1 /*
   2  * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.util.ArrayList;
  29 import java.util.Arrays;
  30 import java.util.Collection;
  31 import java.util.Collections;
  32 import java.util.LinkedList;
  33 import java.util.List;
  34 import static sun.security.ssl.CipherSuite.HashAlg.*;
  35 import static sun.security.ssl.CipherSuite.KeyExchange.*;
  36 import static sun.security.ssl.CipherSuite.MacAlg.*;
  37 import static sun.security.ssl.SSLCipher.*;
  38 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
  39 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*;
  40 
  41 /**
  42  * Enum for SSL/(D)TLS cipher suites.
  43  *
  44  * Please refer to the "TLS Cipher Suite Registry" section for more details
  45  * about each cipher suite:
  46  *     https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
  47  */
  48 enum CipherSuite {
  49     //
  50     // in preference order
  51     //
  52 
  53     // Definition of the CipherSuites that are enabled by default.
  54     //
  55     // They are listed in preference order, most preferred first, using
  56     // the following criteria:
  57     // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
  58     //    changed later, see below).
  59     // 2. Prefer forward secrecy cipher suites.
  60     // 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
  61     //    AES_128(GCM), AES_256, AES_128, 3DES-EDE.
  62     // 4. Prefer the stronger MAC algorithm, in the order of SHA384,
  63     //    SHA256, SHA, MD5.
  64     // 5. Prefer the better performance of key exchange and digital
  65     //    signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
  66     //    DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA.
  67 
  68     // TLS 1.3 cipher suites.
  69     TLS_AES_256_GCM_SHA384(
  70             0x1302, true, "TLS_AES_256_GCM_SHA384",
  71             ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384),
  72     TLS_AES_128_GCM_SHA256(
  73             0x1301, true, "TLS_AES_128_GCM_SHA256",
  74             ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256),
  75     TLS_CHACHA20_POLY1305_SHA256(
  76             0x1303, true, "TLS_CHACHA20_POLY1305_SHA256",
  77             ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256),
  78 
  79     // Suite B compliant cipher suites, see RFC 6460.
  80     //
  81     // Note that, at present this provider is not Suite B compliant. The
  82     // preference order of the GCM cipher suites does not follow the spec
  83     // of RFC 6460.  In this section, only two cipher suites are listed
  84     // so that applications can make use of Suite-B compliant cipher
  85     // suite firstly.
  86     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
  87             0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "",
  88             ProtocolVersion.PROTOCOLS_OF_12,
  89             K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),
  90     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
  91             0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "",
  92             ProtocolVersion.PROTOCOLS_OF_12,
  93             K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),
  94 
  95     // Not suite B, but we want it to position the suite early in the list
  96     // of 1.2 suites.
  97     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(
  98             0xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "",
  99             ProtocolVersion.PROTOCOLS_OF_12,
 100             K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256),
 101 
 102     //
 103     // Forward screcy cipher suites.
 104     //
 105 
 106     // AES_256(GCM) - ECDHE
 107     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
 108             0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "",
 109             ProtocolVersion.PROTOCOLS_OF_12,
 110             K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
 111     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
 112             0xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",
 113             ProtocolVersion.PROTOCOLS_OF_12,
 114             K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),
 115 
 116     // AES_128(GCM) - ECDHE
 117     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
 118             0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "",
 119             ProtocolVersion.PROTOCOLS_OF_12,
 120             K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
 121 
 122     // AES_256(GCM) - DHE
 123     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
 124             0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "",
 125             ProtocolVersion.PROTOCOLS_OF_12,
 126             K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
 127     TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
 128             0xCCAA, true, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",
 129             ProtocolVersion.PROTOCOLS_OF_12,
 130             K_DHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),
 131     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
 132             0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "",
 133             ProtocolVersion.PROTOCOLS_OF_12,
 134             K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384),
 135 
 136     // AES_128(GCM) - DHE
 137     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
 138             0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "",
 139             ProtocolVersion.PROTOCOLS_OF_12,
 140             K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
 141     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
 142             0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "",
 143             ProtocolVersion.PROTOCOLS_OF_12,
 144             K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256),
 145 
 146     // AES_256(CBC) - ECDHE
 147     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
 148             0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "",
 149             ProtocolVersion.PROTOCOLS_OF_12,
 150             K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384),
 151     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
 152             0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "",
 153             ProtocolVersion.PROTOCOLS_OF_12,
 154             K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384),
 155 
 156     // AES_128(CBC) - ECDHE
 157     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
 158             0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "",
 159             ProtocolVersion.PROTOCOLS_OF_12,
 160             K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256),
 161     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
 162             0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "",
 163             ProtocolVersion.PROTOCOLS_OF_12,
 164             K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256),
 165 
 166     // AES_256(CBC) - DHE
 167     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
 168             0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "",
 169             ProtocolVersion.PROTOCOLS_OF_12,
 170             K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256),
 171     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
 172             0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "",
 173             ProtocolVersion.PROTOCOLS_OF_12,
 174             K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256),
 175 
 176     // AES_128(CBC) - DHE
 177     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
 178             0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "",
 179             ProtocolVersion.PROTOCOLS_OF_12,
 180             K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256),
 181     TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
 182             0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "",
 183             ProtocolVersion.PROTOCOLS_OF_12,
 184             K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256),
 185 
 186     //
 187     // not forward screcy cipher suites.
 188     //
 189 
 190     // AES_256(GCM)
 191     TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
 192             0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",
 193             ProtocolVersion.PROTOCOLS_OF_12,
 194             K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),
 195     TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
 196             0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "",
 197             ProtocolVersion.PROTOCOLS_OF_12,
 198             K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
 199 
 200     // AES_128(GCM)
 201     TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
 202             0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "",
 203             ProtocolVersion.PROTOCOLS_OF_12,
 204             K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),
 205     TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
 206             0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "",
 207             ProtocolVersion.PROTOCOLS_OF_12,
 208             K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
 209 
 210     // AES_256(CBC)
 211     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
 212             0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "",
 213             ProtocolVersion.PROTOCOLS_OF_12,
 214             K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384),
 215     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
 216             0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "",
 217             ProtocolVersion.PROTOCOLS_OF_12,
 218             K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384),
 219 
 220     // AES_128(CBC)
 221     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
 222             0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "",
 223             ProtocolVersion.PROTOCOLS_OF_12,
 224             K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256),
 225     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
 226             0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "",
 227             ProtocolVersion.PROTOCOLS_OF_12,
 228             K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256),
 229 
 230     //
 231     // Legacy, used for compatibility
 232     //
 233 
 234     // AES_256(CBC) - ECDHE - Using SHA
 235     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
 236             0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "",
 237             ProtocolVersion.PROTOCOLS_TO_12,
 238             K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256),
 239     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
 240             0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "",
 241             ProtocolVersion.PROTOCOLS_TO_12,
 242             K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256),
 243 
 244     // AES_128(CBC) - ECDHE - using SHA
 245     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
 246             0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "",
 247             ProtocolVersion.PROTOCOLS_TO_12,
 248             K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256),
 249     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
 250             0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "",
 251             ProtocolVersion.PROTOCOLS_TO_12,
 252             K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256),
 253 
 254     // AES_256(CBC) - DHE - Using SHA
 255     TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
 256             0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "",
 257             ProtocolVersion.PROTOCOLS_TO_12,
 258             K_DHE_RSA, B_AES_256, M_SHA, H_SHA256),
 259     TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
 260             0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "",
 261             ProtocolVersion.PROTOCOLS_TO_12,
 262             K_DHE_DSS, B_AES_256, M_SHA, H_SHA256),
 263 
 264     // AES_128(CBC) - DHE - using SHA
 265     TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
 266             0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "",
 267             ProtocolVersion.PROTOCOLS_TO_12,
 268             K_DHE_RSA, B_AES_128, M_SHA, H_SHA256),
 269     TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
 270             0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "",
 271             ProtocolVersion.PROTOCOLS_TO_12,
 272             K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),
 273 
 274     // AES_256(CBC) - using SHA, not forward screcy
 275     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
 276             0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",
 277             ProtocolVersion.PROTOCOLS_TO_12,
 278             K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256),
 279     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
 280             0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "",
 281             ProtocolVersion.PROTOCOLS_TO_12,
 282             K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),
 283 
 284     // AES_128(CBC) - using SHA, not forward screcy
 285     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
 286             0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",
 287             ProtocolVersion.PROTOCOLS_TO_12,
 288             K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256),
 289     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
 290             0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "",
 291             ProtocolVersion.PROTOCOLS_TO_12,
 292             K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256),
 293 
 294     //
 295     // deprecated, used for compatibility
 296     //
 297 
 298     // RSA, AES_256(GCM)
 299     TLS_RSA_WITH_AES_256_GCM_SHA384(
 300             0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "",
 301             ProtocolVersion.PROTOCOLS_OF_12,
 302             K_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
 303 
 304     // RSA, AES_128(GCM)
 305     TLS_RSA_WITH_AES_128_GCM_SHA256(
 306             0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "",
 307             ProtocolVersion.PROTOCOLS_OF_12,
 308             K_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
 309 
 310     // RSA, AES_256(CBC)
 311     TLS_RSA_WITH_AES_256_CBC_SHA256(
 312             0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "",
 313             ProtocolVersion.PROTOCOLS_OF_12,
 314             K_RSA, B_AES_256, M_SHA256, H_SHA256),
 315 
 316     // RSA, AES_128(CBC)
 317     TLS_RSA_WITH_AES_128_CBC_SHA256(
 318             0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "",
 319             ProtocolVersion.PROTOCOLS_OF_12,
 320             K_RSA, B_AES_128, M_SHA256, H_SHA256),
 321 
 322     // RSA, AES_256(CBC) - using SHA, not forward screcy
 323     TLS_RSA_WITH_AES_256_CBC_SHA(
 324             0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",
 325             ProtocolVersion.PROTOCOLS_TO_12,
 326             K_RSA, B_AES_256, M_SHA, H_SHA256),
 327 
 328     // RSA, AES_128(CBC) - using SHA, not forward screcy
 329     TLS_RSA_WITH_AES_128_CBC_SHA(
 330             0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",
 331             ProtocolVersion.PROTOCOLS_TO_12,
 332             K_RSA, B_AES_128, M_SHA, H_SHA256),
 333 
 334     // 3DES_EDE, forward secrecy.
 335     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
 336             0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
 337             ProtocolVersion.PROTOCOLS_TO_12,
 338             K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),
 339     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
 340             0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",
 341             ProtocolVersion.PROTOCOLS_TO_12,
 342             K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),
 343     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
 344             0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 345                           "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 346             ProtocolVersion.PROTOCOLS_TO_12,
 347             K_DHE_RSA, B_3DES, M_SHA, H_SHA256),
 348     SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
 349             0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 350                           "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 351             ProtocolVersion.PROTOCOLS_TO_12,
 352             K_DHE_DSS, B_3DES, M_SHA, H_SHA256),
 353 
 354     // 3DES_EDE, not forward secrecy.
 355     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
 356             0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
 357             ProtocolVersion.PROTOCOLS_TO_12,
 358             K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),
 359     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
 360             0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",
 361             ProtocolVersion.PROTOCOLS_TO_12,
 362             K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),
 363     SSL_RSA_WITH_3DES_EDE_CBC_SHA(
 364             0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
 365                           "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
 366             ProtocolVersion.PROTOCOLS_TO_12,
 367             K_RSA, B_3DES, M_SHA, H_SHA256),
 368 
 369     // Renegotiation protection request Signalling Cipher Suite Value (SCSV).
 370     TLS_EMPTY_RENEGOTIATION_INFO_SCSV(        //  RFC 5746, TLS 1.2 and prior
 371             0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "",
 372             ProtocolVersion.PROTOCOLS_TO_12,
 373             K_SCSV, B_NULL, M_NULL, H_NONE),
 374 
 375     // Definition of the CipherSuites that are supported but not enabled
 376     // by default.
 377     // They are listed in preference order, preferred first, using the
 378     // following criteria:
 379     // 1. If a cipher suite has been obsoleted, we put it at the end of
 380     //    the list.
 381     // 2. Prefer the stronger bulk cipher, in the order of AES_256,
 382     //    AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
 383     // 3. Prefer the stronger MAC algorithm, in the order of SHA384,
 384     //    SHA256, SHA, MD5.
 385     // 4. Prefer the better performance of key exchange and digital
 386     //    signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
 387     //    RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.
 388     TLS_DH_anon_WITH_AES_256_GCM_SHA384(
 389             0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "",
 390             ProtocolVersion.PROTOCOLS_OF_12,
 391             K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384),
 392     TLS_DH_anon_WITH_AES_128_GCM_SHA256(
 393             0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "",
 394             ProtocolVersion.PROTOCOLS_OF_12,
 395             K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256),
 396     TLS_DH_anon_WITH_AES_256_CBC_SHA256(
 397             0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "",
 398             ProtocolVersion.PROTOCOLS_OF_12,
 399             K_DH_ANON, B_AES_256, M_SHA256, H_SHA256),
 400     TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
 401             0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "",
 402             ProtocolVersion.PROTOCOLS_TO_12,
 403             K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256),
 404     TLS_DH_anon_WITH_AES_256_CBC_SHA(
 405             0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "",
 406             ProtocolVersion.PROTOCOLS_TO_12,
 407             K_DH_ANON, B_AES_256, M_SHA, H_SHA256),
 408     TLS_DH_anon_WITH_AES_128_CBC_SHA256(
 409             0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "",
 410             ProtocolVersion.PROTOCOLS_OF_12,
 411             K_DH_ANON, B_AES_128, M_SHA256, H_SHA256),
 412     TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
 413             0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "",
 414             ProtocolVersion.PROTOCOLS_TO_12,
 415             K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256),
 416     TLS_DH_anon_WITH_AES_128_CBC_SHA(
 417             0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "",
 418             ProtocolVersion.PROTOCOLS_TO_12,
 419             K_DH_ANON, B_AES_128, M_SHA, H_SHA256),
 420     TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
 421             0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "",
 422             ProtocolVersion.PROTOCOLS_TO_12,
 423             K_ECDH_ANON, B_3DES, M_SHA, H_SHA256),
 424     SSL_DH_anon_WITH_3DES_EDE_CBC_SHA(
 425             0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
 426                            "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
 427             ProtocolVersion.PROTOCOLS_TO_12,
 428             K_DH_ANON, B_3DES, M_SHA, H_SHA256),
 429 
 430     // RC4
 431     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
 432             0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",
 433             ProtocolVersion.PROTOCOLS_TO_TLS12,
 434             K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),
 435     TLS_ECDHE_RSA_WITH_RC4_128_SHA(
 436             0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",
 437             ProtocolVersion.PROTOCOLS_TO_TLS12,
 438             K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),
 439     SSL_RSA_WITH_RC4_128_SHA(
 440             0x0005, false, "SSL_RSA_WITH_RC4_128_SHA",
 441                            "TLS_RSA_WITH_RC4_128_SHA",
 442             ProtocolVersion.PROTOCOLS_TO_TLS12,
 443             K_RSA, B_RC4_128, M_SHA, H_SHA256),
 444     TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
 445             0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",
 446             ProtocolVersion.PROTOCOLS_TO_TLS12,
 447             K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),
 448     TLS_ECDH_RSA_WITH_RC4_128_SHA(
 449             0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",
 450             ProtocolVersion.PROTOCOLS_TO_TLS12,
 451             K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),
 452     SSL_RSA_WITH_RC4_128_MD5(
 453             0x0004, false, "SSL_RSA_WITH_RC4_128_MD5",
 454                            "TLS_RSA_WITH_RC4_128_MD5",
 455             ProtocolVersion.PROTOCOLS_TO_TLS12,
 456             K_RSA, B_RC4_128, M_MD5, H_SHA256),
 457     TLS_ECDH_anon_WITH_RC4_128_SHA(
 458             0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",
 459             ProtocolVersion.PROTOCOLS_TO_TLS12,
 460             K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),
 461     SSL_DH_anon_WITH_RC4_128_MD5(
 462             0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5",
 463                            "TLS_DH_anon_WITH_RC4_128_MD5",
 464             ProtocolVersion.PROTOCOLS_TO_TLS12,
 465             K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),
 466 
 467     // weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
 468     SSL_RSA_WITH_DES_CBC_SHA(
 469             0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",
 470                            "TLS_RSA_WITH_DES_CBC_SHA",
 471             ProtocolVersion.PROTOCOLS_TO_11,
 472             K_RSA, B_DES, M_SHA, H_NONE),
 473     SSL_DHE_RSA_WITH_DES_CBC_SHA(
 474             0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 475                            "TLS_DHE_RSA_WITH_DES_CBC_SHA",
 476             ProtocolVersion.PROTOCOLS_TO_11,
 477             K_DHE_RSA, B_DES, M_SHA, H_NONE),
 478     SSL_DHE_DSS_WITH_DES_CBC_SHA(
 479             0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 480                            "TLS_DHE_DSS_WITH_DES_CBC_SHA",
 481             ProtocolVersion.PROTOCOLS_TO_11,
 482             K_DHE_DSS, B_DES, M_SHA, H_NONE),
 483     SSL_DH_anon_WITH_DES_CBC_SHA(
 484             0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA",
 485                            "TLS_DH_anon_WITH_DES_CBC_SHA",
 486             ProtocolVersion.PROTOCOLS_TO_11,
 487             K_DH_ANON, B_DES, M_SHA, H_NONE),
 488 
 489     // weak cipher suites obsoleted in TLS 1.1  [RFC 4346]
 490     SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(
 491             0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 492                            "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
 493             ProtocolVersion.PROTOCOLS_TO_10,
 494             K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),
 495     SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
 496             0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 497                            "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 498             ProtocolVersion.PROTOCOLS_TO_10,
 499             K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),
 500     SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
 501             0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 502                            "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 503             ProtocolVersion.PROTOCOLS_TO_10,
 504             K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE),
 505     SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
 506             0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
 507                            "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
 508             ProtocolVersion.PROTOCOLS_TO_10,
 509             K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE),
 510     SSL_RSA_EXPORT_WITH_RC4_40_MD5(
 511             0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 512                            "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
 513             ProtocolVersion.PROTOCOLS_TO_10,
 514             K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE),
 515     SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(
 516             0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
 517                            "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
 518             ProtocolVersion.PROTOCOLS_TO_10,
 519             K_DH_ANON, B_RC4_40, M_MD5, H_NONE),
 520 
 521     // no traffic encryption cipher suites
 522     TLS_RSA_WITH_NULL_SHA256(
 523             0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",
 524             ProtocolVersion.PROTOCOLS_OF_12,
 525             K_RSA, B_NULL, M_SHA256, H_SHA256),
 526     TLS_ECDHE_ECDSA_WITH_NULL_SHA(
 527             0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "",
 528             ProtocolVersion.PROTOCOLS_TO_12,
 529             K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256),
 530     TLS_ECDHE_RSA_WITH_NULL_SHA(
 531             0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "",
 532             ProtocolVersion.PROTOCOLS_TO_12,
 533             K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256),
 534     SSL_RSA_WITH_NULL_SHA(
 535             0x0002, false, "SSL_RSA_WITH_NULL_SHA",
 536                            "TLS_RSA_WITH_NULL_SHA",
 537             ProtocolVersion.PROTOCOLS_TO_12,
 538             K_RSA, B_NULL, M_SHA, H_SHA256),
 539     TLS_ECDH_ECDSA_WITH_NULL_SHA(
 540             0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "",
 541             ProtocolVersion.PROTOCOLS_TO_12,
 542             K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256),
 543     TLS_ECDH_RSA_WITH_NULL_SHA(
 544             0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "",
 545             ProtocolVersion.PROTOCOLS_TO_12,
 546             K_ECDH_RSA, B_NULL, M_SHA, H_SHA256),
 547     TLS_ECDH_anon_WITH_NULL_SHA(
 548             0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "",
 549             ProtocolVersion.PROTOCOLS_TO_12,
 550             K_ECDH_ANON, B_NULL, M_SHA, H_SHA256),
 551     SSL_RSA_WITH_NULL_MD5(
 552             0x0001, false, "SSL_RSA_WITH_NULL_MD5",
 553                            "TLS_RSA_WITH_NULL_MD5",
 554             ProtocolVersion.PROTOCOLS_TO_12,
 555             K_RSA, B_NULL, M_MD5, H_SHA256),
 556 
 557     // Definition of the CipherSuites that are not supported but the names
 558     // are known.
 559     TLS_AES_128_CCM_SHA256(                          // TLS 1.3
 560             "TLS_AES_128_CCM_SHA256", 0x1304),
 561     TLS_AES_128_CCM_8_SHA256(                        // TLS 1.3
 562             "TLS_AES_128_CCM_8_SHA256", 0x1305),
 563 
 564     // remaining unsupported ciphersuites defined in RFC2246.
 565     CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",           0x0006),
 566     CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA",                    0x0007),
 567     CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",         0x000b),
 568     CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA",                  0x000c),
 569     CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA",             0x000d),
 570     CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",         0x000e),
 571     CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA",                  0x000f),
 572     CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA",             0x0010),
 573 
 574     // SSL 3.0 Fortezza ciphersuites
 575     CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA",               0x001c),
 576     CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",       0x001d),
 577 
 578     // 1024/56 bit exportable ciphersuites from expired internet draft
 579     CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA",          0x0062),
 580     CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",      0x0063),
 581     CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA",           0x0064),
 582     CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",       0x0065),
 583     CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA",                 0x0066),
 584 
 585     // Netscape old and new SSL 3.0 FIPS ciphersuites
 586     // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
 587     CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",      0xffe0),
 588     CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA",           0xffe1),
 589     CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA",                0xfefe),
 590     CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",           0xfeff),
 591 
 592     // Unsupported Kerberos cipher suites from RFC 2712
 593     CS_001E("TLS_KRB5_WITH_DES_CBC_SHA",                    0x001E),
 594     CS_001F("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",               0x001F),
 595     CS_0020("TLS_KRB5_WITH_RC4_128_SHA",                    0x0020),
 596     CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA",                   0x0021),
 597     CS_0022("TLS_KRB5_WITH_DES_CBC_MD5",                    0x0022),
 598     CS_0023("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",               0x0023),
 599     CS_0024("TLS_KRB5_WITH_RC4_128_MD5",                    0x0024),
 600     CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5",                   0x0025),
 601     CS_0026("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",          0x0026),
 602     CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",          0x0027),
 603     CS_0028("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",              0x0028),
 604     CS_0029("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",          0x0029),
 605     CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",          0x002a),
 606     CS_002B("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",              0x002B),
 607 
 608     // Unsupported cipher suites from RFC 4162
 609     CS_0096("TLS_RSA_WITH_SEED_CBC_SHA",                    0x0096),
 610     CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA",                 0x0097),
 611     CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA",                 0x0098),
 612     CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA",                0x0099),
 613     CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA",                0x009a),
 614     CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA",                0x009b),
 615 
 616     // Unsupported cipher suites from RFC 4279
 617     CS_008A("TLS_PSK_WITH_RC4_128_SHA",                     0x008a),
 618     CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA",                0x008b),
 619     CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA",                 0x008c),
 620     CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA",                 0x008d),
 621     CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA",                 0x008e),
 622     CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",            0x008f),
 623     CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA",             0x0090),
 624     CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA",             0x0091),
 625     CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA",                 0x0092),
 626     CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",            0x0093),
 627     CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA",             0x0094),
 628     CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA",             0x0095),
 629 
 630     // Unsupported cipher suites from RFC 4785
 631     CS_002C("TLS_PSK_WITH_NULL_SHA",                        0x002c),
 632     CS_002D("TLS_DHE_PSK_WITH_NULL_SHA",                    0x002d),
 633     CS_002E("TLS_RSA_PSK_WITH_NULL_SHA",                    0x002e),
 634 
 635     // Unsupported cipher suites from RFC 5246
 636     CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA",              0x0030),
 637     CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA",              0x0031),
 638     CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA",              0x0036),
 639     CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA",              0x0037),
 640     CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256",           0x003e),
 641     CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256",           0x003f),
 642     CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256",           0x0068),
 643     CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256",           0x0069),
 644 
 645     // Unsupported cipher suites from RFC 5288
 646     CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256",           0x00a0),
 647     CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384",           0x00a1),
 648     CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256",           0x00a4),
 649     CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384",           0x00a5),
 650 
 651     // Unsupported cipher suites from RFC 5487
 652     CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256",              0x00a8),
 653     CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384",              0x00a9),
 654     CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",          0x00aa),
 655     CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",          0x00ab),
 656     CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",          0x00ac),
 657     CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",          0x00ad),
 658     CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256",              0x00ae),
 659     CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384",              0x00af),
 660     CS_00B0("TLS_PSK_WITH_NULL_SHA256",                     0x00b0),
 661     CS_00B1("TLS_PSK_WITH_NULL_SHA384",                     0x00b1),
 662     CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",          0x00b2),
 663     CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",          0x00b3),
 664     CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256",                 0x00b4),
 665     CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384",                 0x00b5),
 666     CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",          0x00b6),
 667     CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",          0x00b7),
 668     CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256",                 0x00b8),
 669     CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384",                 0x00b9),
 670 
 671     // Unsupported cipher suites from RFC 5932
 672     CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",            0x0041),
 673     CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",         0x0042),
 674     CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",         0x0043),
 675     CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",        0x0044),
 676     CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",        0x0045),
 677     CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",        0x0046),
 678     CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",            0x0084),
 679     CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",         0x0085),
 680     CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",         0x0086),
 681     CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",        0x0087),
 682     CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",        0x0088),
 683     CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",        0x0089),
 684     CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",         0x00ba),
 685     CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",      0x00bb),
 686     CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",      0x00bc),
 687     CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",     0x00bd),
 688     CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",     0x00be),
 689     CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",     0x00bf),
 690     CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",         0x00c0),
 691     CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",      0x00c1),
 692     CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",      0x00c2),
 693     CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",     0x00c3),
 694     CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",     0x00c4),
 695     CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",     0x00c5),
 696 
 697     // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507
 698     CS_5600("TLS_FALLBACK_SCSV",                            0x5600),
 699 
 700     // Unsupported cipher suites from RFC 5054
 701     CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",            0xc01a),
 702     CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",        0xc01b),
 703     CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",        0xc01c),
 704     CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA",             0xc01d),
 705     CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",         0xc01e),
 706     CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",         0xc01f),
 707     CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA",             0xc020),
 708     CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",         0xc021),
 709     CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",         0xc022),
 710 
 711     // Unsupported cipher suites from RFC 5489
 712     CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA",               0xc033),
 713     CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",          0xc034),
 714     CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",           0xc035),
 715     CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",           0xc036),
 716     CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",        0xc037),
 717     CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",        0xc038),
 718     CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA",                  0xc039),
 719     CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256",               0xc03a),
 720     CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384",               0xc03b),
 721 
 722     // Unsupported cipher suites from RFC 6209
 723     CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256",             0xc03c),
 724     CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384",             0xc03d),
 725     CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",          0xc03e),
 726     CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",          0xc03f),
 727     CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",          0xc040),
 728     CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",          0xc041),
 729     CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",         0xc042),
 730     CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",         0xc043),
 731     CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",         0xc044),
 732     CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",         0xc045),
 733     CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",         0xc046),
 734     CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",         0xc047),
 735     CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",     0xc048),
 736     CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",     0xc049),
 737     CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",      0xc04a),
 738     CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",      0xc04b),
 739     CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",       0xc04c),
 740     CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",       0xc04d),
 741     CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",        0xc04e),
 742     CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",        0xc04f),
 743     CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256",             0xc050),
 744     CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384",             0xc051),
 745     CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",         0xc052),
 746     CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",         0xc053),
 747     CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",          0xc054),
 748     CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",          0xc055),
 749     CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",         0xc056),
 750     CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",         0xc057),
 751     CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",          0xc058),
 752     CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",          0xc059),
 753     CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",         0xc05a),
 754     CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",         0xc05b),
 755     CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",     0xc05c),
 756     CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",     0xc05d),
 757     CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",      0xc05e),
 758     CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",      0xc05f),
 759     CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",       0xc060),
 760     CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",       0xc061),
 761     CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",        0xc062),
 762     CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",        0xc063),
 763     CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256",             0xc064),
 764     CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384",             0xc065),
 765     CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",         0xc066),
 766     CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",         0xc067),
 767     CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",         0xc068),
 768     CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",         0xc069),
 769     CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256",             0xc06a),
 770     CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384",             0xc06b),
 771     CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",         0xc06c),
 772     CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",         0xc06d),
 773     CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",         0xc06e),
 774     CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",         0xc06f),
 775     CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",       0xc070),
 776     CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",       0xc071),
 777 
 778     // Unsupported cipher suites from RFC 6367
 779     CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072),
 780     CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073),
 781     CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",  0xc074),
 782     CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",  0xc075),
 783     CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",   0xc076),
 784     CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",   0xc077),
 785     CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",    0xc078),
 786     CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",    0xc079),
 787     CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",         0xc07a),
 788     CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",         0xc07b),
 789     CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",     0xc07c),
 790     CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",     0xc07d),
 791     CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",      0xc07e),
 792     CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",      0xc07f),
 793     CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",     0xc080),
 794     CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",     0xc081),
 795     CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",      0xc082),
 796     CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",      0xc083),
 797     CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",     0xc084),
 798     CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",     0xc085),
 799     CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086),
 800     CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087),
 801     CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",  0xc088),
 802     CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",  0xc089),
 803     CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",   0xc08a),
 804     CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",   0xc08b),
 805     CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",    0xc08c),
 806     CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",    0xc08d),
 807     CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",         0xc08e),
 808     CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",         0xc08f),
 809     CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",     0xc090),
 810     CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",     0xc091),
 811     CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",     0xc092),
 812     CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",     0xc093),
 813     CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",         0xc094),
 814     CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",         0xc095),
 815     CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",     0xc096),
 816     CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",     0xc097),
 817     CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",     0xc098),
 818     CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",     0xc099),
 819     CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",   0xc09a),
 820     CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",   0xc09b),
 821 
 822     // Unsupported cipher suites from RFC 6655
 823     CS_C09C("TLS_RSA_WITH_AES_128_CCM",                     0xc09c),
 824     CS_C09D("TLS_RSA_WITH_AES_256_CCM",                     0xc09d),
 825     CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM",                 0xc09e),
 826     CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM",                 0xc09f),
 827     CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8",                   0xc0A0),
 828     CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8",                   0xc0A1),
 829     CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8",               0xc0A2),
 830     CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8",               0xc0A3),
 831     CS_C0A4("TLS_PSK_WITH_AES_128_CCM",                     0xc0A4),
 832     CS_C0A5("TLS_PSK_WITH_AES_256_CCM",                     0xc0A5),
 833     CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM",                 0xc0A6),
 834     CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM",                 0xc0A7),
 835     CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8",                   0xc0A8),
 836     CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8",                   0xc0A9),
 837     CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8",               0xc0Aa),
 838     CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8",               0xc0Ab),
 839 
 840     // Unsupported cipher suites from RFC 7251
 841     CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM",             0xc0Ac),
 842     CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM",             0xc0Ad),
 843     CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",           0xc0Ae),
 844     CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",           0xc0Af),
 845 
 846     C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000);
 847 
 848     final int id;
 849     final boolean isDefaultEnabled;
 850     final String name;
 851     final List<String> aliases;
 852     final List<ProtocolVersion> supportedProtocols;
 853     final KeyExchange keyExchange;
 854     final SSLCipher bulkCipher;
 855     final MacAlg macAlg;
 856     final HashAlg hashAlg;
 857 
 858     final boolean exportable;
 859 
 860     // known but unsupported cipher suite
 861     private CipherSuite(String name, int id) {
 862         this(id, false, name, "",
 863                 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null);
 864     }
 865 
 866     // TLS 1.3 cipher suite
 867     private CipherSuite(int id, boolean isDefaultEnabled,
 868             String name, ProtocolVersion[] supportedProtocols,
 869             SSLCipher bulkCipher, HashAlg hashAlg) {
 870         this(id, isDefaultEnabled, name, "",
 871                 supportedProtocols, null, bulkCipher, M_NULL, hashAlg);
 872     }
 873 
 874     private CipherSuite(int id, boolean isDefaultEnabled,
 875             String name, String aliases,
 876             ProtocolVersion[] supportedProtocols,
 877             KeyExchange keyExchange, SSLCipher cipher,
 878             MacAlg macAlg, HashAlg hashAlg) {
 879         this.id = id;
 880         this.isDefaultEnabled = isDefaultEnabled;
 881         this.name = name;
 882         if (!aliases.isEmpty()) {
 883             this.aliases = Arrays.asList(aliases.split(","));
 884         } else {
 885             this.aliases = Collections.emptyList();
 886         }
 887         this.supportedProtocols = Arrays.asList(supportedProtocols);
 888         this.keyExchange = keyExchange;
 889         this.bulkCipher = cipher;
 890         this.macAlg = macAlg;
 891         this.hashAlg = hashAlg;
 892 
 893         this.exportable = (cipher == null ? false : cipher.exportable);
 894     }
 895 
 896     static CipherSuite nameOf(String ciperSuiteName) {
 897         for (CipherSuite cs : CipherSuite.values()) {
 898             if (cs.name.equals(ciperSuiteName) ||
 899                     cs.aliases.contains(ciperSuiteName)) {
 900                 return cs;
 901             }
 902         }
 903 
 904         return null;
 905     }
 906 
 907     static CipherSuite valueOf(int id) {
 908         for (CipherSuite cs : CipherSuite.values()) {
 909             if (cs.id == id) {
 910                 return cs;
 911             }
 912         }
 913 
 914         return null;
 915     }
 916 
 917     static String nameOf(int id) {
 918         for (CipherSuite cs : CipherSuite.values()) {
 919             if (cs.id == id) {
 920                 return cs.name;
 921             }
 922         }
 923 
 924         return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")";
 925     }
 926 
 927     static Collection<CipherSuite> allowedCipherSuites() {
 928         Collection<CipherSuite> cipherSuites = new LinkedList<>();
 929         for (CipherSuite cs : CipherSuite.values()) {
 930             if (!cs.supportedProtocols.isEmpty()) {
 931                 cipherSuites.add(cs);
 932             } else {
 933                 // values() is ordered, remaining cipher suites are
 934                 // not supported.
 935                 break;
 936             }
 937         }
 938         return cipherSuites;
 939     }
 940 
 941     static Collection<CipherSuite> defaultCipherSuites() {
 942         Collection<CipherSuite> cipherSuites = new LinkedList<>();
 943         for (CipherSuite cs : CipherSuite.values()) {
 944             if (cs.isDefaultEnabled) {
 945                 cipherSuites.add(cs);
 946             } else {
 947                 // values() is ordered, remaining cipher suites are
 948                 // not enabled.
 949                 break;
 950             }
 951         }
 952         return cipherSuites;
 953     }
 954 
 955     /**
 956      * Validates and converts an array of cipher suite names.
 957      *
 958      * @throws IllegalArgumentException when one or more of the ciphers named
 959      *         by the parameter is not supported, or when the parameter is null.
 960      */
 961     static List<CipherSuite> validValuesOf(String[] names) {
 962         if (names == null) {
 963             throw new IllegalArgumentException("CipherSuites cannot be null");
 964         }
 965 
 966         List<CipherSuite> cipherSuites = new ArrayList<>(names.length);
 967         for (String name : names) {
 968             if (name == null || name.isEmpty()) {
 969                 throw new IllegalArgumentException(
 970                         "The specified CipherSuites array contains " +
 971                         "invalid null or empty string elements");
 972             }
 973 
 974             boolean found = false;
 975             for (CipherSuite cs : CipherSuite.values()) {
 976                 if (!cs.supportedProtocols.isEmpty()) {
 977                     if (cs.name.equals(name) ||
 978                             cs.aliases.contains(name)) {
 979                         cipherSuites.add(cs);
 980                         found = true;
 981                         break;
 982                     }
 983                 } else {
 984                     // values() is ordered, remaining cipher suites are
 985                     // not supported.
 986                     break;
 987                 }
 988             }
 989             if (!found) {
 990                 throw new IllegalArgumentException(
 991                         "Unsupported CipherSuite: "  + name);
 992             }
 993         }
 994 
 995         return Collections.unmodifiableList(cipherSuites);
 996     }
 997 
 998     static String[] namesOf(List<CipherSuite> cipherSuites) {
 999         String[] names = new String[cipherSuites.size()];
1000         int i = 0;
1001         for (CipherSuite cipherSuite : cipherSuites) {
1002             names[i++] = cipherSuite.name;
1003         }
1004 
1005         return names;
1006     }
1007 
1008     boolean isAvailable() {
1009         // Note: keyExchange is null for TLS 1.3 CipherSuites.
1010         return !supportedProtocols.isEmpty() &&
1011                 (keyExchange == null || keyExchange.isAvailable()) &&
1012                 bulkCipher != null && bulkCipher.isAvailable();
1013     }
1014 
1015     public boolean supports(ProtocolVersion protocolVersion) {
1016         return supportedProtocols.contains(protocolVersion);
1017     }
1018 
1019     boolean isNegotiable() {
1020         return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable();
1021     }
1022 
1023     boolean isAnonymous() {
1024         return (keyExchange != null && keyExchange.isAnonymous);
1025     }
1026 
1027     // See also SSLWriteCipher.calculatePacketSize().
1028     int calculatePacketSize(int fragmentSize,
1029             ProtocolVersion protocolVersion, boolean isDTLS) {
1030         int packetSize = fragmentSize;
1031         if (bulkCipher != null && bulkCipher != B_NULL) {
1032             int blockSize = bulkCipher.ivSize;
1033             switch (bulkCipher.cipherType) {
1034                 case BLOCK_CIPHER:
1035                     packetSize += macAlg.size;
1036                     packetSize += 1;        // 1 byte padding length field
1037                     packetSize +=           // use the minimal padding
1038                             (blockSize - (packetSize % blockSize)) % blockSize;
1039                     if (protocolVersion.useTLS11PlusSpec()) {
1040                         packetSize += blockSize;        // explicit IV
1041                     }
1042 
1043                     break;
1044                 case AEAD_CIPHER:
1045                     if (protocolVersion == ProtocolVersion.TLS12 ||
1046                             protocolVersion == ProtocolVersion.DTLS12) {
1047                         packetSize +=
1048                                 bulkCipher.ivSize - bulkCipher.fixedIvSize;
1049                     }
1050                     packetSize += bulkCipher.tagSize;
1051 
1052                     break;
1053                 default:    // NULL_CIPHER or STREAM_CIPHER
1054                     packetSize += macAlg.size;
1055             }
1056         }
1057 
1058         return packetSize +
1059             (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
1060     }
1061 
1062     // See also CipherBox.calculateFragmentSize().
1063     int calculateFragSize(int packetLimit,
1064             ProtocolVersion protocolVersion, boolean isDTLS) {
1065         int fragSize = packetLimit -
1066                 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
1067         if (bulkCipher != null && bulkCipher != B_NULL) {
1068             int blockSize = bulkCipher.ivSize;
1069             switch (bulkCipher.cipherType) {
1070                 case BLOCK_CIPHER:
1071                     if (protocolVersion.useTLS11PlusSpec()) {
1072                         fragSize -= blockSize;          // explicit IV
1073                     }
1074                     fragSize -= (fragSize % blockSize); // cannot hold a block
1075                     // No padding for a maximum fragment.
1076                     fragSize -= 1;        // 1 byte padding length field: 0x00
1077                     fragSize -= macAlg.size;
1078 
1079                     break;
1080                 case AEAD_CIPHER:
1081                     fragSize -= bulkCipher.tagSize;
1082                     fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize;
1083 
1084                     break;
1085                 default:    // NULL_CIPHER or STREAM_CIPHER
1086                     fragSize -= macAlg.size;
1087             }
1088         }
1089 
1090         return fragSize;
1091     }
1092 
1093     /**
1094      * An SSL/TLS key exchange algorithm.
1095      */
1096     static enum KeyExchange {
1097         K_NULL          ("NULL",           false, true,   NAMED_GROUP_NONE),
1098         K_RSA           ("RSA",            true,  false,  NAMED_GROUP_NONE),
1099         K_RSA_EXPORT    ("RSA_EXPORT",     true,  false,  NAMED_GROUP_NONE),
1100         K_DH_RSA        ("DH_RSA",         false, false,  NAMED_GROUP_NONE),
1101         K_DH_DSS        ("DH_DSS",         false, false,  NAMED_GROUP_NONE),
1102         K_DHE_DSS       ("DHE_DSS",        true,  false,  NAMED_GROUP_FFDHE),
1103         K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true,  false,  NAMED_GROUP_NONE),
1104         K_DHE_RSA       ("DHE_RSA",        true,  false,  NAMED_GROUP_FFDHE),
1105         K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true,  false,  NAMED_GROUP_NONE),
1106         K_DH_ANON       ("DH_anon",        true,  true,   NAMED_GROUP_FFDHE),
1107         K_DH_ANON_EXPORT("DH_anon_EXPORT", true,  true,   NAMED_GROUP_NONE),
1108 
1109         K_ECDH_ECDSA    ("ECDH_ECDSA",     true,  false,  NAMED_GROUP_ECDHE),
1110         K_ECDH_RSA      ("ECDH_RSA",       true,  false,  NAMED_GROUP_ECDHE),
1111         K_ECDHE_ECDSA   ("ECDHE_ECDSA",    true,  false,  NAMED_GROUP_ECDHE),
1112         K_ECDHE_RSA     ("ECDHE_RSA",      true,  false,  NAMED_GROUP_ECDHE),
1113         K_ECDH_ANON     ("ECDH_anon",      true,  true,   NAMED_GROUP_ECDHE),
1114 
1115         // renegotiation protection request signaling cipher suite
1116         K_SCSV          ("SCSV",           true,  true,   NAMED_GROUP_NONE);
1117 
1118         // name of the key exchange algorithm, e.g. DHE_DSS
1119         final String name;
1120         final boolean allowed;
1121         final NamedGroupType groupType;
1122         private final boolean alwaysAvailable;
1123         private final boolean isAnonymous;
1124 
1125         KeyExchange(String name, boolean allowed,
1126                 boolean isAnonymous, NamedGroupType groupType) {
1127             this.name = name;
1128             if (groupType == NAMED_GROUP_ECDHE) {
1129                 this.allowed = JsseJce.ALLOW_ECC;
1130             } else {
1131                 this.allowed = allowed;
1132             }
1133             this.groupType = groupType;
1134             this.alwaysAvailable = allowed && (!name.startsWith("EC"));
1135             this.isAnonymous = isAnonymous;
1136         }
1137 
1138         boolean isAvailable() {
1139             if (alwaysAvailable) {
1140                 return true;
1141             }
1142 
1143             if (groupType == NAMED_GROUP_ECDHE) {
1144                 return (allowed && JsseJce.isEcAvailable());
1145             } else {
1146                 return allowed;
1147             }
1148         }
1149 
1150         @Override
1151         public String toString() {
1152             return name;
1153         }
1154     }
1155 
1156     /**
1157      * An SSL/TLS key MAC algorithm.
1158      *
1159      * Also contains a factory method to obtain an initialized MAC
1160      * for this algorithm.
1161      */
1162     static enum MacAlg {
1163         M_NULL      ("NULL",     0,   0,   0),
1164         M_MD5       ("MD5",     16,  64,   9),
1165         M_SHA       ("SHA",     20,  64,   9),
1166         M_SHA256    ("SHA256",  32,  64,   9),
1167         M_SHA384    ("SHA384",  48, 128,  17);
1168 
1169         // descriptive name, e.g. MD5
1170         final String name;
1171 
1172         // size of the MAC value (and MAC key) in bytes
1173         final int size;
1174 
1175         // block size of the underlying hash algorithm
1176         final int hashBlockSize;
1177 
1178         // minimal padding size of the underlying hash algorithm
1179         final int minimalPaddingSize;
1180 
1181         MacAlg(String name, int size,
1182                 int hashBlockSize, int minimalPaddingSize) {
1183             this.name = name;
1184             this.size = size;
1185             this.hashBlockSize = hashBlockSize;
1186             this.minimalPaddingSize = minimalPaddingSize;
1187         }
1188 
1189         @Override
1190         public String toString() {
1191             return name;
1192         }
1193     }
1194 
1195     /**
1196      * The hash algorithms used for PRF (PseudoRandom Function) or HKDF.
1197      *
1198      * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for
1199      * generating the necessary material.
1200      */
1201     static enum HashAlg {
1202         H_NONE      ("NONE",    0,    0),
1203         H_SHA256    ("SHA-256", 32,  64),
1204         H_SHA384    ("SHA-384", 48, 128);
1205 
1206         final String name;
1207         final int hashLength;
1208         final int blockSize;
1209 
1210         HashAlg(String hashAlg, int hashLength, int blockSize) {
1211             this.name = hashAlg;
1212             this.hashLength = hashLength;
1213             this.blockSize = blockSize;
1214         }
1215 
1216         @Override
1217         public String toString() {
1218             return name;
1219         }
1220     }
1221 }