CipherSuite.java revision 3002
2890N/A * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * An SSL/TLS CipherSuite. Constants for the standard key exchange, cipher, 0N/A * and mac algorithms are also defined in this class. 0N/A * The CipherSuite class and the inner classes defined in this file roughly 0N/A * follow the type safe enum pattern described in Effective Java. This means: 0N/A * . instances are immutable, classes are final 0N/A * . there is a unique instance of every value, i.e. there are never two 0N/A * instances representing the same CipherSuite, etc. This means equality 0N/A * tests can be performed using == instead of equals() (although that works 0N/A * as well). [A minor exception are *unsupported* CipherSuites read from a 0N/A * handshake message, but this is usually irrelevant] 0N/A * . instances are obtained using the static valueOf() factory methods. 0N/A * . properties are defined as final variables and made available as 0N/A * package private variables without method accessors 0N/A * . if the member variable allowed is false, the given algorithm is either 0N/A * unavailable or disabled at compile time 0N/A // minimum priority for supported CipherSuites 0N/A // minimum priority for default enabled CipherSuites 0N/A // Flag indicating if CipherSuite availability can change dynamically. 0N/A // This is the case when we rely on a JCE cipher implementation that 0N/A // may not be available in the installed JCE providers. 1870N/A // It is true because we might not have an ECC implementation. 0N/A (
"com.sun.net.ssl.enableECC",
true);
0N/A // Map Integer(id) -> CipherSuite 0N/A // contains all known CipherSuites 0N/A // Map String(name) -> CipherSuite 0N/A // contains only supported CipherSuites (i.e. allowed == true) 0N/A // Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5 0N/A // we use TLS_* only for new CipherSuites, still SSL_* for old ones 0N/A // id in 16 bit MSB format, i.e. 0x0004 for SSL_RSA_WITH_RC4_128_MD5 0N/A // priority for the internal default preference order. the higher the 0N/A // better. Each supported CipherSuite *must* have a unique priority. 0N/A // Ciphersuites with priority >= DEFAULT_SUITES_PRIORITY are enabled 3002N/A // key exchange, bulk cipher, mac and prf algorithms. See those 0N/A // whether a CipherSuite qualifies as exportable under 512/40 bit rules. 3002N/A // TLS 1.1+ (RFC 4346) must not negotiate to these suites. 0N/A // true iff implemented and enabled at compile time 2998N/A // obsoleted since protocol version 3002N/A // supported since protocol version 3002N/A * Constructor for implemented CipherSuites. 0N/A (
"Unknown MAC algorithm for ciphersuite " +
name);
3002N/A * Constructor for unimplemented CipherSuites. 0N/A * Return whether this CipherSuite is available for use. A 0N/A * CipherSuite may be unavailable even if it is supported 0N/A * (i.e. allowed == true) if the required JCE cipher is not installed. 0N/A * In some configuration, this situation may change over time, call 0N/A * CipherSuiteList.clearAvailableCache() before this method to obtain 0N/A * the most current status. 0N/A * Compares CipherSuites based on their priority. Has the effect of 0N/A * sorting CipherSuites when put in a sorted collection, which is 0N/A * used by CipherSuiteList. Follows standard Comparable contract. 0N/A * Note that for unsupported CipherSuites parsed from a handshake 0N/A * message we violate the equals() contract. 0N/A * Returns this.name. 0N/A * Return a CipherSuite for the given name. The returned CipherSuite 0N/A * is supported by this implementation but may not actually be 0N/A * currently useable. See isAvailable(). 0N/A * @exception IllegalArgumentException if the CipherSuite is unknown or 0N/A * Return a CipherSuite with the given ID. A temporary object is 0N/A * constructed if the ID is unknown. Use isAvailable() to verify that 0N/A * the CipherSuite can actually be used. 0N/A // for use by CipherSuiteList only 3002N/A * Use this method when all of the values need to be specified. 3002N/A * This is primarily used when defining a new ciphersuite for 3002N/A * TLS 1.2+ that doesn't use the "default" PRF. 3002N/A * Use this method when there is no lower protocol limit where this 3002N/A * suite can be used, and the PRF is P_SHA256. That is, the 3002N/A * existing ciphersuites. From RFC 5246: 3002N/A * All cipher suites in this document use P_SHA256. 3002N/A // If this is an obsoleted suite, then don't let the TLS 1.2 3002N/A // protocol have a valid PRF value. 3002N/A * Use this method when there is no upper protocol limit. That is, 3002N/A * suites which have not been obsoleted. 3002N/A * Use this method to define an unimplemented suite. This provides 3002N/A * a number<->name mapping that can be used for debugging. 0N/A // key exchange algorithms 0N/A // Kerberos cipher suites 2890N/A // renegotiation protection request signaling cipher suite 0N/A // name of the key exchange algorithm, e.g. DHE_DSS 0N/A * An SSL/TLS bulk cipher algorithm. One instance per combination of 0N/A * cipher and key length. 0N/A * Also contains a factory method to obtain in initialized CipherBox 0N/A * for this algorithm. 0N/A // Map BulkCipher -> Boolean(available) 0N/A // descriptive name including key size, e.g. AES/128 0N/A // algorithm name, e.g. AES 0N/A // supported and compile time enabled. Also see isAvailable() 0N/A // number of bytes of entropy in the key 0N/A // length of the actual cipher key in bytes. 0N/A // for non-exportable ciphers, this is the same as keySize 0N/A // size of the IV (also block size) 0N/A // exportable under 512/40 bit rules 0N/A * Return an initialized CipherBox for this BulkCipher. 0N/A * IV must be null for stream ciphers. 0N/A * @exception NoSuchAlgorithmException if anything goes wrong 0N/A * Test if this bulk cipher is available. For use by CipherSuite. 0N/A * Currently all supported ciphers except AES are always available 0N/A * via the JSSE internal implementations. We also assume AES/128 0N/A * is always available since it is shipped with the SunJCE provider. 0N/A * However, AES/256 is unavailable when the default JCE policy 0N/A * jurisdiction files are installed because of key length restrictions. 0N/A // for use by CipherSuiteList.clearAvailableCache(); 3002N/A * Also contains a factory method to obtain an initialized MAC 0N/A * for this algorithm. 0N/A // descriptive name, e.g. MD5 0N/A // size of the MAC value (and MAC key) in bytes 0N/A * Return an initialized MAC for this MacAlg. ProtocolVersion 0N/A * must either be SSL30 (SSLv3 custom MAC) or TLS10 (std. HMAC). 0N/A * @exception NoSuchAlgorithmException if anything goes wrong 0N/A // export strength ciphers 0N/A // domestic strength ciphers 3002N/A // PRFs (PseudoRandom Function) from TLS specifications. 3002N/A // new Ciphersuites (e.g. RFC 5288) can define specific PRF hash 0N/A final boolean F =
false;
0N/A final boolean T =
true;
0N/A // N: ciphersuites only allowed if we are not in FIPS mode 2998N/A * TLS Cipher Suite Registry, as of August 2010. 2998N/A * Range Registration Procedures Notes 2998N/A * 000-191 Standards Action Refers to value of first byte 2998N/A * 192-254 Specification Required Refers to value of first byte 2998N/A * 255 Reserved for Private Use Refers to value of first byte 2998N/A * Value Description Reference 2998N/A * 0x00,0x00 TLS_NULL_WITH_NULL_NULL [RFC5246] 2998N/A * 0x00,0x01 TLS_RSA_WITH_NULL_MD5 [RFC5246] 2998N/A * 0x00,0x02 TLS_RSA_WITH_NULL_SHA [RFC5246] 2998N/A * 0x00,0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 [RFC4346] 2998N/A * 0x00,0x04 TLS_RSA_WITH_RC4_128_MD5 [RFC5246] 2998N/A * 0x00,0x05 TLS_RSA_WITH_RC4_128_SHA [RFC5246] 2998N/A * 0x00,0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 [RFC4346] 2998N/A * 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469] 2998N/A * 0x00,0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 2998N/A * 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469] 2998N/A * 0x00,0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 2998N/A * 0x00,0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 2998N/A * 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469] 2998N/A * 0x00,0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246] 2998N/A * 0x00,0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 2998N/A * 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469] 2998N/A * 0x00,0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 2998N/A * 0x00,0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 2998N/A * 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469] 2998N/A * 0x00,0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246] 2998N/A * 0x00,0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 2998N/A * 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469] 2998N/A * 0x00,0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246] 2998N/A * 0x00,0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 [RFC4346] 2998N/A * 0x00,0x18 TLS_DH_anon_WITH_RC4_128_MD5 [RFC5246] 2998N/A * 0x00,0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA [RFC4346] 2998N/A * 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469] 2998N/A * 0x00,0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [RFC5246] 2998N/A * 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3 [RFC5246] 2998N/A * 0x00,0x1E TLS_KRB5_WITH_DES_CBC_SHA [RFC2712] 2998N/A * 0x00,0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA [RFC2712] 2998N/A * 0x00,0x20 TLS_KRB5_WITH_RC4_128_SHA [RFC2712] 2998N/A * 0x00,0x21 TLS_KRB5_WITH_IDEA_CBC_SHA [RFC2712] 2998N/A * 0x00,0x22 TLS_KRB5_WITH_DES_CBC_MD5 [RFC2712] 2998N/A * 0x00,0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 [RFC2712] 2998N/A * 0x00,0x24 TLS_KRB5_WITH_RC4_128_MD5 [RFC2712] 2998N/A * 0x00,0x25 TLS_KRB5_WITH_IDEA_CBC_MD5 [RFC2712] 2998N/A * 0x00,0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA [RFC2712] 2998N/A * 0x00,0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA [RFC2712] 2998N/A * 0x00,0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA [RFC2712] 2998N/A * 0x00,0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [RFC2712] 2998N/A * 0x00,0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 [RFC2712] 2998N/A * 0x00,0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 [RFC2712] 2998N/A * 0x00,0x2C TLS_PSK_WITH_NULL_SHA [RFC4785] 2998N/A * 0x00,0x2D TLS_DHE_PSK_WITH_NULL_SHA [RFC4785] 2998N/A * 0x00,0x2E TLS_RSA_PSK_WITH_NULL_SHA [RFC4785] 2998N/A * 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246] 2998N/A * 0x00,0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA [RFC5246] 2998N/A * 0x00,0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA [RFC5246] 2998N/A * 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA [RFC5246] 2998N/A * 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246] 2998N/A * 0x00,0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA [RFC5246] 2998N/A * 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246] 2998N/A * 0x00,0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA [RFC5246] 2998N/A * 0x00,0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA [RFC5246] 2998N/A * 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA [RFC5246] 2998N/A * 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246] 2998N/A * 0x00,0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA [RFC5246] 2998N/A * 0x00,0x3B TLS_RSA_WITH_NULL_SHA256 [RFC5246] 2998N/A * 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 2998N/A * 0x00,0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 2998N/A * 0x00,0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 2998N/A * 0x00,0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 2998N/A * 0x00,0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 2998N/A * 0x00,0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [RFC5932] 2998N/A * 0x00,0x47-4F Reserved to avoid conflicts with 2998N/A * deployed implementations [Pasi_Eronen] 2998N/A * 0x00,0x50-58 Reserved to avoid conflicts [Pasi Eronen] 2998N/A * 0x00,0x59-5C Reserved to avoid conflicts with 2998N/A * deployed implementations [Pasi_Eronen] 2998N/A * 0x00,0x60-66 Reserved to avoid conflicts with widely 2998N/A * deployed implementations [Pasi_Eronen] 2998N/A * 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 [RFC5246] 2998N/A * 0x00,0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 2998N/A * 0x00,0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 2998N/A * 0x00,0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 2998N/A * 0x00,0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 2998N/A * 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 2998N/A * 0x00,0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [RFC5932] 2998N/A * 0x00,0x8A TLS_PSK_WITH_RC4_128_SHA [RFC4279] 2998N/A * 0x00,0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 2998N/A * 0x00,0x8C TLS_PSK_WITH_AES_128_CBC_SHA [RFC4279] 2998N/A * 0x00,0x8D TLS_PSK_WITH_AES_256_CBC_SHA [RFC4279] 2998N/A * 0x00,0x8E TLS_DHE_PSK_WITH_RC4_128_SHA [RFC4279] 2998N/A * 0x00,0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 2998N/A * 0x00,0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC4279] 2998N/A * 0x00,0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC4279] 2998N/A * 0x00,0x92 TLS_RSA_PSK_WITH_RC4_128_SHA [RFC4279] 2998N/A * 0x00,0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279] 2998N/A * 0x00,0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA [RFC4279] 2998N/A * 0x00,0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA [RFC4279] 2998N/A * 0x00,0x96 TLS_RSA_WITH_SEED_CBC_SHA [RFC4162] 2998N/A * 0x00,0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA [RFC4162] 2998N/A * 0x00,0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA [RFC4162] 2998N/A * 0x00,0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA [RFC4162] 2998N/A * 0x00,0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA [RFC4162] 2998N/A * 0x00,0x9B TLS_DH_anon_WITH_SEED_CBC_SHA [RFC4162] 2998N/A * 0x00,0x9C TLS_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 2998N/A * 0x00,0x9D TLS_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 2998N/A * 0x00,0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 2998N/A * 0x00,0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 2998N/A * 0x00,0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 [RFC5288] 2998N/A * 0x00,0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 [RFC5288] 2998N/A * 0x00,0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [RFC5288] 2998N/A * 0x00,0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 [RFC5288] 2998N/A * 0x00,0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 [RFC5288] 2998N/A * 0x00,0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 [RFC5288] 2998N/A * 0x00,0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 [RFC5288] 2998N/A * 0x00,0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 [RFC5288] 2998N/A * 0x00,0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 2998N/A * 0x00,0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 2998N/A * 0x00,0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 2998N/A * 0x00,0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 2998N/A * 0x00,0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 [RFC5487] 2998N/A * 0x00,0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 [RFC5487] 2998N/A * 0x00,0xAE TLS_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 2998N/A * 0x00,0xAF TLS_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 2998N/A * 0x00,0xB0 TLS_PSK_WITH_NULL_SHA256 [RFC5487] 2998N/A * 0x00,0xB1 TLS_PSK_WITH_NULL_SHA384 [RFC5487] 2998N/A * 0x00,0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 2998N/A * 0x00,0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 2998N/A * 0x00,0xB4 TLS_DHE_PSK_WITH_NULL_SHA256 [RFC5487] 2998N/A * 0x00,0xB5 TLS_DHE_PSK_WITH_NULL_SHA384 [RFC5487] 2998N/A * 0x00,0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 [RFC5487] 2998N/A * 0x00,0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 [RFC5487] 2998N/A * 0x00,0xB8 TLS_RSA_PSK_WITH_NULL_SHA256 [RFC5487] 2998N/A * 0x00,0xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [RFC5487] 2998N/A * 0x00,0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932] 2998N/A * 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [RFC5746] 2998N/A * 0xC0,0x01 TLS_ECDH_ECDSA_WITH_NULL_SHA [RFC4492] 2998N/A * 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA [RFC4492] 2998N/A * 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x06 TLS_ECDHE_ECDSA_WITH_NULL_SHA [RFC4492] 2998N/A * 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [RFC4492] 2998N/A * 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x0B TLS_ECDH_RSA_WITH_NULL_SHA [RFC4492] 2998N/A * 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA [RFC4492] 2998N/A * 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x10 TLS_ECDHE_RSA_WITH_NULL_SHA [RFC4492] 2998N/A * 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA [RFC4492] 2998N/A * 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x15 TLS_ECDH_anon_WITH_NULL_SHA [RFC4492] 2998N/A * 0xC0,0x16 TLS_ECDH_anon_WITH_RC4_128_SHA [RFC4492] 2998N/A * 0xC0,0x17 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x18 TLS_ECDH_anon_WITH_AES_128_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x19 TLS_ECDH_anon_WITH_AES_256_CBC_SHA [RFC4492] 2998N/A * 0xC0,0x1A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x1B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x1C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x1D TLS_SRP_SHA_WITH_AES_128_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x1E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x1F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x21 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x22 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA [RFC5054] 2998N/A * 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289] 2998N/A * 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289] 2998N/A * 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289] 2998N/A * 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289] 2998N/A * 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5289] 2998N/A * 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] 2998N/A * 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [RFC5289] 2998N/A * 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] 2998N/A * 0xC0,0x2B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289] 2998N/A * 0xC0,0x2C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289] 2998N/A * 0xC0,0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289] 2998N/A * 0xC0,0x2E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289] 2998N/A * 0xC0,0x2F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5289] 2998N/A * 0xC0,0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5289] 2998N/A * 0xC0,0x31 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [RFC5289] 2998N/A * 0xC0,0x32 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 [RFC5289] 2998N/A * 0xC0,0x33 TLS_ECDHE_PSK_WITH_RC4_128_SHA [RFC5489] 2998N/A * 0xC0,0x34 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC5489] 2998N/A * 0xC0,0x35 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA [RFC5489] 2998N/A * 0xC0,0x36 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA [RFC5489] 2998N/A * 0xC0,0x37 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5489] 2998N/A * 0xC0,0x38 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5489] 2998N/A * 0xC0,0x39 TLS_ECDHE_PSK_WITH_NULL_SHA [RFC5489] 2998N/A * 0xC0,0x3A TLS_ECDHE_PSK_WITH_NULL_SHA256 [RFC5489] 2998N/A * 0xC0,0x3B TLS_ECDHE_PSK_WITH_NULL_SHA384 [RFC5489] 2998N/A * 0xFE,0xFE-FF Reserved to avoid conflicts with widely 2998N/A * deployed implementations [Pasi_Eronen] 2998N/A * 0xFF,0x00-FF Reserved for Private Use [RFC5246] 0N/A // Definition of the CipherSuites that are enabled by default. 0N/A // They are listed in preference order, most preferred first. 3002N/A // shorten names to fit the following table cleanly. 3002N/A // ID Key Exchange Cipher A obs suprt PRF 3002N/A // ====== ============ ========= = === ===== ======== 3002N/A add(
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
3002N/A add(
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
3002N/A add(
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
3002N/A add(
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
3002N/A add(
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
3002N/A add(
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
3002N/A add(
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
3002N/A add(
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
3002N/A add(
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
3002N/A add(
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
3002N/A add(
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
3002N/A add(
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
2890N/A add(
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
2890N/A add(
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
2890N/A add(
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
2890N/A add(
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
2890N/A add(
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
2890N/A add(
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
2890N/A add(
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
2890N/A // Renegotiation protection request Signalling Cipher Suite Value (SCSV) 0N/A // Definition of the CipherSuites that are supported but not enabled 0N/A // They are listed in preference order, preferred first. 3002N/A // weak single-DES cipher suites 2890N/A // Anonymous key exchange and the NULL ciphers 3002N/A add(
"TLS_DH_anon_WITH_AES_128_CBC_SHA256",
3002N/A add(
"TLS_DH_anon_WITH_AES_256_CBC_SHA256",
2890N/A add(
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
2890N/A add(
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
3002N/A add(
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
3002N/A add(
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
2890N/A // Supported Kerberos ciphersuites from RFC2712 2890N/A add(
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
2890N/A add(
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
2998N/A * Other values from the TLS Cipher Suite Registry, as of August 2010. 2998N/A * Range Registration Procedures Notes 2998N/A * 000-191 Standards Action Refers to value of first byte 2998N/A * 192-254 Specification Required Refers to value of first byte 2998N/A * 255 Reserved for Private Use Refers to value of first byte 0N/A // Register the names of a few additional CipherSuites. 0N/A // Makes them show up as names instead of numbers in 0N/A // the debug output. 0N/A // remaining unsupported ciphersuites defined in RFC2246. 2998N/A add(
"SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
0x0006);
2998N/A add(
"SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
0x000b);
2998N/A add(
"SSL_DH_DSS_WITH_DES_CBC_SHA",
0x000c);
2998N/A add(
"SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA",
0x000d);
2998N/A add(
"SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
0x000e);
2998N/A add(
"SSL_DH_RSA_WITH_DES_CBC_SHA",
0x000f);
2998N/A add(
"SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA",
0x0010);
0N/A // SSL 3.0 Fortezza ciphersuites 2998N/A add(
"SSL_FORTEZZA_DMS_WITH_NULL_SHA",
0x001c);
2998N/A add(
"SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",
0x001d);
0N/A // 1024/56 bit exportable ciphersuites from expired internet draft 2998N/A add(
"SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA",
0x0062);
2998N/A add(
"SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
0x0063);
2998N/A add(
"SSL_RSA_EXPORT1024_WITH_RC4_56_SHA",
0x0064);
2998N/A add(
"SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
0x0065);
2998N/A add(
"SSL_DHE_DSS_WITH_RC4_128_SHA",
0x0066);
0N/A // Netscape old and new SSL 3.0 FIPS ciphersuites 2998N/A add(
"NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
0xffe0);
2998N/A add(
"NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA",
0xffe1);
2998N/A add(
"SSL_RSA_FIPS_WITH_DES_CBC_SHA",
0xfefe);
2998N/A add(
"SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
0xfeff);
0N/A // Unsupported Kerberos cipher suites from RFC 2712 2998N/A add(
"TLS_KRB5_WITH_IDEA_CBC_SHA",
0x0021);
2998N/A add(
"TLS_KRB5_WITH_IDEA_CBC_MD5",
0x0025);
2998N/A add(
"TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
0x0027);
2998N/A add(
"TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
0x002a);
2998N/A // Unsupported cipher suites from RFC 4162 2998N/A add(
"TLS_DH_DSS_WITH_SEED_CBC_SHA",
0x0097);
2998N/A add(
"TLS_DH_RSA_WITH_SEED_CBC_SHA",
0x0098);
2998N/A add(
"TLS_DHE_DSS_WITH_SEED_CBC_SHA",
0x0099);
2998N/A add(
"TLS_DHE_RSA_WITH_SEED_CBC_SHA",
0x009a);
2998N/A add(
"TLS_DH_anon_WITH_SEED_CBC_SHA",
0x009b);
2998N/A // Unsupported cipher suites from RFC 4279 2998N/A add(
"TLS_PSK_WITH_3DES_EDE_CBC_SHA",
0x008b);
2998N/A add(
"TLS_PSK_WITH_AES_128_CBC_SHA",
0x008c);
2998N/A add(
"TLS_PSK_WITH_AES_256_CBC_SHA",
0x008d);
2998N/A add(
"TLS_DHE_PSK_WITH_RC4_128_SHA",
0x008e);
2998N/A add(
"TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
0x008f);
2998N/A add(
"TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
0x0090);
2998N/A add(
"TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
0x0091);
2998N/A add(
"TLS_RSA_PSK_WITH_RC4_128_SHA",
0x0092);
2998N/A add(
"TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
0x0093);
2998N/A add(
"TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
0x0094);
2998N/A add(
"TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
0x0095);
2998N/A // Unsupported cipher suites from RFC 4785 2998N/A // Unsupported cipher suites from RFC 5246 2998N/A add(
"TLS_DH_DSS_WITH_AES_128_CBC_SHA",
0x0030);
2998N/A add(
"TLS_DH_RSA_WITH_AES_128_CBC_SHA",
0x0031);
2998N/A add(
"TLS_DH_DSS_WITH_AES_256_CBC_SHA",
0x0036);
2998N/A add(
"TLS_DH_RSA_WITH_AES_256_CBC_SHA",
0x0037);
2998N/A add(
"TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
0x003e);
2998N/A add(
"TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
0x003f);
2998N/A add(
"TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
0x0068);
2998N/A add(
"TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
0x0069);
2998N/A // Unsupported cipher suites from RFC 5288 2998N/A add(
"TLS_RSA_WITH_AES_128_GCM_SHA256",
0x009c);
2998N/A add(
"TLS_RSA_WITH_AES_256_GCM_SHA384",
0x009d);
2998N/A add(
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
0x009e);
2998N/A add(
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
0x009f);
2998N/A add(
"TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
0x00a0);
2998N/A add(
"TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
0x00a1);
2998N/A add(
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
0x00a2);
2998N/A add(
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
0x00a3);
2998N/A add(
"TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
0x00a4);
2998N/A add(
"TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
0x00a5);
2998N/A add(
"TLS_DH_anon_WITH_AES_128_GCM_SHA256",
0x00a6);
2998N/A add(
"TLS_DH_anon_WITH_AES_256_GCM_SHA384",
0x00a7);
2998N/A // Unsupported cipher suites from RFC 5487 2998N/A add(
"TLS_PSK_WITH_AES_128_GCM_SHA256",
0x00a8);
2998N/A add(
"TLS_PSK_WITH_AES_256_GCM_SHA384",
0x00a9);
2998N/A add(
"TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
0x00aa);
2998N/A add(
"TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
0x00ab);
2998N/A add(
"TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
0x00ac);
2998N/A add(
"TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
0x00ad);
2998N/A add(
"TLS_PSK_WITH_AES_128_CBC_SHA256",
0x00ae);
2998N/A add(
"TLS_PSK_WITH_AES_256_CBC_SHA384",
0x00af);
2998N/A add(
"TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
0x00b2);
2998N/A add(
"TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
0x00b3);
2998N/A add(
"TLS_DHE_PSK_WITH_NULL_SHA256",
0x00b4);
2998N/A add(
"TLS_DHE_PSK_WITH_NULL_SHA384",
0x00b5);
2998N/A add(
"TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
0x00b6);
2998N/A add(
"TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
0x00b7);
2998N/A add(
"TLS_RSA_PSK_WITH_NULL_SHA256",
0x00b8);
2998N/A add(
"TLS_RSA_PSK_WITH_NULL_SHA384",
0x00b9);
2998N/A // Unsupported cipher suites from RFC 5932 2998N/A add(
"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
0x0041);
2998N/A add(
"TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
0x0042);
2998N/A add(
"TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
0x0043);
2998N/A add(
"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
0x0044);
2998N/A add(
"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
0x0045);
2998N/A add(
"TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
0x0046);
2998N/A add(
"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
0x0084);
2998N/A add(
"TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
0x0085);
2998N/A add(
"TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
0x0086);
2998N/A add(
"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
0x0087);
2998N/A add(
"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
0x0088);
2998N/A add(
"TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
0x0089);
2998N/A add(
"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
0x00ba);
2998N/A add(
"TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
0x00bb);
2998N/A add(
"TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
0x00bc);
2998N/A add(
"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
0x00bd);
2998N/A add(
"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
0x00be);
2998N/A add(
"TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
0x00bf);
2998N/A add(
"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
0x00c0);
2998N/A add(
"TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
0x00c1);
2998N/A add(
"TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
0x00c2);
2998N/A add(
"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
0x00c3);
2998N/A add(
"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
0x00c4);
2998N/A add(
"TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
0x00c5);
2998N/A // Unsupported cipher suites from RFC 5054 2998N/A add(
"TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
0xc01a);
2998N/A add(
"TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
0xc01b);
2998N/A add(
"TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
0xc01c);
2998N/A add(
"TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
0xc01d);
2998N/A add(
"TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
0xc01e);
2998N/A add(
"TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
0xc01f);
2998N/A add(
"TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
0xc020);
2998N/A add(
"TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
0xc021);
2998N/A add(
"TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
0xc022);
2998N/A // Unsupported cipher suites from RFC 5289 2998N/A add(
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
0xc02b);
2998N/A add(
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
0xc02c);
2998N/A add(
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
0xc02d);
2998N/A add(
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
0xc02e);
2998N/A add(
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
0xc02f);
2998N/A add(
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
0xc030);
2998N/A add(
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
0xc031);
2998N/A add(
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
0xc032);
2998N/A // Unsupported cipher suites from RFC 5489 2998N/A add(
"TLS_ECDHE_PSK_WITH_RC4_128_SHA",
0xc033);
2998N/A add(
"TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
0xc034);
2998N/A add(
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
0xc035);
2998N/A add(
"TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
0xc036);
2998N/A add(
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
0xc037);
2998N/A add(
"TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
0xc038);
2998N/A add(
"TLS_ECDHE_PSK_WITH_NULL_SHA",
0xc039);
2998N/A add(
"TLS_ECDHE_PSK_WITH_NULL_SHA256",
0xc03a);
2998N/A add(
"TLS_ECDHE_PSK_WITH_NULL_SHA384",
0xc03b);
0N/A // ciphersuite SSL_NULL_WITH_NULL_NULL 2890N/A // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV