CipherSuite.java revision 12745:f068a4ffddd2
1/* 2 * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 27package sun.security.ssl; 28 29import java.util.*; 30 31import java.security.NoSuchAlgorithmException; 32import java.security.InvalidKeyException; 33import java.security.SecureRandom; 34import java.security.KeyManagementException; 35 36import javax.crypto.Cipher; 37import javax.crypto.SecretKey; 38import javax.crypto.spec.IvParameterSpec; 39import javax.crypto.spec.SecretKeySpec; 40 41import static sun.security.ssl.CipherSuite.KeyExchange.*; 42import static sun.security.ssl.CipherSuite.PRF.*; 43import static sun.security.ssl.CipherSuite.CipherType.*; 44import static sun.security.ssl.CipherSuite.MacAlg.*; 45import static sun.security.ssl.CipherSuite.BulkCipher.*; 46import static sun.security.ssl.JsseJce.*; 47 48/** 49 * An SSL/TLS CipherSuite. Constants for the standard key exchange, cipher, 50 * and mac algorithms are also defined in this class. 51 * 52 * The CipherSuite class and the inner classes defined in this file roughly 53 * follow the type safe enum pattern described in Effective Java. This means: 54 * 55 * . instances are immutable, classes are final 56 * 57 * . there is a unique instance of every value, i.e. there are never two 58 * instances representing the same CipherSuite, etc. This means equality 59 * tests can be performed using == instead of equals() (although that works 60 * as well). [A minor exception are *unsupported* CipherSuites read from a 61 * handshake message, but this is usually irrelevant] 62 * 63 * . instances are obtained using the static valueOf() factory methods. 64 * 65 * . properties are defined as final variables and made available as 66 * package private variables without method accessors 67 * 68 * . if the member variable allowed is false, the given algorithm is either 69 * unavailable or disabled at compile time 70 * 71 */ 72final class CipherSuite implements Comparable<CipherSuite> { 73 74 // minimum priority for supported CipherSuites 75 static final int SUPPORTED_SUITES_PRIORITY = 1; 76 77 // minimum priority for default enabled CipherSuites 78 static final int DEFAULT_SUITES_PRIORITY = 300; 79 80 // Flag indicating if CipherSuite availability can change dynamically. 81 // This is the case when we rely on a JCE cipher implementation that 82 // may not be available in the installed JCE providers. 83 // It is true because we might not have an ECC implementation. 84 static final boolean DYNAMIC_AVAILABILITY = true; 85 86 private static final boolean ALLOW_ECC = Debug.getBooleanProperty 87 ("com.sun.net.ssl.enableECC", true); 88 89 // Map Integer(id) -> CipherSuite 90 // contains all known CipherSuites 91 private static final Map<Integer,CipherSuite> idMap; 92 93 // Map String(name) -> CipherSuite 94 // contains only supported CipherSuites (i.e. allowed == true) 95 private static final Map<String,CipherSuite> nameMap; 96 97 // Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5 98 // we use TLS_* only for new CipherSuites, still SSL_* for old ones 99 final String name; 100 101 // id in 16 bit MSB format, i.e. 0x0004 for SSL_RSA_WITH_RC4_128_MD5 102 final int id; 103 104 // priority for the internal default preference order. the higher the 105 // better. Each supported CipherSuite *must* have a unique priority. 106 // Ciphersuites with priority >= DEFAULT_SUITES_PRIORITY are enabled 107 // by default 108 final int priority; 109 110 // key exchange, bulk cipher, mac and prf algorithms. See those 111 // classes below. 112 final KeyExchange keyExchange; 113 final BulkCipher cipher; 114 final MacAlg macAlg; 115 final PRF prfAlg; 116 117 // whether a CipherSuite qualifies as exportable under 512/40 bit rules. 118 // TLS 1.1+ (RFC 4346) must not negotiate to these suites. 119 final boolean exportable; 120 121 // true iff implemented and enabled at compile time 122 final boolean allowed; 123 124 // obsoleted since protocol version 125 // 126 // TLS version is used. If checking DTLS versions, please map to 127 // TLS version firstly. See ProtocolVersion.mapToTLSProtocol(). 128 final int obsoleted; 129 130 // supported since protocol version (TLS version is used) 131 // 132 // TLS version is used. If checking DTLS versions, please map to 133 // TLS version firstly. See ProtocolVersion.mapToTLSProtocol(). 134 final int supported; 135 136 /** 137 * Constructor for implemented CipherSuites. 138 */ 139 private CipherSuite(String name, int id, int priority, 140 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 141 boolean allowed, int obsoleted, int supported, PRF prfAlg) { 142 this.name = name; 143 this.id = id; 144 this.priority = priority; 145 this.keyExchange = keyExchange; 146 this.cipher = cipher; 147 this.macAlg = mac; 148 this.exportable = cipher.exportable; 149 allowed &= keyExchange.allowed; 150 allowed &= cipher.allowed; 151 this.allowed = allowed; 152 this.obsoleted = obsoleted; 153 this.supported = supported; 154 this.prfAlg = prfAlg; 155 } 156 157 /** 158 * Constructor for unimplemented CipherSuites. 159 */ 160 private CipherSuite(String name, int id) { 161 this.name = name; 162 this.id = id; 163 this.allowed = false; 164 165 this.priority = 0; 166 this.keyExchange = null; 167 this.cipher = null; 168 this.macAlg = null; 169 this.exportable = false; 170 this.obsoleted = ProtocolVersion.LIMIT_MAX_VALUE; 171 this.supported = ProtocolVersion.LIMIT_MIN_VALUE; 172 this.prfAlg = P_NONE; 173 } 174 175 /** 176 * Return whether this CipherSuite is available for use. A 177 * CipherSuite may be unavailable even if it is supported 178 * (i.e. allowed == true) if the required JCE cipher is not installed. 179 * In some configuration, this situation may change over time, call 180 * CipherSuiteList.clearAvailableCache() before this method to obtain 181 * the most current status. 182 */ 183 boolean isAvailable() { 184 return allowed && keyExchange.isAvailable() && cipher.isAvailable(); 185 } 186 187 boolean isNegotiable() { 188 return this != C_SCSV && isAvailable(); 189 } 190 191 // See also CipherBox.calculatePacketSize(). 192 int calculatePacketSize(int fragmentSize, 193 ProtocolVersion protocolVersion, boolean isDTLS) { 194 195 int packetSize = fragmentSize; 196 if (cipher != B_NULL) { 197 int blockSize = cipher.ivSize; 198 switch (cipher.cipherType) { 199 case BLOCK_CIPHER: 200 packetSize += macAlg.size; 201 packetSize += 1; // 1 byte padding length field 202 packetSize += // use the minimal padding 203 (blockSize - (packetSize % blockSize)) % blockSize; 204 if (protocolVersion.useTLS11PlusSpec()) { 205 packetSize += blockSize; // explicit IV 206 } 207 208 break; 209 case AEAD_CIPHER: 210 packetSize += cipher.ivSize - cipher.fixedIvSize; // record IV 211 packetSize += cipher.tagSize; 212 213 break; 214 default: // NULL_CIPHER or STREAM_CIPHER 215 packetSize += macAlg.size; 216 } 217 } 218 219 return packetSize + 220 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 221 } 222 223 // See also CipherBox.calculateFragmentSize(). 224 int calculateFragSize(int packetLimit, 225 ProtocolVersion protocolVersion, boolean isDTLS) { 226 227 int fragSize = packetLimit - 228 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 229 if (cipher != B_NULL) { 230 int blockSize = cipher.ivSize; 231 switch (cipher.cipherType) { 232 case BLOCK_CIPHER: 233 if (protocolVersion.useTLS11PlusSpec()) { 234 fragSize -= blockSize; // explicit IV 235 } 236 fragSize -= (fragSize % blockSize); // cannot hold a block 237 // No padding for a maximum fragment. 238 fragSize -= 1; // 1 byte padding length field: 0x00 239 fragSize -= macAlg.size; 240 241 break; 242 case AEAD_CIPHER: 243 fragSize -= cipher.tagSize; 244 fragSize -= cipher.ivSize - cipher.fixedIvSize; // record IV 245 246 break; 247 default: // NULL_CIPHER or STREAM_CIPHER 248 fragSize -= macAlg.size; 249 } 250 } 251 252 return fragSize; 253 } 254 255 /** 256 * Compares CipherSuites based on their priority. Has the effect of 257 * sorting CipherSuites when put in a sorted collection, which is 258 * used by CipherSuiteList. Follows standard Comparable contract. 259 * 260 * Note that for unsupported CipherSuites parsed from a handshake 261 * message we violate the equals() contract. 262 */ 263 @Override 264 public int compareTo(CipherSuite o) { 265 return o.priority - priority; 266 } 267 268 /** 269 * Returns this.name. 270 */ 271 @Override 272 public String toString() { 273 return name; 274 } 275 276 /** 277 * Return a CipherSuite for the given name. The returned CipherSuite 278 * is supported by this implementation but may not actually be 279 * currently useable. See isAvailable(). 280 * 281 * @exception IllegalArgumentException if the CipherSuite is unknown or 282 * unsupported. 283 */ 284 static CipherSuite valueOf(String s) { 285 if (s == null) { 286 throw new IllegalArgumentException("Name must not be null"); 287 } 288 289 CipherSuite c = nameMap.get(s); 290 if ((c == null) || (c.allowed == false)) { 291 throw new IllegalArgumentException("Unsupported ciphersuite " + s); 292 } 293 294 return c; 295 } 296 297 /** 298 * Return a CipherSuite with the given ID. A temporary object is 299 * constructed if the ID is unknown. Use isAvailable() to verify that 300 * the CipherSuite can actually be used. 301 */ 302 static CipherSuite valueOf(int id1, int id2) { 303 id1 &= 0xff; 304 id2 &= 0xff; 305 int id = (id1 << 8) | id2; 306 CipherSuite c = idMap.get(id); 307 if (c == null) { 308 String h1 = Integer.toString(id1, 16); 309 String h2 = Integer.toString(id2, 16); 310 c = new CipherSuite("Unknown 0x" + h1 + ":0x" + h2, id); 311 } 312 return c; 313 } 314 315 // for use by SSLContextImpl only 316 static Collection<CipherSuite> allowedCipherSuites() { 317 return nameMap.values(); 318 } 319 320 /* 321 * Use this method when all of the values need to be specified. 322 * This is primarily used when defining a new ciphersuite for 323 * TLS 1.2+ that doesn't use the "default" PRF. 324 */ 325 private static void add(String name, int id, int priority, 326 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 327 boolean allowed, int obsoleted, int supported, PRF prf) { 328 329 CipherSuite c = new CipherSuite(name, id, priority, keyExchange, 330 cipher, mac, allowed, obsoleted, supported, prf); 331 if (idMap.put(id, c) != null) { 332 throw new RuntimeException("Duplicate ciphersuite definition: " 333 + id + ", " + name); 334 } 335 if (c.allowed) { 336 if (nameMap.put(name, c) != null) { 337 throw new RuntimeException("Duplicate ciphersuite definition: " 338 + id + ", " + name); 339 } 340 } 341 } 342 343 /* 344 * Use this method when there is no lower protocol limit where this 345 * suite can be used, and the PRF is P_SHA256. That is, the 346 * existing ciphersuites. From RFC 5246: 347 * 348 * All cipher suites in this document use P_SHA256. 349 */ 350 private static void add(String name, int id, int priority, 351 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 352 boolean allowed, int obsoleted) { 353 // If this is an obsoleted suite, then don't let the TLS 1.2 354 // protocol have a valid PRF value. 355 PRF prf = obsoleted < ProtocolVersion.TLS12.v ? P_NONE : P_SHA256; 356 357 add(name, id, priority, keyExchange, cipher, mac, allowed, obsoleted, 358 ProtocolVersion.LIMIT_MIN_VALUE, prf); 359 } 360 361 /* 362 * Use this method when there is no upper protocol limit. That is, 363 * suites which have not been obsoleted. 364 */ 365 private static void add(String name, int id, int priority, 366 KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, 367 boolean allowed) { 368 add(name, id, priority, keyExchange, cipher, mac, allowed, 369 ProtocolVersion.LIMIT_MAX_VALUE); 370 } 371 372 /* 373 * Use this method to define an unimplemented suite. This provides 374 * a number<->name mapping that can be used for debugging. 375 */ 376 private static void add(String name, int id) { 377 CipherSuite c = new CipherSuite(name, id); 378 if (idMap.put(id, c) != null) { 379 throw new RuntimeException("Duplicate ciphersuite definition: " 380 + id + ", " + name); 381 } 382 } 383 384 /** 385 * An SSL/TLS key exchange algorithm. 386 */ 387 static enum KeyExchange { 388 389 // key exchange algorithms 390 K_NULL ("NULL", false), 391 K_RSA ("RSA", true), 392 K_RSA_EXPORT ("RSA_EXPORT", true), 393 K_DH_RSA ("DH_RSA", false), 394 K_DH_DSS ("DH_DSS", false), 395 K_DHE_DSS ("DHE_DSS", true), 396 K_DHE_RSA ("DHE_RSA", true), 397 K_DH_ANON ("DH_anon", true), 398 399 K_ECDH_ECDSA ("ECDH_ECDSA", ALLOW_ECC), 400 K_ECDH_RSA ("ECDH_RSA", ALLOW_ECC), 401 K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC), 402 K_ECDHE_RSA ("ECDHE_RSA", ALLOW_ECC), 403 K_ECDH_ANON ("ECDH_anon", ALLOW_ECC), 404 405 // Kerberos cipher suites 406 K_KRB5 ("KRB5", true), 407 K_KRB5_EXPORT("KRB5_EXPORT", true), 408 409 // renegotiation protection request signaling cipher suite 410 K_SCSV ("SCSV", true); 411 412 // name of the key exchange algorithm, e.g. DHE_DSS 413 final String name; 414 final boolean allowed; 415 private final boolean alwaysAvailable; 416 417 KeyExchange(String name, boolean allowed) { 418 this.name = name; 419 this.allowed = allowed; 420 this.alwaysAvailable = allowed && 421 (!name.startsWith("EC")) && (!name.startsWith("KRB")); 422 } 423 424 boolean isAvailable() { 425 if (alwaysAvailable) { 426 return true; 427 } 428 429 if (name.startsWith("EC")) { 430 return (allowed && JsseJce.isEcAvailable()); 431 } else if (name.startsWith("KRB")) { 432 return (allowed && JsseJce.isKerberosAvailable()); 433 } else { 434 return allowed; 435 } 436 } 437 438 @Override 439 public String toString() { 440 return name; 441 } 442 } 443 444 static enum CipherType { 445 NULL_CIPHER, // null cipher 446 STREAM_CIPHER, // stream cipher 447 BLOCK_CIPHER, // block cipher in CBC mode 448 AEAD_CIPHER // AEAD cipher 449 } 450 451 /** 452 * An SSL/TLS bulk cipher algorithm. One instance per combination of 453 * cipher and key length. 454 * 455 * Also contains a factory method to obtain in initialized CipherBox 456 * for this algorithm. 457 */ 458 static enum BulkCipher { 459 460 // export strength ciphers 461 B_NULL("NULL", NULL_CIPHER, 0, 0, 0, 0, true), 462 B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true), 463 B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false), 464 B_DES_40(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true), 465 466 // domestic strength ciphers 467 B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true), 468 B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true), 469 B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true), 470 B_IDEA("IDEA", BLOCK_CIPHER, 16, 8, 0, false), 471 B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true), 472 B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true), 473 B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true), 474 B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true); 475 476 // Map BulkCipher -> Boolean(available) 477 private static final Map<BulkCipher,Boolean> availableCache = 478 new HashMap<>(8); 479 480 // descriptive name including key size, e.g. AES/128 481 final String description; 482 483 // JCE cipher transformation string, e.g. AES/CBC/NoPadding 484 final String transformation; 485 486 // algorithm name, e.g. AES 487 final String algorithm; 488 489 // supported and compile time enabled. Also see isAvailable() 490 final boolean allowed; 491 492 // number of bytes of entropy in the key 493 final int keySize; 494 495 // length of the actual cipher key in bytes. 496 // for non-exportable ciphers, this is the same as keySize 497 final int expandedKeySize; 498 499 // size of the IV 500 final int ivSize; 501 502 // size of fixed IV 503 // 504 // record_iv_length = ivSize - fixedIvSize 505 final int fixedIvSize; 506 507 // exportable under 512/40 bit rules 508 final boolean exportable; 509 510 // Is the cipher algorithm of Cipher Block Chaining (CBC) mode? 511 final CipherType cipherType; 512 513 // size of the authentication tag, only applicable to cipher suites in 514 // Galois Counter Mode (GCM) 515 // 516 // As far as we know, all supported GCM cipher suites use 128-bits 517 // authentication tags. 518 final int tagSize = 16; 519 520 // The secure random used to detect the cipher availability. 521 private static final SecureRandom secureRandom; 522 523 static { 524 try { 525 secureRandom = JsseJce.getSecureRandom(); 526 } catch (KeyManagementException kme) { 527 throw new RuntimeException(kme); 528 } 529 } 530 531 BulkCipher(String transformation, CipherType cipherType, int keySize, 532 int expandedKeySize, int ivSize, 533 int fixedIvSize, boolean allowed) { 534 535 this.transformation = transformation; 536 String[] splits = transformation.split("/"); 537 this.algorithm = splits[0]; 538 this.cipherType = cipherType; 539 this.description = this.algorithm + "/" + (keySize << 3); 540 this.keySize = keySize; 541 this.ivSize = ivSize; 542 this.fixedIvSize = fixedIvSize; 543 this.allowed = allowed; 544 545 this.expandedKeySize = expandedKeySize; 546 this.exportable = true; 547 } 548 549 BulkCipher(String transformation, CipherType cipherType, int keySize, 550 int ivSize, int fixedIvSize, boolean allowed) { 551 this.transformation = transformation; 552 String[] splits = transformation.split("/"); 553 this.algorithm = splits[0]; 554 this.cipherType = cipherType; 555 this.description = this.algorithm + "/" + (keySize << 3); 556 this.keySize = keySize; 557 this.ivSize = ivSize; 558 this.fixedIvSize = fixedIvSize; 559 this.allowed = allowed; 560 561 this.expandedKeySize = keySize; 562 this.exportable = false; 563 } 564 565 /** 566 * Return an initialized CipherBox for this BulkCipher. 567 * IV must be null for stream ciphers. 568 * 569 * @exception NoSuchAlgorithmException if anything goes wrong 570 */ 571 CipherBox newCipher(ProtocolVersion version, SecretKey key, 572 IvParameterSpec iv, SecureRandom random, 573 boolean encrypt) throws NoSuchAlgorithmException { 574 return CipherBox.newCipherBox(version, this, 575 key, iv, random, encrypt); 576 } 577 578 /** 579 * Test if this bulk cipher is available. For use by CipherSuite. 580 * 581 * Currently all supported ciphers except AES are always available 582 * via the JSSE internal implementations. We also assume AES/128 of 583 * CBC mode is always available since it is shipped with the SunJCE 584 * provider. However, AES/256 is unavailable when the default JCE 585 * policy jurisdiction files are installed because of key length 586 * restrictions, and AEAD is unavailable when the underlying providers 587 * do not support AEAD/GCM mode. 588 */ 589 boolean isAvailable() { 590 if (allowed == false) { 591 return false; 592 } 593 594 if ((this == B_AES_256) || 595 (this.cipherType == CipherType.AEAD_CIPHER)) { 596 return isAvailable(this); 597 } 598 599 // always available 600 return true; 601 } 602 603 // for use by CipherSuiteList.clearAvailableCache(); 604 static synchronized void clearAvailableCache() { 605 if (DYNAMIC_AVAILABILITY) { 606 availableCache.clear(); 607 } 608 } 609 610 private static synchronized boolean isAvailable(BulkCipher cipher) { 611 Boolean b = availableCache.get(cipher); 612 if (b == null) { 613 int keySizeInBits = cipher.keySize * 8; 614 if (keySizeInBits > 128) { // need the JCE unlimited 615 // strength jurisdiction policy 616 try { 617 if (Cipher.getMaxAllowedKeyLength( 618 cipher.transformation) < keySizeInBits) { 619 b = Boolean.FALSE; 620 } 621 } catch (Exception e) { 622 b = Boolean.FALSE; 623 } 624 } 625 626 if (b == null) { 627 b = Boolean.FALSE; // may be reset to TRUE if 628 // the cipher is available 629 CipherBox temporary = null; 630 try { 631 SecretKey key = new SecretKeySpec( 632 new byte[cipher.expandedKeySize], 633 cipher.algorithm); 634 IvParameterSpec iv; 635 if (cipher.cipherType == CipherType.AEAD_CIPHER) { 636 iv = new IvParameterSpec( 637 new byte[cipher.fixedIvSize]); 638 } else { 639 iv = new IvParameterSpec(new byte[cipher.ivSize]); 640 } 641 temporary = cipher.newCipher( 642 ProtocolVersion.DEFAULT_TLS, 643 key, iv, secureRandom, true); 644 b = temporary.isAvailable(); 645 } catch (NoSuchAlgorithmException e) { 646 // not available 647 } finally { 648 if (temporary != null) { 649 temporary.dispose(); 650 } 651 } 652 } 653 654 availableCache.put(cipher, b); 655 } 656 657 return b.booleanValue(); 658 } 659 660 @Override 661 public String toString() { 662 return description; 663 } 664 } 665 666 /** 667 * An SSL/TLS key MAC algorithm. 668 * 669 * Also contains a factory method to obtain an initialized MAC 670 * for this algorithm. 671 */ 672 static enum MacAlg { 673 // MACs 674 M_NULL ("NULL", 0, 0, 0), 675 M_MD5 ("MD5", 16, 64, 9), 676 M_SHA ("SHA", 20, 64, 9), 677 M_SHA256 ("SHA256", 32, 64, 9), 678 M_SHA384 ("SHA384", 48, 128, 17); 679 680 // descriptive name, e.g. MD5 681 final String name; 682 683 // size of the MAC value (and MAC key) in bytes 684 final int size; 685 686 // block size of the underlying hash algorithm 687 final int hashBlockSize; 688 689 // minimal padding size of the underlying hash algorithm 690 final int minimalPaddingSize; 691 692 MacAlg(String name, int size, 693 int hashBlockSize, int minimalPaddingSize) { 694 this.name = name; 695 this.size = size; 696 this.hashBlockSize = hashBlockSize; 697 this.minimalPaddingSize = minimalPaddingSize; 698 } 699 700 /** 701 * Return an initialized MAC for this MacAlg. ProtocolVersion 702 * must either be SSL30 (SSLv3 custom MAC) or TLS10 (std. HMAC). 703 * 704 * @exception NoSuchAlgorithmException if anything goes wrong 705 */ 706 MAC newMac(ProtocolVersion protocolVersion, SecretKey secret) 707 throws NoSuchAlgorithmException, InvalidKeyException { 708 return new MAC(this, protocolVersion, secret); 709 } 710 711 @Override 712 public String toString() { 713 return name; 714 } 715 } 716 717 /** 718 * PRFs (PseudoRandom Function) from TLS specifications. 719 * 720 * TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for generating 721 * the necessary material. 722 * 723 * In TLS 1.2+, all existing/known CipherSuites use SHA256, however 724 * new Ciphersuites (e.g. RFC 5288) can define specific PRF hash 725 * algorithms. 726 */ 727 static enum PRF { 728 729 // PRF algorithms 730 P_NONE( "NONE", 0, 0), 731 P_SHA256("SHA-256", 32, 64), 732 P_SHA384("SHA-384", 48, 128), 733 P_SHA512("SHA-512", 64, 128); // not currently used. 734 735 // PRF characteristics 736 private final String prfHashAlg; 737 private final int prfHashLength; 738 private final int prfBlockSize; 739 740 PRF(String prfHashAlg, int prfHashLength, int prfBlockSize) { 741 this.prfHashAlg = prfHashAlg; 742 this.prfHashLength = prfHashLength; 743 this.prfBlockSize = prfBlockSize; 744 } 745 746 String getPRFHashAlg() { 747 return prfHashAlg; 748 } 749 750 int getPRFHashLength() { 751 return prfHashLength; 752 } 753 754 int getPRFBlockSize() { 755 return prfBlockSize; 756 } 757 } 758 759 static { 760 idMap = new HashMap<Integer,CipherSuite>(); 761 nameMap = new HashMap<String,CipherSuite>(); 762 763 final boolean F = false; 764 final boolean T = true; 765 // N: ciphersuites only allowed if we are not in FIPS mode 766 final boolean N = (SunJSSE.isFIPS() == false); 767 768 /* 769 * TLS Cipher Suite Registry, as of August 2010. 770 * 771 * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 772 * 773 * Range Registration Procedures Notes 774 * 000-191 Standards Action Refers to value of first byte 775 * 192-254 Specification Required Refers to value of first byte 776 * 255 Reserved for Private Use Refers to value of first byte 777 * 778 * Value Description Reference 779 * 0x00,0x00 TLS_NULL_WITH_NULL_NULL [RFC5246] 780 * 0x00,0x01 TLS_RSA_WITH_NULL_MD5 [RFC5246] 781 * 0x00,0x02 TLS_RSA_WITH_NULL_SHA [RFC5246] 782 * 0x00,0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 [RFC4346] 783 * 0x00,0x04 TLS_RSA_WITH_RC4_128_MD5 [RFC5246] 784 * 0x00,0x05 TLS_RSA_WITH_RC4_128_SHA [RFC5246] 785 * 0x00,0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 [RFC4346] 786 * 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469] 787 * 0x00,0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 788 * 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469] 789 * 0x00,0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 790 * 0x00,0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 791 * 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469] 792 * 0x00,0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246] 793 * 0x00,0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 794 * 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469] 795 * 0x00,0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 796 * 0x00,0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 797 * 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469] 798 * 0x00,0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246] 799 * 0x00,0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 800 * 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469] 801 * 0x00,0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 802 * 0x00,0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 [RFC4346] 803 * 0x00,0x18 TLS_DH_anon_WITH_RC4_128_MD5 [RFC5246] 804 * 0x00,0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 805 * 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469] 806 * 0x00,0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [RFC5246] 807 * 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3 [RFC5246] 808 * 0x00,0x1E TLS_KRB5_WITH_DES_CBC_SHA [RFC2712] 809 * 0x00,0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA [RFC2712] 810 * 0x00,0x20 TLS_KRB5_WITH_RC4_128_SHA [RFC2712] 811 * 0x00,0x21 TLS_KRB5_WITH_IDEA_CBC_SHA [RFC2712] 812 * 0x00,0x22 TLS_KRB5_WITH_DES_CBC_MD5 [RFC2712] 813 * 0x00,0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 [RFC2712] 814 * 0x00,0x24 TLS_KRB5_WITH_RC4_128_MD5 [RFC2712] 815 * 0x00,0x25 TLS_KRB5_WITH_IDEA_CBC_MD5 [RFC2712] 816 * 0x00,0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA [RFC2712] 817 * 0x00,0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA [RFC2712] 818 * 0x00,0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA [RFC2712] 819 * 0x00,0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [RFC2712] 820 * 0x00,0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 [RFC2712] 821 * 0x00,0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 [RFC2712] 822 * 0x00,0x2C TLS_PSK_WITH_NULL_SHA [RFC4785] 823 * 0x00,0x2D TLS_DHE_PSK_WITH_NULL_SHA [RFC4785] 824 * 0x00,0x2E TLS_RSA_PSK_WITH_NULL_SHA [RFC4785] 825 * 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246] 826 * 0x00,0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA [RFC5246] 827 * 0x00,0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA [RFC5246] 828 * 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA [RFC5246] 829 * 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246] 830 * 0x00,0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA [RFC5246] 831 * 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246] 832 * 0x00,0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA [RFC5246] 833 * 0x00,0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA [RFC5246] 834 * 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA [RFC5246] 835 * 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246] 836 * 0x00,0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA [RFC5246] 837 * 0x00,0x3B TLS_RSA_WITH_NULL_SHA256 [RFC5246] 838 * 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 839 * 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 840 * 0x00,0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 [RFC5246] 841 * 0x00,0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 842 * 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [RFC5246] 843 * 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 844 * 0x00,0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 845 * 0x00,0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 846 * 0x00,0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 847 * 0x00,0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 848 * 0x00,0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 849 * 0x00,0x47-4F Reserved to avoid conflicts with 850 * deployed implementations [Pasi_Eronen] 851 * 0x00,0x50-58 Reserved to avoid conflicts [Pasi Eronen] 852 * 0x00,0x59-5C Reserved to avoid conflicts with 853 * deployed implementations [Pasi_Eronen] 854 * 0x00,0x5D-5F Unassigned 855 * 0x00,0x60-66 Reserved to avoid conflicts with widely 856 * deployed implementations [Pasi_Eronen] 857 * 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 858 * 0x00,0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 [RFC5246] 859 * 0x00,0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 860 * 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [RFC5246] 861 * 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 862 * 0x00,0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 [RFC5246] 863 * 0x00,0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 [RFC5246] 864 * 0x00,0x6E-83 Unassigned 865 * 0x00,0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 866 * 0x00,0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 867 * 0x00,0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 868 * 0x00,0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 869 * 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 870 * 0x00,0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 871 * 0x00,0x8A TLS_PSK_WITH_RC4_128_SHA [RFC4279] 872 * 0x00,0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 873 * 0x00,0x8C TLS_PSK_WITH_AES_128_CBC_SHA [RFC4279] 874 * 0x00,0x8D TLS_PSK_WITH_AES_256_CBC_SHA [RFC4279] 875 * 0x00,0x8E TLS_DHE_PSK_WITH_RC4_128_SHA [RFC4279] 876 * 0x00,0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 877 * 0x00,0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC4279] 878 * 0x00,0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC4279] 879 * 0x00,0x92 TLS_RSA_PSK_WITH_RC4_128_SHA [RFC4279] 880 * 0x00,0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 881 * 0x00,0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA [RFC4279] 882 * 0x00,0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA [RFC4279] 883 * 0x00,0x96 TLS_RSA_WITH_SEED_CBC_SHA [RFC4162] 884 * 0x00,0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA [RFC4162] 885 * 0x00,0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA [RFC4162] 886 * 0x00,0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA [RFC4162] 887 * 0x00,0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA [RFC4162] 888 * 0x00,0x9B TLS_DH_anon_WITH_SEED_CBC_SHA [RFC4162] 889 * 0x00,0x9C TLS_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 890 * 0x00,0x9D TLS_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 891 * 0x00,0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 892 * 0x00,0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 893 * 0x00,0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 894 * 0x00,0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 895 * 0x00,0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [RFC5288] 896 * 0x00,0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 [RFC5288] 897 * 0x00,0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 [RFC5288] 898 * 0x00,0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 [RFC5288] 899 * 0x00,0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 [RFC5288] 900 * 0x00,0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 [RFC5288] 901 * 0x00,0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 902 * 0x00,0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 903 * 0x00,0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 904 * 0x00,0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 905 * 0x00,0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 906 * 0x00,0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 907 * 0x00,0xAE TLS_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 908 * 0x00,0xAF TLS_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 909 * 0x00,0xB0 TLS_PSK_WITH_NULL_SHA256 [RFC5487] 910 * 0x00,0xB1 TLS_PSK_WITH_NULL_SHA384 [RFC5487] 911 * 0x00,0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 912 * 0x00,0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 913 * 0x00,0xB4 TLS_DHE_PSK_WITH_NULL_SHA256 [RFC5487] 914 * 0x00,0xB5 TLS_DHE_PSK_WITH_NULL_SHA384 [RFC5487] 915 * 0x00,0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 916 * 0x00,0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 917 * 0x00,0xB8 TLS_RSA_PSK_WITH_NULL_SHA256 [RFC5487] 918 * 0x00,0xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [RFC5487] 919 * 0x00,0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 920 * 0x00,0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 921 * 0x00,0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 922 * 0x00,0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 923 * 0x00,0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 924 * 0x00,0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 925 * 0x00,0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 926 * 0x00,0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 927 * 0x00,0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 928 * 0x00,0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 929 * 0x00,0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 930 * 0x00,0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 931 * 0x00,0xC6-FE Unassigned 932 * 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [RFC5746] 933 * 0x01-BF,* Unassigned 934 * 0xC0,0x01 TLS_ECDH_ECDSA_WITH_NULL_SHA [RFC4492] 935 * 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA [RFC4492] 936 * 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 937 * 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [RFC4492] 938 * 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA [RFC4492] 939 * 0xC0,0x06 TLS_ECDHE_ECDSA_WITH_NULL_SHA [RFC4492] 940 * 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [RFC4492] 941 * 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 942 * 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [RFC4492] 943 * 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [RFC4492] 944 * 0xC0,0x0B TLS_ECDH_RSA_WITH_NULL_SHA [RFC4492] 945 * 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA [RFC4492] 946 * 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 947 * 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [RFC4492] 948 * 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA [RFC4492] 949 * 0xC0,0x10 TLS_ECDHE_RSA_WITH_NULL_SHA [RFC4492] 950 * 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA [RFC4492] 951 * 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 952 * 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [RFC4492] 953 * 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [RFC4492] 954 * 0xC0,0x15 TLS_ECDH_anon_WITH_NULL_SHA [RFC4492] 955 * 0xC0,0x16 TLS_ECDH_anon_WITH_RC4_128_SHA [RFC4492] 956 * 0xC0,0x17 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [RFC4492] 957 * 0xC0,0x18 TLS_ECDH_anon_WITH_AES_128_CBC_SHA [RFC4492] 958 * 0xC0,0x19 TLS_ECDH_anon_WITH_AES_256_CBC_SHA [RFC4492] 959 * 0xC0,0x1A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA [RFC5054] 960 * 0xC0,0x1B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA [RFC5054] 961 * 0xC0,0x1C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA [RFC5054] 962 * 0xC0,0x1D TLS_SRP_SHA_WITH_AES_128_CBC_SHA [RFC5054] 963 * 0xC0,0x1E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA [RFC5054] 964 * 0xC0,0x1F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA [RFC5054] 965 * 0xC0,0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA [RFC5054] 966 * 0xC0,0x21 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA [RFC5054] 967 * 0xC0,0x22 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA [RFC5054] 968 * 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289] 969 * 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289] 970 * 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289] 971 * 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289] 972 * 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5289] 973 * 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] 974 * 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [RFC5289] 975 * 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] 976 * 0xC0,0x2B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289] 977 * 0xC0,0x2C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289] 978 * 0xC0,0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289] 979 * 0xC0,0x2E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289] 980 * 0xC0,0x2F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5289] 981 * 0xC0,0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5289] 982 * 0xC0,0x31 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [RFC5289] 983 * 0xC0,0x32 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 [RFC5289] 984 * 0xC0,0x33 TLS_ECDHE_PSK_WITH_RC4_128_SHA [RFC5489] 985 * 0xC0,0x34 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC5489] 986 * 0xC0,0x35 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA [RFC5489] 987 * 0xC0,0x36 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA [RFC5489] 988 * 0xC0,0x37 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5489] 989 * 0xC0,0x38 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5489] 990 * 0xC0,0x39 TLS_ECDHE_PSK_WITH_NULL_SHA [RFC5489] 991 * 0xC0,0x3A TLS_ECDHE_PSK_WITH_NULL_SHA256 [RFC5489] 992 * 0xC0,0x3B TLS_ECDHE_PSK_WITH_NULL_SHA384 [RFC5489] 993 * 0xC0,0x3C-FF Unassigned 994 * 0xC1-FD,* Unassigned 995 * 0xFE,0x00-FD Unassigned 996 * 0xFE,0xFE-FF Reserved to avoid conflicts with widely 997 * deployed implementations [Pasi_Eronen] 998 * 0xFF,0x00-FF Reserved for Private Use [RFC5246] 999 */ 1000 1001 add("SSL_NULL_WITH_NULL_NULL", 0x0000, 1002 1, K_NULL, B_NULL, M_NULL, F); 1003 1004 /* 1005 * Definition of the CipherSuites that are enabled by default. 1006 * They are listed in preference order, most preferred first, using 1007 * the following criteria: 1008 * 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be 1009 * changed later, see below). 1010 * 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM), 1011 * AES_128(GCM), AES_256, AES_128, 3DES-EDE. 1012 * 3. Prefer the stronger MAC algorithm, in the order of SHA384, 1013 * SHA256, SHA, MD5. 1014 * 4. Prefer the better performance of key exchange and digital 1015 * signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 1016 * RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS. 1017 */ 1018 int p = DEFAULT_SUITES_PRIORITY * 2; 1019 1020 // shorten names to fit the following table cleanly. 1021 int max = ProtocolVersion.LIMIT_MAX_VALUE; 1022 int tls11 = ProtocolVersion.TLS11.v; 1023 int tls12 = ProtocolVersion.TLS12.v; 1024 1025 // ID Key Exchange Cipher A obs suprt PRF 1026 // ====== ============ ========= = === ===== ======== 1027 1028 // Suite B compliant cipher suites, see RFC 6460. 1029 // 1030 // Note that, at present this provider is not Suite B compliant. The 1031 // preference order of the GCM cipher suites does not follow the spec 1032 // of RFC 6460. In this section, only two cipher suites are listed 1033 // so that applications can make use of Suite-B compliant cipher 1034 // suite firstly. 1035 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02c, --p, 1036 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1037 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02b, --p, 1038 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1039 1040 // AES_256(GCM) 1041 add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, --p, 1042 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1043 add("TLS_RSA_WITH_AES_256_GCM_SHA384", 0x009d, --p, 1044 K_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1045 add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02e, --p, 1046 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1047 add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, --p, 1048 K_ECDH_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1049 add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 0x009f, --p, 1050 K_DHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1051 add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x00a3, --p, 1052 K_DHE_DSS, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); 1053 1054 // AES_128(GCM) 1055 add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 0xc02f, --p, 1056 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1057 add("TLS_RSA_WITH_AES_128_GCM_SHA256", 0x009c, --p, 1058 K_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1059 add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02d, --p, 1060 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1061 add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, --p, 1062 K_ECDH_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1063 add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 0x009e, --p, 1064 K_DHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1065 add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x00a2, --p, 1066 K_DHE_DSS, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); 1067 1068 // AES_256(CBC) 1069 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0xc024, --p, 1070 K_ECDHE_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1071 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0xc028, --p, 1072 K_ECDHE_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1073 add("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x003d, --p, 1074 K_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1075 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0xc026, --p, 1076 K_ECDH_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1077 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0xc02a, --p, 1078 K_ECDH_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); 1079 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x006b, --p, 1080 K_DHE_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1081 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x006a, --p, 1082 K_DHE_DSS, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); 1083 1084 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 0xC00A, --p, 1085 K_ECDHE_ECDSA, B_AES_256, M_SHA, T); 1086 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 0xC014, --p, 1087 K_ECDHE_RSA, B_AES_256, M_SHA, T); 1088 add("TLS_RSA_WITH_AES_256_CBC_SHA", 0x0035, --p, 1089 K_RSA, B_AES_256, M_SHA, T); 1090 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 0xC005, --p, 1091 K_ECDH_ECDSA, B_AES_256, M_SHA, T); 1092 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 0xC00F, --p, 1093 K_ECDH_RSA, B_AES_256, M_SHA, T); 1094 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 0x0039, --p, 1095 K_DHE_RSA, B_AES_256, M_SHA, T); 1096 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 0x0038, --p, 1097 K_DHE_DSS, B_AES_256, M_SHA, T); 1098 1099 // AES_128(CBC) 1100 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0xc023, --p, 1101 K_ECDHE_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1102 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0xc027, --p, 1103 K_ECDHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1104 add("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x003c, --p, 1105 K_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1106 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0xc025, --p, 1107 K_ECDH_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1108 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0xc029, --p, 1109 K_ECDH_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1110 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0067, --p, 1111 K_DHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1112 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0040, --p, 1113 K_DHE_DSS, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); 1114 1115 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 0xC009, --p, 1116 K_ECDHE_ECDSA, B_AES_128, M_SHA, T); 1117 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 0xC013, --p, 1118 K_ECDHE_RSA, B_AES_128, M_SHA, T); 1119 add("TLS_RSA_WITH_AES_128_CBC_SHA", 0x002f, --p, 1120 K_RSA, B_AES_128, M_SHA, T); 1121 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 0xC004, --p, 1122 K_ECDH_ECDSA, B_AES_128, M_SHA, T); 1123 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 0xC00E, --p, 1124 K_ECDH_RSA, B_AES_128, M_SHA, T); 1125 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 0x0033, --p, 1126 K_DHE_RSA, B_AES_128, M_SHA, T); 1127 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 0x0032, --p, 1128 K_DHE_DSS, B_AES_128, M_SHA, T); 1129 1130 // 3DES_EDE 1131 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC008, --p, 1132 K_ECDHE_ECDSA, B_3DES, M_SHA, T); 1133 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 0xC012, --p, 1134 K_ECDHE_RSA, B_3DES, M_SHA, T); 1135 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", 0x000a, --p, 1136 K_RSA, B_3DES, M_SHA, T); 1137 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC003, --p, 1138 K_ECDH_ECDSA, B_3DES, M_SHA, T); 1139 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 0xC00D, --p, 1140 K_ECDH_RSA, B_3DES, M_SHA, T); 1141 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 0x0016, --p, 1142 K_DHE_RSA, B_3DES, M_SHA, T); 1143 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 0x0013, --p, 1144 K_DHE_DSS, B_3DES, M_SHA, N); 1145 1146 // Renegotiation protection request Signalling Cipher Suite Value (SCSV) 1147 add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0x00ff, --p, 1148 K_SCSV, B_NULL, M_NULL, T); 1149 1150 /* 1151 * Definition of the CipherSuites that are supported but not enabled 1152 * by default. 1153 * They are listed in preference order, preferred first, using the 1154 * following criteria: 1155 * 1. CipherSuites for KRB5 need additional KRB5 service 1156 * configuration, and these suites are not common in practice, 1157 * so we put KRB5 based cipher suites at the end of the supported 1158 * list. 1159 * 2. If a cipher suite has been obsoleted, we put it at the end of 1160 * the list. 1161 * 3. Prefer the stronger bulk cipher, in the order of AES_256, 1162 * AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. 1163 * 4. Prefer the stronger MAC algorithm, in the order of SHA384, 1164 * SHA256, SHA, MD5. 1165 * 5. Prefer the better performance of key exchange and digital 1166 * signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 1167 * RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous. 1168 */ 1169 p = DEFAULT_SUITES_PRIORITY; 1170 1171 add("TLS_DH_anon_WITH_AES_256_GCM_SHA384", 0x00a7, --p, 1172 K_DH_ANON, B_AES_256_GCM, M_NULL, N, max, tls12, P_SHA384); 1173 add("TLS_DH_anon_WITH_AES_128_GCM_SHA256", 0x00a6, --p, 1174 K_DH_ANON, B_AES_128_GCM, M_NULL, N, max, tls12, P_SHA256); 1175 1176 add("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x006d, --p, 1177 K_DH_ANON, B_AES_256, M_SHA256, N, max, tls12, P_SHA256); 1178 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 0xC019, --p, 1179 K_ECDH_ANON, B_AES_256, M_SHA, N); 1180 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", 0x003a, --p, 1181 K_DH_ANON, B_AES_256, M_SHA, N); 1182 1183 add("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x006c, --p, 1184 K_DH_ANON, B_AES_128, M_SHA256, N, max, tls12, P_SHA256); 1185 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 0xC018, --p, 1186 K_ECDH_ANON, B_AES_128, M_SHA, N); 1187 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", 0x0034, --p, 1188 K_DH_ANON, B_AES_128, M_SHA, N); 1189 1190 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 0xC017, --p, 1191 K_ECDH_ANON, B_3DES, M_SHA, N); 1192 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 0x001b, --p, 1193 K_DH_ANON, B_3DES, M_SHA, N); 1194 1195 // RC-4 1196 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 0xC007, --p, 1197 K_ECDHE_ECDSA, B_RC4_128, M_SHA, N); 1198 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", 0xC011, --p, 1199 K_ECDHE_RSA, B_RC4_128, M_SHA, N); 1200 add("SSL_RSA_WITH_RC4_128_SHA", 0x0005, --p, 1201 K_RSA, B_RC4_128, M_SHA, N); 1202 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 0xC002, --p, 1203 K_ECDH_ECDSA, B_RC4_128, M_SHA, N); 1204 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", 0xC00C, --p, 1205 K_ECDH_RSA, B_RC4_128, M_SHA, N); 1206 add("SSL_RSA_WITH_RC4_128_MD5", 0x0004, --p, 1207 K_RSA, B_RC4_128, M_MD5, N); 1208 1209 add("TLS_ECDH_anon_WITH_RC4_128_SHA", 0xC016, --p, 1210 K_ECDH_ANON, B_RC4_128, M_SHA, N); 1211 add("SSL_DH_anon_WITH_RC4_128_MD5", 0x0018, --p, 1212 K_DH_ANON, B_RC4_128, M_MD5, N); 1213 1214 // weak cipher suites obsoleted in TLS 1.2 1215 add("SSL_RSA_WITH_DES_CBC_SHA", 0x0009, --p, 1216 K_RSA, B_DES, M_SHA, N, tls12); 1217 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0015, --p, 1218 K_DHE_RSA, B_DES, M_SHA, N, tls12); 1219 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0012, --p, 1220 K_DHE_DSS, B_DES, M_SHA, N, tls12); 1221 add("SSL_DH_anon_WITH_DES_CBC_SHA", 0x001a, --p, 1222 K_DH_ANON, B_DES, M_SHA, N, tls12); 1223 1224 // weak cipher suites obsoleted in TLS 1.1 1225 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0008, --p, 1226 K_RSA_EXPORT, B_DES_40, M_SHA, N, tls11); 1227 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0014, --p, 1228 K_DHE_RSA, B_DES_40, M_SHA, N, tls11); 1229 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0011, --p, 1230 K_DHE_DSS, B_DES_40, M_SHA, N, tls11); 1231 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0019, --p, 1232 K_DH_ANON, B_DES_40, M_SHA, N, tls11); 1233 1234 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0003, --p, 1235 K_RSA_EXPORT, B_RC4_40, M_MD5, N, tls11); 1236 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0017, --p, 1237 K_DH_ANON, B_RC4_40, M_MD5, N, tls11); 1238 1239 add("TLS_RSA_WITH_NULL_SHA256", 0x003b, --p, 1240 K_RSA, B_NULL, M_SHA256, N, max, tls12, P_SHA256); 1241 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", 0xC006, --p, 1242 K_ECDHE_ECDSA, B_NULL, M_SHA, N); 1243 add("TLS_ECDHE_RSA_WITH_NULL_SHA", 0xC010, --p, 1244 K_ECDHE_RSA, B_NULL, M_SHA, N); 1245 add("SSL_RSA_WITH_NULL_SHA", 0x0002, --p, 1246 K_RSA, B_NULL, M_SHA, N); 1247 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", 0xC001, --p, 1248 K_ECDH_ECDSA, B_NULL, M_SHA, N); 1249 add("TLS_ECDH_RSA_WITH_NULL_SHA", 0xC00B, --p, 1250 K_ECDH_RSA, B_NULL, M_SHA, N); 1251 add("TLS_ECDH_anon_WITH_NULL_SHA", 0xC015, --p, 1252 K_ECDH_ANON, B_NULL, M_SHA, N); 1253 add("SSL_RSA_WITH_NULL_MD5", 0x0001, --p, 1254 K_RSA, B_NULL, M_MD5, N); 1255 1256 // Supported Kerberos ciphersuites from RFC2712 1257 add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001f, --p, 1258 K_KRB5, B_3DES, M_SHA, N); 1259 add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023, --p, 1260 K_KRB5, B_3DES, M_MD5, N); 1261 add("TLS_KRB5_WITH_RC4_128_SHA", 0x0020, --p, 1262 K_KRB5, B_RC4_128, M_SHA, N); 1263 add("TLS_KRB5_WITH_RC4_128_MD5", 0x0024, --p, 1264 K_KRB5, B_RC4_128, M_MD5, N); 1265 add("TLS_KRB5_WITH_DES_CBC_SHA", 0x001e, --p, 1266 K_KRB5, B_DES, M_SHA, N, tls12); 1267 add("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022, --p, 1268 K_KRB5, B_DES, M_MD5, N, tls12); 1269 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026, --p, 1270 K_KRB5_EXPORT, B_DES_40, M_SHA, N, tls11); 1271 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029, --p, 1272 K_KRB5_EXPORT, B_DES_40, M_MD5, N, tls11); 1273 add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028, --p, 1274 K_KRB5_EXPORT, B_RC4_40, M_SHA, N, tls11); 1275 add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002b, --p, 1276 K_KRB5_EXPORT, B_RC4_40, M_MD5, N, tls11); 1277 1278 /* 1279 * Other values from the TLS Cipher Suite Registry, as of August 2010. 1280 * 1281 * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 1282 * 1283 * Range Registration Procedures Notes 1284 * 000-191 Standards Action Refers to value of first byte 1285 * 192-254 Specification Required Refers to value of first byte 1286 * 255 Reserved for Private Use Refers to value of first byte 1287 */ 1288 1289 // Register the names of a few additional CipherSuites. 1290 // Makes them show up as names instead of numbers in 1291 // the debug output. 1292 1293 // remaining unsupported ciphersuites defined in RFC2246. 1294 add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006); 1295 add("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007); 1296 add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b); 1297 add("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c); 1298 add("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d); 1299 add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e); 1300 add("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f); 1301 add("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010); 1302 1303 // SSL 3.0 Fortezza ciphersuites 1304 add("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c); 1305 add("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d); 1306 1307 // 1024/56 bit exportable ciphersuites from expired internet draft 1308 add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062); 1309 add("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063); 1310 add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064); 1311 add("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065); 1312 add("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066); 1313 1314 // Netscape old and new SSL 3.0 FIPS ciphersuites 1315 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html 1316 add("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0); 1317 add("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1); 1318 add("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe); 1319 add("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff); 1320 1321 // Unsupported Kerberos cipher suites from RFC 2712 1322 add("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021); 1323 add("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025); 1324 add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027); 1325 add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a); 1326 1327 // Unsupported cipher suites from RFC 4162 1328 add("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096); 1329 add("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097); 1330 add("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098); 1331 add("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099); 1332 add("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a); 1333 add("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b); 1334 1335 // Unsupported cipher suites from RFC 4279 1336 add("TLS_PSK_WITH_RC4_128_SHA", 0x008a); 1337 add("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b); 1338 add("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c); 1339 add("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d); 1340 add("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e); 1341 add("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f); 1342 add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090); 1343 add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091); 1344 add("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092); 1345 add("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093); 1346 add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094); 1347 add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095); 1348 1349 // Unsupported cipher suites from RFC 4785 1350 add("TLS_PSK_WITH_NULL_SHA", 0x002c); 1351 add("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d); 1352 add("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e); 1353 1354 // Unsupported cipher suites from RFC 5246 1355 add("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030); 1356 add("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031); 1357 add("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036); 1358 add("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037); 1359 add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e); 1360 add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f); 1361 add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068); 1362 add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069); 1363 1364 // Unsupported cipher suites from RFC 5288 1365 add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0); 1366 add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1); 1367 add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4); 1368 add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5); 1369 1370 // Unsupported cipher suites from RFC 5487 1371 add("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8); 1372 add("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9); 1373 add("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa); 1374 add("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab); 1375 add("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac); 1376 add("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad); 1377 add("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae); 1378 add("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af); 1379 add("TLS_PSK_WITH_NULL_SHA256", 0x00b0); 1380 add("TLS_PSK_WITH_NULL_SHA384", 0x00b1); 1381 add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2); 1382 add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3); 1383 add("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4); 1384 add("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5); 1385 add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6); 1386 add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7); 1387 add("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8); 1388 add("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9); 1389 1390 // Unsupported cipher suites from RFC 5932 1391 add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041); 1392 add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042); 1393 add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043); 1394 add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044); 1395 add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045); 1396 add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046); 1397 add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084); 1398 add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085); 1399 add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086); 1400 add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087); 1401 add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088); 1402 add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089); 1403 add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba); 1404 add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb); 1405 add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc); 1406 add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd); 1407 add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be); 1408 add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf); 1409 add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0); 1410 add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1); 1411 add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2); 1412 add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3); 1413 add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4); 1414 add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5); 1415 1416 // Unsupported cipher suites from RFC 5054 1417 add("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a); 1418 add("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b); 1419 add("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c); 1420 add("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d); 1421 add("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e); 1422 add("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f); 1423 add("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020); 1424 add("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021); 1425 add("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022); 1426 1427 // Unsupported cipher suites from RFC 5489 1428 add("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033); 1429 add("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034); 1430 add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035); 1431 add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036); 1432 add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037); 1433 add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038); 1434 add("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039); 1435 add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a); 1436 add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b); 1437 } 1438 1439 // ciphersuite SSL_NULL_WITH_NULL_NULL 1440 static final CipherSuite C_NULL = CipherSuite.valueOf(0, 0); 1441 1442 // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV 1443 static final CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff); 1444} 1445