Author: markt
Date: Fri Jun 26 12:54:56 2015
New Revision: 1687770
URL: http://svn.apache.org/r1687770
Log:
Update Ciphers to:
- add IDs
- correct strength bits
- comment on missing Ciphers
- add new Ciphers
Update unit tests to account for above changes
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1687770&r1=1687769&r2=1687770&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Fri Jun 26 12:54:56 2015
@@ -19,12 +19,16 @@ package org.apache.tomcat.util.net.jsse.
import java.util.Arrays;
import java.util.Collections;
+import java.util.HashMap;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
/**
* All the standard cipher suites for SSL/TSL.
*
+ * @see <a href="https://github.com/openssl/openssl/blob/master/ssl/s3_lib.c";
+ * >OpenSSL cipher definitions</a>
* @see <a
href="http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4";
* >The cipher suite registry</a>
* @see <a href="https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/";
@@ -33,11 +37,23 @@ import java.util.Set;
* >Oracle standard names for cipher suites</a>
* @see <a href="https://www.openssl.org/docs/apps/ciphers.html";
* >Mapping of OpenSSL cipher suites names to registry names</a>
+ * @see <a href="https://github.com/ssllabs/sslhaf/blob/0.1.x/suites.csv";
+ * >SSL Labs tool - list of ciphers</a>
+ * @see <a
href="http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/e30cd0d37abf/src/java.base/share/classes/sun/security/ssl/CipherSuite.java";
+ * >OpenJDK source code</a>
*/
public enum Cipher {
+
+ /* Cipher 0
+ * TLS_NULL_WITH_NULL_NULL
+ * Must never be negotiated. Used internally to represent the initial
+ * unprotected state of a connection.
+ */
+
/* The RSA ciphers */
// Cipher 01
TLS_RSA_WITH_NULL_MD5(
+ 0x0001,
"NULL-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -53,6 +69,7 @@ public enum Cipher {
),
// Cipher 02
TLS_RSA_WITH_NULL_SHA(
+ 0x0002,
"NULL-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -68,6 +85,7 @@ public enum Cipher {
),
// Cipher 03
TLS_RSA_EXPORT_WITH_RC4_40_MD5(
+ 0x0003,
"EXP-RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -83,6 +101,7 @@ public enum Cipher {
),
// Cipher 04
TLS_RSA_WITH_RC4_128_MD5(
+ 0x0004,
"RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -98,6 +117,7 @@ public enum Cipher {
),
// Cipher 05
TLS_RSA_WITH_RC4_128_SHA(
+ 0x0005,
"RC4-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -113,6 +133,7 @@ public enum Cipher {
),
// Cipher 06
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(
+ 0x0006,
"EXP-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -128,6 +149,7 @@ public enum Cipher {
),
// Cipher 07
TLS_RSA_WITH_IDEA_CBC_SHA(
+ 0x0007,
"IDEA-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -143,6 +165,7 @@ public enum Cipher {
),
// Cipher 08
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ 0x0008,
"EXP-DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -158,6 +181,7 @@ public enum Cipher {
),
// Cipher 09
TLS_RSA_WITH_DES_CBC_SHA(
+ 0x0009,
"DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -173,6 +197,7 @@ public enum Cipher {
),
// Cipher 0A
TLS_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0x000A,
"DES-CBC3-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -182,13 +207,14 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168,
"SSL_RSA_WITH_3DES_EDE_CBC_SHA"
),
/* The DH ciphers */
// Cipher 0B
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(
+ 0x000B,
"EXP-DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -204,6 +230,7 @@ public enum Cipher {
),
// Cipher 0C
TLS_DH_DSS_WITH_DES_CBC_SHA(
+ 0x000C,
"DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -219,6 +246,7 @@ public enum Cipher {
),
// Cipher 0D
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA(
+ 0x000D,
"DH-DSS-DES-CBC3-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -228,12 +256,13 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168,
"SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"
),
// Cipher 0E
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ 0x000E,
"EXP-DH-RSA-DES-CBC-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -249,6 +278,7 @@ public enum Cipher {
),
// Cipher 0F
TLS_DH_RSA_WITH_DES_CBC_SHA(
+ 0x000F,
"DH-RSA-DES-CBC-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -264,6 +294,7 @@ public enum Cipher {
),
// Cipher 10
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0x0010,
"DH-RSA-DES-CBC3-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -273,13 +304,14 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168,
"SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"
),
/* The Ephemeral DH ciphers */
// Cipher 11
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
+ 0x0011,
"EXP-EDH-DSS-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -295,6 +327,7 @@ public enum Cipher {
),
// Cipher 12
TLS_DHE_DSS_WITH_DES_CBC_SHA(
+ 0x0012,
"EDH-DSS-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -310,6 +343,7 @@ public enum Cipher {
),
// Cipher 13
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
+ 0x0013,
"EDH-DSS-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -319,12 +353,13 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168,
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
),
// Cipher 14
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
+ 0x0014,
"EXP-EDH-RSA-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -340,6 +375,7 @@ public enum Cipher {
),
// Cipher 15
TLS_DHE_RSA_WITH_DES_CBC_SHA(
+ 0x0015,
"EDH-RSA-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -355,6 +391,7 @@ public enum Cipher {
),
// Cipher 16
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0x0016,
"EDH-RSA-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -364,12 +401,13 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168,
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
),
// Cipher 17
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5(
+ 0x0017,
"EXP-ADH-RC4-MD5",
KeyExchange.EDH,
Authentication.aNULL,
@@ -385,6 +423,7 @@ public enum Cipher {
),
// Cipher 18
TLS_DH_anon_WITH_RC4_128_MD5(
+ 0x0018,
"ADH-RC4-MD5",
KeyExchange.EDH,
Authentication.aNULL,
@@ -400,6 +439,7 @@ public enum Cipher {
),
// Cipher 19
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
+ 0x0019,
"EXP-ADH-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -415,6 +455,7 @@ public enum Cipher {
),
// Cipher 1A
TLS_DH_anon_WITH_DES_CBC_SHA(
+ 0x001A,
"ADH-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -430,6 +471,7 @@ public enum Cipher {
),
// Cipher 1B
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA(
+ 0x001B,
"ADH-DES-CBC3-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -439,11 +481,14 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168,
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"
),
- /* Fortezza ciphersuite from SSL 3.0 spec */
+ /* Fortezza ciphersuite from SSL 3.0 spec
+ * Neither OpenSSL nor Java implement these ciphers and the IDs used
+ * overlap partially with the IDs used by the Kerberos ciphers
+ // Cipher 1C
SSL_FORTEZZA_DMS_WITH_NULL_SHA(
"FZA-NULL-SHA",
KeyExchange.FZA,
@@ -457,6 +502,7 @@ public enum Cipher {
0,
0
),
+ // Cipher 1D
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA(
"FZA-FZA-CBC-SHA",
KeyExchange.FZA,
@@ -470,6 +516,7 @@ public enum Cipher {
0,
0
),
+ // Cipher 1E - overlaps with Kerberos below
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA(
"FZA-RC4-SHA",
KeyExchange.FZA,
@@ -483,8 +530,11 @@ public enum Cipher {
128,
128
),
- /* The Kerberos ciphers*/
- // Cipher 1E
+ */
+ /* The Kerberos ciphers. OpenSSL doesn't support these. Java does but they
+ * are used for Kerberos authentication.
+ */
+ // Cipher 1E - overlaps with Fortezza above
/*TLS_KRB5_WITH_DES_CBC_SHA(
"KRB5-DES-CBC-SHA",
KeyExchange.KRB5,
@@ -509,7 +559,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168
),
// Cipher 20
@@ -565,7 +615,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
- 168,
+ 112,
168
),
// Cipher 24
@@ -680,9 +730,23 @@ public enum Cipher {
40,
128
),*/
+
+ /* PSK cipher suites from RFC 4785
+ * Unsupported by both Java and OpenSSL.
+ // Cipher 2C
+ TLS_PSK_WITH_NULL_SHA
+
+ // Cipher 2D
+ TLS_DHE_PSK_WITH_NULL_SHA
+
+ // Cipher 2E
+ TLS_RSA_PSK_WITH_NULL_SHA
+ */
+
/* New AES ciphersuites */
// Cipher 2F
TLS_RSA_WITH_AES_128_CBC_SHA(
+ 0x002f,
"AES128-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -697,6 +761,7 @@ public enum Cipher {
),
// Cipher 30
TLS_DH_DSS_WITH_AES_128_CBC_SHA(
+ 0x0030,
"DH-DSS-AES128-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -711,6 +776,7 @@ public enum Cipher {
),
// Cipher 31
TLS_DH_RSA_WITH_AES_128_CBC_SHA(
+ 0x0031,
"DH-RSA-AES128-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -725,6 +791,7 @@ public enum Cipher {
),
// Cipher 32
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
+ 0x0032,
"DHE-DSS-AES128-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -739,6 +806,7 @@ public enum Cipher {
),
// Cipher 33
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
+ 0x0033,
"DHE-RSA-AES128-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -753,6 +821,7 @@ public enum Cipher {
),
// Cipher 34
TLS_DH_anon_WITH_AES_128_CBC_SHA(
+ 0x0034,
"ADH-AES128-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -767,6 +836,7 @@ public enum Cipher {
),
// Cipher 35
TLS_RSA_WITH_AES_256_CBC_SHA(
+ 0x0035,
"AES256-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -781,6 +851,7 @@ public enum Cipher {
),
// Cipher 36
TLS_DH_DSS_WITH_AES_256_CBC_SHA(
+ 0x0036,
"DH-DSS-AES256-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -795,6 +866,7 @@ public enum Cipher {
),
// Cipher 37
TLS_DH_RSA_WITH_AES_256_CBC_SHA(
+ 0x0037,
"DH-RSA-AES256-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -809,6 +881,7 @@ public enum Cipher {
),
// Cipher 38
TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
+ 0x0038,
"DHE-DSS-AES256-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -823,6 +896,7 @@ public enum Cipher {
),
// Cipher 39
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
+ 0x0039,
"DHE-RSA-AES256-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -837,6 +911,7 @@ public enum Cipher {
),
// Cipher 3A
TLS_DH_anon_WITH_AES_256_CBC_SHA(
+ 0x003A,
"ADH-AES256-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -852,6 +927,7 @@ public enum Cipher {
/* TLS v1.2 ciphersuites */
// Cipher 3B
TLS_RSA_WITH_NULL_SHA256(
+ 0x003B,
"NULL-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -866,6 +942,7 @@ public enum Cipher {
),
// Cipher 3C
TLS_RSA_WITH_AES_128_CBC_SHA256(
+ 0x003C,
"AES128-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -880,6 +957,7 @@ public enum Cipher {
),
// Cipher 3D
TLS_RSA_WITH_AES_256_CBC_SHA256(
+ 0x003D,
"AES256-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -894,6 +972,7 @@ public enum Cipher {
),
// Cipher 3E
TLS_DH_DSS_WITH_AES_128_CBC_SHA256(
+ 0x003E,
"DH-DSS-AES128-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -908,6 +987,7 @@ public enum Cipher {
),
// Cipher 3F
TLS_DH_RSA_WITH_AES_128_CBC_SHA256(
+ 0x003F,
"DH-RSA-AES128-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -922,6 +1002,7 @@ public enum Cipher {
),
// Cipher 40
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
+ 0x0040,
"DHE-DSS-AES128-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -938,6 +1019,7 @@ public enum Cipher {
128-bit portion) */
// Cipher 41
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0041,
"CAMELLIA128-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -952,6 +1034,7 @@ public enum Cipher {
),
// Cipher 42
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0042,
"DH-DSS-CAMELLIA128-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -966,6 +1049,7 @@ public enum Cipher {
),
// Cipher 43
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0043,
"DH-RSA-CAMELLIA128-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -980,6 +1064,7 @@ public enum Cipher {
),
// Cipher 44
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0044,
"DHE-DSS-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -994,6 +1079,7 @@ public enum Cipher {
),
// Cipher 45
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0045,
"DHE-RSA-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -1008,6 +1094,7 @@ public enum Cipher {
),
// Cipher 46
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA(
+ 0x0046,
"ADH-CAMELLIA128-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1020,9 +1107,11 @@ public enum Cipher {
128,
128
),
- /* New TLS Export CipherSuites from expired ID */
+
+ /* Experimental (and now expired) TLSv1 versions of SSLv3 ciphers. */
// Cipher 60
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5(
+ 0x0060,
"EXP1024-RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -1038,6 +1127,7 @@ public enum Cipher {
),
// Cipher 61
TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5(
+ 0x0061,
"EXP1024-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -1053,6 +1143,7 @@ public enum Cipher {
),
// Cipher 62
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA(
+ 0x0062,
"EXP1024-DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -1068,6 +1159,7 @@ public enum Cipher {
),
// Cipher 63
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA(
+ 0x0063,
"EXP1024-DHE-DSS-DES-CBC-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -1083,6 +1175,7 @@ public enum Cipher {
),
// Cipher 64
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA(
+ 0x0064,
"EXP1024-RC4-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -1098,6 +1191,7 @@ public enum Cipher {
),
// Cipher 65
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA(
+ 0x0065,
"EXP1024-DHE-DSS-RC4-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -1113,6 +1207,7 @@ public enum Cipher {
),
// Cipher 66
TLS_DHE_DSS_WITH_RC4_128_SHA(
+ 0x0066,
"DHE-DSS-RC4-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -1129,6 +1224,7 @@ public enum Cipher {
/* TLS v1.2 ciphersuites */
// Cipher 67
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
+ 0x0067,
"DHE-RSA-AES128-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1143,6 +1239,7 @@ public enum Cipher {
),
// Cipher 68
TLS_DH_DSS_WITH_AES_256_CBC_SHA256(
+ 0x0068,
"DH-DSS-AES256-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -1157,6 +1254,7 @@ public enum Cipher {
),
// Cipher 69
TLS_DH_RSA_WITH_AES_256_CBC_SHA256(
+ 0x0069,
"DH-RSA-AES256-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -1171,6 +1269,7 @@ public enum Cipher {
),
// Cipher 6A
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
+ 0x006A,
"DHE-DSS-AES256-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -1185,6 +1284,7 @@ public enum Cipher {
),
// Cipher 6B
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
+ 0x006B,
"DHE-RSA-AES256-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1199,6 +1299,7 @@ public enum Cipher {
),
// Cipher 6C
TLS_DH_anon_WITH_AES_128_CBC_SHA256(
+ 0x006C,
"ADH-AES128-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1213,6 +1314,7 @@ public enum Cipher {
),
// Cipher 6D
TLS_DH_anon_WITH_AES_256_CBC_SHA256(
+ 0x006D,
"ADH-AES256-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1225,8 +1327,10 @@ public enum Cipher {
256,
256
),
- /* GOST Ciphersuites */
+ /* GOST Ciphersuites. Unsupported by Java. OpenSSl lists them with IDs
+ * 0x3000080 to 0x3000083 */
/*
+ // Cipher 80
TLS_GOSTR341094_WITH_28147_CNT_IMIT(
"GOST94-GOST89-GOST89",
KeyExchange.GOST,
@@ -1240,6 +1344,7 @@ public enum Cipher {
256,
256
),
+ // Cipher 81
TLS_GOSTR341001_WITH_28147_CNT_IMIT(
"GOST2001-GOST89-GOST89",
KeyExchange.GOST,
@@ -1253,6 +1358,7 @@ public enum Cipher {
256,
256
),
+ // Cipher 82
TLS_GOSTR341094_WITH_NULL_GOSTR3411(
"GOST94-NULL-GOST94",
KeyExchange.GOST,
@@ -1266,6 +1372,7 @@ public enum Cipher {
0,
0
),
+ // Cipher 83
TLS_GOSTR341001_WITH_NULL_GOSTR3411(
"GOST2001-NULL-GOST94",
KeyExchange.GOST,
@@ -1283,6 +1390,7 @@ public enum Cipher {
256-bit portion) */
// Cipher 84
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0084,
"CAMELLIA256-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -1297,6 +1405,7 @@ public enum Cipher {
),
// Cipher 85
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0085,
"DH-DSS-CAMELLIA256-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -1311,6 +1420,7 @@ public enum Cipher {
),
// Cipher 86
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0086,
"DH-RSA-CAMELLIA256-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -1325,6 +1435,7 @@ public enum Cipher {
),
// Cipher 87
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0087,
"DHE-DSS-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -1339,6 +1450,7 @@ public enum Cipher {
),
// Cipher 88
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0088,
"DHE-RSA-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -1353,6 +1465,7 @@ public enum Cipher {
),
// Cipher 89
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA(
+ 0x0089,
"ADH-CAMELLIA256-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1367,6 +1480,7 @@ public enum Cipher {
),
// Cipher 8A
TLS_PSK_WITH_RC4_128_SHA(
+ 0x008A,
"PSK-RC4-SHA",
KeyExchange.PSK,
Authentication.PSK,
@@ -1381,6 +1495,7 @@ public enum Cipher {
),
// Cipher 8B
TLS_PSK_WITH_3DES_EDE_CBC_SHA(
+ 0x008B,
"PSK-3DES-EDE-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
@@ -1390,11 +1505,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168
),
// Cipher 8C
TLS_PSK_WITH_AES_128_CBC_SHA(
+ 0x008C,
"PSK-AES128-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
@@ -1409,6 +1525,7 @@ public enum Cipher {
),
// Cipher 8D
TLS_PSK_WITH_AES_256_CBC_SHA(
+ 0x008D,
"PSK-AES256-CBC-SHA",
KeyExchange.PSK,
Authentication.PSK,
@@ -1421,9 +1538,15 @@ public enum Cipher {
256,
256
),
+
+ /* PSK ciphers 0x008E to 0x0095
+ * Unsupported by both Java and OpenSSL
+ */
+
/* SEED ciphersuites from RFC4162 */
// Cipher 96
TLS_RSA_WITH_SEED_CBC_SHA(
+ 0x0096,
"SEED-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -1438,6 +1561,7 @@ public enum Cipher {
),
// Cipher 97
TLS_DH_DSS_WITH_SEED_CBC_SHA(
+ 0x0097,
"DH-DSS-SEED-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -1452,6 +1576,7 @@ public enum Cipher {
),
// Cipher 98
TLS_DH_RSA_WITH_SEED_CBC_SHA(
+ 0x0098,
"DH-RSA-SEED-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -1466,6 +1591,7 @@ public enum Cipher {
),
// Cipher 99
TLS_DHE_DSS_WITH_SEED_CBC_SHA(
+ 0x0099,
"DHE-DSS-SEED-SHA",
KeyExchange.EDH,
Authentication.DSS,
@@ -1480,6 +1606,7 @@ public enum Cipher {
),
// Cipher 9A
TLS_DHE_RSA_WITH_SEED_CBC_SHA(
+ 0x009A,
"DHE-RSA-SEED-SHA",
KeyExchange.EDH,
Authentication.RSA,
@@ -1494,6 +1621,7 @@ public enum Cipher {
),
// Cipher 9B
TLS_DH_anon_WITH_SEED_CBC_SHA(
+ 0x009B,
"ADH-SEED-SHA",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1509,6 +1637,7 @@ public enum Cipher {
/* GCM ciphersuites from RFC5288 */
// Cipher 9C
TLS_RSA_WITH_AES_128_GCM_SHA256(
+ 0x009C,
"AES128-GCM-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -1523,6 +1652,7 @@ public enum Cipher {
),
// Cipher 9D
TLS_RSA_WITH_AES_256_GCM_SHA384(
+ 0x009D,
"AES256-GCM-SHA384",
KeyExchange.RSA,
Authentication.RSA,
@@ -1537,6 +1667,7 @@ public enum Cipher {
),
// Cipher 9E
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
+ 0x009E,
"DHE-RSA-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1551,6 +1682,7 @@ public enum Cipher {
),
// Cipher 9F
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
+ 0x009F,
"DHE-RSA-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.RSA,
@@ -1565,6 +1697,7 @@ public enum Cipher {
),
// Cipher A0
TLS_DH_RSA_WITH_AES_128_GCM_SHA256(
+ 0x00A0,
"DH-RSA-AES128-GCM-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -1579,6 +1712,7 @@ public enum Cipher {
),
// Cipher A1
TLS_DH_RSA_WITH_AES_256_GCM_SHA384(
+ 0x00A1,
"DH-RSA-AES256-GCM-SHA384",
KeyExchange.DHr,
Authentication.DH,
@@ -1593,6 +1727,7 @@ public enum Cipher {
),
// Cipher A2
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
+ 0x00A2,
"DHE-DSS-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -1607,6 +1742,7 @@ public enum Cipher {
),
// Cipher A3
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
+ 0x00A3,
"DHE-DSS-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.DSS,
@@ -1621,6 +1757,7 @@ public enum Cipher {
),
// Cipher A4
TLS_DH_DSS_WITH_AES_128_GCM_SHA256(
+ 0x00A4,
"DH-DSS-AES128-GCM-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -1635,6 +1772,7 @@ public enum Cipher {
),
// Cipher A5
TLS_DH_DSS_WITH_AES_256_GCM_SHA384(
+ 0x00A5,
"DH-DSS-AES256-GCM-SHA384",
KeyExchange.DHd,
Authentication.DH,
@@ -1649,6 +1787,7 @@ public enum Cipher {
),
// Cipher A6
TLS_DH_anon_WITH_AES_128_GCM_SHA256(
+ 0x00A6,
"ADH-AES128-GCM-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1663,6 +1802,7 @@ public enum Cipher {
),
// Cipher A7
TLS_DH_anon_WITH_AES_256_GCM_SHA384(
+ 0x00A7,
"ADH-AES256-GCM-SHA384",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1675,8 +1815,44 @@ public enum Cipher {
256,
256
),
+ // Cipher A8
+ TLS_PSK_WITH_AES_128_GCM_SHA256(
+ 0x00A8,
+ "PSK-AES128-GCM-SHA256",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.AES128GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 128,
+ 128
+ ),
+ // Cipher A9
+ TLS_PSK_WITH_AES_256_GCM_SHA384(
+ 0x00A9,
+ "PSK-AES256-GCM-SHA384",
+ KeyExchange.PSK,
+ Authentication.PSK,
+ Encryption.AES256GCM,
+ MessageDigest.AEAD,
+ Protocol.TLSv1_2,
+ false,
+ EncryptionLevel.HIGH,
+ true,
+ 256,
+ 256
+ ),
+
+ /* PSK ciphers 0x00AA to 0x00B9
+ * Unsupported by both Java and OpenSSL
+ */
+
// Cipher BA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BA,
"CAMELLIA128-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -1691,6 +1867,7 @@ public enum Cipher {
),
// Cipher BB
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BB,
"DH-DSS-CAMELLIA128-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -1705,6 +1882,7 @@ public enum Cipher {
),
// Cipher BC
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BC,
"DH-RSA-CAMELLIA128-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -1719,6 +1897,7 @@ public enum Cipher {
),
// Cipher BD
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BD,
"DHE-DSS-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -1733,6 +1912,7 @@ public enum Cipher {
),
// Cipher BE
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BE,
"DHE-RSA-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1747,6 +1927,7 @@ public enum Cipher {
),
// Cipher BF
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256(
+ 0x00BF,
"ADH-CAMELLIA128-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1761,6 +1942,7 @@ public enum Cipher {
),
// Cipher C0
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C0,
"CAMELLIA256-SHA256",
KeyExchange.RSA,
Authentication.RSA,
@@ -1775,6 +1957,7 @@ public enum Cipher {
),
// Cipher C1
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C1,
"DH-DSS-CAMELLIA256-SHA256",
KeyExchange.DHd,
Authentication.DH,
@@ -1789,6 +1972,7 @@ public enum Cipher {
),
// Cipher C2
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C2,
"DH-RSA-CAMELLIA256-SHA256",
KeyExchange.DHr,
Authentication.DH,
@@ -1803,6 +1987,7 @@ public enum Cipher {
),
// Cipher C3
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C3,
"DHE-DSS-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.DSS,
@@ -1817,6 +2002,7 @@ public enum Cipher {
),
// Cipher C4
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C4,
"DHE-RSA-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.RSA,
@@ -1831,6 +2017,7 @@ public enum Cipher {
),
// Cipher C5
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256(
+ 0x00C5,
"ADH-CAMELLIA256-SHA256",
KeyExchange.EDH,
Authentication.aNULL,
@@ -1843,10 +2030,18 @@ public enum Cipher {
256,
256
),
+
+ /* Cipher 0x00FF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ * Cipher 0x5600 TLS_FALLBACK_SCSV
+ *
+ * No other ciphers defined until 0xC001 below
+ */
+
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (
Mar 15, 2001) */
// Cipher C001
TLS_ECDH_ECDSA_WITH_NULL_SHA(
+ 0xC001,
"ECDH-ECDSA-NULL-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1861,6 +2056,7 @@ public enum Cipher {
),
// Cipher C002
TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
+ 0xC002,
"ECDH-ECDSA-RC4-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1875,6 +2071,7 @@ public enum Cipher {
),
// Cipher C003
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC003,
"ECDH-ECDSA-DES-CBC3-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1884,11 +2081,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168
),
// Cipher C004
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
+ 0xC004,
"ECDH-ECDSA-AES128-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1903,6 +2101,7 @@ public enum Cipher {
),
// Cipher C005
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
+ 0xC005,
"ECDH-ECDSA-AES256-SHA",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -1917,6 +2116,7 @@ public enum Cipher {
),
// Cipher C006
TLS_ECDHE_ECDSA_WITH_NULL_SHA(
+ 0xC006,
"ECDHE-ECDSA-NULL-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1931,6 +2131,7 @@ public enum Cipher {
),
// Cipher C007
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
+ 0xC007,
"ECDHE-ECDSA-RC4-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1945,6 +2146,7 @@ public enum Cipher {
),
// Cipher C008
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC008,
"ECDHE-ECDSA-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1954,11 +2156,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168
),
// Cipher C009
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
+ 0xC009,
"ECDHE-ECDSA-AES128-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1973,6 +2176,7 @@ public enum Cipher {
),
// Cipher C00A
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
+ 0xC00A,
"ECDHE-ECDSA-AES256-SHA",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -1987,6 +2191,7 @@ public enum Cipher {
),
// Cipher C00B
TLS_ECDH_RSA_WITH_NULL_SHA(
+ 0xC00B,
"ECDH-RSA-NULL-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2001,6 +2206,7 @@ public enum Cipher {
),
// Cipher C00C
TLS_ECDH_RSA_WITH_RC4_128_SHA(
+ 0xC00C,
"ECDH-RSA-RC4-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2015,6 +2221,7 @@ public enum Cipher {
),
// Cipher C00D
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC00D,
"ECDH-RSA-DES-CBC3-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2024,11 +2231,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168
),
// Cipher C00E
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
+ 0xC00E,
"ECDH-RSA-AES128-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2043,6 +2251,7 @@ public enum Cipher {
),
// Cipher C00F
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
+ 0xC00F,
"ECDH-RSA-AES256-SHA",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2057,6 +2266,7 @@ public enum Cipher {
),
// Cipher C010
TLS_ECDHE_RSA_WITH_NULL_SHA(
+ 0xC010,
"ECDHE-RSA-NULL-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2071,6 +2281,7 @@ public enum Cipher {
),
// Cipher C011
TLS_ECDHE_RSA_WITH_RC4_128_SHA(
+ 0xC011,
"ECDHE-RSA-RC4-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2085,6 +2296,7 @@ public enum Cipher {
),
// Cipher C012
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC012,
"ECDHE-RSA-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2094,11 +2306,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168
),
// Cipher C013
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
+ 0xC013,
"ECDHE-RSA-AES128-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2113,6 +2326,7 @@ public enum Cipher {
),
// Cipher C014
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
+ 0xC014,
"ECDHE-RSA-AES256-SHA",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2127,6 +2341,7 @@ public enum Cipher {
),
// Cipher C015
TLS_ECDH_anon_WITH_NULL_SHA(
+ 0xC015,
"AECDH-NULL-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2141,6 +2356,7 @@ public enum Cipher {
),
// Cipher C016
TLS_ECDH_anon_WITH_RC4_128_SHA(
+ 0xC016,
"AECDH-RC4-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2155,6 +2371,7 @@ public enum Cipher {
),
// Cipher C017
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
+ 0xC017,
"AECDH-DES-CBC3-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2164,11 +2381,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
- 168,
+ 112,
168
),
// Cipher C018
TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
+ 0xC018,
"AECDH-AES128-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2183,6 +2401,7 @@ public enum Cipher {
),
// Cipher C019
TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
+ 0xC019,
"AECDH-AES256-SHA",
KeyExchange.EECDH,
Authentication.aNULL,
@@ -2198,6 +2417,7 @@ public enum Cipher {
/* SRP ciphersuite from RFC 5054 */
// Cipher C01A
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA(
+ 0xC01A,
"SRP-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
@@ -2207,11 +2427,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
- 168,
+ 112,
168
),
// Cipher C01B
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA(
+ 0xC01B,
"SRP-RSA-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
@@ -2221,11 +2442,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
- 168,
+ 112,
168
),
// Cipher C01C
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA(
+ 0xC01C,
"SRP-DSS-3DES-EDE-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
@@ -2235,11 +2457,12 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
- 168,
+ 112,
168
),
// Cipher C01D
TLS_SRP_SHA_WITH_AES_128_CBC_SHA(
+ 0xC01D,
"SRP-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
@@ -2254,6 +2477,7 @@ public enum Cipher {
),
// Cipher C01E
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA(
+ 0xC01E,
"SRP-RSA-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
@@ -2268,6 +2492,7 @@ public enum Cipher {
),
// Cipher C01F
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA(
+ 0xC01F,
"SRP-DSS-AES-128-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
@@ -2282,6 +2507,7 @@ public enum Cipher {
),
// Cipher C020
TLS_SRP_SHA_WITH_AES_256_CBC_SHA(
+ 0xC020,
"SRP-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.SRP,
@@ -2296,6 +2522,7 @@ public enum Cipher {
),
// Cipher C021
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA(
+ 0xC021,
"SRP-RSA-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.RSA,
@@ -2310,6 +2537,7 @@ public enum Cipher {
),
// Cipher C022
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA(
+ 0xC022,
"SRP-DSS-AES-256-CBC-SHA",
KeyExchange.SRP,
Authentication.DSS,
@@ -2325,6 +2553,7 @@ public enum Cipher {
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
// Cipher C023
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
+ 0xC023,
"ECDHE-ECDSA-AES128-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2339,6 +2568,7 @@ public enum Cipher {
),
// Cipher C024
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
+ 0xC024,
"ECDHE-ECDSA-AES256-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2353,6 +2583,7 @@ public enum Cipher {
),
// Cipher C025
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
+ 0xC025,
"ECDH-ECDSA-AES128-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2367,6 +2598,7 @@ public enum Cipher {
),
// Cipher C026
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
+ 0xC026,
"ECDH-ECDSA-AES256-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2381,6 +2613,7 @@ public enum Cipher {
),
// Cipher C027
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
+ 0xC027,
"ECDHE-RSA-AES128-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2395,6 +2628,7 @@ public enum Cipher {
),
// Cipher C028
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
+ 0xC028,
"ECDHE-RSA-AES256-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2409,6 +2643,7 @@ public enum Cipher {
),
// Cipher C029
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
+ 0xC029,
"ECDH-RSA-AES128-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2423,6 +2658,7 @@ public enum Cipher {
),
// Cipher C02A
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
+ 0xC02A,
"ECDH-RSA-AES256-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2438,6 +2674,7 @@ public enum Cipher {
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
// Cipher C02B
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
+ 0xC02B,
"ECDHE-ECDSA-AES128-GCM-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2452,6 +2689,7 @@ public enum Cipher {
),
// Cipher C02C
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
+ 0xC02C,
"ECDHE-ECDSA-AES256-GCM-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2466,6 +2704,7 @@ public enum Cipher {
),
// Cipher C02D
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
+ 0xC02D,
"ECDH-ECDSA-AES128-GCM-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2480,6 +2719,7 @@ public enum Cipher {
),
// Cipher C02E
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
+ 0xC02E,
"ECDH-ECDSA-AES256-GCM-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2494,6 +2734,7 @@ public enum Cipher {
),
// Cipher C02F
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
+ 0xC02F,
"ECDHE-RSA-AES128-GCM-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2508,6 +2749,7 @@ public enum Cipher {
),
// Cipher C030
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
+ 0xC030,
"ECDHE-RSA-AES256-GCM-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2522,6 +2764,7 @@ public enum Cipher {
),
// Cipher C031
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
+ 0xC031,
"ECDH-RSA-AES128-GCM-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2536,6 +2779,7 @@ public enum Cipher {
),
// Cipher C032
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
+ 0xC032,
"ECDH-RSA-AES256-GCM-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2548,8 +2792,17 @@ public enum Cipher {
256,
256
),
+
+ /* PSK ciphers 0xC033 to 0xC03B
+ * Unsupported by both Java and OpenSSL
+ */
+
+ /* ARIA ciphers 0xC03C to 0xC071
+ * Unsupported by both Java and OpenSSL
+ */
// Cipher C072
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0xC072,
"ECDHE-ECDSA-CAMELLIA128-SHA256",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2564,6 +2817,7 @@ public enum Cipher {
),
// Cipher C073
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(
+ 0xC073,
"ECDHE-ECDSA-CAMELLIA256-SHA384",
KeyExchange.EECDH,
Authentication.ECDSA,
@@ -2578,6 +2832,7 @@ public enum Cipher {
),
// Cipher C074
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0xC074,
"ECDH-ECDSA-CAMELLIA128-SHA256",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2592,6 +2847,7 @@ public enum Cipher {
),
// Cipher C075
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(
+ 0xC075,
"ECDH-ECDSA-CAMELLIA256-SHA384",
KeyExchange.ECDHe,
Authentication.ECDH,
@@ -2606,6 +2862,7 @@ public enum Cipher {
),
// Cipher C076
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0xC076,
"ECDHE-RSA-CAMELLIA128-SHA256",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2620,6 +2877,7 @@ public enum Cipher {
),
// Cipher C077
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384(
+ 0xC077,
"ECDHE-RSA-CAMELLIA256-SHA384",
KeyExchange.EECDH,
Authentication.RSA,
@@ -2634,6 +2892,7 @@ public enum Cipher {
),
// Cipher C078
TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256(
+ 0xC078,
"ECDH-RSA-CAMELLIA128-SHA256",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2648,6 +2907,7 @@ public enum Cipher {
),
// Cipher C079
TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384(
+ 0xC079,
"ECDH-RSA-CAMELLIA256-SHA384",
KeyExchange.ECDHr,
Authentication.ECDH,
@@ -2660,8 +2920,11 @@ public enum Cipher {
256,
256
),
+
+ // Cipher 0x010080 (SSLv2)
// RC4_128_WITH_MD5
SSL_CK_RC4_128_WITH_MD5(
+ -1,
"RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -2674,9 +2937,27 @@ public enum Cipher {
128,
128
),
+ // Cipher 0x020080 (SSLv2)
+ SSL2_RC4_128_EXPORT40_WITH_MD5(
+ -1,
+ "EXP-RC4-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.RC4,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ true,
+ EncryptionLevel.EXP40,
+ false,
+ 40,
+ 128,
+ "SSL_RC4_128_EXPORT40_WITH_MD5"
+ ),
+ // Cipher 0x030080 (SSLv2)
// RC2_128_CBC_WITH_MD5
SSL_CK_RC2_128_CBC_WITH_MD5(
- "RC2-MD5",
+ -1,
+ "RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
@@ -2688,8 +2969,10 @@ public enum Cipher {
128,
128
),
+ // Cipher 0x040080 (SSLv2)
// RC2_128_CBC_EXPORT40_WITH_MD5
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5(
+ -1,
"EXP-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -2702,6 +2985,57 @@ public enum Cipher {
40,
128
),
+ // Cipher 0x050080 (SSLv2)
+ // IDEA_128_CBC_WITH_MD5
+ SSL2_IDEA_128_CBC_WITH_MD5(
+ -1,
+ "IDEA-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.IDEA,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false, EncryptionLevel.MEDIUM,
+ false,
+ 128,
+ 128,
+ "SSL_CK_IDEA_128_CBC_WITH_MD5"
+ ),
+ // Cipher 0x060040 (SSLv2)
+ // DES_64_CBC_WITH_MD5
+ SSL2_DES_64_CBC_WITH_MD5(
+ -1,
+ "DES-CBC-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.DES,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.LOW,
+ false,
+ 56,
+ 56,
+ "SSL_CK_DES_64_CBC_WITH_MD5"
+ ),
+ // Cipher 0x0700C0 (SSLv2)
+ // DES_192_EDE3_CBC_WITH_MD5
+ SSL2_DES_192_EDE3_CBC_WITH_MD5(
+ -1,
+ "DES-CBC3-MD5",
+ KeyExchange.RSA,
+ Authentication.RSA,
+ Encryption.TRIPLE_DES,
+ MessageDigest.MD5,
+ Protocol.SSLv2,
+ false,
+ EncryptionLevel.HIGH,
+ false,
+ 112,
+ 168,
+ "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"
+ );
+
/* TEMP_GOST_TLS*/
/*
// Cipher FF00
@@ -2756,84 +3090,9 @@ public enum Cipher {
256,
256
},*/
- // Cipher 0x020080
- SSL2_RC4_128_EXPORT40_WITH_MD5(
- "EXP-RC4-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC4,
- MessageDigest.MD5,
- Protocol.SSLv2,
- true,
- EncryptionLevel.EXP40,
- false,
- 40,
- 128,
- "SSL_RC4_128_EXPORT40_WITH_MD5"
- ),
- // Cipher 0x030080 / 0x040080
- SSL2_RC2_CBC_128_CBC_WITH_MD5(
- "RC2-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.RC2,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.MEDIUM,
- true,
- 128,
- 128
- ),
- // Cipher 0x050080
- // IDEA_128_CBC_WITH_MD5
- SSL2_IDEA_128_CBC_WITH_MD5(
- "IDEA-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.IDEA,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false, EncryptionLevel.MEDIUM,
- false,
- 128,
- 128,
- "SSL_CK_IDEA_128_CBC_WITH_MD5"
- ),
- // Cipher 0x060040
- // DES_64_CBC_WITH_MD5
- SSL2_DES_64_CBC_WITH_MD5(
- "DES-CBC-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.DES,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.LOW,
- false,
- 56,
- 56,
- "SSL_CK_DES_64_CBC_WITH_MD5"
- ),
- // Cipher 0x0700C0
- // DES_192_EDE3_CBC_WITH_MD5
- SSL2_DES_192_EDE3_CBC_WITH_MD5(
- "DES-CBC3-MD5",
- KeyExchange.RSA,
- Authentication.RSA,
- Encryption.TRIPLE_DES,
- MessageDigest.MD5,
- Protocol.SSLv2,
- false,
- EncryptionLevel.HIGH,
- false,
- 168,
- 168,
- "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"
- );
+ private final int id;
private final String openSSLAlias;
private final Set<String> jsseNames;
private final KeyExchange kx;
@@ -2853,9 +3112,10 @@ public enum Cipher {
*/
private final int alg_bits;
- private Cipher(String openSSLAlias, KeyExchange kx, Authentication au,
Encryption enc, MessageDigest mac,
- Protocol protocol, boolean export, EncryptionLevel level, boolean
fipsCompatible, int strength_bits,
- int alg_bits, String... jsseAltNames) {
+ private Cipher(int id, String openSSLAlias, KeyExchange kx, Authentication
au, Encryption enc,
+ MessageDigest mac, Protocol protocol, boolean export,
EncryptionLevel level,
+ boolean fipsCompatible, int strength_bits, int alg_bits, String...
jsseAltNames) {
+ this.id = id;
this.openSSLAlias = openSSLAlias;
Set<String> names = new HashSet<>();
if (jsseAltNames != null) {
@@ -2875,6 +3135,10 @@ public enum Cipher {
this.alg_bits = alg_bits;
}
+ public int getId() {
+ return id;
+ }
+
public String getOpenSSLAlias() {
return openSSLAlias;
}
@@ -2923,4 +3187,21 @@ public enum Cipher {
return alg_bits;
}
+
+ private static final Map<Integer,Cipher> idMap = new HashMap<>();
+
+ static {
+ for (Cipher cipher : Cipher.values()) {
+ int id = cipher.getId();
+
+ if (id > 0 && id < 0xFFFF) {
+ idMap.put(Integer.valueOf(id), cipher);
+ }
+ }
+ }
+
+
+ public static Cipher valueOf(int cipherId) {
+ return idMap.get(Integer.valueOf(cipherId));
+ }
}
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1687770&r1=1687769&r2=1687770&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
(original)
+++
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Fri Jun 26 12:54:56 2015
@@ -115,7 +115,8 @@ public class TestCipher {
// 1.0.2
if (cipher.getProtocol().equals(Protocol.TLSv1_2) &&
(cipher.getEnc().equals(Encryption.CAMELLIA256) ||
- cipher.getEnc().equals(Encryption.CAMELLIA128))) {
+ cipher.getEnc().equals(Encryption.CAMELLIA128)||
+ cipher.getAu().equals(Authentication.PSK))) {
continue;
}
expectedCipherSuites.add(openSSLAlias + "+" +
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1687770&r1=1687769&r2=1687770&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
(original)
+++
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Fri Jun 26 12:54:56 2015
@@ -37,10 +37,6 @@ public class TesterOpenSSL {
// The following ciphers are not implemented in an OpenSSL
// version
Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA,
- Cipher.SSL_CK_RC2_128_CBC_WITH_MD5,
- Cipher.SSL_FORTEZZA_DMS_WITH_NULL_SHA,
- Cipher.SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- Cipher.SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
Cipher.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
Cipher.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
Cipher.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
@@ -69,6 +65,8 @@ public class TesterOpenSSL {
Cipher.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Cipher.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+ Cipher.TLS_PSK_WITH_AES_128_GCM_SHA256,
+ Cipher.TLS_PSK_WITH_AES_256_GCM_SHA384,
// The following have been removed from OpenSSL on
2015-05-23
Cipher.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
Cipher.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA)));
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
