Author: markt
Date: Fri Jun 19 11:18:08 2015
New Revision: 1686386
URL: http://svn.apache.org/r1686386
Log:
Preparation for supporting multiple certificate types.
Add the cipher ID to the cipher enumeration.
Add some additional commentary to explain gaps etc.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1686386&r1=1686385&r2=1686386&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Fri
Jun 19 11:18:08 2015
@@ -19,7 +19,9 @@ package org.apache.tomcat.util.net.jsse.
import java.util.Arrays;
import java.util.Collections;
+import java.util.HashMap;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
/**
@@ -41,9 +43,17 @@ import java.util.Set;
* >OpenJDK source code</a>
*/
public enum Cipher {
+
+ /* Cipher 0
+ * TLS_NULL_WITH_NULL_NULL
+ * Must never be negotiated. Used internally to represent the initial
+ * unprotected state of a connection.
+ */
+
/* The RSA ciphers */
// Cipher 01
TLS_RSA_WITH_NULL_MD5(
+ 0x0001,
"NULL-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -59,6 +69,7 @@ public enum Cipher {
),
// Cipher 02
TLS_RSA_WITH_NULL_SHA(
+ 0x0002,
"NULL-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -74,6 +85,7 @@ public enum Cipher {
),
// Cipher 03
TLS_RSA_EXPORT_WITH_RC4_40_MD5(
+ 0x0003,
"EXP-RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -89,6 +101,7 @@ public enum Cipher {
),
// Cipher 04
TLS_RSA_WITH_RC4_128_MD5(
+ 0x0004,
"RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -104,6 +117,7 @@ public enum Cipher {
),
// Cipher 05
TLS_RSA_WITH_RC4_128_SHA(
+ 0x0005,
"RC4-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -119,6 +133,7 @@ public enum Cipher {
),
// Cipher 06
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(
+ 0x0006,
"EXP-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -134,6 +149,7 @@ public enum Cipher {
),
// Cipher 07
TLS_RSA_WITH_IDEA_CBC_SHA(
+ 0x0007,
"IDEA-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -149,6 +165,7 @@ public enum Cipher {
),
// Cipher 08
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ 0x0008,
"EXP-DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -164,6 +181,7 @@ public enum Cipher {
),
// Cipher 09
TLS_RSA_WITH_DES_CBC_SHA(
+ 0x0009,
"DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -179,6 +197,7 @@ public enum Cipher {
),
// Cipher 0A
TLS_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0x000A,
"DES-CBC3-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -195,6 +214,7 @@ public enum Cipher {
/* The DH ciphers */
// Cipher 0B
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(
+ 0x000B,
"EXP-DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -210,6 +230,7 @@ public enum Cipher {
),
// Cipher 0C
TLS_DH_DSS_WITH_DES_CBC_SHA(
+ 0x000C,
"DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -225,6 +246,7 @@ public enum Cipher {
),
// Cipher 0D
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA(
+ 0x000D,
"DH-DSS-DES-CBC3-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -240,6 +262,7 @@ public enum Cipher {
),
// Cipher 0E
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ 0x000E,
"EXP-DH-RSA-DES-CBC-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -255,6 +278,7 @@ public enum Cipher {
),
// Cipher 0F
TLS_DH_RSA_WITH_DES_CBC_SHA(
+ 0x000F,
"DH-RSA-DES-CBC-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -270,6 +294,7 @@ public enum Cipher {
),
// Cipher 10
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0x0010,
"DH-RSA-DES-CBC3-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -286,6 +311,7 @@ public enum Cipher {
/* The Ephemeral DH ciphers */
// Cipher 11
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
+ 0x0011,
"EXP-DHE-DSS-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -301,6 +327,7 @@ public enum Cipher {
),
// Cipher 12
TLS_DHE_DSS_WITH_DES_CBC_SHA(
+ 0x0012,
"DHE-DSS-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -316,6 +343,7 @@ public enum Cipher {
),
// Cipher 13
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
+ 0x0013,
"DHE-DSS-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -331,6 +359,7 @@ public enum Cipher {
),
// Cipher 14
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ 0x0014,
"EXP-DHE-RSA-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -346,6 +375,7 @@ public enum Cipher {
),
// Cipher 15
TLS_DHE_RSA_WITH_DES_CBC_SHA(
+ 0x0015,
"DHE-RSA-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -361,6 +391,7 @@ public enum Cipher {
),
// Cipher 16
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0x0016,
"DHE-RSA-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -376,6 +407,7 @@ public enum Cipher {
),
// Cipher 17
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5(
+ 0x0017,
"EXP-ADH-RC4-MD5",
KeyExchange.EDH,
Authentication.aNULL,
@@ -391,6 +423,7 @@ public enum Cipher {
),
// Cipher 18
TLS_DH_anon_WITH_RC4_128_MD5(
+ 0x0018,
"ADH-RC4-MD5",
KeyExchange.EDH,
Authentication.aNULL,
@@ -406,6 +439,7 @@ public enum Cipher {
),
// Cipher 19
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
+ 0x0019,
"EXP-ADH-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -421,6 +455,7 @@ public enum Cipher {
),
// Cipher 1A
TLS_DH_anon_WITH_DES_CBC_SHA(
+ 0x001A,
"ADH-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -436,6 +471,7 @@ public enum Cipher {
),
// Cipher 1B
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA(
+ 0x001B,
"ADH-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -449,7 +485,9 @@ public enum Cipher {
168,
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"
),
- /* Fortezza ciphersuite from SSL 3.0 spec */
+ /* Fortezza ciphersuite from SSL 3.0 spec
+ * Neither OpenSSL nor Java implement these ciphers and the IDs used
+ * overlap partially with the IDs used by the Kerberos ciphers
// Cipher 1C
SSL_FORTEZZA_DMS_WITH_NULL_SHA(
"FZA-NULL-SHA",
@@ -478,7 +516,7 @@ public enum Cipher {
0,
0
),
- // Cipher 1E - duplicate
+ // Cipher 1E - overlaps with Kerberos below
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA(
"FZA-RC4-SHA",
KeyExchange.FZA,
@@ -492,8 +530,11 @@ public enum Cipher {
128,
128
),
- /* The Kerberos ciphers*/
- // Cipher 1E - duplicate
+ */
+ /* The Kerberos ciphers. OpenSSL doesn't support these. Java does but they
+ * are used for Kerberos authentication.
+ */
+ // Cipher 1E - overlaps with Fortezza above
/*TLS_KRB5_WITH_DES_CBC_SHA(
"KRB5-DES-CBC-SHA",
KeyExchange.KRB5,
@@ -689,9 +730,23 @@ public enum Cipher {
40,
128
),*/
+
+ /* PSK cipher suites from RFC 4785
+ * Unsupported by both Java and OpenSSL.
+ // Cipher 2C
+ TLS_PSK_WITH_NULL_SHA
+
+ // Cipher 2D
+ TLS_DHE_PSK_WITH_NULL_SHA
+
+ // Cipher 2E
+ TLS_RSA_PSK_WITH_NULL_SHA
+ */
+
/* New AES ciphersuites */
// Cipher 2F
TLS_RSA_WITH_AES_128_CBC_SHA(
+ 0x002f,
"AES128-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -706,6 +761,7 @@ public enum Cipher {
),
// Cipher 30
TLS_DH_DSS_WITH_AES_128_CBC_SHA(
+ 0x0030,
"DH-DSS-AES128-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -720,6 +776,7 @@ public enum Cipher {
),
// Cipher 31
TLS_DH_RSA_WITH_AES_128_CBC_SHA(
+ 0x0031,
"DH-RSA-AES128-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -734,6 +791,7 @@ public enum Cipher {
),
// Cipher 32
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
+ 0x0032,
"DHE-DSS-AES128-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -748,6 +806,7 @@ public enum Cipher {
),
// Cipher 33
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
+ 0x0033,
"DHE-RSA-AES128-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -762,6 +821,7 @@ public enum Cipher {
),
// Cipher 34
TLS_DH_anon_WITH_AES_128_CBC_SHA(
+ 0x0034,
"ADH-AES128-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -776,6 +836,7 @@ public enum Cipher {
),
// Cipher 35
TLS_RSA_WITH_AES_256_CBC_SHA(
+ 0x0035,
"AES256-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -790,6 +851,7 @@ public enum Cipher {
),
// Cipher 36
TLS_DH_DSS_WITH_AES_256_CBC_SHA(
+ 0x0036,
"DH-DSS-AES256-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -804,6 +866,7 @@ public enum Cipher {
),
// Cipher 37
TLS_DH_RSA_WITH_AES_256_CBC_SHA(
+ 0x0037,
"DH-RSA-AES256-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -818,6 +881,7 @@ public enum Cipher {
),
// Cipher 38
TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
+ 0x0038,
"DHE-DSS-AES256-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -832,6 +896,7 @@ public enum Cipher {
),
// Cipher 39
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
+ 0x0039,
"DHE-RSA-AES256-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -846,6 +911,7 @@ public enum Cipher {
),
// Cipher 3A
TLS_DH_anon_WITH_AES_256_CBC_SHA(
+ 0x003A,
"ADH-AES256-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -861,6 +927,7 @@ public enum Cipher {
/* TLS v1.2 ciphersuites */
// Cipher 3B
TLS_RSA_WITH_NULL_SHA256(
+ 0x003B,
"NULL-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -875,6 +942,7 @@ public enum Cipher {
),
// Cipher 3C
TLS_RSA_WITH_AES_128_CBC_SHA256(
+ 0x003C,
"AES128-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -889,6 +957,7 @@ public enum Cipher {
),
// Cipher 3D
TLS_RSA_WITH_AES_256_CBC_SHA256(
+ 0x003D,
"AES256-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -903,6 +972,7 @@ public enum Cipher {
),
// Cipher 3E
TLS_DH_DSS_WITH_AES_128_CBC_SHA256(
+ 0x003E,
"DH-DSS-AES128-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -917,6 +987,7 @@ public enum Cipher {
),
// Cipher 3F
TLS_DH_RSA_WITH_AES_128_CBC_SHA256(
+ 0x003F,
"DH-RSA-AES128-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -931,6 +1002,7 @@ public enum Cipher {
),
// Cipher 40
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
+ 0x0040,
"DHE-DSS-AES128-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -947,6 +1019,7 @@ public enum Cipher {
128-bit portion) */
// Cipher 41
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0041,
"CAMELLIA128-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -961,6 +1034,7 @@ public enum Cipher {
),
// Cipher 42
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0042,
"DH-DSS-CAMELLIA128-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -975,6 +1049,7 @@ public enum Cipher {
),
// Cipher 43
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0043,
"DH-RSA-CAMELLIA128-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -989,6 +1064,7 @@ public enum Cipher {
),
// Cipher 44
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0044,
"DHE-DSS-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -1003,6 +1079,7 @@ public enum Cipher {
),
// Cipher 45
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0045,
"DHE-RSA-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -1017,6 +1094,7 @@ public enum Cipher {
),
// Cipher 46
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0046,
"ADH-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1029,7 +1107,8 @@ public enum Cipher {
128,
128
),
- /* New TLS Export CipherSuites from expired ID */
+ /* Experimental (and now expired) TLSv1 versions of SSLv3 ciphers.
+ * Unsupported by Java and OpenSSL.
// Cipher 60
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5(
"EXP1024-RC4-MD5",
@@ -1134,10 +1213,11 @@ public enum Cipher {
128,
128,
"SSL_DHE_DSS_WITH_RC4_128_SHA"
- ),
+ ),*/
/* TLS v1.2 ciphersuites */
// Cipher 67
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
+ 0x0067,
"DHE-RSA-AES128-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1152,6 +1232,7 @@ public enum Cipher {
),
// Cipher 68
TLS_DH_DSS_WITH_AES_256_CBC_SHA256(
+ 0x0068,
"DH-DSS-AES256-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -1166,6 +1247,7 @@ public enum Cipher {
),
// Cipher 69
TLS_DH_RSA_WITH_AES_256_CBC_SHA256(
+ 0x0069,
"DH-RSA-AES256-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -1180,6 +1262,7 @@ public enum Cipher {
),
// Cipher 6A
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
+ 0x006A,
"DHE-DSS-AES256-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -1194,6 +1277,7 @@ public enum Cipher {
),
// Cipher 6B
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
+ 0x006B,
"DHE-RSA-AES256-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1208,6 +1292,7 @@ public enum Cipher {
),
// Cipher 6C
TLS_DH_anon_WITH_AES_128_CBC_SHA256(
+ 0x006C,
"ADH-AES128-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1222,6 +1307,7 @@ public enum Cipher {
),
// Cipher 6D
TLS_DH_anon_WITH_AES_256_CBC_SHA256(
+ 0x006D,
"ADH-AES256-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1234,7 +1320,8 @@ public enum Cipher {
256,
256
),
- /* GOST Ciphersuites */
+ /* GOST Ciphersuites. Unsupported by Java. OpenSSl lists them with IDs
+ * 0x3000080 to 0x3000083 */
/*
// Cipher 80
TLS_GOSTR341094_WITH_28147_CNT_IMIT(
@@ -1296,6 +1383,7 @@ public enum Cipher {
256-bit portion) */
// Cipher 84
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0084,
"CAMELLIA256-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -1310,6 +1398,7 @@ public enum Cipher {
),
// Cipher 85
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0085,
"DH-DSS-CAMELLIA256-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -1324,6 +1413,7 @@ public enum Cipher {
),
// Cipher 86
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0086,
"DH-RSA-CAMELLIA256-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -1338,6 +1428,7 @@ public enum Cipher {
),
// Cipher 87
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0087,
"DHE-DSS-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -1352,6 +1443,7 @@ public enum Cipher {
),
// Cipher 88
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0088,
"DHE-RSA-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -1366,6 +1458,7 @@ public enum Cipher {
),
// Cipher 89
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0089,
"ADH-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1380,6 +1473,7 @@ public enum Cipher {
),
// Cipher 8A
TLS_PSK_WITH_RC4_128_SHA(
+ 0x008A,
"PSK-RC4-SHA",
KeyExchange.PSK,
Authentication.PSK,
@@ -1394,6 +1488,7 @@ public enum Cipher {
),
// Cipher 8B
TLS_PSK_WITH_3DES_EDE_CBC_SHA(
+ 0x008B,
"PSK-3DES-EDE-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
@@ -1408,6 +1503,7 @@ public enum Cipher {
),
// Cipher 8C
TLS_PSK_WITH_AES_128_CBC_SHA(
+ 0x008C,
"PSK-AES128-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
@@ -1422,6 +1518,7 @@ public enum Cipher {
),
// Cipher 8D
TLS_PSK_WITH_AES_256_CBC_SHA(
+ 0x008D,
"PSK-AES256-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
@@ -1434,9 +1531,15 @@ public enum Cipher {
256,
256
),
+
+ /* PSK ciphers 0x008E to 0x0095
+ * Unsupported by both Java and OpenSSL
+ */
+
/* SEED ciphersuites from RFC4162 */
// Cipher 96
TLS_RSA_WITH_SEED_CBC_SHA(
+ 0x0096,
"SEED-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -1451,6 +1554,7 @@ public enum Cipher {
),
// Cipher 97
TLS_DH_DSS_WITH_SEED_CBC_SHA(
+ 0x0097,
"DH-DSS-SEED-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -1465,6 +1569,7 @@ public enum Cipher {
),
// Cipher 98
TLS_DH_RSA_WITH_SEED_CBC_SHA(
+ 0x0098,
"DH-RSA-SEED-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -1479,6 +1584,7 @@ public enum Cipher {
),
// Cipher 99
TLS_DHE_DSS_WITH_SEED_CBC_SHA(
+ 0x0099,
"DHE-DSS-SEED-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -1493,6 +1599,7 @@ public enum Cipher {
),
// Cipher 9A
TLS_DHE_RSA_WITH_SEED_CBC_SHA(
+ 0x009A,
"DHE-RSA-SEED-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -1507,6 +1614,7 @@ public enum Cipher {
),
// Cipher 9B
TLS_DH_anon_WITH_SEED_CBC_SHA(
+ 0x009B,
"ADH-SEED-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1522,6 +1630,7 @@ public enum Cipher {
/* GCM ciphersuites from RFC5288 */
// Cipher 9C
TLS_RSA_WITH_AES_128_GCM_SHA256(
+ 0x009C,
"AES128-GCM-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -1536,6 +1645,7 @@ public enum Cipher {
),
// Cipher 9D
TLS_RSA_WITH_AES_256_GCM_SHA384(
+ 0x009D,
"AES256-GCM-SHA384",
KeyExchange.RSA,
Authentication.RSA,
@@ -1550,6 +1660,7 @@ public enum Cipher {
),
// Cipher 9E
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
+ 0x009E,
"DHE-RSA-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1564,6 +1675,7 @@ public enum Cipher {
),
// Cipher 9F
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
+ 0x009F,
"DHE-RSA-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.RSA,
@@ -1578,6 +1690,7 @@ public enum Cipher {
),
// Cipher A0
TLS_DH_RSA_WITH_AES_128_GCM_SHA256(
+ 0x00A0,
"DH-RSA-AES128-GCM-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -1592,6 +1705,7 @@ public enum Cipher {
),
// Cipher A1
TLS_DH_RSA_WITH_AES_256_GCM_SHA384(
+ 0x00A1,
"DH-RSA-AES256-GCM-SHA384",
KeyExchange.DHr,
Authentication.DH,
@@ -1606,6 +1720,7 @@ public enum Cipher {
),
// Cipher A2
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
+ 0x00A2,
"DHE-DSS-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -1620,6 +1735,7 @@ public enum Cipher {
),
// Cipher A3
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
+ 0x00A3,
"DHE-DSS-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.DSS,
@@ -1634,6 +1750,7 @@ public enum Cipher {
),
// Cipher A4
TLS_DH_DSS_WITH_AES_128_GCM_SHA256(
+ 0x00A4,
"DH-DSS-AES128-GCM-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -1648,6 +1765,7 @@ public enum Cipher {
),
// Cipher A5
TLS_DH_DSS_WITH_AES_256_GCM_SHA384(
+ 0x00A5,
"DH-DSS-AES256-GCM-SHA384",
KeyExchange.DHd,
Authentication.DH,
@@ -1662,6 +1780,7 @@ public enum Cipher {
),
// Cipher A6
TLS_DH_anon_WITH_AES_128_GCM_SHA256(
+ 0x00A6,
"ADH-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1676,6 +1795,7 @@ public enum Cipher {
),
// Cipher A7
TLS_DH_anon_WITH_AES_256_GCM_SHA384(
+ 0x00A7,
"ADH-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1688,8 +1808,14 @@ public enum Cipher {
256,
256
),
+
+ /* PSK ciphers 0x00A8 to 0x00B9
+ * Unsupported by both Java and OpenSSL
+ */
+
// Cipher BA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BA,
"CAMELLIA128-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -1704,6 +1830,7 @@ public enum Cipher {
),
// Cipher BB
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BB,
"DH-DSS-CAMELLIA128-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -1718,6 +1845,7 @@ public enum Cipher {
),
// Cipher BC
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BC,
"DH-RSA-CAMELLIA128-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -1732,6 +1860,7 @@ public enum Cipher {
),
// Cipher BD
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BD,
"DHE-DSS-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -1746,6 +1875,7 @@ public enum Cipher {
),
// Cipher BE
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BE,
"DHE-RSA-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1760,6 +1890,7 @@ public enum Cipher {
),
// Cipher BF
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BF,
"ADH-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1774,6 +1905,7 @@ public enum Cipher {
),
// Cipher C0
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C0,
"CAMELLIA256-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -1788,6 +1920,7 @@ public enum Cipher {
),
// Cipher C1
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C1,
"DH-DSS-CAMELLIA256-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -1802,6 +1935,7 @@ public enum Cipher {
),
// Cipher C2
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C2,
"DH-RSA-CAMELLIA256-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -1816,6 +1950,7 @@ public enum Cipher {
),
// Cipher C3
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C3,
"DHE-DSS-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -1830,6 +1965,7 @@ public enum Cipher {
),
// Cipher C4
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C4,
"DHE-RSA-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1844,6 +1980,7 @@ public enum Cipher {
),
// Cipher C5
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C5,
"ADH-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1856,10 +1993,18 @@ public enum Cipher {
256,
256
),
+
+ /* Cipher 0x00FF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ * Cipher 0x5600 TLS_FALLBACK_SCSV
+ *
+ * No other ciphers defined until 0xC001 below
+ */
+
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (
Mar 15, 2001) */
// Cipher C001
TLS_ECDH_ECDSA_WITH_NULL_SHA(
+ 0xC001,
"ECDH-ECDSA-NULL-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1874,6 +2019,7 @@ public enum Cipher {
),
// Cipher C002
TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
+ 0xC002,
"ECDH-ECDSA-RC4-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1888,6 +2034,7 @@ public enum Cipher {
),
// Cipher C003
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC003,
"ECDH-ECDSA-DES-CBC3-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1902,6 +2049,7 @@ public enum Cipher {
),
// Cipher C004
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
+ 0xC004,
"ECDH-ECDSA-AES128-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1916,6 +2064,7 @@ public enum Cipher {
),
// Cipher C005
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
+ 0xC005,
"ECDH-ECDSA-AES256-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1930,6 +2079,7 @@ public enum Cipher {
),
// Cipher C006
TLS_ECDHE_ECDSA_WITH_NULL_SHA(
+ 0xC006,
"ECDHE-ECDSA-NULL-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1944,6 +2094,7 @@ public enum Cipher {
),
// Cipher C007
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
+ 0xC007,
"ECDHE-ECDSA-RC4-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1958,6 +2109,7 @@ public enum Cipher {
),
// Cipher C008
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC008,
"ECDHE-ECDSA-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1972,6 +2124,7 @@ public enum Cipher {
),
// Cipher C009
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
+ 0xC009,
"ECDHE-ECDSA-AES128-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1986,6 +2139,7 @@ public enum Cipher {
),
// Cipher C00A
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
+ 0xC00A,
"ECDHE-ECDSA-AES256-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2000,6 +2154,7 @@ public enum Cipher {
),
// Cipher C00B
TLS_ECDH_RSA_WITH_NULL_SHA(
+ 0xC00B,
"ECDH-RSA-NULL-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2014,6 +2169,7 @@ public enum Cipher {
),
// Cipher C00C
TLS_ECDH_RSA_WITH_RC4_128_SHA(
+ 0xC00C,
"ECDH-RSA-RC4-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2028,6 +2184,7 @@ public enum Cipher {
),
// Cipher C00D
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC00D,
"ECDH-RSA-DES-CBC3-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2042,6 +2199,7 @@ public enum Cipher {
),
// Cipher C00E
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
+ 0xC00E,
"ECDH-RSA-AES128-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2056,6 +2214,7 @@ public enum Cipher {
),
// Cipher C00F
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
+ 0xC00F,
"ECDH-RSA-AES256-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2070,6 +2229,7 @@ public enum Cipher {
),
// Cipher C010
TLS_ECDHE_RSA_WITH_NULL_SHA(
+ 0xC010,
"ECDHE-RSA-NULL-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2084,6 +2244,7 @@ public enum Cipher {
),
// Cipher C011
TLS_ECDHE_RSA_WITH_RC4_128_SHA(
+ 0xC011,
"ECDHE-RSA-RC4-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2098,6 +2259,7 @@ public enum Cipher {
),
// Cipher C012
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC012,
"ECDHE-RSA-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2112,6 +2274,7 @@ public enum Cipher {
),
// Cipher C013
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
+ 0xC013,
"ECDHE-RSA-AES128-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2126,6 +2289,7 @@ public enum Cipher {
),
// Cipher C014
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
+ 0xC014,
"ECDHE-RSA-AES256-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2140,6 +2304,7 @@ public enum Cipher {
),
// Cipher C015
TLS_ECDH_anon_WITH_NULL_SHA(
+ 0xC015,
"AECDH-NULL-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2154,6 +2319,7 @@ public enum Cipher {
),
// Cipher C016
TLS_ECDH_anon_WITH_RC4_128_SHA(
+ 0xC016,
"AECDH-RC4-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2168,6 +2334,7 @@ public enum Cipher {
),
// Cipher C017
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
+ 0xC017,
"AECDH-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2182,6 +2349,7 @@ public enum Cipher {
),
// Cipher C018
TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
+ 0xC018,
"AECDH-AES128-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2196,6 +2364,7 @@ public enum Cipher {
),
// Cipher C019
TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
+ 0xC019,
"AECDH-AES256-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2211,6 +2380,7 @@ public enum Cipher {
/* SRP ciphersuite from RFC 5054 */
// Cipher C01A
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA(
+ 0xC01A,
"SRP-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
@@ -2225,6 +2395,7 @@ public enum Cipher {
),
// Cipher C01B
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC01B,
"SRP-RSA-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
@@ -2239,6 +2410,7 @@ public enum Cipher {
),
// Cipher C01C
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA(
+ 0xC01C,
"SRP-DSS-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
@@ -2253,6 +2425,7 @@ public enum Cipher {
),
// Cipher C01D
TLS_SRP_SHA_WITH_AES_128_CBC_SHA(
+ 0xC01D,
"SRP-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
@@ -2267,6 +2440,7 @@ public enum Cipher {
),
// Cipher C01E
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA(
+ 0xC01E,
"SRP-RSA-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
@@ -2281,6 +2455,7 @@ public enum Cipher {
),
// Cipher C01F
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA(
+ 0xC01F,
"SRP-DSS-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
@@ -2295,6 +2470,7 @@ public enum Cipher {
),
// Cipher C020
TLS_SRP_SHA_WITH_AES_256_CBC_SHA(
+ 0xC020,
"SRP-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
@@ -2309,6 +2485,7 @@ public enum Cipher {
),
// Cipher C021
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA(
+ 0xC021,
"SRP-RSA-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
@@ -2323,6 +2500,7 @@ public enum Cipher {
),
// Cipher C022
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA(
+ 0xC022,
"SRP-DSS-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
@@ -2338,6 +2516,7 @@ public enum Cipher {
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
// Cipher C023
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
+ 0xC023,
"ECDHE-ECDSA-AES128-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2352,6 +2531,7 @@ public enum Cipher {
),
// Cipher C024
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
+ 0xC024,
"ECDHE-ECDSA-AES256-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2366,6 +2546,7 @@ public enum Cipher {
),
// Cipher C025
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
+ 0xC025,
"ECDH-ECDSA-AES128-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2380,6 +2561,7 @@ public enum Cipher {
),
// Cipher C026
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
+ 0xC026,
"ECDH-ECDSA-AES256-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2394,6 +2576,7 @@ public enum Cipher {
),
// Cipher C027
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
+ 0xC027,
"ECDHE-RSA-AES128-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2408,6 +2591,7 @@ public enum Cipher {
),
// Cipher C028
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
+ 0xC028,
"ECDHE-RSA-AES256-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2422,6 +2606,7 @@ public enum Cipher {
),
// Cipher C029
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
+ 0xC029,
"ECDH-RSA-AES128-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2436,6 +2621,7 @@ public enum Cipher {
),
// Cipher C02A
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
+ 0xC02A,
"ECDH-RSA-AES256-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2451,6 +2637,7 @@ public enum Cipher {
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
// Cipher C02B
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
+ 0xC02B,
"ECDHE-ECDSA-AES128-GCM-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2465,6 +2652,7 @@ public enum Cipher {
),
// Cipher C02C
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
+ 0xC02C,
"ECDHE-ECDSA-AES256-GCM-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2479,6 +2667,7 @@ public enum Cipher {
),
// Cipher C02D
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
+ 0xC02D,
"ECDH-ECDSA-AES128-GCM-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2493,6 +2682,7 @@ public enum Cipher {
),
// Cipher C02E
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
+ 0xC02E,
"ECDH-ECDSA-AES256-GCM-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2507,6 +2697,7 @@ public enum Cipher {
),
// Cipher C02F
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
+ 0xC02F,
"ECDHE-RSA-AES128-GCM-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2521,6 +2712,7 @@ public enum Cipher {
),
// Cipher C030
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
+ 0xC030,
"ECDHE-RSA-AES256-GCM-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2535,6 +2727,7 @@ public enum Cipher {
),
// Cipher C031
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
+ 0xC031,
"ECDH-RSA-AES128-GCM-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2549,6 +2742,7 @@ public enum Cipher {
),
// Cipher C032
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
+ 0xC032,
"ECDH-RSA-AES256-GCM-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2561,8 +2755,17 @@ public enum Cipher {
256,
256
),
+
+ /* PSK ciphers 0xC033 to 0xC03B
+ * Unsupported by both Java and OpenSSL
+ */
+
+ /* ARIA ciphers 0xC03C to 0xC071
+ * Unsupported by both Java and OpenSSL
+ */
// Cipher C072
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0xC072,
"ECDHE-ECDSA-CAMELLIA128-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2577,6 +2780,7 @@ public enum Cipher {
),
// Cipher C073
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(
+ 0xC073,
"ECDHE-ECDSA-CAMELLIA256-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2591,6 +2795,7 @@ public enum Cipher {
),
// Cipher C074
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0xC074,
"ECDH-ECDSA-CAMELLIA128-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2605,6 +2810,7 @@ public enum Cipher {
),
// Cipher C075
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(
+ 0xC075,
"ECDH-ECDSA-CAMELLIA256-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2619,6 +2825,7 @@ public enum Cipher {
),
// Cipher C076
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0xC076,
"ECDHE-RSA-CAMELLIA128-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2633,6 +2840,7 @@ public enum Cipher {
),
// Cipher C077
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384(
+ 0xC077,
"ECDHE-RSA-CAMELLIA256-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2647,6 +2855,7 @@ public enum Cipher {
),
// Cipher C078
TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0xC078,
"ECDH-RSA-CAMELLIA128-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2661,6 +2870,7 @@ public enum Cipher {
),
// Cipher C079
TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384(
+ 0xC079,
"ECDH-RSA-CAMELLIA256-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2673,8 +2883,11 @@ public enum Cipher {
256,
256
),
+
+ // Cipher 0x010080 (SSLv2)
// RC4_128_WITH_MD5
SSL_CK_RC4_128_WITH_MD5(
+ -1,
"RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -2687,8 +2900,26 @@ public enum Cipher {
128,
128
),
+ // Cipher 0x020080 (SSLv2)
+ SSL2_RC4_128_EXPORT40_WITH_MD5(
+ -1,
+ "EXP-RC4-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128,
+ "SSL_RC4_128_EXPORT40_WITH_MD5"
+ ),
+ // Cipher 0x030080 (SSLv2)
// RC2_128_CBC_WITH_MD5
SSL_CK_RC2_128_CBC_WITH_MD5(
+ -1,
"RC2-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -2701,8 +2932,10 @@ public enum Cipher {
128,
128
),
+ // Cipher 0x040080 (SSLv2)
// RC2_128_CBC_EXPORT40_WITH_MD5
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5(
+ -1,
"EXP-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -2715,6 +2948,57 @@ public enum Cipher {
40,
128
),
+ // Cipher 0x050080 (SSLv2)
+ // IDEA_128_CBC_WITH_MD5
+ SSL2_IDEA_128_CBC_WITH_MD5(
+ -1,
+ "IDEA-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.IDEA,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false, EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128,
+ "SSL_CK_IDEA_128_CBC_WITH_MD5"
+ ),
+ // Cipher 0x060040 (SSLv2)
+ // DES_64_CBC_WITH_MD5
+ SSL2_DES_64_CBC_WITH_MD5(
+ -1,
+ "DES-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.DES,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_CK_DES_64_CBC_WITH_MD5"
+ ),
+ // Cipher 0x0700C0 (SSLv2)
+ // DES_192_EDE3_CBC_WITH_MD5
+ SSL2_DES_192_EDE3_CBC_WITH_MD5(
+ -1,
+ "DES-CBC3-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.TRIPLE_DES,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 112,
+ 168,
+ "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"
+ );
+
/* TEMP_GOST_TLS*/
/*
// Cipher FF00
@@ -2769,84 +3053,9 @@ public enum Cipher {
256,
256
},*/
- // Cipher 0x020080
- SSL2_RC4_128_EXPORT40_WITH_MD5(
- "EXP-RC4-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv2,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128,
- "SSL_RC4_128_EXPORT40_WITH_MD5"
- ),
- // Cipher 0x030080 / 0x040080
- SSL2_RC2_CBC_128_CBC_WITH_MD5(
- "RC2-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC2,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.MEDIUM,
- true,
- 128,
- 128
- ),
- // Cipher 0x050080
- // IDEA_128_CBC_WITH_MD5
- SSL2_IDEA_128_CBC_WITH_MD5(
- "IDEA-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.IDEA,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false, EncryptionLevel.MEDIUM,
- false,
- 128,
- 128,
- "SSL_CK_IDEA_128_CBC_WITH_MD5"
- ),
- // Cipher 0x060040
- // DES_64_CBC_WITH_MD5
- SSL2_DES_64_CBC_WITH_MD5(
- "DES-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.DES,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56,
- "SSL_CK_DES_64_CBC_WITH_MD5"
- ),
- // Cipher 0x0700C0
- // DES_192_EDE3_CBC_WITH_MD5
- SSL2_DES_192_EDE3_CBC_WITH_MD5(
- "DES-CBC3-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.TRIPLE_DES,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.HIGH,
- false,
- 112,
- 168,
- "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"
- );
+ private final int id;
private final String openSSLAlias;
private final Set<String> jsseNames;
private final KeyExchange kx;
@@ -2866,9 +3075,10 @@ public enum Cipher {
*/
private final int alg_bits;
- private Cipher(String openSSLAlias, KeyExchange kx, Authentication au,
Encryption enc, MessageDigest mac,
- Protocol protocol, boolean export, EncryptionLevel level, boolean
fipsCompatible, int strength_bits,
- int alg_bits, String... jsseAltNames) {
+ private Cipher(int id, String openSSLAlias, KeyExchange kx, Authentication
au, Encryption enc,
+ MessageDigest mac, Protocol protocol, boolean export,
EncryptionLevel level,
+ boolean fipsCompatible, int strength_bits, int alg_bits, String...
jsseAltNames) {
+ this.id = id;
this.openSSLAlias = openSSLAlias;
Set<String> names = new HashSet<>();
if (jsseAltNames != null) {
@@ -2888,6 +3098,10 @@ public enum Cipher {
this.alg_bits = alg_bits;
}
+ public int getId() {
+ return id;
+ }
+
public String getOpenSSLAlias() {
return openSSLAlias;
}
@@ -2936,4 +3150,21 @@ public enum Cipher {
return alg_bits;
}
+
+ private static final Map<Integer,Cipher> idMap = new HashMap<>();
+
+ static {
+ for (Cipher cipher : Cipher.values()) {
+ int id = cipher.getId();
+
+ if (id > 0 && id < 0xFFFF) {
+ idMap.put(Integer.valueOf(id), cipher);
+ }
+ }
+ }
+
+
+ public static Cipher valueOf(int cipherId) {
+ return idMap.get(Integer.valueOf(cipherId));
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
