,0x21 TLS_KRB5_WITH_IDEA_CBC_SHA [RFC2712] 810 * 0x00,0x22 TLS_KRB5_WITH_DES_CBC_MD5 [RFC2712] 811 * 0x00,0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 [RFC2712] 812 * 0x00,0x24 TLS_KRB5_WITH_RC4_128_MD5 [RFC2712] 813 * 0x00,0x25 TLS_KRB5_WITH_IDEA_CBC_MD5 [RFC2712] 814 * 0x00,0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA [RFC2712] 815 * 0x00,0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA [RFC2712] 816 * 0x00,0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA [RFC2712] 817 * 0x00,0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [RFC2712] 818 * 0x00,0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 [RFC2712] 819 * 0x00,0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 [RFC2712] 820 * 0x00,0x2C TLS_PSK_WITH_NULL_SHA [RFC4785] 821 * 0x00,0x2D TLS_DHE_PSK_WITH_NULL_SHA [RFC4785] 822 * 0x00,0x2E TLS_RSA_PSK_WITH_NULL_SHA [RFC4785] 823 * 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246] 824 * 0x00,0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA [RFC5246] 825 * 0x00,0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA [RFC5246] 826 * 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA [RFC5246] 827 * 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246] 828 * 0x00,0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA [RFC5246] 829 * 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246] 830 * 0x00,0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA [RFC5246] 831 * 0x00,0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA [RFC5246] 832 * 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA [RFC5246] 833 * 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246] 834 * 0x00,0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA [RFC5246] 835 * 0x00,0x3B TLS_RSA_WITH_NULL_SHA256 [RFC5246] 836 * 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 837 * 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 838 * 0x00,0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 [RFC5246] 839 * 0x00,0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 840 * 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [RFC5246] 841 * 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 842 * 0x00,0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 843 * 0x00,0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 844 * 0x00,0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 845 * 0x00,0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 846 * 0x00,0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 847 * 0x00,0x47-4F Reserved to avoid conflicts with 848 * deployed implementations [Pasi_Eronen] 849 * 0x00,0x50-58 Reserved to avoid conflicts [Pasi Eronen] 850 * 0x00,0x59-5C Reserved to avoid conflicts with 851 * deployed implementations [Pasi_Eronen] 852 * 0x00,0x5D-5F Unassigned 853 * 0x00,0x60-66 Reserved to avoid conflicts with widely 854 * deployed implementations [Pasi_Eronen] 855 * 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 856 * 0x00,0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 [RFC5246] 857 * 0x00,0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 858 * 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [RFC5246] 859 * 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 860 * 0x00,0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 [RFC5246] 861 * 0x00,0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 [RFC5246] 862 * 0x00,0x6E-83 Unassigned 863 * 0x00,0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 864 * 0x00,0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 865 * 0x00,0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 866 * 0x00,0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 867 * 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 868 * 0x00,0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 869 * 0x00,0x8A TLS_PSK_WITH_RC4_128_SHA [RFC4279] 870 * 0x00,0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 871 * 0x00,0x8C TLS_PSK_WITH_AES_128_CBC_SHA [RFC4279] 872 * 0x00,0x8D TLS_PSK_WITH_AES_256_CBC_SHA [RFC4279] 873 * 0x00,0x8E TLS_DHE_PSK_WITH_RC4_128_SHA [RFC4279] 874 * 0x00,0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 875 * 0x00,0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC4279] 876 * 0x00,0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC4279] 877 * 0x00,0x92 TLS_RSA_PSK_WITH_RC4_128_SHA [RFC4279] 878 * 0x00,0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 879 * 0x00,0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA [RFC4279] 880 * 0x00,0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA [RFC4279] 881 * 0x00,0x96 TLS_RSA_WITH_SEED_CBC_SHA [RFC4162] 882 * 0x00,0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA [RFC4162] 883 * 0x00,0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA [RFC4162] 884 * 0x00,0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA [RFC4162] 885 * 0x00,0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA [RFC4162] 886 * 0x00,0x9B TLS_DH_anon_WITH_SEED_CBC_SHA [RFC4162] 887 * 0x00,0x9C TLS_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 888 * 0x00,0x9D TLS_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 889 * 0x00,0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 890 * 0x00,0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 891 * 0x00,0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 892 * 0x00,0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 893 * 0x00,0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [RFC5288] 894 * 0x00,0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 [RFC5288] 895 * 0x00,0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 [RFC5288] 896 * 0x00,0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 [RFC5288] 897 * 0x00,0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 [RFC5288] 898 * 0x00,0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 [RFC5288] 899 * 0x00,0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 900 * 0x00,0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 901 * 0x00,0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 902 * 0x00,0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 903 * 0x00,0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 904 * 0x00,0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 905 * 0x00,0xAE TLS_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 906 * 0x00,0xAF TLS_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 907 * 0x00,0xB0 TLS_PSK_WITH_NULL_SHA256 [RFC5487] 908 * 0x00,0xB1 TLS_PSK_WITH_NULL_SHA384 [RFC5487] 909 * 0x00,0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 910 * 0x00,0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 911 * 0x00,0xB4 TLS_DHE_PSK_WITH_NULL_SHA256 [RFC5487] 912 * 0x00,0xB5 TLS_DHE_PSK_WITH_NULL_SHA384 [RFC5487] 913 * 0x00,0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 914 * 0x00,0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 915 * 0x00,0xB8 TLS_RSA_PSK_WITH_NULL_SHA256 [RFC5487] 916 * 0x00,0xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [RFC5487] 917 * 0x00,0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 918 * 0x00,0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 919 * 0x00,0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 920 * 0x00,0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 921 * 0x00,0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 922 * 0x00,0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 923 * 0x00,0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 924 * 0x00,0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 925 * 0x00,0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 926 * 0x00,0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 927 * 0x00,0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 928 * 0x00,0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 929 * 0x00,0xC6-FE Unassigned 930 * 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [RFC5746] 931 * 0x01-BF,* Unassigned 932 * 0xC0,0x01 TLS_ECDH_ECDSA_WITH_NULL_SHA [RFC4492] 933 * 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA [RFC4492] 934 * 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 935 * 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [RFC4492] 936 * 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA [RFC4492] 937 * 0xC0,0x06 TLS_ECDHE_ECDSA_WITH_NULL_SHA [RFC4492] 938 * 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [RFC4492] 939 * 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 940 * 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [RFC4492] 941 * 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [RFC4492] 942 * 0xC0,0x0B TLS_ECDH_RSA_WITH_NULL_SHA [RFC4492] 943 * 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA [RFC4492] 944 * 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 945 * 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [RFC4492] 946 * 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA [RFC4492] 947 * 0xC0,0x10 TLS_ECDHE_RSA_WITH_NULL_SHA [RFC4492] 948 * 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA [RFC4492] 949 * 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 950 * 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [RFC4492] 951 * 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [RFC4492] 952 * 0xC0,0x15 TLS_ECDH_anon_WITH_NULL_SHA [RFC4492] 953 * 0xC0,0x16 TLS_ECDH_anon_WITH_RC4_128_SHA [RFC4492] 954 * 0xC0,0x17 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [RFC4492] 955 * 0xC0,0x18 TLS_ECDH_anon_WITH_AES_128_CBC_SHA [RFC4492] 956 * 0xC0,0x19 TLS_ECDH_anon_WITH_AES_256_CBC_SHA [RFC4492] 957 * 0xC0,0x1A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA [RFC5054] 958 * 0xC0,0x1B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA [RFC5054] 959 * 0xC0,0x1C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA [RFC5054] 960 * 0xC0,0x1D TLS_SRP_SHA_WITH_AES_128_CBC_SHA [RFC5054] 961 * 0xC0,0x1E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA [RFC5054] 962 * 0xC0,0x1F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA [RFC5054] 963 * 0xC0,0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA [RFC5054] 964 * 0xC0,0x21 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA [RFC5054] 965 * 0xC0,0x22 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA [RFC5054] 966 * 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289] 967 * 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289] 968 * 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289] 969 * 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289] 970 * 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5289] 971 * 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] 972 * 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [RFC5289] 973 * 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] 974 * 0xC0,0x2B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289] 975 * 0xC0,0x2C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289] 976 * 0xC0,0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289] 977 * 0xC0,0x2E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289] 978 * 0xC0,0x2F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5289] 979 * 0xC0,0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5289] 980 * 0xC0,0x31 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [RFC5289] 981 * 0xC0,0x32 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 [RFC5289] 982 * 0xC0,0x33 TLS_ECDHE_PSK_WITH_RC4_128_SHA [RFC5489] 983 * 0xC0,0x34 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC5489] 984 * 0xC0,0x35 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA [RFC5489] 985 * 0xC0,0x36 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA [RFC5489] 986 * 0xC0,0x37 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5489] 987 * 0xC0,0x38 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5489] 988 * 0xC0,0x39 TLS_ECDHE_PSK_WITH_NULL_SHA [RFC5489] 989 * 0xC0,0x3A TLS_ECDHE_PSK_WITH_NULL_SHA256 [RFC5489] 990 * 0xC0,0x3B TLS_ECDHE_PSK_WITH_NULL_SHA384 [RFC5489] 991 * 0xC0,0x3C-FF Unassigned 992 * 0xC1-FD,* Unassigned 993 * 0xFE,0x00-FD Unassigned 994 * 0xFE,0xFE-FF Reserved to avoid conflicts with widely 995 * deployed implementations [Pasi_Eronen] 996 * 0xFF,0x00-FF Reserved for Private Use [RFC5246] 997 */ 998 999 add("SSL_NULL_WITH_NULL_NULL", 0x0000, 1000 1, K_NULL, B_NULL, M_NULL, F); 1001 1002 /* 1003 * Definition of the CipherSuites that are enabled by default. 1004 * They are listed in preference order, most preferred first, using 1005 * the following criteria: 1006 * 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be 1007 * changed later, see below). 1008 * 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM), 1009 * AES_128(GCM), AES_256, AES_128, 3DES-EDE. 1010 * 3. Prefer the stronger MAC algorithm, in the order of SHA384, 1011 * SHA256, SHA, MD5. 1012 * 4. Prefer the better performance of key exchange and digital 1013 * signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 1014 * RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS. 1015 */ 1016 int p = DEFAULT_SUITES_PRIORITY * 2; 1017 1018 // shorten names to fit the following table cleanly. 1019 int max = ProtocolVersion.LIMIT_MAX_VALUE; 1020 int tls11 = ProtocolVersion.TLS11.v; 1021 int tls12 = ProtocolVersion.TLS12.v; 1022 1023 // ID Key Exchange Cipher A obs suprt PRF 1024 // ====== ============ ========= = === ===== ======== 1025 1026 // Suite B compliant cipher suites, see RFC 6460. 1027 // 1028 // Note that, at present this provider is not Suite B compliant. The 1029 // preference order of the GCM cipher suites does not follow the spec 1030 // of RFC 6460. In this section, only two cipher suites are listed 1031 // so that applications can make use of Suite-B compliant cipher 1032 // suite firstly. 1033 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02c, --p, 1034 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1035 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02b, --p, 1036 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1037 1038 // AES_256(GCM) 1039 add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, --p, 1040 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1041 add("TLS_RSA_WITH_AES_256_GCM_SHA384", 0x009d, --p, 1042 K_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1043 add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02e, --p, 1044 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1045 add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, --p, 1046 K_ECDH_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1047 add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 0x009f, --p, 1048 K_DHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1049 add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x00a3, --p, 1050 K_DHE_DSS, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1051 1052 // AES_128(GCM) 1053 add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 0xc02f, --p, 1054 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1055 add("TLS_RSA_WITH_AES_128_GCM_SHA256", 0x009c, --p, 1056 K_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1057 add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02d, --p, 1058 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1059 add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, --p, 1060 K_ECDH_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1061 add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 0x009e, --p, 1062 K_DHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1063 add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x00a2, --p, 1064 K_DHE_DSS, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1065 1066 // AES_256(CBC) 1067 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0xc024, --p, 1068 K_ECDHE_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1069 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0xc028, --p, 1070 K_ECDHE_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1071 add("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x003d, --p, 1072 K_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1073 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0xc026, --p, 1074 K_ECDH_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1075 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0xc02a, --p, 1076 K_ECDH_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1077 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x006b, --p, 1078 K_DHE_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1079 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x006a, --p, 1080 K_DHE_DSS, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1081 1082 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 0xC00A, --p, 1083 K_ECDHE_ECDSA, B_AES_256, M_SHA, T); 1084 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 0xC014, --p, 1085 K_ECDHE_RSA, B_AES_256, M_SHA, T); 1086 add("TLS_RSA_WITH_AES_256_CBC_SHA", 0x0035, --p, 1087 K_RSA, B_AES_256, M_SHA, T); 1088 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 0xC005, --p, 1089 K_ECDH_ECDSA, B_AES_256, M_SHA, T); 1090 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 0xC00F, --p, 1091 K_ECDH_RSA, B_AES_256, M_SHA, T); 1092 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 0x0039, --p, 1093 K_DHE_RSA, B_AES_256, M_SHA, T); 1094 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 0x0038, --p, 1095 K_DHE_DSS, B_AES_256, M_SHA, T); 1096 1097 // AES_128(CBC) 1098 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0xc023, --p, 1099 K_ECDHE_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1100 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0xc027, --p, 1101 K_ECDHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1102 add("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x003c, --p, 1103 K_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1104 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0xc025, --p, 1105 K_ECDH_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1106 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0xc029, --p, 1107 K_ECDH_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1108 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0067, --p, 1109 K_DHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1110 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0040, --p, 1111 K_DHE_DSS, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1112 1113 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 0xC009, --p, 1114 K_ECDHE_ECDSA, B_AES_128, M_SHA, T); 1115 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 0xC013, --p, 1116 K_ECDHE_RSA, B_AES_128, M_SHA, T); 1117 add("TLS_RSA_WITH_AES_128_CBC_SHA", 0x002f, --p, 1118 K_RSA, B_AES_128, M_SHA, T); 1119 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 0xC004, --p, 1120 K_ECDH_ECDSA, B_AES_128, M_SHA, T); 1121 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 0xC00E, --p, 1122 K_ECDH_RSA, B_AES_128, M_SHA, T); 1123 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 0x0033, --p, 1124 K_DHE_RSA, B_AES_128, M_SHA, T); 1125 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 0x0032, --p, 1126 K_DHE_DSS, B_AES_128, M_SHA, T); 1127 1128 // 3DES_EDE 1129 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC008, --p, 1130 K_ECDHE_ECDSA, B_3DES, M_SHA, T); 1131 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 0xC012, --p, 1132 K_ECDHE_RSA, B_3DES, M_SHA, T); 1133 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", 0x000a, --p, 1134 K_RSA, B_3DES, M_SHA, T); 1135 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC003, --p, 1136 K_ECDH_ECDSA, B_3DES, M_SHA, T); 1137 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 0xC00D, --p, 1138 K_ECDH_RSA, B_3DES, M_SHA, T); 1139 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 0x0016, --p, 1140 K_DHE_RSA, B_3DES, M_SHA, T); 1141 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 0x0013, --p, 1142 K_DHE_DSS, B_3DES, M_SHA, N); 1143 1144 // Renegotiation protection request Signalling Cipher Suite Value (SCSV) 1145 add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0x00ff, --p, 1146 K_SCSV, B_NULL, M_NULL, T); 1147 1148 /* 1149 * Definition of the CipherSuites that are supported but not enabled 1150 * by default. 1151 * They are listed in preference order, preferred first, using the 1152 * following criteria: 1153 * 1. CipherSuites for KRB5 need additional KRB5 service 1154 * configuration, and these suites are not common in practice, 1155 * so we put KRB5 based cipher suites at the end of the supported 1156 * list. 1157 * 2. If a cipher suite has been obsoleted, we put it at the end of 1158 * the list. 1159 * 3. Prefer the stronger bulk cipher, in the order of AES_256, 1160 * AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. 1161 * 4. Prefer the stronger MAC algorithm, in the order of SHA384, 1162 * SHA256, SHA, MD5. 1163 * 5. Prefer the better performance of key exchange and digital 1164 * signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 1165 * RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous. 1166 */ 1167 p = DEFAULT_SUITES_PRIORITY; 1168 1169 add("TLS_DH_anon_WITH_AES_256_GCM_SHA384", 0x00a7, --p, 1170 K_DH_ANON, B_AES_256_GCM, M_NULL, N, max, tls12, P_SHA384); 1171 add("TLS_DH_anon_WITH_AES_128_GCM_SHA256", 0x00a6, --p, 1172 K_DH_ANON, B_AES_128_GCM, M_NULL, N, max, tls12, P_SHA256); 1173 1174 add("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x006d, --p, 1175 K_DH_ANON, B_AES_256, M_SHA256, N, max, tls12, P_SHA256); 1176 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 0xC019, --p, 1177 K_ECDH_ANON, B_AES_256, M_SHA, N); 1178 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", 0x003a, --p, 1179 K_DH_ANON, B_AES_256, M_SHA, N); 1180 1181 add("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x006c, --p, 1182 K_DH_ANON, B_AES_128, M_SHA256, N, max, tls12, P_SHA256); 1183 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 0xC018, --p, 1184 K_ECDH_ANON, B_AES_128, M_SHA, N); 1185 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", 0x0034, --p, 1186 K_DH_ANON, B_AES_128, M_SHA, N); 1187 1188 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 0xC017, --p, 1189 K_ECDH_ANON, B_3DES, M_SHA, N); 1190 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 0x001b, --p, 1191 K_DH_ANON, B_3DES, M_SHA, N); 1192 1193 // RC-4 1194 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 0xC007, --p, 1195 K_ECDHE_ECDSA, B_RC4_128, M_SHA, N); 1196 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", 0xC011, --p, 1197 K_ECDHE_RSA, B_RC4_128, M_SHA, N); 1198 add("SSL_RSA_WITH_RC4_128_SHA", 0x0005, --p, 1199 K_RSA, B_RC4_128, M_SHA, N); 1200 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 0xC002, --p, 1201 K_ECDH_ECDSA, B_RC4_128, M_SHA, N); 1202 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", 0xC00C, --p, 1203 K_ECDH_RSA, B_RC4_128, M_SHA, N); 1204 add("SSL_RSA_WITH_RC4_128_MD5", 0x0004, --p, 1205 K_RSA, B_RC4_128, M_MD5, N); 1206 1207 add("TLS_ECDH_anon_WITH_RC4_128_SHA", 0xC016, --p, 1208 K_ECDH_ANON, B_RC4_128, M_SHA, N); 1209 add("SSL_DH_anon_WITH_RC4_128_MD5", 0x0018, --p, 1210 K_DH_ANON, B_RC4_128, M_MD5, N); 1211 1212 // weak cipher suites obsoleted in TLS 1.2 1213 add("SSL_RSA_WITH_DES_CBC_SHA", 0x0009, --p, 1214 K_RSA, B_DES, M_SHA, N, tls12); 1215 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0015, --p, 1216 K_DHE_RSA, B_DES, M_SHA, N, tls12); 1217 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0012, --p, 1218 K_DHE_DSS, B_DES, M_SHA, N, tls12); 1219 add("SSL_DH_anon_WITH_DES_CBC_SHA", 0x001a, --p, 1220 K_DH_ANON, B_DES, M_SHA, N, tls12); 1221 1222 // weak cipher suites obsoleted in TLS 1.1 1223 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0008, --p, 1224 K_RSA_EXPORT, B_DES_40, M_SHA, N, tls11); 1225 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0014, --p, 1226 K_DHE_RSA, B_DES_40, M_SHA, N, tls11); 1227 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0011, --p, 1228 K_DHE_DSS, B_DES_40, M_SHA, N, tls11); 1229 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0019, --p, 1230 K_DH_ANON, B_DES_40, M_SHA, N, tls11); 1231 1232 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0003, --p, 1233 K_RSA_EXPORT, B_RC4_40, M_MD5, N, tls11); 1234 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0017, --p, 1235 K_DH_ANON, B_RC4_40, M_MD5, N, tls11); 1236 1237 add("TLS_RSA_WITH_NULL_SHA256", 0x003b, --p, 1238 K_RSA, B_NULL, M_SHA256, N, max, tls12, P_SHA256); 1239 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", 0xC006, --p, 1240 K_ECDHE_ECDSA, B_NULL, M_SHA, N); 1241 add("TLS_ECDHE_RSA_WITH_NULL_SHA", 0xC010, --p, 1242 K_ECDHE_RSA, B_NULL, M_SHA, N); 1243 add("SSL_RSA_WITH_NULL_SHA", 0x0002, --p, 1244 K_RSA, B_NULL, M_SHA, N); 1245 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", 0xC001, --p, 1246 K_ECDH_ECDSA, B_NULL, M_SHA, N); 1247 add("TLS_ECDH_RSA_WITH_NULL_SHA", 0xC00B, --p, 1248 K_ECDH_RSA, B_NULL, M_SHA, N); 1249 add("TLS_ECDH_anon_WITH_NULL_SHA", 0xC015, --p, 1250 K_ECDH_ANON, B_NULL, M_SHA, N); 1251 add("SSL_RSA_WITH_NULL_MD5", 0x0001, --p, 1252 K_RSA, B_NULL, M_MD5, N); 1253 1254 // Supported Kerberos ciphersuites from RFC2712 1255 add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001f, --p, 1256 K_KRB5, B_3DES, M_SHA, N); 1257 add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023, --p, 1258 K_KRB5, B_3DES, M_MD5, N); 1259 add("TLS_KRB5_WITH_RC4_128_SHA", 0x0020, --p, 1260 K_KRB5, B_RC4_128, M_SHA, N); 1261 add("TLS_KRB5_WITH_RC4_128_MD5", 0x0024, --p, 1262 K_KRB5, B_RC4_128, M_MD5, N); 1263 add("TLS_KRB5_WITH_DES_CBC_SHA", 0x001e, --p, 1264 K_KRB5, B_DES, M_SHA, N, tls12); 1265 add("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022, --p, 1266 K_KRB5, B_DES, M_MD5, N, tls12); 1267 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026, --p, 1268 K_KRB5_EXPORT, B_DES_40, M_SHA, N, tls11); 1269 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029, --p, 1270 K_KRB5_EXPORT, B_DES_40, M_MD5, N, tls11); 1271 add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028, --p, 1272 K_KRB5_EXPORT, B_RC4_40, M_SHA, N, tls11); 1273 add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002b, --p, 1274 K_KRB5_EXPORT, B_RC4_40, M_MD5, N, tls11); 1275 1276 /* 1277 * Other values from the TLS Cipher Suite Registry, as of August 2010. 1278 * 1279 * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 1280 * 1281 * Range Registration Procedures Notes 1282 * 000-191 Standards Action Refers to value of first byte 1283 * 192-254 Specification Required Refers to value of first byte 1284 * 255 Reserved for Private Use Refers to value of first byte 1285 */ 1286 1287 // Register the names of a few additional CipherSuites. 1288 // Makes them show up as names instead of numbers in 1289 // the debug output. 1290 1291 // remaining unsupported ciphersuites defined in RFC2246. 1292 add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006); 1293 add("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007); 1294 add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b); 1295 add("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c); 1296 add("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d); 1297 add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e); 1298 add("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f); 1299 add("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010); 1300 1301 // SSL 3.0 Fortezza ciphersuites 1302 add("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c); 1303 add("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d); 1304 1305 // 1024/56 bit exportable ciphersuites from expired internet draft 1306 add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062); 1307 add("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063); 1308 add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064); 1309 add("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065); 1310 add("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066); 1311 1312 // Netscape old and new SSL 3.0 FIPS ciphersuites 1313 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html 1314 add("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0); 1315 add("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1); 1316 add("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe); 1317 add("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff); 1318 1319 // Unsupported Kerberos cipher suites from RFC 2712 1320 add("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021); 1321 add("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025); 1322 add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027); 1323 add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a); 1324 1325 // Unsupported cipher suites from RFC 4162 1326 add("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096); 1327 add("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097); 1328 add("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098); 1329 add("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099); 1330 add("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a); 1331 add("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b); 1332 1333 // Unsupported cipher suites from RFC 4279 1334 add("TLS_PSK_WITH_RC4_128_SHA", 0x008a); 1335 add("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b); 1336 add("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c); 1337 add("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d); 1338 add("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e); 1339 add("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f); 1340 add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090); 1341 add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091); 1342 add("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092); 1343 add("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093); 1344 add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094); 1345 add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095); 1346 1347 // Unsupported cipher suites from RFC 4785 1348 add("TLS_PSK_WITH_NULL_SHA", 0x002c); 1349 add("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d); 1350 add("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e); 1351 1352 // Unsupported cipher suites from RFC 5246 1353 add("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030); 1354 add("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031); 1355 add("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036); 1356 add("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037); 1357 add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e); 1358 add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f); 1359 add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068); 1360 add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069); 1361 1362 // Unsupported cipher suites from RFC 5288 1363 add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0); 1364 add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1); 1365 add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4); 1366 add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5); 1367 1368 // Unsupported cipher suites from RFC 5487 1369 add("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8); 1370 add("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9); 1371 add("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa); 1372 add("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab); 1373 add("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac); 1374 add("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad); 1375 add("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae); 1376 add("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af); 1377 add("TLS_PSK_WITH_NULL_SHA256", 0x00b0); 1378 add("TLS_PSK_WITH_NULL_SHA384", 0x00b1); 1379 add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2); 1380 add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3); 1381 add("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4); 1382 add("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5); 1383 add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6); 1384 add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7); 1385 add("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8); 1386 add("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9); 1387 1388 // Unsupported cipher suites from RFC 5932 1389 add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041); 1390 add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042); 1391 add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043); 1392 add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044); 1393 add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045); 1394 add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046); 1395 add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084); 1396 add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085); 1397 add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086); 1398 add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087); 1399 add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088); 1400 add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089); 1401 add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba); 1402 add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb); 1403 add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc); 1404 add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd); 1405 add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be); 1406 add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf); 1407 add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0); 1408 add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1); 1409 add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2); 1410 add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3); 1411 add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4); 1412 add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5); 1413 1414 // Unsupported cipher suites from RFC 5054 1415 add("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a); 1416 add("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b); 1417 add("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c); 1418 add("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d); 1419 add("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e); 1420 add("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f); 1421 add("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020); 1422 add("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021); 1423 add("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022); 1424 1425 // Unsupported cipher suites from RFC 5489 1426 add("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033); 1427 add("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034); 1428 add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035); 1429 add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036); 1430 add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037); 1431 add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038); 1432 add("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039); 1433 add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a); 1434 add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b); 1435 } 1436 1437 // ciphersuite SSL_NULL_WITH_NULL_NULL 1438 static final CipherSuite C_NULL = CipherSuite.valueOf(0, 0); 1439 1440 // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV 1441 static final CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff); 1442} 1443