< prev index next >

src/java.base/share/classes/sun/security/ssl/CipherSuite.java

Print this page

        

*** 1,7 **** /* ! * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this --- 1,7 ---- /* ! * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this
*** 54,79 **** // // They are listed in preference order, most preferred first, using // the following criteria: // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be // changed later, see below). ! // 2. Prefer forward secrecy cipher suites. ! // 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM), // AES_128(GCM), AES_256, AES_128, 3DES-EDE. ! // 4. Prefer the stronger MAC algorithm, in the order of SHA384, // SHA256, SHA, MD5. ! // 5. Prefer the better performance of key exchange and digital // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, ! // DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA. - // TLS 1.3 cipher suites. - TLS_AES_256_GCM_SHA384( - 0x1302, true, "TLS_AES_256_GCM_SHA384", - ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384), TLS_AES_128_GCM_SHA256( 0x1301, true, "TLS_AES_128_GCM_SHA256", ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256), TLS_CHACHA20_POLY1305_SHA256( 0x1303, true, "TLS_CHACHA20_POLY1305_SHA256", ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256), // Suite B compliant cipher suites, see RFC 6460. --- 54,77 ---- // // They are listed in preference order, most preferred first, using // the following criteria: // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be // changed later, see below). ! // 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM), // AES_128(GCM), AES_256, AES_128, 3DES-EDE. ! // 3. Prefer the stronger MAC algorithm, in the order of SHA384, // SHA256, SHA, MD5. ! // 4. Prefer the better performance of key exchange and digital // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, ! // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS. TLS_AES_128_GCM_SHA256( 0x1301, true, "TLS_AES_128_GCM_SHA256", ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256), + TLS_AES_256_GCM_SHA384( + 0x1302, true, "TLS_AES_256_GCM_SHA384", + ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384), TLS_CHACHA20_POLY1305_SHA256( 0x1303, true, "TLS_CHACHA20_POLY1305_SHA256", ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256), // Suite B compliant cipher suites, see RFC 6460.
*** 97,127 **** TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256( 0xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256), ! // ! // Forward screcy cipher suites. ! // ! ! // AES_256(GCM) - ECDHE TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256( 0xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256), ! ! // AES_128(GCM) - ECDHE ! TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( ! 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), ! ! // AES_256(GCM) - DHE TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256( --- 95,125 ---- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256( 0xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256), ! // AES_256(GCM) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256( 0xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256), ! TLS_RSA_WITH_AES_256_GCM_SHA384( ! 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_RSA, B_AES_256_GCM, M_NULL, H_SHA384), ! TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( ! 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), ! TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( ! 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
*** 131,372 **** TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384), ! // AES_128(GCM) - DHE TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256), ! // AES_256(CBC) - ECDHE TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384), ! ! // AES_128(CBC) - ECDHE ! TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( ! 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256), ! TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( ! 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256), ! ! // AES_256(CBC) - DHE ! TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( ! 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256), ! TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( ! 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256), ! ! // AES_128(CBC) - DHE ! TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( ! 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256), ! TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( ! 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), ! ! // ! // not forward screcy cipher suites. ! // ! ! // AES_256(GCM) ! TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( ! 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), ! TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( ! 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384), ! ! // AES_128(GCM) ! TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( ! 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), ! TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( ! 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256), ! ! // AES_256(CBC) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384), ! ! // AES_128(CBC) ! TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( ! 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256), ! TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( ! 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256), ! ! // ! // Legacy, used for compatibility ! // - // AES_256(CBC) - ECDHE - Using SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256), ! ! // AES_128(CBC) - ECDHE - using SHA ! TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( ! 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "", ! ProtocolVersion.PROTOCOLS_TO_12, ! K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256), ! TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( ! 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "", ! ProtocolVersion.PROTOCOLS_TO_12, ! K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256), ! ! // AES_256(CBC) - DHE - Using SHA ! TLS_DHE_RSA_WITH_AES_256_CBC_SHA( ! 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "", ! ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_RSA, B_AES_256, M_SHA, H_SHA256), ! TLS_DHE_DSS_WITH_AES_256_CBC_SHA( ! 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "", ! ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_DSS, B_AES_256, M_SHA, H_SHA256), ! ! // AES_128(CBC) - DHE - using SHA ! TLS_DHE_RSA_WITH_AES_128_CBC_SHA( ! 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "", ! ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_RSA, B_AES_128, M_SHA, H_SHA256), ! TLS_DHE_DSS_WITH_AES_128_CBC_SHA( ! 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_DSS, B_AES_128, M_SHA, H_SHA256), ! ! // AES_256(CBC) - using SHA, not forward screcy TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256), ! ! // AES_128(CBC) - using SHA, not forward screcy ! TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( ! 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, ! K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256), ! TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( ! 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, ! K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256), ! ! // ! // deprecated, used for compatibility ! // ! ! // RSA, AES_256(GCM) ! TLS_RSA_WITH_AES_256_GCM_SHA384( ! 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_RSA, B_AES_256_GCM, M_NULL, H_SHA384), ! // RSA, AES_128(GCM) ! TLS_RSA_WITH_AES_128_GCM_SHA256( ! 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_RSA, B_AES_128_GCM, M_NULL, H_SHA256), ! ! // RSA, AES_256(CBC) ! TLS_RSA_WITH_AES_256_CBC_SHA256( ! 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_RSA, B_AES_256, M_SHA256, H_SHA256), ! ! // RSA, AES_128(CBC) TLS_RSA_WITH_AES_128_CBC_SHA256( 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_RSA, B_AES_128, M_SHA256, H_SHA256), ! // RSA, AES_256(CBC) - using SHA, not forward screcy ! TLS_RSA_WITH_AES_256_CBC_SHA( ! 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, ! K_RSA, B_AES_256, M_SHA, H_SHA256), ! ! // RSA, AES_128(CBC) - using SHA, not forward screcy TLS_RSA_WITH_AES_128_CBC_SHA( 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_RSA, B_AES_128, M_SHA, H_SHA256), ! // 3DES_EDE, forward secrecy. TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256), TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256), ! SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( ! 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", ! "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", ! ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_RSA, B_3DES, M_SHA, H_SHA256), ! SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( ! 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", ! "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_DSS, B_3DES, M_SHA, H_SHA256), ! ! // 3DES_EDE, not forward secrecy. TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256), TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDH_RSA, B_3DES, M_SHA, H_SHA256), ! SSL_RSA_WITH_3DES_EDE_CBC_SHA( ! 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", ! "TLS_RSA_WITH_3DES_EDE_CBC_SHA", ProtocolVersion.PROTOCOLS_TO_12, ! K_RSA, B_3DES, M_SHA, H_SHA256), // Renegotiation protection request Signalling Cipher Suite Value (SCSV). TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "", ProtocolVersion.PROTOCOLS_TO_12, --- 129,314 ---- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384), ! // AES_128(GCM) ! TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( ! 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), ! TLS_RSA_WITH_AES_128_GCM_SHA256( ! 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_RSA, B_AES_128_GCM, M_NULL, H_SHA256), ! TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( ! 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), ! TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( ! 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "", ! ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256), ! // AES_256(CBC) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384), ! TLS_RSA_WITH_AES_256_CBC_SHA256( ! 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_RSA, B_AES_256, M_SHA256, H_SHA256), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "", ProtocolVersion.PROTOCOLS_OF_12, K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384), ! TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( ! 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256), ! TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( ! 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256), ! TLS_RSA_WITH_AES_256_CBC_SHA( ! 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, ! K_RSA, B_AES_256, M_SHA, H_SHA256), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256), ! TLS_DHE_RSA_WITH_AES_256_CBC_SHA( ! 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_RSA, B_AES_256, M_SHA, H_SHA256), ! TLS_DHE_DSS_WITH_AES_256_CBC_SHA( ! 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_DSS, B_AES_256, M_SHA, H_SHA256), ! // AES_128(CBC) ! TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( ! 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256), ! TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( ! 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, ! K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256), TLS_RSA_WITH_AES_128_CBC_SHA256( 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, K_RSA, B_AES_128, M_SHA256, H_SHA256), + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( + 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "", + ProtocolVersion.PROTOCOLS_OF_12, + K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256), + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( + 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "", + ProtocolVersion.PROTOCOLS_OF_12, + K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256), + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( + 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "", + ProtocolVersion.PROTOCOLS_OF_12, + K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256), + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( + 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", + ProtocolVersion.PROTOCOLS_OF_12, + K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), ! TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( ! 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, ! K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256), ! TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( ! 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "", ! ProtocolVersion.PROTOCOLS_TO_12, ! K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256), TLS_RSA_WITH_AES_128_CBC_SHA( 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_RSA, B_AES_128, M_SHA, H_SHA256), + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( + 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "", + ProtocolVersion.PROTOCOLS_TO_12, + K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256), + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( + 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "", + ProtocolVersion.PROTOCOLS_TO_12, + K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256), + TLS_DHE_RSA_WITH_AES_128_CBC_SHA( + 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "", + ProtocolVersion.PROTOCOLS_TO_12, + K_DHE_RSA, B_AES_128, M_SHA, H_SHA256), + TLS_DHE_DSS_WITH_AES_128_CBC_SHA( + 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "", + ProtocolVersion.PROTOCOLS_TO_12, + K_DHE_DSS, B_AES_128, M_SHA, H_SHA256), ! // 3DES_EDE TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256), TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256), ! SSL_RSA_WITH_3DES_EDE_CBC_SHA( ! 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", ! "TLS_RSA_WITH_3DES_EDE_CBC_SHA", ProtocolVersion.PROTOCOLS_TO_12, ! K_RSA, B_3DES, M_SHA, H_SHA256), TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256), TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "", ProtocolVersion.PROTOCOLS_TO_12, K_ECDH_RSA, B_3DES, M_SHA, H_SHA256), ! SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( ! 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", ! "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_RSA, B_3DES, M_SHA, H_SHA256), ! SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( ! 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", ! "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", ! ProtocolVersion.PROTOCOLS_TO_12, ! K_DHE_DSS, B_3DES, M_SHA, H_SHA256), // Renegotiation protection request Signalling Cipher Suite Value (SCSV). TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "", ProtocolVersion.PROTOCOLS_TO_12,
< prev index next >