10:09 a.m.
Author: remy.maucherat(a)jboss.com
Date: 2014-09-11 11:09:44 -0400 (Thu, 11 Sep 2014)
New Revision: 2509
Added:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Removed:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java
Log:
BZ1123342: Needs alias support so try to rebase on the Tomcat code which has support for
that along with many other fixes.
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java 2014-09-09
14:10:18 UTC (rev 2508)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -1,29 +1,22 @@
/*
- * Copyright (C) 2014 Red Hat, inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
+
package org.apache.tomcat.util.net.jsse.openssl;
-/**
- *
- * @author <a href="mailto:ehugonne@redhat.com">Emmanuel
Hugonnet</a> (c) 2014 Red Hat, inc.
- */
enum Authentication {
RSA /* RSA auth */,
DSS /* DSS auth */,
@@ -35,5 +28,6 @@
PSK /* PSK auth */,
GOST94 /* GOST R 34.10-94 signature auth */,
GOST01 /* GOST R 34.10-2001 */,
- FZA /* Fortezza */;
+ FZA /* Fortezza */,
+ SRP
}
Added: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
===================================================================
--- branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(rev 0)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -0,0 +1,2645 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse.openssl;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * All the standard cipher suites for SSL/TSL.
+ *
+ * @see <a
href="http://www.iana.org/assignments/tls-parameters/tls-parameters....
+ * >The cipher suite registry</a>
+ * @see <a
href="https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/&...
+ * >Another list of cipher suites with some non-standard IDs</a>
+ * @see <a
href="http://docs.oracle.com/javase/8/docs/technotes/guides/security...
+ * >Oracle standard names for cipher suites</a>
+ * @see <a href="https://www.openssl.org/docs/apps/ciphers.html"
+ * >Mapping of OpenSSL cipher suites names to registry names</a>
+ */
+enum Cipher {
+ /* The RSA ciphers */
+ // Cipher 01
+ TLS_RSA_WITH_NULL_MD5(
+ "NULL-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.eNULL,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ false,
+ 0,
+ 0,
+ "SSL_RSA_WITH_NULL_MD5"
+ ),
+ // Cipher 02
+ TLS_RSA_WITH_NULL_SHA(
+ "NULL-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.eNULL,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ true,
+ 0,
+ 0,
+ "SSL_RSA_WITH_NULL_SHA"
+ ),
+ // Cipher 03
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5(
+ "EXP-RC4-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128,
+ "SSL_RSA_EXPORT_WITH_RC4_40_MD5"
+ ),
+ // Cipher 04
+ TLS_RSA_WITH_RC4_128_MD5(
+ "RC4-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128,
+ "SSL_RSA_WITH_RC4_128_MD5"
+ ),
+ // Cipher 05
+ TLS_RSA_WITH_RC4_128_SHA(
+ "RC4-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128,
+ "SSL_RSA_WITH_RC4_128_SHA"
+ ),
+ // Cipher 06
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(
+ "EXP-RC2-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC2,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128,
+ "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"
+ ),
+ // Cipher 07
+ TLS_RSA_WITH_IDEA_CBC_SHA(
+ "IDEA-CBC-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.IDEA,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128,
+ "SSL_RSA_WITH_IDEA_CBC_SHA"
+ ),
+ // Cipher 08
+ TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ "EXP-DES-CBC-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 56,
+ "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"
+ ),
+ // Cipher 09
+ TLS_RSA_WITH_DES_CBC_SHA(
+ "DES-CBC-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_RSA_WITH_DES_CBC_SHA"
+ ),
+ // Cipher 0A
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA(
+ "DES-CBC3-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168,
+ "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+ ),
+ /* The DH ciphers */
+ // Cipher 0B
+ TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(
+ "EXP-DH-DSS-DES-CBC-SHA",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 56,
+ "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"
+ ),
+ // Cipher 0C
+ TLS_DH_DSS_WITH_DES_CBC_SHA(
+ "DH-DSS-DES-CBC-SHA",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_DH_DSS_WITH_DES_CBC_SHA"
+ ),
+ // Cipher 0D
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA(
+ "DH-DSS-DES-CBC3-SHA",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168,
+ "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"
+ ),
+ // Cipher 0E
+ TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ "EXP-DH-RSA-DES-CBC-SHA",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 56,
+ "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"
+ ),
+ // Cipher 0F
+ TLS_DH_RSA_WITH_DES_CBC_SHA(
+ "DH-RSA-DES-CBC-SHA",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_DH_RSA_WITH_DES_CBC_SHA"
+ ),
+ // Cipher 10
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA(
+ "DH-RSA-DES-CBC3-SHA",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168,
+ "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"
+ ),
+ /* The Ephemeral DH ciphers */
+ // Cipher 11
+ TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
+ "EXP-EDH-DSS-DES-CBC-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 56,
+ "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
+ ),
+ // Cipher 12
+ TLS_DHE_DSS_WITH_DES_CBC_SHA(
+ "EDH-DSS-DES-CBC-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_DHE_DSS_WITH_DES_CBC_SHA"
+ ),
+ // Cipher 13
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
+ "EDH-DSS-DES-CBC3-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168,
+ "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+ ),
+ // Cipher 14
+ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ "EXP-EDH-RSA-DES-CBC-SHA",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 56,
+ "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
+ ),
+ // Cipher 15
+ TLS_DHE_RSA_WITH_DES_CBC_SHA(
+ "EDH-RSA-DES-CBC-SHA",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_DHE_RSA_WITH_DES_CBC_SHA"
+ ),
+ // Cipher 16
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
+ "EDH-RSA-DES-CBC3-SHA",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168,
+ "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
+ ),
+ // Cipher 17
+ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5(
+ "EXP-ADH-RC4-MD5",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128,
+ "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"
+ ),
+ // Cipher 18
+ TLS_DH_anon_WITH_RC4_128_MD5(
+ "ADH-RC4-MD5",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128,
+ "SSL_DH_anon_WITH_RC4_128_MD5"
+ ),
+ // Cipher 19
+ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
+ "EXP-ADH-DES-CBC-SHA",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128,
+ "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"
+ ),
+ // Cipher 1A
+ TLS_DH_anon_WITH_DES_CBC_SHA(
+ "ADH-DES-CBC-SHA",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_DH_anon_WITH_DES_CBC_SHA"
+ ),
+ // Cipher 1B
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA(
+ "ADH-DES-CBC3-SHA",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168,
+ "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"
+ ),
+ /* Fortezza ciphersuite from SSL 3.0 spec */
+ SSL_FORTEZZA_DMS_WITH_NULL_SHA(
+ "FZA-NULL-SHA",
+ KeyExchange.FZA,
+ Authentication.FZA,
+ Encryption.eNULL,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ false,
+ 0,
+ 0
+ ),
+ SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA(
+ "FZA-FZA-CBC-SHA",
+ KeyExchange.FZA,
+ Authentication.FZA,
+ Encryption.FZA,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ false,
+ 0,
+ 0
+ ),
+ SSL_FORTEZZA_DMS_WITH_RC4_128_SHA(
+ "FZA-RC4-SHA",
+ KeyExchange.FZA,
+ Authentication.FZA,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ /* The Kerberos ciphers*/
+ // Cipher 1E
+ /*TLS_KRB5_WITH_DES_CBC_SHA(
+ "KRB5-DES-CBC-SHA",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56
+ ),
+ // Cipher 1F
+ TLS_KRB5_WITH_3DES_EDE_CBC_SHA(
+ "KRB5-DES-CBC3-SHA",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168
+ ),
+ // Cipher 20
+ TLS_KRB5_WITH_RC4_128_SHA(
+ "KRB5-RC4-SHA",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 21
+ TLS_KRB5_WITH_IDEA_CBC_SHA(
+ "KRB5-IDEA-CBC-SHA",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.IDEA,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 22
+ TLS_KRB5_WITH_DES_CBC_MD5(
+ "KRB5-DES-CBC-MD5",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.DES,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56
+ ),
+ // Cipher 23
+ TLS_KRB5_WITH_3DES_EDE_CBC_MD5(
+ "KRB5-DES-CBC3-MD5",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.TRIPLE_DES,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 168,
+ 168
+ ),
+ // Cipher 24
+ TLS_KRB5_WITH_RC4_128_MD5(
+ "KRB5-RC4-MD5",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 25
+ TLS_KRB5_WITH_IDEA_CBC_MD5(
+ "KRB5-IDEA-CBC-MD5",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.IDEA,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 26
+ TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA(
+ "EXP-KRB5-DES-CBC-SHA",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 56
+ ),
+ // Cipher 27
+ TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA(
+ "EXP-KRB5-RC2-CBC-SHA",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.RC2,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128
+ ),
+ // Cipher 28
+ TLS_KRB5_EXPORT_WITH_RC4_40_SHA(
+ "EXP-KRB5-RC4-SHA",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128
+ ),
+ // Cipher 29
+ TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5(
+ "EXP-KRB5-DES-CBC-MD5",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.DES,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 56
+ ),
+ // Cipher 2A
+ TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5(
+ "EXP-KRB5-RC2-CBC-MD5",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.RC2,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128
+ ),
+ // Cipher 2B
+ TLS_KRB5_EXPORT_WITH_RC4_40_MD5(
+ "EXP-KRB5-RC4-MD5",
+ KeyExchange.KRB5,
+ Authentication.KRB5,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv3,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128
+ ),*/
+ /* New AES ciphersuites */
+ // Cipher 2F
+ TLS_RSA_WITH_AES_128_CBC_SHA(
+ "AES128-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 30
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA(
+ "DH-DSS-AES128-SHA",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 31
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA(
+ "DH-RSA-AES128-SHA",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 32
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
+ "DHE-DSS-AES128-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 33
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
+ "DHE-RSA-AES128-SHA",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 34
+ TLS_DH_anon_WITH_AES_128_CBC_SHA(
+ "ADH-AES128-SHA",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 35
+ TLS_RSA_WITH_AES_256_CBC_SHA(
+ "AES256-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 36
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA(
+ "DH-DSS-AES256-SHA",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 37
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA(
+ "DH-RSA-AES256-SHA",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 38
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
+ "DHE-DSS-AES256-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 39
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
+ "DHE-RSA-AES256-SHA",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 3A
+ TLS_DH_anon_WITH_AES_256_CBC_SHA(
+ "ADH-AES256-SHA",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ /* TLS v1.2 ciphersuites */
+ // Cipher 3B
+ TLS_RSA_WITH_NULL_SHA256(
+ "NULL-SHA256",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.eNULL,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ true,
+ 0,
+ 0
+ ),
+ // Cipher 3C
+ TLS_RSA_WITH_AES_128_CBC_SHA256(
+ "AES128-SHA256",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 3D
+ TLS_RSA_WITH_AES_256_CBC_SHA256(
+ "AES256-SHA256",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES256,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 3E
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256(
+ "DH-DSS-AES128-SHA256",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 3F
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256(
+ "DH-RSA-AES128-SHA256",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 40
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
+ "DHE-DSS-AES128-SHA256",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ /* Camellia ciphersuites from RFC4132 (
+ 128-bit portion) */
+ // Cipher 41
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ "CAMELLIA128-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.CAMELLIA128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 42
+ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA(
+ "DH-DSS-CAMELLIA128-SHA",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.CAMELLIA128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 43
+ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ "DH-RSA-CAMELLIA128-SHA",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.CAMELLIA128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 44
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA(
+ "DHE-DSS-CAMELLIA128-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.CAMELLIA128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 45
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ "DHE-RSA-CAMELLIA128-SHA",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.CAMELLIA128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 46
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA(
+ "ADH-CAMELLIA128-SHA",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.CAMELLIA128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ /* New TLS Export CipherSuites from expired ID */
+ // Cipher 60
+ TLS_RSA_EXPORT1024_WITH_RC4_56_MD5(
+ "EXP1024-RC4-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.TLSv1,
+ true,
+ EncryptionLevel.EXP56,
+ false,
+ 56,
+ 128,
+ "SSL_RSA_EXPORT1024_WITH_RC4_56_MD5"
+ ),
+ // Cipher 61
+ TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5(
+ "EXP1024-RC2-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC2,
+ MessageDigest.MD5,
+ Protocol.TLSv1,
+ true,
+ EncryptionLevel.EXP56,
+ false,
+ 56,
+ 128,
+ "SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD"
+ ),
+ // Cipher 62
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA(
+ "EXP1024-DES-CBC-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ true,
+ EncryptionLevel.EXP56,
+ false,
+ 56,
+ 56,
+ "SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"
+ ),
+ // Cipher 63
+ TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA(
+ "EXP1024-DHE-DSS-DES-CBC-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ true,
+ EncryptionLevel.EXP56,
+ false,
+ 56,
+ 56,
+ "SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"
+ ),
+ // Cipher 64
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA(
+ "EXP1024-RC4-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ true,
+ EncryptionLevel.EXP56,
+ false,
+ 56,
+ 128,
+ "SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"
+ ),
+ // Cipher 65
+ TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA(
+ "EXP1024-DHE-DSS-RC4-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ true,
+ EncryptionLevel.EXP56,
+ false,
+ 56,
+ 128,
+ "SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"
+ ),
+ // Cipher 66
+ TLS_DHE_DSS_WITH_RC4_128_SHA(
+ "DHE-DSS-RC4-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128,
+ "SSL_DHE_DSS_WITH_RC4_128_SHA"
+ ),
+ /* TLS v1.2 ciphersuites */
+ // Cipher 67
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
+ "DHE-RSA-AES128-SHA256",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 68
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256(
+ "DH-DSS-AES256-SHA256",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.AES256,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 69
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256(
+ "DH-RSA-AES256-SHA256",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.AES256,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 6A
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
+ "DHE-DSS-AES256-SHA256",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.AES256,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 6B
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
+ "DHE-RSA-AES256-SHA256",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES256,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 6C
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256(
+ "ADH-AES128-SHA256",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 6D
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256(
+ "ADH-AES256-SHA256",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.AES256,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ /* GOST Ciphersuites */
+ /*
+ TLS_GOSTR341094_WITH_28147_CNT_IMIT(
+ "GOST94-GOST89-GOST89",
+ KeyExchange.GOST,
+ Authentication.GOST94,
+ Encryption.eGOST2814789CNT,
+ MessageDigest.GOST89MAC,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT(
+ "GOST2001-GOST89-GOST89",
+ KeyExchange.GOST,
+ Authentication.GOST01,
+ Encryption.eGOST2814789CNT,
+ MessageDigest.GOST89MAC,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411(
+ "GOST94-NULL-GOST94",
+ KeyExchange.GOST,
+ Authentication.GOST94,
+ Encryption.eNULL,
+ MessageDigest.GOST94,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ false,
+ 0,
+ 0
+ ),
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411(
+ "GOST2001-NULL-GOST94",
+ KeyExchange.GOST,
+ Authentication.GOST01,
+ Encryption.eNULL,
+ MessageDigest.GOST94,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ false,
+ 0,
+ 0
+ ),*/
+ /* Camellia ciphersuites from RFC4132 (
+ 256-bit portion) */
+ // Cipher 84
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ "CAMELLIA256-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.CAMELLIA256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ // Cipher 85
+ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA(
+ "DH-DSS-CAMELLIA256-SHA",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.CAMELLIA256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ // Cipher 86
+ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ "DH-RSA-CAMELLIA256-SHA",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.CAMELLIA256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ // Cipher 87
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA(
+ "DHE-DSS-CAMELLIA256-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.CAMELLIA256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ // Cipher 88
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ "DHE-RSA-CAMELLIA256-SHA",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.CAMELLIA256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ // Cipher 89
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA(
+ "ADH-CAMELLIA256-SHA",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.CAMELLIA256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ // Cipher 8A
+ TLS_PSK_WITH_RC4_128_SHA(
+ "PSK-RC4-SHA",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 8B
+ TLS_PSK_WITH_3DES_EDE_CBC_SHA(
+ "PSK-3DES-EDE-CBC-SHA",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168
+ ),
+ // Cipher 8C
+ TLS_PSK_WITH_AES_128_CBC_SHA(
+ "PSK-AES128-CBC-SHA",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 8D
+ TLS_PSK_WITH_AES_256_CBC_SHA(
+ "PSK-AES256-CBC-SHA",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ /* SEED ciphersuites from RFC4162 */
+ // Cipher 96
+ TLS_RSA_WITH_SEED_CBC_SHA(
+ "SEED-SHA",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.SEED,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 97
+ TLS_DH_DSS_WITH_SEED_CBC_SHA(
+ "DH-DSS-SEED-SHA",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.SEED,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 98
+ TLS_DH_RSA_WITH_SEED_CBC_SHA(
+ "DH-RSA-SEED-SHA",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.SEED,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 99
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA(
+ "DHE-DSS-SEED-SHA",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.SEED,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 9A
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA(
+ "DHE-RSA-SEED-SHA",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.SEED,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher 9B
+ TLS_DH_anon_WITH_SEED_CBC_SHA(
+ "ADH-SEED-SHA",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.SEED,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ /* GCM ciphersuites from RFC5288 */
+ // Cipher 9C
+ TLS_RSA_WITH_AES_128_GCM_SHA256(
+ "AES128-GCM-SHA256",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 9D
+ TLS_RSA_WITH_AES_256_GCM_SHA384(
+ "AES256-GCM-SHA384",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher 9E
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
+ "DHE-RSA-AES128-GCM-SHA256",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 9F
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
+ "DHE-RSA-AES256-GCM-SHA384",
+ KeyExchange.EDH,
+ Authentication.RSA,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher A0
+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256(
+ "DH-RSA-AES128-GCM-SHA256",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher A1
+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384(
+ "DH-RSA-AES256-GCM-SHA384",
+ KeyExchange.DHr,
+ Authentication.DH,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher A2
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
+ "DHE-DSS-AES128-GCM-SHA256",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher A3
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
+ "DHE-DSS-AES256-GCM-SHA384",
+ KeyExchange.EDH,
+ Authentication.DSS,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher A4
+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256(
+ "DH-DSS-AES128-GCM-SHA256",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher A5
+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384(
+ "DH-DSS-AES256-GCM-SHA384",
+ KeyExchange.DHd,
+ Authentication.DH,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher A6
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256(
+ "ADH-AES128-GCM-SHA256",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher A7
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384(
+ "ADH-AES256-GCM-SHA384",
+ KeyExchange.EDH,
+ Authentication.aNULL,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (
+ Mar 15, 2001) */
+ // Cipher C001
+ TLS_ECDH_ECDSA_WITH_NULL_SHA(
+ "ECDH-ECDSA-NULL-SHA",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.eNULL,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ true,
+ 0,
+ 0
+ ),
+ // Cipher C002
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
+ "ECDH-ECDSA-RC4-SHA",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher C003
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
+ "ECDH-ECDSA-DES-CBC3-SHA",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168
+ ),
+ // Cipher C004
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
+ "ECDH-ECDSA-AES128-SHA",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C005
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
+ "ECDH-ECDSA-AES256-SHA",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C006
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA(
+ "ECDHE-ECDSA-NULL-SHA",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.eNULL,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ true,
+ 0,
+ 0
+ ),
+ // Cipher C007
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
+ "ECDHE-ECDSA-RC4-SHA",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher C008
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
+ "ECDHE-ECDSA-DES-CBC3-SHA",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168
+ ),
+ // Cipher C009
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
+ "ECDHE-ECDSA-AES128-SHA",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C00A
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
+ "ECDHE-ECDSA-AES256-SHA",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C00B
+ TLS_ECDH_RSA_WITH_NULL_SHA(
+ "ECDH-RSA-NULL-SHA",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.eNULL,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ true,
+ 0,
+ 0
+ ),
+ // Cipher C00C
+ TLS_ECDH_RSA_WITH_RC4_128_SHA(
+ "ECDH-RSA-RC4-SHA",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher C00D
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
+ "ECDH-RSA-DES-CBC3-SHA",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168
+ ),
+ // Cipher C00E
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
+ "ECDH-RSA-AES128-SHA",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C00F
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
+ "ECDH-RSA-AES256-SHA",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ TLS_ECDHE_RSA_WITH_NULL_SHA(
+ "ECDHE-RSA-NULL-SHA",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.eNULL,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ true,
+ 0,
+ 0
+ ),
+ // Cipher C011
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA(
+ "ECDHE-RSA-RC4-SHA",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher C012
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
+ "ECDHE-RSA-DES-CBC3-SHA",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168
+ ),
+ // Cipher C013
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
+ "ECDHE-RSA-AES128-SHA",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C014
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
+ "ECDHE-RSA-AES256-SHA",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C015
+ TLS_ECDH_anon_WITH_NULL_SHA(
+ "AECDH-NULL-SHA",
+ KeyExchange.EECDH,
+ Authentication.aNULL,
+ Encryption.eNULL,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.STRONG_NONE,
+ true,
+ 0,
+ 0
+ ),
+ // Cipher C016
+ TLS_ECDH_anon_WITH_RC4_128_SHA(
+ "AECDH-RC4-SHA",
+ KeyExchange.EECDH,
+ Authentication.aNULL,
+ Encryption.RC4,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher C017
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
+ "AECDH-DES-CBC3-SHA",
+ KeyExchange.EECDH,
+ Authentication.aNULL,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 168,
+ 168
+ ),
+ // Cipher C018
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
+ "AECDH-AES128-SHA",
+ KeyExchange.EECDH,
+ Authentication.aNULL,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C019
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
+ "AECDH-AES256-SHA",
+ KeyExchange.EECDH,
+ Authentication.aNULL,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ /* SRP ciphersuite from RFC 5054 */
+ // Cipher C01A
+ TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA(
+ "SRP-3DES-EDE-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.SRP,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 168,
+ 168
+ ),
+ // Cipher C01B
+ TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA(
+ "SRP-RSA-3DES-EDE-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.RSA,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 168,
+ 168
+ ),
+ // Cipher C01C
+ TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA(
+ "SRP-DSS-3DES-EDE-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.DSS,
+ Encryption.TRIPLE_DES,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 168,
+ 168
+ ),
+ // Cipher C01D
+ TLS_SRP_SHA_WITH_AES_128_CBC_SHA(
+ "SRP-AES-128-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.SRP,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher C01E
+ TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA(
+ "SRP-RSA-AES-128-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.RSA,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher C01F
+ TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA(
+ "SRP-DSS-AES-128-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.DSS,
+ Encryption.AES128,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 128,
+ 128
+ ),
+ // Cipher C020
+ TLS_SRP_SHA_WITH_AES_256_CBC_SHA(
+ "SRP-AES-256-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.SRP,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ // Cipher C021
+ TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA(
+ "SRP-RSA-AES-256-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.RSA,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ // Cipher C022
+ TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA(
+ "SRP-DSS-AES-256-CBC-SHA",
+ KeyExchange.SRP,
+ Authentication.DSS,
+ Encryption.AES256,
+ MessageDigest.SHA1,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
+ // Cipher C023
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
+ "ECDHE-ECDSA-AES128-SHA256",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C024
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
+ "ECDHE-ECDSA-AES256-SHA384",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.AES256,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C025
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
+ "ECDH-ECDSA-AES128-SHA256",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C026
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
+ "ECDH-ECDSA-AES256-SHA384",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.AES256,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C027
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
+ "ECDHE-RSA-AES128-SHA256",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C028
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
+ "ECDHE-RSA-AES256-SHA384",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.AES256,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C029
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
+ "ECDH-RSA-AES128-SHA256",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.AES128,
+ MessageDigest.SHA256,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C02A
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
+ "ECDH-RSA-AES256-SHA384",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.AES256,
+ MessageDigest.SHA384,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ /* GCM based TLS v1.2 ciphersuites from RFC5289 */
+ // Cipher C02B
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
+ "ECDHE-ECDSA-AES128-GCM-SHA256",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C02C
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
+ "ECDHE-ECDSA-AES256-GCM-SHA384",
+ KeyExchange.EECDH,
+ Authentication.ECDSA,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C02D
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
+ "ECDH-ECDSA-AES128-GCM-SHA256",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C02E
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
+ "ECDH-ECDSA-AES256-GCM-SHA384",
+ KeyExchange.ECDHe,
+ Authentication.ECDH,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C02F
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
+ "ECDHE-RSA-AES128-GCM-SHA256",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C030
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
+ "ECDHE-RSA-AES256-GCM-SHA384",
+ KeyExchange.EECDH,
+ Authentication.RSA,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // Cipher C031
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
+ "ECDH-RSA-AES128-GCM-SHA256",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher C032
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
+ "ECDH-RSA-AES256-GCM-SHA384",
+ KeyExchange.ECDHr,
+ Authentication.ECDH,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+ // RC4_128_WITH_MD5
+ SSL_CK_RC4_128_WITH_MD5(
+ "RC4-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // RC2_128_CBC_WITH_MD5
+ SSL_CK_RC2_128_CBC_WITH_MD5(
+ "RC2-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC2,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128
+ ),
+ // RC2_128_CBC_EXPORT40_WITH_MD5
+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5(
+ "EXP-RC2-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC2,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128
+ ),
+ /* TEMP_GOST_TLS*/
+ /*
+ // Cipher FF00
+ TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5(
+ "GOST-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.eGOST2814789CNT,
+ MessageDigest.MD5,
+ Protocol.TLSv1,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 256,
+ 256
+ ),
+ TLS_RSA_WITH_28147_CNT_GOST94(
+ "GOST-GOST94",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.eGOST2814789CNT,
+ MessageDigest.GOST94,
+ Protocol.TLSv1,
+ false, EncryptionLevel.HIGH,false,
+ 256,
+ 256
+ ),
+ {
+ 1,
+ "GOST-GOST89MAC",
+ 0x0300ff02,
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.eGOST2814789CNT,
+ MessageDigest.GOST89MAC,
+ Protocol.TLSv1,
+ false, EncryptionLevel.HIGH,false,
+
+ 256,
+ 256
+ ),
+ {
+ 1,
+ "GOST-GOST89STREAM",
+ 0x0300ff03,
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.eGOST2814789CNT,
+ MessageDigest.GOST89MAC,
+ Protocol.TLSv1,
+ false, EncryptionLevel.HIGH,false,
+ 256,
+ 256
+ },*/
+ // Cipher 0x020080
+ SSL2_RC4_128_EXPORT40_WITH_MD5(
+ "EXP-RC4-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128,
+ "SSL_RC4_128_EXPORT40_WITH_MD5"
+ ),
+ // Cipher 0x030080 / 0x040080
+ SSL2_RC2_CBC_128_CBC_WITH_MD5(
+ "RC2-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC2,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.MEDIUM,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher 0x050080
+ // IDEA_128_CBC_WITH_MD5
+ SSL2_IDEA_128_CBC_WITH_MD5(
+ "IDEA-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.IDEA,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false, EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128,
+ "SSL_CK_IDEA_128_CBC_WITH_MD5"
+ ),
+ // Cipher 0x060040
+ // DES_64_CBC_WITH_MD5
+ SSL2_DES_64_CBC_WITH_MD5(
+ "DES-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.DES,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_CK_DES_64_CBC_WITH_MD5"
+ ),
+ // Cipher 0x0700C0
+ // DES_192_EDE3_CBC_WITH_MD5
+ SSL2_DES_192_EDE3_CBC_WITH_MD5(
+ "DES-CBC3-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.TRIPLE_DES,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 168,
+ 168,
+ "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"
+ );
+
+
+ private final String openSSLAlias;
+ private final Set<String> jsseNames;
+ private final KeyExchange kx;
+ private final Authentication au;
+ private final Encryption enc;
+ private final MessageDigest mac;
+ private final Protocol protocol;
+ private final boolean export;
+ private final EncryptionLevel level;
+ private final boolean fipsCompatible;
+ /**
+ * Number of bits really used
+ */
+ private final int strength_bits;
+ /**
+ * Number of bits for algorithm
+ */
+ private final int alg_bits;
+
+ private Cipher(String openSSLAlias, KeyExchange kx, Authentication au, Encryption
enc, MessageDigest mac,
+ Protocol protocol, boolean export, EncryptionLevel level, boolean
fipsCompatible, int strength_bits,
+ int alg_bits, String... jsseAltNames) {
+ this.openSSLAlias = openSSLAlias;
+ Set<String> names = new HashSet<String>();
+ if (jsseAltNames != null) {
+ names.addAll(Arrays.asList(jsseAltNames));
+ }
+ names.add(name());
+ this.jsseNames = Collections.unmodifiableSet(names);
+ this.kx = kx;
+ this.au = au;
+ this.enc = enc;
+ this.mac = mac;
+ this.protocol = protocol;
+ this.export = export;
+ this.level = level;
+ this.fipsCompatible = fipsCompatible;
+ this.strength_bits = strength_bits;
+ this.alg_bits = alg_bits;
+ }
+
+ public String getOpenSSLAlias() {
+ return openSSLAlias;
+ }
+
+ public Set<String> getJsseNames() {
+ return jsseNames;
+ }
+
+ public KeyExchange getKx() {
+ return kx;
+ }
+
+ public Authentication getAu() {
+ return au;
+ }
+
+ public Encryption getEnc() {
+ return enc;
+ }
+
+ public MessageDigest getMac() {
+ return mac;
+ }
+
+ public Protocol getProtocol() {
+ return protocol;
+ }
+
+ public boolean isExport() {
+ return export;
+ }
+
+ public EncryptionLevel getLevel() {
+ return level;
+ }
+
+ public boolean isFipsCompatible() {
+ return fipsCompatible;
+ }
+
+ public int getStrength_bits() {
+ return strength_bits;
+ }
+
+ public int getAlg_bits() {
+ return alg_bits;
+ }
+
+}
Deleted:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java 2014-09-09
14:10:18 UTC (rev 2508)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -1,2304 +0,0 @@
-/*
- * Copyright (C) 2014 Red Hat, inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
- */
-package org.apache.tomcat.util.net.jsse.openssl;
-
-/**
- * All Ciphers for SSL/TSL.
- *
- * @author <a href="mailto:ehugonne@redhat.com">Emmanuel
Hugonnet</a> (c) 2014 Red Hat, inc.
- */
-enum Ciphers {
- /* The RSA ciphers */
- // Cipher 01
- SSL_RSA_WITH_NULL_MD5("NULL-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.eNULL,
- MessageDigest.MD5,
- Protocol.SSLv3,
- false,
- EncryptionLevel.STRONG_NONE,
- false,
- 0,
- 0),
- // Cipher 02
- SSL_RSA_WITH_NULL_SHA("NULL-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.eNULL,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.STRONG_NONE,
- true,
- 0,
- 0),
- // Cipher 03
- SSL_RSA_EXPORT_WITH_RC4_40_MD5("EXP-RC4-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128),
- // Cipher 04
- SSL_RSA_WITH_RC4_128_MD5("RC4-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 05
- SSL_RSA_WITH_RC4_128_SHA("RC4-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 06
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5("EXP-RC2-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC2,
- MessageDigest.MD5,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128),
- // Cipher 07
- SSL_RSA_WITH_IDEA_CBC_SHA("IDEA-CBC-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.IDEA,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 08
- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-DES-CBC-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 56),
- // Cipher 09
- SSL_RSA_WITH_DES_CBC_SHA("DES-CBC-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56),
- // Cipher 0A
- SSL_RSA_WITH_3DES_EDE_CBC_SHA("DES-CBC3-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168),
- /* The DH ciphers */
- // Cipher 0B
- SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA("EXP-DH-DSS-DES-CBC-SHA",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 56),
- // Cipher 0C
- SSL_DH_DSS_WITH_DES_CBC_SHA("DH-DSS-DES-CBC-SHA",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56),
- // Cipher 0D
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA("DH-DSS-DES-CBC3-SHA",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168),
- // Cipher 0E
- SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-DH-RSA-DES-CBC-SHA",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 56),
- // Cipher 0F
- SSL_DH_RSA_WITH_DES_CBC_SHA("DH-RSA-DES-CBC-SHA",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56),
- // Cipher 10
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA("DH-RSA-DES-CBC3-SHA",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168),
- /* The Ephemeral DH ciphers */
- // Cipher 11
- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA("EXP-EDH-DSS-DES-CBC-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 56),
- // Cipher 12
- SSL_DHE_DSS_WITH_DES_CBC_SHA("EDH-DSS-DES-CBC-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56),
- // Cipher 13
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA("EDH-DSS-DES-CBC3-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168),
- // Cipher 14
- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-EDH-RSA-DES-CBC-SHA",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 56),
- // Cipher 15
- TLS_DHE_RSA_WITH_DES_CBC_SHA("EDH-RSA-DES-CBC-SHA",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56),
- // Cipher 16
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA("EDH-RSA-DES-CBC3-SHA",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168),
- // Cipher 17
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5("EXP-ADH-RC4-MD5",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128),
- // Cipher 18
- TLS_DH_anon_WITH_RC4_128_MD5("ADH-RC4-MD5",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 19
- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA("EXP-ADH-DES-CBC-SHA",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128),
- // Cipher 1A
- TLS_DH_anon_WITH_DES_CBC_SHA("ADH-DES-CBC-SHA",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56),
- // Cipher 1B
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA("ADH-DES-CBC3-SHA",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168),
- /* Fortezza ciphersuite from SSL 3.0 spec */
- // Cipher 1C
- SSL_FORTEZZA_DMS_WITH_NULL_SHA("FZA-NULL-SHA",
- KeyExchange.FZA,
- Authentication.FZA,
- Encryption.eNULL,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.STRONG_NONE,
- false,
- 0,
- 0),
- // Cipher 1D
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA("FZA-FZA-CBC-SHA",
- KeyExchange.FZA,
- Authentication.FZA,
- Encryption.FZA,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.STRONG_NONE,
- false,
- 0,
- 0),
- // Cipher 1E
- SSL_FORTEZZA_DMS_WITH_RC4_128_SHA("FZA-RC4-SHA",
- KeyExchange.FZA,
- Authentication.FZA,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- /* The Kerberos ciphers*/
- // Cipher 1E
- /*TLS_KRB5_WITH_DES_CBC_SHA("KRB5-DES-CBC-SHA",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56),
- // Cipher 1F
- TLS_KRB5_WITH_3DES_EDE_CBC_SHA("KRB5-DES-CBC3-SHA",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168),
- // Cipher 20
- TLS_KRB5_WITH_RC4_128_SHA("KRB5-RC4-SHA",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 21
- TLS_KRB5_WITH_IDEA_CBC_SHA("KRB5-IDEA-CBC-SHA",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.IDEA,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 22
- TLS_KRB5_WITH_DES_CBC_MD5("KRB5-DES-CBC-MD5",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.DES,
- MessageDigest.MD5,
- Protocol.SSLv3,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56),
- // Cipher 23
- TLS_KRB5_WITH_3DES_EDE_CBC_MD5("KRB5-DES-CBC3-MD5",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.TRIPLE_DES,
- MessageDigest.MD5,
- Protocol.SSLv3,
- false,
- EncryptionLevel.HIGH,
- false,
- 168,
- 168),
- // Cipher 24
- TLS_KRB5_WITH_RC4_128_MD5("KRB5-RC4-MD5",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 25
- TLS_KRB5_WITH_IDEA_CBC_MD5("KRB5-IDEA-CBC-MD5",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.IDEA,
- MessageDigest.MD5,
- Protocol.SSLv3,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 26
- TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA("EXP-KRB5-DES-CBC-SHA",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 56),
- // Cipher 27
- TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA("EXP-KRB5-RC2-CBC-SHA",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.RC2,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128),
- // Cipher 28
- TLS_KRB5_EXPORT_WITH_RC4_40_SHA("EXP-KRB5-RC4-SHA",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128),
- // Cipher 29
- TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5("EXP-KRB5-DES-CBC-MD5",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.DES,
- MessageDigest.MD5,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 56),
- // Cipher 2A
- TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5("EXP-KRB5-RC2-CBC-MD5",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.RC2,
- MessageDigest.MD5,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128),
- // Cipher 2B
- TLS_KRB5_EXPORT_WITH_RC4_40_MD5("EXP-KRB5-RC4-MD5",
- KeyExchange.KRB5,
- Authentication.KRB5,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv3,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128),*/
- /* New AES ciphersuites */
- // Cipher 2F
- TLS_RSA_WITH_AES_128_CBC_SHA("AES128-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 30
- TLS_DH_DSS_WITH_AES_128_CBC_SHA("DH-DSS-AES128-SHA",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 31
- TLS_DH_RSA_WITH_AES_128_CBC_SHA("DH-RSA-AES128-SHA",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 32
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA("DHE-DSS-AES128-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 33
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA("DHE-RSA-AES128-SHA",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 34
- TLS_DH_anon_WITH_AES_128_CBC_SHA("ADH-AES128-SHA",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 35
- TLS_RSA_WITH_AES_256_CBC_SHA("AES256-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 36
- TLS_DH_DSS_WITH_AES_256_CBC_SHA("DH-DSS-AES256-SHA",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 37
- TLS_DH_RSA_WITH_AES_256_CBC_SHA("DH-RSA-AES256-SHA",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 38
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA("DHE-DSS-AES256-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 39
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA("DHE-RSA-AES256-SHA",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256), // Cipher 3A
- TLS_DH_anon_WITH_AES_256_CBC_SHA("ADH-AES256-SHA",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- /* TLS v1.2 ciphersuites */
- // Cipher 3B
- TLS_RSA_WITH_NULL_SHA256("NULL-SHA256",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.eNULL,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.STRONG_NONE,
- true,
- 0,
- 0),
- // Cipher 3C
- TLS_RSA_WITH_AES_128_CBC_SHA256("AES128-SHA256",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 3D
- TLS_RSA_WITH_AES_256_CBC_SHA256("AES256-SHA256",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.AES256,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 3E
- TLS_DH_DSS_WITH_AES_128_CBC_SHA256("DH-DSS-AES128-SHA256",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 3F
- TLS_DH_RSA_WITH_AES_128_CBC_SHA256("DH-RSA-AES128-SHA256",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 40
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256("DHE-DSS-AES128-SHA256",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- /* Camellia ciphersuites from RFC4132 (128-bit portion) */
- // Cipher 41
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA("CAMELLIA128-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.CAMELLIA128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128),
- // Cipher 42
- TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA("DH-DSS-CAMELLIA128-SHA",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.CAMELLIA128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128),
- // Cipher 43
- TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA("DH-RSA-CAMELLIA128-SHA",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.CAMELLIA128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128),
- // Cipher 44
- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA("DHE-DSS-CAMELLIA128-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.CAMELLIA128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128),
- // Cipher 45
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA("DHE-RSA-CAMELLIA128-SHA",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.CAMELLIA128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128),
- // Cipher 46
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA("ADH-CAMELLIA128-SHA",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.CAMELLIA128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128),
- /* New TLS Export CipherSuites from expired ID */
- // Cipher 60
- SSL_RSA_EXPORT1024_WITH_RC4_56_MD5("EXP1024-RC4-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.TLSv1,
- true,
- EncryptionLevel.EXP56,
- false,
- 56,
- 128),
- // Cipher 61
- SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD("EXP1024-RC2-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC2,
- MessageDigest.MD5,
- Protocol.TLSv1,
- true,
- EncryptionLevel.EXP56,
- false,
- 56,
- 128),
- // Cipher 62
- SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA("EXP1024-DES-CBC-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- true,
- EncryptionLevel.EXP56,
- false,
- 56,
- 56),
- // Cipher 63
- SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA("EXP1024-DHE-DSS-DES-CBC-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- true,
- EncryptionLevel.EXP56,
- false,
- 56,
- 56),
- // Cipher 64
- SSL_RSA_EXPORT1024_WITH_RC4_56_SHA("EXP1024-RC4-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- true,
- EncryptionLevel.EXP56,
- false,
- 56,
- 128),
- // Cipher 65
- SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA("EXP1024-DHE-DSS-RC4-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- true,
- EncryptionLevel.EXP56,
- false,
- 56,
- 128),
- // Cipher 66
- SSL_DHE_DSS_WITH_RC4_128_SHA("DHE-DSS-RC4-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- /* TLS v1.2 ciphersuites */
- // Cipher 67
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256("DHE-RSA-AES128-SHA256",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128),
- // Cipher 68
- TLS_DH_DSS_WITH_AES_256_CBC_SHA256("DH-DSS-AES256-SHA256",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.AES256,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 69
- TLS_DH_RSA_WITH_AES_256_CBC_SHA256("DH-RSA-AES256-SHA256",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.AES256,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 6A
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256("DHE-DSS-AES256-SHA256",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.AES256,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 6B
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256("DHE-RSA-AES256-SHA256",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.AES256,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- // Cipher 6C
- TLS_DH_anon_WITH_AES_128_CBC_SHA256("ADH-AES128-SHA256",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher 6D
- TLS_DH_anon_WITH_AES_256_CBC_SHA256("ADH-AES256-SHA256",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.AES256,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256),
- /* GOST Ciphersuites */
- TLS_GOSTR341094_WITH_28147_CNT_IMIT("GOST94-GOST89-GOST89",
- KeyExchange.GOST,
- Authentication.GOST94,
- Encryption.eGOST2814789CNT,
- MessageDigest.GOST89MAC,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256),
- TLS_GOSTR341001_WITH_28147_CNT_IMIT("GOST2001-GOST89-GOST89",
- KeyExchange.GOST,
- Authentication.GOST01,
- Encryption.eGOST2814789CNT,
- MessageDigest.GOST89MAC,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256),
- TLS_GOSTR341094_WITH_NULL_GOSTR3411("GOST94-NULL-GOST94",
- KeyExchange.GOST,
- Authentication.GOST94,
- Encryption.eNULL,
- MessageDigest.GOST94,
- Protocol.TLSv1,
- false,
- EncryptionLevel.STRONG_NONE,
- false,
- 0,
- 0),
- TLS_GOSTR341001_WITH_NULL_GOSTR3411("GOST2001-NULL-GOST94",
- KeyExchange.GOST,
- Authentication.GOST01,
- Encryption.eNULL,
- MessageDigest.GOST94,
- Protocol.TLSv1,
- false,
- EncryptionLevel.STRONG_NONE,
- false,
- 0,
- 0),
- /* Camellia ciphersuites from RFC4132 (256-bit portion) */
- // Cipher 84
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA("CAMELLIA256-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.CAMELLIA256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256),
- // Cipher 85
- TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA("DH-DSS-CAMELLIA256-SHA",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.CAMELLIA256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256),
- // Cipher 86
- TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SH("DH-RSA-CAMELLIA256-SHA",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.CAMELLIA256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256),
- // Cipher 87
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA("DHE-DSS-CAMELLIA256-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.CAMELLIA256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256),
- // Cipher 88
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA("DHE-RSA-CAMELLIA256-SHA",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.CAMELLIA256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256), // Cipher 89
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA("ADH-CAMELLIA256-SHA",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.CAMELLIA256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256),
- // Cipher 8A
- TLS_PSK_WITH_RC4_128_SHA("PSK-RC4-SHA",
- KeyExchange.PSK,
- Authentication.PSK,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128),
- // Cipher 8B
- TLS_PSK_WITH_3DES_EDE_CBC_SHA("PSK-3DES-EDE-CBC-SHA",
- KeyExchange.PSK,
- Authentication.PSK,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168
- ),
- // Cipher 8C
- TLS_PSK_WITH_AES_128_CBC_SHA("PSK-AES128-CBC-SHA",
- KeyExchange.PSK,
- Authentication.PSK,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher 8D
- TLS_PSK_WITH_AES_256_CBC_SHA("PSK-AES256-CBC-SHA",
- KeyExchange.PSK,
- Authentication.PSK,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- /* SEED ciphersuites from RFC4162 */
- // Cipher 96
- TLS_RSA_WITH_SEED_CBC_SHA("SEED-SHA",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.SEED,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher 97
- TLS_DH_DSS_WITH_SEED_CBC_SHA("DH-DSS-SEED-SHA",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.SEED,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher 98
- TLS_DH_RSA_WITH_SEED_CBC_SHA("DH-RSA-SEED-SHA",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.SEED,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher 99
- TLS_DHE_DSS_WITH_SEED_CBC_SHA("DHE-DSS-SEED-SHA",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.SEED,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher 9A
- TLS_DHE_RSA_WITH_SEED_CBC_SHA("DHE-RSA-SEED-SHA",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.SEED,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher 9B
- TLS_DH_anon_WITH_SEED_CBC_SHA("ADH-SEED-SHA",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.SEED,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- /* GCM ciphersuites from RFC5288 */
- // Cipher 9C
- TLS_RSA_WITH_AES_128_GCM_SHA256("AES128-GCM-SHA256",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher 9D
- TLS_RSA_WITH_AES_256_GCM_SHA384("AES256-GCM-SHA384",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher 9E
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256("DHE-RSA-AES128-GCM-SHA256",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher 9F
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384("DHE-RSA-AES256-GCM-SHA384",
- KeyExchange.EDH,
- Authentication.RSA,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher A0
- TLS_DH_RSA_WITH_AES_128_GCM_SHA256("DH-RSA-AES128-GCM-SHA256",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher A1
- TLS_DH_RSA_WITH_AES_256_GCM_SHA384("DH-RSA-AES256-GCM-SHA384",
- KeyExchange.DHr,
- Authentication.DH,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher A2
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256("DHE-DSS-AES128-GCM-SHA256",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher A3
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384("DHE-DSS-AES256-GCM-SHA384",
- KeyExchange.EDH,
- Authentication.DSS,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher A4
- TLS_DH_DSS_WITH_AES_128_GCM_SHA256("DH-DSS-AES128-GCM-SHA256",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher A5
- TLS_DH_DSS_WITH_AES_256_GCM_SHA384("DH-DSS-AES256-GCM-SHA384",
- KeyExchange.DHd,
- Authentication.DH,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher A6
- TLS_DH_anon_WITH_AES_128_GCM_SHA256("ADH-AES128-GCM-SHA256",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher A7
- TLS_DH_anon_WITH_AES_256_GCM_SHA384("ADH-AES256-GCM-SHA384",
- KeyExchange.EDH,
- Authentication.aNULL,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
- // Cipher C001
- TLS_ECDH_ECDSA_WITH_NULL_SHA("ECDH-ECDSA-NULL-SHA",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.eNULL,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.STRONG_NONE,
- true,
- 0,
- 0
- ),
- // Cipher C002
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA("ECDH-ECDSA-RC4-SHA",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher C003
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA("ECDH-ECDSA-DES-CBC3-SHA",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168
- ),
- // Cipher C004
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA("ECDH-ECDSA-AES128-SHA",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C005
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA("ECDH-ECDSA-AES256-SHA",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C006
- TLS_ECDHE_ECDSA_WITH_NULL_SHA("ECDHE-ECDSA-NULL-SHA",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.eNULL,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.STRONG_NONE,
- true,
- 0,
- 0
- ),
- // Cipher C007
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA("ECDHE-ECDSA-RC4-SHA",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher C008
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA("ECDHE-ECDSA-DES-CBC3-SHA",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168
- ),
- // Cipher C009
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA("ECDHE-ECDSA-AES128-SHA",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C00A
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA("ECDHE-ECDSA-AES256-SHA",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C00B
- TLS_ECDH_RSA_WITH_NULL_SHA("ECDH-RSA-NULL-SHA",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.eNULL,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.STRONG_NONE,
- true,
- 0,
- 0
- ),
- // Cipher C00C
- TLS_ECDH_RSA_WITH_RC4_128_SHA("ECDH-RSA-RC4-SHA",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher C00D
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA("ECDH-RSA-DES-CBC3-SHA",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168
- ),
- // Cipher C00E
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA("ECDH-RSA-AES128-SHA",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C00F
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA("ECDH-RSA-AES256-SHA",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- TLS_ECDHE_RSA_WITH_NULL_SHA("ECDHE-RSA-NULL-SHA",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.eNULL,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.STRONG_NONE,
- true,
- 0,
- 0
- ),
- // Cipher C011
- TLS_ECDHE_RSA_WITH_RC4_128_SHA("ECDHE-RSA-RC4-SHA",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher C012
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA("ECDHE-RSA-DES-CBC3-SHA",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168
- ),
- // Cipher C013
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA("ECDHE-RSA-AES128-SHA",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C014
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA("ECDHE-RSA-AES256-SHA",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C015
- TLS_ECDH_anon_WITH_NULL_SHA("AECDH-NULL-SHA",
- KeyExchange.EECDH,
- Authentication.aNULL,
- Encryption.eNULL,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.STRONG_NONE,
- true,
- 0,
- 0
- ),
- // Cipher C016
- TLS_ECDH_anon_WITH_RC4_128_SHA("AECDH-RC4-SHA",
- KeyExchange.EECDH,
- Authentication.aNULL,
- Encryption.RC4,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // Cipher C017
- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA("AECDH-DES-CBC3-SHA",
- KeyExchange.EECDH,
- Authentication.aNULL,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 168,
- 168
- ),
- // Cipher C018
- TLS_ECDH_anon_WITH_AES_128_CBC_SHA("AECDH-AES128-SHA",
- KeyExchange.EECDH,
- Authentication.aNULL,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C019
- TLS_ECDH_anon_WITH_AES_256_CBC_SHA("AECDH-AES256-SHA",
- KeyExchange.EECDH,
- Authentication.aNULL,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- /* SRP ciphersuite from RFC 5054 */
- // Cipher C01A
- TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA("SRP-3DES-EDE-CBC-SHA",
- KeyExchange.SRP,
- Authentication.aNULL,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 168,
- 168
- ),
- // Cipher C01B
- TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA("SRP-RSA-3DES-EDE-CBC-SHA",
- KeyExchange.SRP,
- Authentication.RSA,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 168,
- 168
- ),
- // Cipher C01C
- TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA("SRP-DSS-3DES-EDE-CBC-SHA",
- KeyExchange.SRP,
- Authentication.DSS,
- Encryption.TRIPLE_DES,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 168,
- 168
- ),
- // Cipher C01D
- TLS_SRP_SHA_WITH_AES_128_CBC_SHA("SRP-AES-128-CBC-SHA",
- KeyExchange.SRP,
- Authentication.aNULL,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128
- ),
- // Cipher C01E
- TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA("SRP-RSA-AES-128-CBC-SHA",
- KeyExchange.SRP,
- Authentication.RSA,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128
- ),
- // Cipher C01F
- TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA("SRP-DSS-AES-128-CBC-SHA",
- KeyExchange.SRP,
- Authentication.DSS,
- Encryption.AES128,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 128,
- 128
- ),
- // Cipher C020
- TLS_SRP_SHA_WITH_AES_256_CBC_SHA("SRP-AES-256-CBC-SHA",
- KeyExchange.SRP,
- Authentication.aNULL,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256
- ),
- // Cipher C021
- TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA("SRP-RSA-AES-256-CBC-SHA",
- KeyExchange.SRP,
- Authentication.RSA,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256
- ),
- // Cipher C022
- TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA("SRP-DSS-AES-256-CBC-SHA",
- KeyExchange.SRP,
- Authentication.DSS,
- Encryption.AES256,
- MessageDigest.SHA1,
- Protocol.TLSv1,
- false,
- EncryptionLevel.HIGH,
- false,
- 256,
- 256
- ),
- /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
- // Cipher C023
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256("ECDHE-ECDSA-AES128-SHA256",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C024
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384("ECDHE-ECDSA-AES256-SHA384",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.AES256,
- MessageDigest.SHA384,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C025
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256("ECDH-ECDSA-AES128-SHA256",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C026
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384("ECDH-ECDSA-AES256-SHA384",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.AES256,
- MessageDigest.SHA384,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C027
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256("ECDHE-RSA-AES128-SHA256",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C028
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384("ECDHE-RSA-AES256-SHA384",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.AES256,
- MessageDigest.SHA384,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C029
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256("ECDH-RSA-AES128-SHA256",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.AES128,
- MessageDigest.SHA256,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C02A
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384("ECDH-RSA-AES256-SHA384",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.AES256,
- MessageDigest.SHA384,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- /* GCM based TLS v1.2 ciphersuites from RFC5289 */
- // Cipher C02B
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256("ECDHE-ECDSA-AES128-GCM-SHA256",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C02C
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384("ECDHE-ECDSA-AES256-GCM-SHA384",
- KeyExchange.EECDH,
- Authentication.ECDSA,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C02D
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256("ECDH-ECDSA-AES128-GCM-SHA256",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C02E
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384("ECDH-ECDSA-AES256-GCM-SHA384",
- KeyExchange.ECDHe,
- Authentication.ECDH,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C02F
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256("ECDHE-RSA-AES128-GCM-SHA256",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C030
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("ECDHE-RSA-AES256-GCM-SHA384",
- KeyExchange.EECDH,
- Authentication.RSA,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // Cipher C031
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("ECDH-RSA-AES128-GCM-SHA256",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.AES128GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 128,
- 128
- ),
- // Cipher C032
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("ECDH-RSA-AES256-GCM-SHA384",
- KeyExchange.ECDHr,
- Authentication.ECDH,
- Encryption.AES256GCM,
- MessageDigest.AEAD,
- Protocol.TLSv1_2,
- false,
- EncryptionLevel.HIGH,
- true,
- 256,
- 256
- ),
- // RC4_128_WITH_MD5
- SSL_CK_RC4_128_WITH_MD5("RC4-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // RC4_128_EXPORT40_WITH_MD5
- SSL_CK_RC4_128_EXPORT40_WITH_MD5("EXP-RC4-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv2,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128
- ),
- // RC2_128_CBC_WITH_MD5
- SSL_CK_RC2_128_CBC_WITH_MD5("RC2-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC2,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // RC2_128_CBC_EXPORT40_WITH_MD5
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5("EXP-RC2-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC2,
- MessageDigest.MD5,
- Protocol.SSLv2,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128
- ),
- // IDEA_128_CBC_WITH_MD5
- SSL_CK_IDEA_128_CBC_WITH_MD5("IDEA-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.IDEA,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false, EncryptionLevel.MEDIUM,
- false,
- 128,
- 128
- ),
- // DES_64_CBC_WITH_MD5
- SSL_CK_DES_64_CBC_WITH_MD5("DES-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.DES,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56
- ),
- // DES_192_EDE3_CBC_WITH_MD5
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5("DES-CBC3-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.TRIPLE_DES,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.HIGH,
- false,
- 168,
- 168
- );
-
- /* TEMP_GOST_TLS*/
- /*
- // Cipher FF00
- TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5("GOST-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.eGOST2814789CNT,
- MessageDigest.MD5,
- Protocol.TLSv1,
- false, EncryptionLevel.HIGH,false,
-
- 256,
- 256,
- ),
- TLS_RSA_WITH_28147_CNT_GOST94(
- "GOST-GOST94",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.eGOST2814789CNT,
- MessageDigest.GOST94,
- Protocol.TLSv1,
- false, EncryptionLevel.HIGH,false,
-
- 256,
- 256
- ),
- {
- 1,
- "GOST-GOST89MAC",
- 0x0300ff02,
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.eGOST2814789CNT,
- MessageDigest.GOST89MAC,
- Protocol.TLSv1,
- false, EncryptionLevel.HIGH,false,
-
- 256,
- 256
- ),
- {
- 1,
- "GOST-GOST89STREAM",
- 0x0300ff03,
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.eGOST2814789CNT,
- MessageDigest.GOST89MAC,
- Protocol.TLSv1,
- false, EncryptionLevel.HIGH,false,
-
- 256,
- 256
- };*/
- private final String openSSLAlias;
- private final KeyExchange kx;
- private final Authentication au;
- private final Encryption enc;
- private final MessageDigest mac;
- private final Protocol protocol;
- private final boolean export;
- private final EncryptionLevel level;
- private final boolean fipsCompatible;
- /**
- * Number of bits really used
- */
- private final int strength_bits;
- /**
- * Number of bits for algorithm
- */
- private final int alg_bits;
-
- Ciphers(String openSSLAlias, KeyExchange kx, Authentication au,
- Encryption enc, MessageDigest mac, Protocol protocol, boolean export,
- EncryptionLevel level, boolean fipsCompatible, int strength_bits,
- int alg_bits) {
- this.openSSLAlias = openSSLAlias;
- this.kx = kx;
- this.au = au;
- this.enc = enc;
- this.mac = mac;
- this.protocol = protocol;
- this.export = export;
- this.level = level;
- this.fipsCompatible = fipsCompatible;
- this.strength_bits = strength_bits;
- this.alg_bits = alg_bits;
- }
-
- public String getOpenSSLAlias() {
- return openSSLAlias;
- }
-
- public KeyExchange getKx() {
- return kx;
- }
-
- public Authentication getAu() {
- return au;
- }
-
- public Encryption getEnc() {
- return enc;
- }
-
- public MessageDigest getMac() {
- return mac;
- }
-
- public Protocol getProtocol() {
- return protocol;
- }
-
- public boolean isExport() {
- return export;
- }
-
- public EncryptionLevel getLevel() {
- return level;
- }
-
- public boolean isFipsCompatible() {
- return fipsCompatible;
- }
-
- public int getStrength_bits() {
- return strength_bits;
- }
-
- public int getAlg_bits() {
- return alg_bits;
- }
-
-}
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java 2014-09-09
14:10:18 UTC (rev 2508)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -1,30 +1,22 @@
/*
- * Copyright (C) 2014 Red Hat, inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
+
package org.apache.tomcat.util.net.jsse.openssl;
-/**
- *
- * @author <a href="mailto:ehugonne@redhat.com">Emmanuel
Hugonnet</a> (c) 2014
- * Red Hat, inc.
- */
enum Encryption {
AES256GCM, AES256, AES128GCM, AES128, CAMELLIA256, CAMELLIA128, TRIPLE_DES, DES,
IDEA, eGOST2814789CNT, SEED, FZA, RC4, RC2, eNULL;
}
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java 2014-09-09
14:10:18 UTC (rev 2508)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -1,29 +1,22 @@
/*
- * Copyright (C) 2014 Red Hat, inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
+
package org.apache.tomcat.util.net.jsse.openssl;
-/**
- *
- * @author <a href="mailto:ehugonne@redhat.com">Emmanuel
Hugonnet</a> (c) 2014 Red Hat, inc.
- */
enum EncryptionLevel {
STRONG_NONE, EXP40, EXP56, LOW, MEDIUM, HIGH, FIPS;
}
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java 2014-09-09
14:10:18 UTC (rev 2508)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -1,29 +1,22 @@
/*
- * Copyright (C) 2014 Red Hat, inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
+
package org.apache.tomcat.util.net.jsse.openssl;
-/**
- *
- * @author <a href="mailto:ehugonne@redhat.com">Emmanuel
Hugonnet</a> (c) 2014 Red Hat, inc.
- */
enum KeyExchange {
EECDH /* ephemeral ECDH */,
RSA /* RSA key exchange */,
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java 2014-09-09
14:10:18 UTC (rev 2508)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -1,29 +1,22 @@
/*
- * Copyright (C) 2014 Red Hat, inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
+
package org.apache.tomcat.util.net.jsse.openssl;
-/**
- *
- * @author <a href="mailto:ehugonne@redhat.com">Emmanuel
Hugonnet</a> (c) 2014 Red Hat, inc.
- */
enum MessageDigest {
MD5, SHA1, GOST94, GOST89MAC, SHA256, SHA384, AEAD;
}
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-09-09
14:10:18 UTC (rev 2508)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -1,23 +1,20 @@
/*
- * Copyright (C) 2014 Red Hat, inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
+
package org.apache.tomcat.util.net.jsse.openssl;
import java.util.ArrayList;
@@ -35,8 +32,6 @@
/**
* Class in charge with parsing openSSL expressions to define a list of ciphers.
- *
- * @author <a href="mailto:ehugonne@redhat.com">Emmanuel
Hugonnet</a> (c) 2014 Red Hat, inc.
*/
public class OpenSSLCipherConfigurationParser {
@@ -52,7 +47,7 @@
* If ! is used then the ciphers are permanently deleted from the list. The ciphers
deleted can never reappear in the list
* even if they are explicitly stated.
*/
- private final static String EXCLUDE = "!";
+ private static final String EXCLUDE = "!";
/**
* If - is used then the ciphers are deleted from the list, but some or all of the
ciphers can be added again by later
* options.
@@ -64,15 +59,15 @@
*/
private static final String TO_END = "+";
/**
- * Lists of cipher suites can be combined in a single cipher string using the +
character.
- * This is used as a logical and operation.
- * For example SHA1+DES represents all cipher suites containing the SHA1 and the DES
algorithms.
+ * Lists of cipher suites can be combined in a single cipher string using the +
character.
+ * This is used as a logical and operation.
+ * For example SHA1+DES represents all cipher suites containing the SHA1 and the DES
algorithms.
*/
private static final String AND = "+";
/**
* All ciphers by their openssl alias name.
*/
- private static final Map<String, List<Ciphers>> aliases = new
LinkedHashMap<String, List<Ciphers>>();
+ private static final Map<String, List<Cipher>> aliases = new
LinkedHashMap<String, List<Cipher>>();
/**
* the 'NULL' ciphers that is those offering no encryption. Because these
offer no encryption at all and are a security risk
@@ -120,7 +115,8 @@
*/
private static final String aRSA = "aRSA";
/**
- * Cipher suites using RSA for key exchange or for authentication.
+ * Cipher suites using RSA for key exchange
+ * Despite what the docs say, RSA is equivalent to kRSA.
*/
private static final String RSA = "RSA";
/**
@@ -168,6 +164,11 @@
*/
private static final String kEECDH = "kEECDH";
/**
+ * Cipher suites using ephemeral ECDH key agreement, excluding anonymous cipher
suites.
+ * Same as "kEECDH:-AECDH"
+ */
+ private static final String EECDH = "EECDH";
+ /**
* Cipher suitesusing ECDH key exchange, including anonymous, ephemeral and fixed
ECDH.
*/
private static final String ECDH = "ECDH";
@@ -226,7 +227,7 @@
/**
* TLS v1.2 cipher suites. Note: there are no cipher suites specific to TLS v1.1.
*/
- private static final String TLSv1_2 = "TLSv1_2";
+ private static final String TLSv1_2 = "TLSv1.2";
/**
* TLS v1.0 cipher suites.
*/
@@ -361,154 +362,162 @@
private static final void init() {
- for (Ciphers cipher : Ciphers.values()) {
+ for (Cipher cipher : Cipher.values()) {
String alias = cipher.getOpenSSLAlias();
if (aliases.containsKey(alias)) {
aliases.get(alias).add(cipher);
} else {
- List<Ciphers> list = new ArrayList<Ciphers>();
+ List<Cipher> list = new ArrayList<Cipher>();
list.add(cipher);
aliases.put(alias, list);
}
aliases.put(cipher.name(), Collections.singletonList(cipher));
}
- List<Ciphers> allCiphers = Arrays.asList(Ciphers.values());
- Collections.reverse(allCiphers);
- LinkedHashSet<Ciphers> all = defaultSort(new
LinkedHashSet<Ciphers>(allCiphers));
+ List<Cipher> allCiphersList = Arrays.asList(Cipher.values());
+ Collections.reverse(allCiphersList);
+ LinkedHashSet<Cipher> allCiphers = defaultSort(new
LinkedHashSet<Cipher>(allCiphersList));
+ addListAlias(eNULL, filterByEncryption(allCiphers,
Collections.singleton(Encryption.eNULL)));
+ LinkedHashSet<Cipher> all = new LinkedHashSet<Cipher>(allCiphers);
+ remove(all, eNULL);
addListAlias(ALL, all);
- addListAlias(HIGH, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.HIGH)));
- addListAlias(MEDIUM, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.MEDIUM)));
- addListAlias(LOW, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.LOW)));
- addListAlias(EXPORT, filterByEncryptionLevel(all, new
HashSet<EncryptionLevel>(Arrays.asList(EncryptionLevel.EXP40,
EncryptionLevel.EXP56))));
+ addListAlias(HIGH, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.HIGH)));
+ addListAlias(MEDIUM, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.MEDIUM)));
+ addListAlias(LOW, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.LOW)));
+ addListAlias(EXPORT, filterByEncryptionLevel(allCiphers, new
HashSet<EncryptionLevel>(Arrays.asList(EncryptionLevel.EXP40,
EncryptionLevel.EXP56))));
aliases.put("EXP", aliases.get(EXPORT));
- addListAlias(EXPORT40, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.EXP40)));
- addListAlias(EXPORT56, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.EXP56)));
- addListAlias(eNULL, filterByEncryption(all,
Collections.singleton(Encryption.eNULL)));
+ addListAlias(EXPORT40, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.EXP40)));
+ addListAlias(EXPORT56, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.EXP56)));
aliases.put("NULL", aliases.get(eNULL));
aliases.put(COMPLEMENTOFALL, aliases.get(eNULL));
- addListAlias(aNULL, filterByAuthentication(all,
Collections.singleton(Authentication.aNULL)));
- addListAlias(kRSA, filterByKeyExchange(all,
Collections.singleton(KeyExchange.RSA)));
- addListAlias(aRSA, filterByAuthentication(all,
Collections.singleton(Authentication.RSA)));
- addListAlias(RSA, filter(all, null, Collections.singleton(KeyExchange.RSA),
Collections.singleton(Authentication.RSA), null, null, null));
- addListAlias(kEDH, filterByKeyExchange(all,
Collections.singleton(KeyExchange.EDH)));
- addListAlias(kDHE, filterByKeyExchange(all,
Collections.singleton(KeyExchange.EDH)));
- Set<Ciphers> edh = filterByKeyExchange(all,
Collections.singleton(KeyExchange.EDH));
- edh.removeAll(filterByAuthentication(all,
Collections.singleton(Authentication.DH)));
+ addListAlias(aNULL, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
+ addListAlias(kRSA, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.RSA)));
+ addListAlias(aRSA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.RSA)));
+ // Despite what the docs say, RSA is equivalent to kRSA
+ aliases.put(RSA, aliases.get(kRSA));
+ addListAlias(kEDH, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH)));
+ addListAlias(kDHE, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH)));
+ Set<Cipher> edh = filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH));
+ edh.removeAll(filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
addListAlias(EDH, edh);
addListAlias(DHE, edh);
- addListAlias(kDHr, filterByKeyExchange(all,
Collections.singleton(KeyExchange.DHr)));
- addListAlias(kDHd, filterByKeyExchange(all,
Collections.singleton(KeyExchange.DHd)));
- addListAlias(kDH, filterByKeyExchange(all, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd))));
+ addListAlias(kDHr, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.DHr)));
+ addListAlias(kDHd, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.DHd)));
+ addListAlias(kDH, filterByKeyExchange(allCiphers, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd))));
- addListAlias(kECDHr, filterByKeyExchange(all,
Collections.singleton(KeyExchange.ECDHr)));
- addListAlias(kECDHe, filterByKeyExchange(all,
Collections.singleton(KeyExchange.ECDHe)));
- addListAlias(kECDH, filterByKeyExchange(all, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))));
- aliases.put(ECDH, aliases.get(kECDH));
- addListAlias(kECDHE, filterByKeyExchange(all,
Collections.singleton(KeyExchange.ECDHe)));
+ addListAlias(kECDHr, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.ECDHr)));
+ addListAlias(kECDHe, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.ECDHe)));
+ addListAlias(kECDH, filterByKeyExchange(allCiphers, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))));
+ addListAlias(ECDH, filterByKeyExchange(allCiphers, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr,
KeyExchange.EECDH))));
+ addListAlias(kECDHE, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.ECDHe)));
aliases.put(ECDHE, aliases.get(kECDHE));
- addListAlias(kEECDH, filterByKeyExchange(all,
Collections.singleton(KeyExchange.EECDH)));
+ addListAlias(kEECDH, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EECDH)));
aliases.put(EECDHE, aliases.get(kEECDH));
- addListAlias(aDSS, filterByAuthentication(all,
Collections.singleton(Authentication.DSS)));
+ Set<Cipher> eecdh = filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EECDH));
+ eecdh.removeAll(filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
+ addListAlias(EECDH, eecdh);
+ addListAlias(aDSS, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.DSS)));
aliases.put("DSS", aliases.get(aDSS));
- addListAlias(aDH, filterByAuthentication(all,
Collections.singleton(Authentication.DH)));
- Set<Ciphers> aecdh = filterByKeyExchange(all, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)));
- aecdh.retainAll(filterByAuthentication(all,
Collections.singleton(Authentication.aNULL)));
- addListAlias(AECDH, aecdh);
- addListAlias(aECDH, filterByAuthentication(all,
Collections.singleton(Authentication.ECDH)));
- addListAlias(ECDSA, filterByAuthentication(all,
Collections.singleton(Authentication.ECDSA)));
+ addListAlias(aDH, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.DH)));
+ Set<Cipher> aecdh = filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EECDH));
+ addListAlias(AECDH, filterByAuthentication(aecdh,
Collections.singleton(Authentication.aNULL)));
+ addListAlias(aECDH, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.ECDH)));
+ addListAlias(ECDSA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.ECDSA)));
aliases.put(aECDSA, aliases.get(ECDSA));
- addListAlias(kFZA, filterByKeyExchange(all,
Collections.singleton(KeyExchange.FZA)));
- addListAlias(aFZA, filterByAuthentication(all,
Collections.singleton(Authentication.FZA)));
- addListAlias(eFZA, filterByEncryption(all,
Collections.singleton(Encryption.FZA)));
- addListAlias(FZA, filter(all, null, Collections.singleton(KeyExchange.FZA),
Collections.singleton(Authentication.FZA), Collections.singleton(Encryption.FZA), null,
null));
- addListAlias(TLSv1_2, filterByProtocol(all,
Collections.singleton(Protocol.TLSv1_2)));
- addListAlias("TLSv1.1", filterByProtocol(all,
Collections.singleton(Protocol.SSLv3)));
- addListAlias(TLSv1, filterByProtocol(all,
Collections.singleton(Protocol.TLSv1)));
- addListAlias(SSLv3, filterByProtocol(all,
Collections.singleton(Protocol.SSLv3)));
- addListAlias(SSLv2, filterByProtocol(all,
Collections.singleton(Protocol.SSLv2)));
- addListAlias(DH, filterByKeyExchange(all, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd,
KeyExchange.EDH))));
- Set<Ciphers> adh = filterByKeyExchange(all,
Collections.singleton(KeyExchange.EDH));
- adh.retainAll(filterByAuthentication(all,
Collections.singleton(Authentication.aNULL)));
+ addListAlias(kFZA, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.FZA)));
+ addListAlias(aFZA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.FZA)));
+ addListAlias(eFZA, filterByEncryption(allCiphers,
Collections.singleton(Encryption.FZA)));
+ addListAlias(FZA, filter(allCiphers, null,
Collections.singleton(KeyExchange.FZA), Collections.singleton(Authentication.FZA),
Collections.singleton(Encryption.FZA), null, null));
+ addListAlias(TLSv1_2, filterByProtocol(allCiphers,
Collections.singleton(Protocol.TLSv1_2)));
+ addListAlias("TLSv1.1", filterByProtocol(allCiphers,
Collections.singleton(Protocol.SSLv3)));
+ addListAlias(TLSv1, filterByProtocol(allCiphers, new
HashSet<Protocol>(Arrays.asList(Protocol.TLSv1, Protocol.SSLv3))));
+ aliases.put(SSLv3, aliases.get(TLSv1));
+ addListAlias(SSLv2, filterByProtocol(allCiphers,
Collections.singleton(Protocol.SSLv2)));
+ addListAlias(DH, filterByKeyExchange(allCiphers, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd,
KeyExchange.EDH))));
+ Set<Cipher> adh = filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH));
+ adh.retainAll(filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
addListAlias(ADH, adh);
- addListAlias(AES128, filterByEncryption(all, new
HashSet<Encryption>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM))));
- addListAlias(AES256, filterByEncryption(all, new
HashSet<Encryption>(Arrays.asList(Encryption.AES256, Encryption.AES256GCM))));
- addListAlias(AES, filterByEncryption(all, new
HashSet<Encryption>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM,
Encryption.AES256, Encryption.AES256GCM))));
- addListAlias(AESGCM, filterByEncryption(all, new
HashSet<Encryption>(Arrays.asList(Encryption.AES128GCM, Encryption.AES256GCM))));
- addListAlias(CAMELLIA, filterByEncryption(all, new
HashSet<Encryption>(Arrays.asList(Encryption.CAMELLIA128,
Encryption.CAMELLIA256))));
- addListAlias(CAMELLIA128, filterByEncryption(all,
Collections.singleton(Encryption.CAMELLIA128)));
- addListAlias(CAMELLIA256, filterByEncryption(all,
Collections.singleton(Encryption.CAMELLIA256)));
- addListAlias(TRIPLE_DES, filterByEncryption(all,
Collections.singleton(Encryption.TRIPLE_DES)));
- addListAlias(DES, filterByEncryption(all,
Collections.singleton(Encryption.DES)));
- addListAlias(RC4, filterByEncryption(all,
Collections.singleton(Encryption.RC4)));
- addListAlias(RC2, filterByEncryption(all,
Collections.singleton(Encryption.RC2)));
- addListAlias(IDEA, filterByEncryption(all,
Collections.singleton(Encryption.IDEA)));
- addListAlias(SEED, filterByEncryption(all,
Collections.singleton(Encryption.SEED)));
- addListAlias(MD5, filterByMessageDigest(all,
Collections.singleton(MessageDigest.MD5)));
- addListAlias(SHA1, filterByMessageDigest(all,
Collections.singleton(MessageDigest.SHA1)));
+ addListAlias(AES128, filterByEncryption(allCiphers, new
HashSet<Encryption>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM))));
+ addListAlias(AES256, filterByEncryption(allCiphers, new
HashSet<Encryption>(Arrays.asList(Encryption.AES256, Encryption.AES256GCM))));
+ addListAlias(AES, filterByEncryption(allCiphers, new
HashSet<Encryption>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM,
Encryption.AES256, Encryption.AES256GCM))));
+ addListAlias(AESGCM, filterByEncryption(allCiphers, new
HashSet<Encryption>(Arrays.asList(Encryption.AES128GCM, Encryption.AES256GCM))));
+ addListAlias(CAMELLIA, filterByEncryption(allCiphers, new
HashSet<Encryption>(Arrays.asList(Encryption.CAMELLIA128,
Encryption.CAMELLIA256))));
+ addListAlias(CAMELLIA128, filterByEncryption(allCiphers,
Collections.singleton(Encryption.CAMELLIA128)));
+ addListAlias(CAMELLIA256, filterByEncryption(allCiphers,
Collections.singleton(Encryption.CAMELLIA256)));
+ addListAlias(TRIPLE_DES, filterByEncryption(allCiphers,
Collections.singleton(Encryption.TRIPLE_DES)));
+ addListAlias(DES, filterByEncryption(allCiphers,
Collections.singleton(Encryption.DES)));
+ addListAlias(RC4, filterByEncryption(allCiphers,
Collections.singleton(Encryption.RC4)));
+ addListAlias(RC2, filterByEncryption(allCiphers,
Collections.singleton(Encryption.RC2)));
+ addListAlias(IDEA, filterByEncryption(allCiphers,
Collections.singleton(Encryption.IDEA)));
+ addListAlias(SEED, filterByEncryption(allCiphers,
Collections.singleton(Encryption.SEED)));
+ addListAlias(MD5, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.MD5)));
+ addListAlias(SHA1, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.SHA1)));
aliases.put(SHA, aliases.get(SHA1));
- addListAlias(SHA256, filterByMessageDigest(all,
Collections.singleton(MessageDigest.SHA256)));
- addListAlias(SHA384, filterByMessageDigest(all,
Collections.singleton(MessageDigest.SHA384)));
- addListAlias(aGOST, filterByAuthentication(all, new
HashSet<Authentication>(Arrays.asList(Authentication.GOST01,
Authentication.GOST94))));
- addListAlias(aGOST01, filterByAuthentication(all,
Collections.singleton(Authentication.GOST01)));
- addListAlias(aGOST94, filterByAuthentication(all,
Collections.singleton(Authentication.GOST94)));
- addListAlias(kGOST, filterByKeyExchange(all,
Collections.singleton(KeyExchange.GOST)));
- addListAlias(GOST94, filterByMessageDigest(all,
Collections.singleton(MessageDigest.GOST94)));
- addListAlias(GOST89MAC, filterByMessageDigest(all,
Collections.singleton(MessageDigest.GOST89MAC)));
- addListAlias(PSK, filter(all, null, Collections.singleton(KeyExchange.PSK),
Collections.singleton(Authentication.PSK), null, null, null));
- addListAlias(KRB5, filter(all, null, Collections.singleton(KeyExchange.KRB5),
Collections.singleton(Authentication.KRB5), null, null, null));
+ addListAlias(SHA256, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.SHA256)));
+ addListAlias(SHA384, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.SHA384)));
+ addListAlias(aGOST, filterByAuthentication(allCiphers, new
HashSet<Authentication>(Arrays.asList(Authentication.GOST01,
Authentication.GOST94))));
+ addListAlias(aGOST01, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.GOST01)));
+ addListAlias(aGOST94, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.GOST94)));
+ addListAlias(kGOST, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.GOST)));
+ addListAlias(GOST94, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.GOST94)));
+ addListAlias(GOST89MAC, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.GOST89MAC)));
+ addListAlias(PSK, filter(allCiphers, null,
Collections.singleton(KeyExchange.PSK), Collections.singleton(Authentication.PSK), null,
null, null));
+ addListAlias(KRB5, filter(allCiphers, null,
Collections.singleton(KeyExchange.KRB5), Collections.singleton(Authentication.KRB5), null,
null, null));
initialized = true;
- String defaultExpression = System.getProperty(DEFAULT_EXPRESSION_KEY,
"ALL:!eNULL:!aNULL");
+ // Despite what the OpenSSL docs say, DEFAULT also excludes SSLv2
+ String defaultExpression = System.getProperty(DEFAULT_EXPRESSION_KEY,
"ALL:!eNULL:!aNULL:!SSLv2");
addListAlias(DEFAULT, parse(defaultExpression));
- LinkedHashSet<Ciphers> complementOfDefault = new
LinkedHashSet<Ciphers>(all);
- complementOfDefault.removeAll(aliases.get(DEFAULT));
+ // COMPLEMENTOFDEFAULT is also not exactly as defined by the docs
+ Set<Cipher> complementOfDefault = filterByKeyExchange(all, new
HashSet<KeyExchange>(Arrays.asList(KeyExchange.EDH,KeyExchange.EECDH)));
+ complementOfDefault = filterByAuthentication(complementOfDefault,
Collections.singleton(Authentication.aNULL));
+ complementOfDefault.removeAll(aliases.get(eNULL));
addListAlias(COMPLEMENTOFDEFAULT, complementOfDefault);
}
- static void addListAlias(String alias, Set<Ciphers> ciphers) {
- aliases.put(alias, new ArrayList<Ciphers>(ciphers));
+ static void addListAlias(String alias, Set<Cipher> ciphers) {
+ aliases.put(alias, new ArrayList<Cipher>(ciphers));
}
- static void moveToEnd(final LinkedHashSet<Ciphers> ciphers, final String alias)
{
+ static void moveToEnd(final LinkedHashSet<Cipher> ciphers, final String alias)
{
moveToEnd(ciphers, aliases.get(alias));
}
- static void moveToEnd(final LinkedHashSet<Ciphers> ciphers, final
Collection<Ciphers> toBeMovedCiphers) {
- List<Ciphers> movedCiphers = new
ArrayList<Ciphers>(toBeMovedCiphers);
+ static void moveToEnd(final LinkedHashSet<Cipher> ciphers, final
Collection<Cipher> toBeMovedCiphers) {
+ List<Cipher> movedCiphers = new ArrayList<Cipher>(toBeMovedCiphers);
movedCiphers.retainAll(ciphers);
ciphers.removeAll(movedCiphers);
ciphers.addAll(movedCiphers);
}
- static void add(final LinkedHashSet<Ciphers> ciphers, final String alias) {
+ static void add(final LinkedHashSet<Cipher> ciphers, final String alias) {
ciphers.addAll(aliases.get(alias));
}
- static void remove(final LinkedHashSet<Ciphers> ciphers, final String alias) {
+ static void remove(final LinkedHashSet<Cipher> ciphers, final String alias) {
ciphers.removeAll(aliases.get(alias));
}
- static LinkedHashSet<Ciphers> strengthSort(final LinkedHashSet<Ciphers>
ciphers) {
+ static LinkedHashSet<Cipher> strengthSort(final LinkedHashSet<Cipher>
ciphers) {
/*
* This routine sorts the ciphers with descending strength. The sorting
* must keep the pre-sorted sequence, so we apply the normal sorting
* routine as '+' movement to the end of the list.
*/
Set<Integer> keySizes = new HashSet<Integer>();
- for (Ciphers cipher : ciphers) {
- keySizes.add(cipher.getStrength_bits());
+ for (Cipher cipher : ciphers) {
+ keySizes.add(Integer.valueOf(cipher.getStrength_bits()));
}
List<Integer> strength_bits = new ArrayList<Integer>(keySizes);
Collections.sort(strength_bits);
Collections.reverse(strength_bits);
- final LinkedHashSet<Ciphers> result = new
LinkedHashSet<Ciphers>(ciphers);
+ final LinkedHashSet<Cipher> result = new
LinkedHashSet<Cipher>(ciphers);
for (int strength : strength_bits) {
moveToEnd(result, filterByStrengthBits(ciphers, strength));
}
return result;
}
- static LinkedHashSet<Ciphers> defaultSort(final LinkedHashSet<Ciphers>
ciphers) {
- final LinkedHashSet<Ciphers> result = new
LinkedHashSet<Ciphers>(ciphers.size());
+ static LinkedHashSet<Cipher> defaultSort(final LinkedHashSet<Cipher>
ciphers) {
+ final LinkedHashSet<Cipher> result = new
LinkedHashSet<Cipher>(ciphers.size());
/* Now arrange all ciphers by preference: */
/* Everything else being equal, prefer ephemeral ECDH over other key exchange
mechanisms */
@@ -519,6 +528,8 @@
/* Temporarily enable everything else for sorting */
result.addAll(ciphers);
+ /* Low priority for SSLv2 */
+ moveToEnd(result, filterByProtocol(result,
Collections.singleton(Protocol.SSLv2)));
/* Low priority for MD5 */
moveToEnd(result, filterByMessageDigest(result,
Collections.singleton(MessageDigest.MD5)));
@@ -538,9 +549,9 @@
return strengthSort(result);
}
- static Set<Ciphers> filterByStrengthBits(Set<Ciphers> ciphers, int
strength_bits) {
- Set<Ciphers> result = new LinkedHashSet<Ciphers>(ciphers.size());
- for (Ciphers cipher : ciphers) {
+ static Set<Cipher> filterByStrengthBits(Set<Cipher> ciphers, int
strength_bits) {
+ Set<Cipher> result = new LinkedHashSet<Cipher>(ciphers.size());
+ for (Cipher cipher : ciphers) {
if (cipher.getStrength_bits() == strength_bits) {
result.add(cipher);
}
@@ -548,34 +559,34 @@
return result;
}
- static Set<Ciphers> filterByProtocol(Set<Ciphers> ciphers,
Set<Protocol> protocol) {
+ static Set<Cipher> filterByProtocol(Set<Cipher> ciphers,
Set<Protocol> protocol) {
return filter(ciphers, protocol, null, null, null, null, null);
}
- static Set<Ciphers> filterByKeyExchange(Set<Ciphers> ciphers,
Set<KeyExchange> kx) {
+ static Set<Cipher> filterByKeyExchange(Set<Cipher> ciphers,
Set<KeyExchange> kx) {
return filter(ciphers, null, kx, null, null, null, null);
}
- static Set<Ciphers> filterByAuthentication(Set<Ciphers> ciphers,
Set<Authentication> au) {
+ static Set<Cipher> filterByAuthentication(Set<Cipher> ciphers,
Set<Authentication> au) {
return filter(ciphers, null, null, au, null, null, null);
}
- static Set<Ciphers> filterByEncryption(Set<Ciphers> ciphers,
Set<Encryption> enc) {
+ static Set<Cipher> filterByEncryption(Set<Cipher> ciphers,
Set<Encryption> enc) {
return filter(ciphers, null, null, null, enc, null, null);
}
- static Set<Ciphers> filterByEncryptionLevel(Set<Ciphers> ciphers,
Set<EncryptionLevel> level) {
+ static Set<Cipher> filterByEncryptionLevel(Set<Cipher> ciphers,
Set<EncryptionLevel> level) {
return filter(ciphers, null, null, null, null, level, null);
}
- static Set<Ciphers> filterByMessageDigest(Set<Ciphers> ciphers,
Set<MessageDigest> mac) {
+ static Set<Cipher> filterByMessageDigest(Set<Cipher> ciphers,
Set<MessageDigest> mac) {
return filter(ciphers, null, null, null, null, null, mac);
}
- static Set<Ciphers> filter(Set<Ciphers> ciphers, Set<Protocol>
protocol, Set<KeyExchange> kx,
+ static Set<Cipher> filter(Set<Cipher> ciphers, Set<Protocol>
protocol, Set<KeyExchange> kx,
Set<Authentication> au, Set<Encryption> enc,
Set<EncryptionLevel> level, Set<MessageDigest> mac) {
- Set<Ciphers> result = new LinkedHashSet<Ciphers>(ciphers.size());
- for (Ciphers cipher : ciphers) {
+ Set<Cipher> result = new LinkedHashSet<Cipher>(ciphers.size());
+ for (Cipher cipher : ciphers) {
if (protocol != null && protocol.contains(cipher.getProtocol())) {
result.add(cipher);
}
@@ -598,13 +609,13 @@
return result;
}
- static LinkedHashSet<Ciphers> parse(String expression) {
+ static LinkedHashSet<Cipher> parse(String expression) {
if (!initialized) {
init();
}
String[] elements = expression.split(SEPARATOR);
- LinkedHashSet<Ciphers> ciphers = new LinkedHashSet<Ciphers>();
- Set<Ciphers> removedCiphers = new HashSet<Ciphers>();
+ LinkedHashSet<Cipher> ciphers = new LinkedHashSet<Cipher>();
+ Set<Cipher> removedCiphers = new HashSet<Cipher>();
for (String element : elements) {
if (element.startsWith(DELETE)) {
String alias = element.substring(1);
@@ -630,8 +641,8 @@
add(ciphers, element);
} else if (element.contains(AND)) {
String[] intersections = element.split("\\" + AND);
- if(intersections.length > 0) {
- List<Ciphers> result = new
ArrayList<Ciphers>(aliases.get(intersections[0]));
+ if(intersections.length > 0 &&
aliases.containsKey(intersections[0])) {
+ List<Cipher> result = new
ArrayList<Cipher>(aliases.get(intersections[0]));
for(int i = 1; i < intersections.length; i++) {
if(aliases.containsKey(intersections[i])) {
result.retainAll(aliases.get(intersections[i]));
@@ -645,10 +656,10 @@
return defaultSort(ciphers);
}
- static List<String> convertForJSSE(Collection<Ciphers> ciphers) {
+ static List<String> convertForJSSE(Collection<Cipher> ciphers) {
List<String> result = new ArrayList<String>(ciphers.size());
- for (Ciphers cipher : ciphers) {
- result.add(cipher.name());
+ for (Cipher cipher : ciphers) {
+ result.addAll(cipher.getJsseNames());
}
JSSELogger.ROOT_LOGGER.logEnabledCiphers(displayResult(ciphers, true,
","));
return result;
@@ -657,21 +668,24 @@
/**
* Parse the specified expression according to the OpenSSL syntax and returns a list
of standard cipher names.
*
- * @param expression: the openssl expression to define a list of cipher.
+ * @param expression the openssl expression to define a list of cipher.
* @return the corresponding list of ciphers.
*/
public static List<String> parseExpression(String expression) {
return convertForJSSE(parse(expression));
}
- static String displayResult(Collection<Ciphers> ciphers, boolean useJSSEFormat,
String separator) {
+ static String displayResult(Collection<Cipher> ciphers, boolean useJSSEFormat,
String separator) {
if (ciphers.isEmpty()) {
return "";
}
StringBuilder builder = new StringBuilder(ciphers.size() * 16);
- for (Ciphers cipher : ciphers) {
+ for (Cipher cipher : ciphers) {
if (useJSSEFormat) {
- builder.append(cipher.name());
+ for (String name : cipher.getJsseNames()) {
+ builder.append(name);
+ builder.append(separator);
+ }
} else {
builder.append(cipher.getOpenSSLAlias());
}
Modified:
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java
===================================================================
---
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java 2014-09-09
14:10:18 UTC (rev 2508)
+++
branches/7.5.x/src/main/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java 2014-09-11
15:09:44 UTC (rev 2509)
@@ -1,29 +1,41 @@
/*
- * Copyright (C) 2014 Red Hat, inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301 USA
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
+
package org.apache.tomcat.util.net.jsse.openssl;
-/**
- *
- * @author <a href="mailto:ehugonne@redhat.com">Emmanuel
Hugonnet</a> (c) 2014 Red Hat, inc.
- */
enum Protocol {
- SSLv3, SSLv2, TLSv1, TLSv1_2;
+
+ SSLv3("SSLv3"),
+ SSLv2("SSLv2"),
+ TLSv1("SSLv3"),
+ TLSv1_2("TLSv1.2");
+
+ private final String openSSLName;
+
+ private Protocol(String openSSLName) {
+ this.openSSLName = openSSLName;
+ }
+
+ /**
+ * The name returned by OpenSSL in the protocol column when using
+ * <code>openssl ciphers -v</code>. This is currently only used by the
unit
+ * tests hence it is package private.
+ */
+ String getOpenSSLName() {
+ return openSSLName;
+ }
}
4075
days inactive
4075
days old
jbossweb-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jbossweb-commits@lists.jboss.org