1 /*
   2  * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.util.ArrayList;
  29 import java.util.Arrays;
  30 import java.util.Collection;
  31 import java.util.Collections;
  32 import java.util.LinkedList;
  33 import java.util.List;
  34 import static sun.security.ssl.CipherSuite.HashAlg.*;
  35 import static sun.security.ssl.CipherSuite.KeyExchange.*;
  36 import static sun.security.ssl.CipherSuite.MacAlg.*;
  37 import static sun.security.ssl.SSLCipher.*;
  38 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
  39 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*;
  40 
  41 /**
  42  * Enum for SSL/(D)TLS cipher suites.
  43  *
  44  * Please refer to the "TLS Cipher Suite Registry" section for more details
  45  * about each cipher suite:
  46  *     https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
  47  */
  48 enum CipherSuite {
  49     //
  50     // in preference order
  51     //
  52 
  53     // Definition of the CipherSuites that are enabled by default.
  54     //
  55     // They are listed in preference order, most preferred first, using
  56     // the following criteria:
  57     // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
  58     //    changed later, see below).
  59     // 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
  60     //    AES_128(GCM), AES_256, AES_128, 3DES-EDE.
  61     // 3. Prefer the stronger MAC algorithm, in the order of SHA384,
  62     //    SHA256, SHA, MD5.
  63     // 4. Prefer the better performance of key exchange and digital
  64     //    signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
  65     //    RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.
  66 
  67     TLS_AES_128_GCM_SHA256(
  68             0x1301, true, "TLS_AES_128_GCM_SHA256",
  69             ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256),
  70     TLS_AES_256_GCM_SHA384(
  71             0x1302, true, "TLS_AES_256_GCM_SHA384",
  72             ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384),
  73     TLS_CHACHA20_POLY1305_SHA256(
  74             0x1303, true, "TLS_CHACHA20_POLY1305_SHA256",
  75             ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256),
  76 
  77     // Suite B compliant cipher suites, see RFC 6460.
  78     //
  79     // Note that, at present this provider is not Suite B compliant. The
  80     // preference order of the GCM cipher suites does not follow the spec
  81     // of RFC 6460.  In this section, only two cipher suites are listed
  82     // so that applications can make use of Suite-B compliant cipher
  83     // suite firstly.
  84     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
  85             0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "",
  86             ProtocolVersion.PROTOCOLS_OF_12,
  87             K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),
  88     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
  89             0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "",
  90             ProtocolVersion.PROTOCOLS_OF_12,
  91             K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),
  92 
  93     // Not suite B, but we want it to position the suite early in the list
  94     // of 1.2 suites.
  95     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(
  96             0xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "",
  97             ProtocolVersion.PROTOCOLS_OF_12,
  98             K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256),
  99 
 100     // AES_256(GCM)
 101     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
 102             0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "",
 103             ProtocolVersion.PROTOCOLS_OF_12,
 104             K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
 105     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
 106             0xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",
 107             ProtocolVersion.PROTOCOLS_OF_12,
 108             K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),
 109     TLS_RSA_WITH_AES_256_GCM_SHA384(
 110             0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "",
 111             ProtocolVersion.PROTOCOLS_OF_12,
 112             K_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
 113     TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
 114             0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",
 115             ProtocolVersion.PROTOCOLS_OF_12,
 116             K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),
 117     TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
 118             0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "",
 119             ProtocolVersion.PROTOCOLS_OF_12,
 120             K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
 121     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
 122             0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "",
 123             ProtocolVersion.PROTOCOLS_OF_12,
 124             K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
 125     TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
 126             0xCCAA, true, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",
 127             ProtocolVersion.PROTOCOLS_OF_12,
 128             K_DHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),
 129     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
 130             0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "",
 131             ProtocolVersion.PROTOCOLS_OF_12,
 132             K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384),
 133 
 134     // AES_128(GCM)
 135     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
 136             0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "",
 137             ProtocolVersion.PROTOCOLS_OF_12,
 138             K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
 139     TLS_RSA_WITH_AES_128_GCM_SHA256(
 140             0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "",
 141             ProtocolVersion.PROTOCOLS_OF_12,
 142             K_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
 143     TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
 144             0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "",
 145             ProtocolVersion.PROTOCOLS_OF_12,
 146             K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),
 147     TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
 148             0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "",
 149             ProtocolVersion.PROTOCOLS_OF_12,
 150             K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
 151     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
 152             0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "",
 153             ProtocolVersion.PROTOCOLS_OF_12,
 154             K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
 155     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
 156             0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "",
 157             ProtocolVersion.PROTOCOLS_OF_12,
 158             K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256),
 159 
 160     // AES_256(CBC)
 161     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
 162             0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "",
 163             ProtocolVersion.PROTOCOLS_OF_12,
 164             K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384),
 165     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
 166             0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "",
 167             ProtocolVersion.PROTOCOLS_OF_12,
 168             K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384),
 169     TLS_RSA_WITH_AES_256_CBC_SHA256(
 170             0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "",
 171             ProtocolVersion.PROTOCOLS_OF_12,
 172             K_RSA, B_AES_256, M_SHA256, H_SHA256),
 173     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
 174             0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "",
 175             ProtocolVersion.PROTOCOLS_OF_12,
 176             K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384),
 177     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
 178             0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "",
 179             ProtocolVersion.PROTOCOLS_OF_12,
 180             K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384),
 181     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
 182             0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "",
 183             ProtocolVersion.PROTOCOLS_OF_12,
 184             K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256),
 185     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
 186             0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "",
 187             ProtocolVersion.PROTOCOLS_OF_12,
 188             K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256),
 189 
 190     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
 191             0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "",
 192             ProtocolVersion.PROTOCOLS_TO_12,
 193             K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256),
 194     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
 195             0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "",
 196             ProtocolVersion.PROTOCOLS_TO_12,
 197             K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256),
 198     TLS_RSA_WITH_AES_256_CBC_SHA(
 199             0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",
 200             ProtocolVersion.PROTOCOLS_TO_12,
 201             K_RSA, B_AES_256, M_SHA, H_SHA256),
 202     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
 203             0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",
 204             ProtocolVersion.PROTOCOLS_TO_12,
 205             K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256),
 206     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
 207             0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "",
 208             ProtocolVersion.PROTOCOLS_TO_12,
 209             K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),
 210     TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
 211             0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "",
 212             ProtocolVersion.PROTOCOLS_TO_12,
 213             K_DHE_RSA, B_AES_256, M_SHA, H_SHA256),
 214     TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
 215             0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "",
 216             ProtocolVersion.PROTOCOLS_TO_12,
 217             K_DHE_DSS, B_AES_256, M_SHA, H_SHA256),
 218 
 219     // AES_128(CBC)
 220     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
 221             0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "",
 222             ProtocolVersion.PROTOCOLS_OF_12,
 223             K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256),
 224     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
 225             0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "",
 226             ProtocolVersion.PROTOCOLS_OF_12,
 227             K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256),
 228     TLS_RSA_WITH_AES_128_CBC_SHA256(
 229             0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "",
 230             ProtocolVersion.PROTOCOLS_OF_12,
 231             K_RSA, B_AES_128, M_SHA256, H_SHA256),
 232     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
 233             0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "",
 234             ProtocolVersion.PROTOCOLS_OF_12,
 235             K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256),
 236     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
 237             0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "",
 238             ProtocolVersion.PROTOCOLS_OF_12,
 239             K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256),
 240     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
 241             0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "",
 242             ProtocolVersion.PROTOCOLS_OF_12,
 243             K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256),
 244     TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
 245             0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "",
 246             ProtocolVersion.PROTOCOLS_OF_12,
 247             K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256),
 248 
 249     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
 250             0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "",
 251             ProtocolVersion.PROTOCOLS_TO_12,
 252             K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256),
 253     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
 254             0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "",
 255             ProtocolVersion.PROTOCOLS_TO_12,
 256             K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256),
 257     TLS_RSA_WITH_AES_128_CBC_SHA(
 258             0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",
 259             ProtocolVersion.PROTOCOLS_TO_12,
 260             K_RSA, B_AES_128, M_SHA, H_SHA256),
 261     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
 262             0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",
 263             ProtocolVersion.PROTOCOLS_TO_12,
 264             K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256),
 265     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
 266             0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "",
 267             ProtocolVersion.PROTOCOLS_TO_12,
 268             K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256),
 269     TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
 270             0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "",
 271             ProtocolVersion.PROTOCOLS_TO_12,
 272             K_DHE_RSA, B_AES_128, M_SHA, H_SHA256),
 273     TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
 274             0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "",
 275             ProtocolVersion.PROTOCOLS_TO_12,
 276             K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),
 277 
 278     // 3DES_EDE
 279     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
 280             0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
 281             ProtocolVersion.PROTOCOLS_TO_12,
 282             K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),
 283     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
 284             0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",
 285             ProtocolVersion.PROTOCOLS_TO_12,
 286             K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),
 287     SSL_RSA_WITH_3DES_EDE_CBC_SHA(
 288             0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
 289                           "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
 290             ProtocolVersion.PROTOCOLS_TO_12,
 291             K_RSA, B_3DES, M_SHA, H_SHA256),
 292     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
 293             0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
 294             ProtocolVersion.PROTOCOLS_TO_12,
 295             K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),
 296     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
 297             0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",
 298             ProtocolVersion.PROTOCOLS_TO_12,
 299             K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),
 300     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
 301             0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 302                           "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
 303             ProtocolVersion.PROTOCOLS_TO_12,
 304             K_DHE_RSA, B_3DES, M_SHA, H_SHA256),
 305     SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
 306             0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 307                           "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
 308             ProtocolVersion.PROTOCOLS_TO_12,
 309             K_DHE_DSS, B_3DES, M_SHA, H_SHA256),
 310 
 311     // Renegotiation protection request Signalling Cipher Suite Value (SCSV).
 312     TLS_EMPTY_RENEGOTIATION_INFO_SCSV(        //  RFC 5746, TLS 1.2 and prior
 313             0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "",
 314             ProtocolVersion.PROTOCOLS_TO_12,
 315             K_SCSV, B_NULL, M_NULL, H_NONE),
 316 
 317     // Definition of the CipherSuites that are supported but not enabled
 318     // by default.
 319     // They are listed in preference order, preferred first, using the
 320     // following criteria:
 321     // 1. If a cipher suite has been obsoleted, we put it at the end of
 322     //    the list.
 323     // 2. Prefer the stronger bulk cipher, in the order of AES_256,
 324     //    AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
 325     // 3. Prefer the stronger MAC algorithm, in the order of SHA384,
 326     //    SHA256, SHA, MD5.
 327     // 4. Prefer the better performance of key exchange and digital
 328     //    signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
 329     //    RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.
 330     TLS_DH_anon_WITH_AES_256_GCM_SHA384(
 331             0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "",
 332             ProtocolVersion.PROTOCOLS_OF_12,
 333             K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384),
 334     TLS_DH_anon_WITH_AES_128_GCM_SHA256(
 335             0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "",
 336             ProtocolVersion.PROTOCOLS_OF_12,
 337             K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256),
 338     TLS_DH_anon_WITH_AES_256_CBC_SHA256(
 339             0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "",
 340             ProtocolVersion.PROTOCOLS_OF_12,
 341             K_DH_ANON, B_AES_256, M_SHA256, H_SHA256),
 342     TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
 343             0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "",
 344             ProtocolVersion.PROTOCOLS_TO_12,
 345             K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256),
 346     TLS_DH_anon_WITH_AES_256_CBC_SHA(
 347             0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "",
 348             ProtocolVersion.PROTOCOLS_TO_12,
 349             K_DH_ANON, B_AES_256, M_SHA, H_SHA256),
 350     TLS_DH_anon_WITH_AES_128_CBC_SHA256(
 351             0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "",
 352             ProtocolVersion.PROTOCOLS_OF_12,
 353             K_DH_ANON, B_AES_128, M_SHA256, H_SHA256),
 354     TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
 355             0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "",
 356             ProtocolVersion.PROTOCOLS_TO_12,
 357             K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256),
 358     TLS_DH_anon_WITH_AES_128_CBC_SHA(
 359             0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "",
 360             ProtocolVersion.PROTOCOLS_TO_12,
 361             K_DH_ANON, B_AES_128, M_SHA, H_SHA256),
 362     TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
 363             0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "",
 364             ProtocolVersion.PROTOCOLS_TO_12,
 365             K_ECDH_ANON, B_3DES, M_SHA, H_SHA256),
 366     SSL_DH_anon_WITH_3DES_EDE_CBC_SHA(
 367             0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
 368                            "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
 369             ProtocolVersion.PROTOCOLS_TO_12,
 370             K_DH_ANON, B_3DES, M_SHA, H_SHA256),
 371 
 372     // RC4
 373     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
 374             0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",
 375             ProtocolVersion.PROTOCOLS_TO_TLS12,
 376             K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),
 377     TLS_ECDHE_RSA_WITH_RC4_128_SHA(
 378             0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",
 379             ProtocolVersion.PROTOCOLS_TO_TLS12,
 380             K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),
 381     SSL_RSA_WITH_RC4_128_SHA(
 382             0x0005, false, "SSL_RSA_WITH_RC4_128_SHA",
 383                            "TLS_RSA_WITH_RC4_128_SHA",
 384             ProtocolVersion.PROTOCOLS_TO_TLS12,
 385             K_RSA, B_RC4_128, M_SHA, H_SHA256),
 386     TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
 387             0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",
 388             ProtocolVersion.PROTOCOLS_TO_TLS12,
 389             K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),
 390     TLS_ECDH_RSA_WITH_RC4_128_SHA(
 391             0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",
 392             ProtocolVersion.PROTOCOLS_TO_TLS12,
 393             K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),
 394     SSL_RSA_WITH_RC4_128_MD5(
 395             0x0004, false, "SSL_RSA_WITH_RC4_128_MD5",
 396                            "TLS_RSA_WITH_RC4_128_MD5",
 397             ProtocolVersion.PROTOCOLS_TO_TLS12,
 398             K_RSA, B_RC4_128, M_MD5, H_SHA256),
 399     TLS_ECDH_anon_WITH_RC4_128_SHA(
 400             0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",
 401             ProtocolVersion.PROTOCOLS_TO_TLS12,
 402             K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),
 403     SSL_DH_anon_WITH_RC4_128_MD5(
 404             0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5",
 405                            "TLS_DH_anon_WITH_RC4_128_MD5",
 406             ProtocolVersion.PROTOCOLS_TO_TLS12,
 407             K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),
 408 
 409     // weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
 410     SSL_RSA_WITH_DES_CBC_SHA(
 411             0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",
 412                            "TLS_RSA_WITH_DES_CBC_SHA",
 413             ProtocolVersion.PROTOCOLS_TO_11,
 414             K_RSA, B_DES, M_SHA, H_NONE),
 415     SSL_DHE_RSA_WITH_DES_CBC_SHA(
 416             0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA",
 417                            "TLS_DHE_RSA_WITH_DES_CBC_SHA",
 418             ProtocolVersion.PROTOCOLS_TO_11,
 419             K_DHE_RSA, B_DES, M_SHA, H_NONE),
 420     SSL_DHE_DSS_WITH_DES_CBC_SHA(
 421             0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA",
 422                            "TLS_DHE_DSS_WITH_DES_CBC_SHA",
 423             ProtocolVersion.PROTOCOLS_TO_11,
 424             K_DHE_DSS, B_DES, M_SHA, H_NONE),
 425     SSL_DH_anon_WITH_DES_CBC_SHA(
 426             0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA",
 427                            "TLS_DH_anon_WITH_DES_CBC_SHA",
 428             ProtocolVersion.PROTOCOLS_TO_11,
 429             K_DH_ANON, B_DES, M_SHA, H_NONE),
 430 
 431     // weak cipher suites obsoleted in TLS 1.1  [RFC 4346]
 432     SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(
 433             0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
 434                            "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
 435             ProtocolVersion.PROTOCOLS_TO_10,
 436             K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),
 437     SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
 438             0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 439                            "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
 440             ProtocolVersion.PROTOCOLS_TO_10,
 441             K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),
 442     SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
 443             0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 444                            "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
 445             ProtocolVersion.PROTOCOLS_TO_10,
 446             K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE),
 447     SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
 448             0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
 449                            "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
 450             ProtocolVersion.PROTOCOLS_TO_10,
 451             K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE),
 452     SSL_RSA_EXPORT_WITH_RC4_40_MD5(
 453             0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
 454                            "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
 455             ProtocolVersion.PROTOCOLS_TO_10,
 456             K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE),
 457     SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(
 458             0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
 459                            "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
 460             ProtocolVersion.PROTOCOLS_TO_10,
 461             K_DH_ANON, B_RC4_40, M_MD5, H_NONE),
 462 
 463     // no traffic encryption cipher suites
 464     TLS_RSA_WITH_NULL_SHA256(
 465             0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",
 466             ProtocolVersion.PROTOCOLS_OF_12,
 467             K_RSA, B_NULL, M_SHA256, H_SHA256),
 468     TLS_ECDHE_ECDSA_WITH_NULL_SHA(
 469             0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "",
 470             ProtocolVersion.PROTOCOLS_TO_12,
 471             K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256),
 472     TLS_ECDHE_RSA_WITH_NULL_SHA(
 473             0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "",
 474             ProtocolVersion.PROTOCOLS_TO_12,
 475             K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256),
 476     SSL_RSA_WITH_NULL_SHA(
 477             0x0002, false, "SSL_RSA_WITH_NULL_SHA",
 478                            "TLS_RSA_WITH_NULL_SHA",
 479             ProtocolVersion.PROTOCOLS_TO_12,
 480             K_RSA, B_NULL, M_SHA, H_SHA256),
 481     TLS_ECDH_ECDSA_WITH_NULL_SHA(
 482             0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "",
 483             ProtocolVersion.PROTOCOLS_TO_12,
 484             K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256),
 485     TLS_ECDH_RSA_WITH_NULL_SHA(
 486             0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "",
 487             ProtocolVersion.PROTOCOLS_TO_12,
 488             K_ECDH_RSA, B_NULL, M_SHA, H_SHA256),
 489     TLS_ECDH_anon_WITH_NULL_SHA(
 490             0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "",
 491             ProtocolVersion.PROTOCOLS_TO_12,
 492             K_ECDH_ANON, B_NULL, M_SHA, H_SHA256),
 493     SSL_RSA_WITH_NULL_MD5(
 494             0x0001, false, "SSL_RSA_WITH_NULL_MD5",
 495                            "TLS_RSA_WITH_NULL_MD5",
 496             ProtocolVersion.PROTOCOLS_TO_12,
 497             K_RSA, B_NULL, M_MD5, H_SHA256),
 498 
 499     // Definition of the CipherSuites that are not supported but the names
 500     // are known.
 501     TLS_AES_128_CCM_SHA256(                          // TLS 1.3
 502             "TLS_AES_128_CCM_SHA256", 0x1304),
 503     TLS_AES_128_CCM_8_SHA256(                        // TLS 1.3
 504             "TLS_AES_128_CCM_8_SHA256", 0x1305),
 505 
 506     // remaining unsupported ciphersuites defined in RFC2246.
 507     CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",           0x0006),
 508     CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA",                    0x0007),
 509     CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",         0x000b),
 510     CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA",                  0x000c),
 511     CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA",             0x000d),
 512     CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",         0x000e),
 513     CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA",                  0x000f),
 514     CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA",             0x0010),
 515 
 516     // SSL 3.0 Fortezza ciphersuites
 517     CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA",               0x001c),
 518     CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",       0x001d),
 519 
 520     // 1024/56 bit exportable ciphersuites from expired internet draft
 521     CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA",          0x0062),
 522     CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",      0x0063),
 523     CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA",           0x0064),
 524     CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",       0x0065),
 525     CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA",                 0x0066),
 526 
 527     // Netscape old and new SSL 3.0 FIPS ciphersuites
 528     // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
 529     CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",      0xffe0),
 530     CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA",           0xffe1),
 531     CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA",                0xfefe),
 532     CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",           0xfeff),
 533 
 534     // Unsupported Kerberos cipher suites from RFC 2712
 535     CS_001E("TLS_KRB5_WITH_DES_CBC_SHA",                    0x001E),
 536     CS_001F("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",               0x001F),
 537     CS_0020("TLS_KRB5_WITH_RC4_128_SHA",                    0x0020),
 538     CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA",                   0x0021),
 539     CS_0022("TLS_KRB5_WITH_DES_CBC_MD5",                    0x0022),
 540     CS_0023("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",               0x0023),
 541     CS_0024("TLS_KRB5_WITH_RC4_128_MD5",                    0x0024),
 542     CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5",                   0x0025),
 543     CS_0026("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",          0x0026),
 544     CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",          0x0027),
 545     CS_0028("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",              0x0028),
 546     CS_0029("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",          0x0029),
 547     CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",          0x002a),
 548     CS_002B("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",              0x002B),
 549 
 550     // Unsupported cipher suites from RFC 4162
 551     CS_0096("TLS_RSA_WITH_SEED_CBC_SHA",                    0x0096),
 552     CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA",                 0x0097),
 553     CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA",                 0x0098),
 554     CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA",                0x0099),
 555     CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA",                0x009a),
 556     CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA",                0x009b),
 557 
 558     // Unsupported cipher suites from RFC 4279
 559     CS_008A("TLS_PSK_WITH_RC4_128_SHA",                     0x008a),
 560     CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA",                0x008b),
 561     CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA",                 0x008c),
 562     CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA",                 0x008d),
 563     CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA",                 0x008e),
 564     CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",            0x008f),
 565     CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA",             0x0090),
 566     CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA",             0x0091),
 567     CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA",                 0x0092),
 568     CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",            0x0093),
 569     CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA",             0x0094),
 570     CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA",             0x0095),
 571 
 572     // Unsupported cipher suites from RFC 4785
 573     CS_002C("TLS_PSK_WITH_NULL_SHA",                        0x002c),
 574     CS_002D("TLS_DHE_PSK_WITH_NULL_SHA",                    0x002d),
 575     CS_002E("TLS_RSA_PSK_WITH_NULL_SHA",                    0x002e),
 576 
 577     // Unsupported cipher suites from RFC 5246
 578     CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA",              0x0030),
 579     CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA",              0x0031),
 580     CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA",              0x0036),
 581     CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA",              0x0037),
 582     CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256",           0x003e),
 583     CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256",           0x003f),
 584     CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256",           0x0068),
 585     CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256",           0x0069),
 586 
 587     // Unsupported cipher suites from RFC 5288
 588     CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256",           0x00a0),
 589     CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384",           0x00a1),
 590     CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256",           0x00a4),
 591     CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384",           0x00a5),
 592 
 593     // Unsupported cipher suites from RFC 5487
 594     CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256",              0x00a8),
 595     CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384",              0x00a9),
 596     CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",          0x00aa),
 597     CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",          0x00ab),
 598     CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",          0x00ac),
 599     CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",          0x00ad),
 600     CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256",              0x00ae),
 601     CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384",              0x00af),
 602     CS_00B0("TLS_PSK_WITH_NULL_SHA256",                     0x00b0),
 603     CS_00B1("TLS_PSK_WITH_NULL_SHA384",                     0x00b1),
 604     CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",          0x00b2),
 605     CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",          0x00b3),
 606     CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256",                 0x00b4),
 607     CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384",                 0x00b5),
 608     CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",          0x00b6),
 609     CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",          0x00b7),
 610     CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256",                 0x00b8),
 611     CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384",                 0x00b9),
 612 
 613     // Unsupported cipher suites from RFC 5932
 614     CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",            0x0041),
 615     CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",         0x0042),
 616     CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",         0x0043),
 617     CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",        0x0044),
 618     CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",        0x0045),
 619     CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",        0x0046),
 620     CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",            0x0084),
 621     CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",         0x0085),
 622     CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",         0x0086),
 623     CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",        0x0087),
 624     CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",        0x0088),
 625     CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",        0x0089),
 626     CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",         0x00ba),
 627     CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",      0x00bb),
 628     CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",      0x00bc),
 629     CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",     0x00bd),
 630     CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",     0x00be),
 631     CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",     0x00bf),
 632     CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",         0x00c0),
 633     CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",      0x00c1),
 634     CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",      0x00c2),
 635     CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",     0x00c3),
 636     CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",     0x00c4),
 637     CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",     0x00c5),
 638 
 639     // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507
 640     CS_5600("TLS_FALLBACK_SCSV",                            0x5600),
 641 
 642     // Unsupported cipher suites from RFC 5054
 643     CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",            0xc01a),
 644     CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",        0xc01b),
 645     CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",        0xc01c),
 646     CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA",             0xc01d),
 647     CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",         0xc01e),
 648     CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",         0xc01f),
 649     CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA",             0xc020),
 650     CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",         0xc021),
 651     CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",         0xc022),
 652 
 653     // Unsupported cipher suites from RFC 5489
 654     CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA",               0xc033),
 655     CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",          0xc034),
 656     CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",           0xc035),
 657     CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",           0xc036),
 658     CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",        0xc037),
 659     CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",        0xc038),
 660     CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA",                  0xc039),
 661     CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256",               0xc03a),
 662     CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384",               0xc03b),
 663 
 664     // Unsupported cipher suites from RFC 6209
 665     CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256",             0xc03c),
 666     CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384",             0xc03d),
 667     CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",          0xc03e),
 668     CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",          0xc03f),
 669     CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",          0xc040),
 670     CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",          0xc041),
 671     CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",         0xc042),
 672     CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",         0xc043),
 673     CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",         0xc044),
 674     CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",         0xc045),
 675     CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",         0xc046),
 676     CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",         0xc047),
 677     CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",     0xc048),
 678     CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",     0xc049),
 679     CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",      0xc04a),
 680     CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",      0xc04b),
 681     CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",       0xc04c),
 682     CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",       0xc04d),
 683     CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",        0xc04e),
 684     CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",        0xc04f),
 685     CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256",             0xc050),
 686     CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384",             0xc051),
 687     CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",         0xc052),
 688     CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",         0xc053),
 689     CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",          0xc054),
 690     CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",          0xc055),
 691     CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",         0xc056),
 692     CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",         0xc057),
 693     CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",          0xc058),
 694     CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",          0xc059),
 695     CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",         0xc05a),
 696     CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",         0xc05b),
 697     CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",     0xc05c),
 698     CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",     0xc05d),
 699     CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",      0xc05e),
 700     CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",      0xc05f),
 701     CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",       0xc060),
 702     CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",       0xc061),
 703     CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",        0xc062),
 704     CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",        0xc063),
 705     CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256",             0xc064),
 706     CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384",             0xc065),
 707     CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",         0xc066),
 708     CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",         0xc067),
 709     CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",         0xc068),
 710     CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",         0xc069),
 711     CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256",             0xc06a),
 712     CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384",             0xc06b),
 713     CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",         0xc06c),
 714     CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",         0xc06d),
 715     CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",         0xc06e),
 716     CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",         0xc06f),
 717     CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",       0xc070),
 718     CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",       0xc071),
 719 
 720     // Unsupported cipher suites from RFC 6367
 721     CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072),
 722     CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073),
 723     CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",  0xc074),
 724     CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",  0xc075),
 725     CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",   0xc076),
 726     CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",   0xc077),
 727     CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",    0xc078),
 728     CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",    0xc079),
 729     CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",         0xc07a),
 730     CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",         0xc07b),
 731     CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",     0xc07c),
 732     CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",     0xc07d),
 733     CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",      0xc07e),
 734     CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",      0xc07f),
 735     CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",     0xc080),
 736     CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",     0xc081),
 737     CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",      0xc082),
 738     CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",      0xc083),
 739     CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",     0xc084),
 740     CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",     0xc085),
 741     CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086),
 742     CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087),
 743     CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",  0xc088),
 744     CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",  0xc089),
 745     CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",   0xc08a),
 746     CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",   0xc08b),
 747     CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",    0xc08c),
 748     CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",    0xc08d),
 749     CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",         0xc08e),
 750     CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",         0xc08f),
 751     CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",     0xc090),
 752     CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",     0xc091),
 753     CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",     0xc092),
 754     CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",     0xc093),
 755     CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",         0xc094),
 756     CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",         0xc095),
 757     CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",     0xc096),
 758     CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",     0xc097),
 759     CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",     0xc098),
 760     CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",     0xc099),
 761     CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",   0xc09a),
 762     CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",   0xc09b),
 763 
 764     // Unsupported cipher suites from RFC 6655
 765     CS_C09C("TLS_RSA_WITH_AES_128_CCM",                     0xc09c),
 766     CS_C09D("TLS_RSA_WITH_AES_256_CCM",                     0xc09d),
 767     CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM",                 0xc09e),
 768     CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM",                 0xc09f),
 769     CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8",                   0xc0A0),
 770     CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8",                   0xc0A1),
 771     CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8",               0xc0A2),
 772     CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8",               0xc0A3),
 773     CS_C0A4("TLS_PSK_WITH_AES_128_CCM",                     0xc0A4),
 774     CS_C0A5("TLS_PSK_WITH_AES_256_CCM",                     0xc0A5),
 775     CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM",                 0xc0A6),
 776     CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM",                 0xc0A7),
 777     CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8",                   0xc0A8),
 778     CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8",                   0xc0A9),
 779     CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8",               0xc0Aa),
 780     CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8",               0xc0Ab),
 781 
 782     // Unsupported cipher suites from RFC 7251
 783     CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM",             0xc0Ac),
 784     CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM",             0xc0Ad),
 785     CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",           0xc0Ae),
 786     CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",           0xc0Af),
 787 
 788     C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000);
 789 
 790     final int id;
 791     final boolean isDefaultEnabled;
 792     final String name;
 793     final List<String> aliases;
 794     final List<ProtocolVersion> supportedProtocols;
 795     final KeyExchange keyExchange;
 796     final SSLCipher bulkCipher;
 797     final MacAlg macAlg;
 798     final HashAlg hashAlg;
 799 
 800     final boolean exportable;
 801 
 802     // known but unsupported cipher suite
 803     private CipherSuite(String name, int id) {
 804         this(id, false, name, "",
 805                 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null);
 806     }
 807 
 808     // TLS 1.3 cipher suite
 809     private CipherSuite(int id, boolean isDefaultEnabled,
 810             String name, ProtocolVersion[] supportedProtocols,
 811             SSLCipher bulkCipher, HashAlg hashAlg) {
 812         this(id, isDefaultEnabled, name, "",
 813                 supportedProtocols, null, bulkCipher, M_NULL, hashAlg);
 814     }
 815 
 816     private CipherSuite(int id, boolean isDefaultEnabled,
 817             String name, String aliases,
 818             ProtocolVersion[] supportedProtocols,
 819             KeyExchange keyExchange, SSLCipher cipher,
 820             MacAlg macAlg, HashAlg hashAlg) {
 821         this.id = id;
 822         this.isDefaultEnabled = isDefaultEnabled;
 823         this.name = name;
 824         if (!aliases.isEmpty()) {
 825             this.aliases = Arrays.asList(aliases.split(","));
 826         } else {
 827             this.aliases = Collections.emptyList();
 828         }
 829         this.supportedProtocols = Arrays.asList(supportedProtocols);
 830         this.keyExchange = keyExchange;
 831         this.bulkCipher = cipher;
 832         this.macAlg = macAlg;
 833         this.hashAlg = hashAlg;
 834 
 835         this.exportable = (cipher == null ? false : cipher.exportable);
 836     }
 837 
 838     static CipherSuite nameOf(String ciperSuiteName) {
 839         for (CipherSuite cs : CipherSuite.values()) {
 840             if (cs.name.equals(ciperSuiteName) ||
 841                     cs.aliases.contains(ciperSuiteName)) {
 842                 return cs;
 843             }
 844         }
 845 
 846         return null;
 847     }
 848 
 849     static CipherSuite valueOf(int id) {
 850         for (CipherSuite cs : CipherSuite.values()) {
 851             if (cs.id == id) {
 852                 return cs;
 853             }
 854         }
 855 
 856         return null;
 857     }
 858 
 859     static String nameOf(int id) {
 860         for (CipherSuite cs : CipherSuite.values()) {
 861             if (cs.id == id) {
 862                 return cs.name;
 863             }
 864         }
 865 
 866         return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")";
 867     }
 868 
 869     static Collection<CipherSuite> allowedCipherSuites() {
 870         Collection<CipherSuite> cipherSuites = new LinkedList<>();
 871         for (CipherSuite cs : CipherSuite.values()) {
 872             if (!cs.supportedProtocols.isEmpty()) {
 873                 cipherSuites.add(cs);
 874             } else {
 875                 // values() is ordered, remaining cipher suites are
 876                 // not supported.
 877                 break;
 878             }
 879         }
 880         return cipherSuites;
 881     }
 882 
 883     static Collection<CipherSuite> defaultCipherSuites() {
 884         Collection<CipherSuite> cipherSuites = new LinkedList<>();
 885         for (CipherSuite cs : CipherSuite.values()) {
 886             if (cs.isDefaultEnabled) {
 887                 cipherSuites.add(cs);
 888             } else {
 889                 // values() is ordered, remaining cipher suites are
 890                 // not enabled.
 891                 break;
 892             }
 893         }
 894         return cipherSuites;
 895     }
 896 
 897     /**
 898      * Validates and converts an array of cipher suite names.
 899      *
 900      * @throws IllegalArgumentException when one or more of the ciphers named
 901      *         by the parameter is not supported, or when the parameter is null.
 902      */
 903     static List<CipherSuite> validValuesOf(String[] names) {
 904         if (names == null) {
 905             throw new IllegalArgumentException("CipherSuites cannot be null");
 906         }
 907 
 908         List<CipherSuite> cipherSuites = new ArrayList<>(names.length);
 909         for (String name : names) {
 910             if (name == null || name.isEmpty()) {
 911                 throw new IllegalArgumentException(
 912                         "The specified CipherSuites array contains " +
 913                         "invalid null or empty string elements");
 914             }
 915 
 916             boolean found = false;
 917             for (CipherSuite cs : CipherSuite.values()) {
 918                 if (!cs.supportedProtocols.isEmpty()) {
 919                     if (cs.name.equals(name) ||
 920                             cs.aliases.contains(name)) {
 921                         cipherSuites.add(cs);
 922                         found = true;
 923                         break;
 924                     }
 925                 } else {
 926                     // values() is ordered, remaining cipher suites are
 927                     // not supported.
 928                     break;
 929                 }
 930             }
 931             if (!found) {
 932                 throw new IllegalArgumentException(
 933                         "Unsupported CipherSuite: "  + name);
 934             }
 935         }
 936 
 937         return Collections.unmodifiableList(cipherSuites);
 938     }
 939 
 940     static String[] namesOf(List<CipherSuite> cipherSuites) {
 941         String[] names = new String[cipherSuites.size()];
 942         int i = 0;
 943         for (CipherSuite cipherSuite : cipherSuites) {
 944             names[i++] = cipherSuite.name;
 945         }
 946 
 947         return names;
 948     }
 949 
 950     boolean isAvailable() {
 951         // Note: keyExchange is null for TLS 1.3 CipherSuites.
 952         return !supportedProtocols.isEmpty() &&
 953                 (keyExchange == null || keyExchange.isAvailable()) &&
 954                 bulkCipher != null && bulkCipher.isAvailable();
 955     }
 956 
 957     public boolean supports(ProtocolVersion protocolVersion) {
 958         return supportedProtocols.contains(protocolVersion);
 959     }
 960 
 961     boolean isNegotiable() {
 962         return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable();
 963     }
 964 
 965     boolean isAnonymous() {
 966         return (keyExchange != null && keyExchange.isAnonymous);
 967     }
 968 
 969     // See also SSLWriteCipher.calculatePacketSize().
 970     int calculatePacketSize(int fragmentSize,
 971             ProtocolVersion protocolVersion, boolean isDTLS) {
 972         int packetSize = fragmentSize;
 973         if (bulkCipher != null && bulkCipher != B_NULL) {
 974             int blockSize = bulkCipher.ivSize;
 975             switch (bulkCipher.cipherType) {
 976                 case BLOCK_CIPHER:
 977                     packetSize += macAlg.size;
 978                     packetSize += 1;        // 1 byte padding length field
 979                     packetSize +=           // use the minimal padding
 980                             (blockSize - (packetSize % blockSize)) % blockSize;
 981                     if (protocolVersion.useTLS11PlusSpec()) {
 982                         packetSize += blockSize;        // explicit IV
 983                     }
 984 
 985                     break;
 986                 case AEAD_CIPHER:
 987                     if (protocolVersion == ProtocolVersion.TLS12 ||
 988                             protocolVersion == ProtocolVersion.DTLS12) {
 989                         packetSize +=
 990                                 bulkCipher.ivSize - bulkCipher.fixedIvSize;
 991                     }
 992                     packetSize += bulkCipher.tagSize;
 993 
 994                     break;
 995                 default:    // NULL_CIPHER or STREAM_CIPHER
 996                     packetSize += macAlg.size;
 997             }
 998         }
 999 
1000         return packetSize +
1001             (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
1002     }
1003 
1004     // See also CipherBox.calculateFragmentSize().
1005     int calculateFragSize(int packetLimit,
1006             ProtocolVersion protocolVersion, boolean isDTLS) {
1007         int fragSize = packetLimit -
1008                 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
1009         if (bulkCipher != null && bulkCipher != B_NULL) {
1010             int blockSize = bulkCipher.ivSize;
1011             switch (bulkCipher.cipherType) {
1012                 case BLOCK_CIPHER:
1013                     if (protocolVersion.useTLS11PlusSpec()) {
1014                         fragSize -= blockSize;          // explicit IV
1015                     }
1016                     fragSize -= (fragSize % blockSize); // cannot hold a block
1017                     // No padding for a maximum fragment.
1018                     fragSize -= 1;        // 1 byte padding length field: 0x00
1019                     fragSize -= macAlg.size;
1020 
1021                     break;
1022                 case AEAD_CIPHER:
1023                     fragSize -= bulkCipher.tagSize;
1024                     fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize;
1025 
1026                     break;
1027                 default:    // NULL_CIPHER or STREAM_CIPHER
1028                     fragSize -= macAlg.size;
1029             }
1030         }
1031 
1032         return fragSize;
1033     }
1034 
1035     /**
1036      * An SSL/TLS key exchange algorithm.
1037      */
1038     static enum KeyExchange {
1039         K_NULL          ("NULL",           false, true,   NAMED_GROUP_NONE),
1040         K_RSA           ("RSA",            true,  false,  NAMED_GROUP_NONE),
1041         K_RSA_EXPORT    ("RSA_EXPORT",     true,  false,  NAMED_GROUP_NONE),
1042         K_DH_RSA        ("DH_RSA",         false, false,  NAMED_GROUP_NONE),
1043         K_DH_DSS        ("DH_DSS",         false, false,  NAMED_GROUP_NONE),
1044         K_DHE_DSS       ("DHE_DSS",        true,  false,  NAMED_GROUP_FFDHE),
1045         K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true,  false,  NAMED_GROUP_NONE),
1046         K_DHE_RSA       ("DHE_RSA",        true,  false,  NAMED_GROUP_FFDHE),
1047         K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true,  false,  NAMED_GROUP_NONE),
1048         K_DH_ANON       ("DH_anon",        true,  true,   NAMED_GROUP_FFDHE),
1049         K_DH_ANON_EXPORT("DH_anon_EXPORT", true,  true,   NAMED_GROUP_NONE),
1050 
1051         K_ECDH_ECDSA    ("ECDH_ECDSA",     true,  false,  NAMED_GROUP_ECDHE),
1052         K_ECDH_RSA      ("ECDH_RSA",       true,  false,  NAMED_GROUP_ECDHE),
1053         K_ECDHE_ECDSA   ("ECDHE_ECDSA",    true,  false,  NAMED_GROUP_ECDHE),
1054         K_ECDHE_RSA     ("ECDHE_RSA",      true,  false,  NAMED_GROUP_ECDHE),
1055         K_ECDH_ANON     ("ECDH_anon",      true,  true,   NAMED_GROUP_ECDHE),
1056 
1057         // renegotiation protection request signaling cipher suite
1058         K_SCSV          ("SCSV",           true,  true,   NAMED_GROUP_NONE);
1059 
1060         // name of the key exchange algorithm, e.g. DHE_DSS
1061         final String name;
1062         final boolean allowed;
1063         final NamedGroupType groupType;
1064         private final boolean alwaysAvailable;
1065         private final boolean isAnonymous;
1066 
1067         KeyExchange(String name, boolean allowed,
1068                 boolean isAnonymous, NamedGroupType groupType) {
1069             this.name = name;
1070             if (groupType == NAMED_GROUP_ECDHE) {
1071                 this.allowed = JsseJce.ALLOW_ECC;
1072             } else {
1073                 this.allowed = allowed;
1074             }
1075             this.groupType = groupType;
1076             this.alwaysAvailable = allowed && (!name.startsWith("EC"));
1077             this.isAnonymous = isAnonymous;
1078         }
1079 
1080         boolean isAvailable() {
1081             if (alwaysAvailable) {
1082                 return true;
1083             }
1084 
1085             if (groupType == NAMED_GROUP_ECDHE) {
1086                 return (allowed && JsseJce.isEcAvailable());
1087             } else {
1088                 return allowed;
1089             }
1090         }
1091 
1092         @Override
1093         public String toString() {
1094             return name;
1095         }
1096     }
1097 
1098     /**
1099      * An SSL/TLS key MAC algorithm.
1100      *
1101      * Also contains a factory method to obtain an initialized MAC
1102      * for this algorithm.
1103      */
1104     static enum MacAlg {
1105         M_NULL      ("NULL",     0,   0,   0),
1106         M_MD5       ("MD5",     16,  64,   9),
1107         M_SHA       ("SHA",     20,  64,   9),
1108         M_SHA256    ("SHA256",  32,  64,   9),
1109         M_SHA384    ("SHA384",  48, 128,  17);
1110 
1111         // descriptive name, e.g. MD5
1112         final String name;
1113 
1114         // size of the MAC value (and MAC key) in bytes
1115         final int size;
1116 
1117         // block size of the underlying hash algorithm
1118         final int hashBlockSize;
1119 
1120         // minimal padding size of the underlying hash algorithm
1121         final int minimalPaddingSize;
1122 
1123         MacAlg(String name, int size,
1124                 int hashBlockSize, int minimalPaddingSize) {
1125             this.name = name;
1126             this.size = size;
1127             this.hashBlockSize = hashBlockSize;
1128             this.minimalPaddingSize = minimalPaddingSize;
1129         }
1130 
1131         @Override
1132         public String toString() {
1133             return name;
1134         }
1135     }
1136 
1137     /**
1138      * The hash algorithms used for PRF (PseudoRandom Function) or HKDF.
1139      *
1140      * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for
1141      * generating the necessary material.
1142      */
1143     static enum HashAlg {
1144         H_NONE      ("NONE",    0,    0),
1145         H_SHA256    ("SHA-256", 32,  64),
1146         H_SHA384    ("SHA-384", 48, 128);
1147 
1148         final String name;
1149         final int hashLength;
1150         final int blockSize;
1151 
1152         HashAlg(String hashAlg, int hashLength, int blockSize) {
1153             this.name = hashAlg;
1154             this.hashLength = hashLength;
1155             this.blockSize = blockSize;
1156         }
1157 
1158         @Override
1159         public String toString() {
1160             return name;
1161         }
1162     }
1163 }