1 /* 2 * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.util.*; 29 30 import static sun.security.ssl.CipherSuite.HashAlg.*; 31 import static sun.security.ssl.CipherSuite.KeyExchange.*; 32 import static sun.security.ssl.CipherSuite.MacAlg.*; 33 import static sun.security.ssl.SSLCipher.*; 34 import sun.security.ssl.NamedGroup.NamedGroupSpec; 35 import static sun.security.ssl.NamedGroup.NamedGroupSpec.*; 36 37 /** 38 * Enum for SSL/(D)TLS cipher suites. 39 * 40 * Please refer to the "TLS Cipher Suite Registry" section for more details 41 * about each cipher suite: 42 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xml 43 */ 44 enum CipherSuite { 45 // 46 // in preference order 47 // 48 49 // Definition of the CipherSuites that are enabled by default. 50 // 51 // They are listed in preference order, most preferred first, using 52 // the following criteria: 53 // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be 54 // changed later, see below). 55 // 2. Prefer forward secrecy cipher suites. 56 // 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM), 57 // AES_128(GCM), AES_256, AES_128, 3DES-EDE. 58 // 4. Prefer the stronger MAC algorithm, in the order of SHA384, 59 // SHA256, SHA, MD5. 60 // 5. Prefer the better performance of key exchange and digital 61 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 62 // DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA. 63 64 // TLS 1.3 cipher suites. 65 TLS_AES_256_GCM_SHA384( 66 0x1302, true, "TLS_AES_256_GCM_SHA384", 67 ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384), 68 TLS_AES_128_GCM_SHA256( 69 0x1301, true, "TLS_AES_128_GCM_SHA256", 70 ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256), 71 TLS_CHACHA20_POLY1305_SHA256( 72 0x1303, true, "TLS_CHACHA20_POLY1305_SHA256", 73 ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256), 74 75 // Suite B compliant cipher suites, see RFC 6460. 76 // 77 // Note that, at present this provider is not Suite B compliant. The 78 // preference order of the GCM cipher suites does not follow the spec 79 // of RFC 6460. In this section, only two cipher suites are listed 80 // so that applications can make use of Suite-B compliant cipher 81 // suite firstly. 82 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384( 83 0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "", 84 ProtocolVersion.PROTOCOLS_OF_12, 85 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 86 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256( 87 0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "", 88 ProtocolVersion.PROTOCOLS_OF_12, 89 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 90 91 // Not suite B, but we want it to position the suite early in the list 92 // of 1.2 suites. 93 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256( 94 0xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "", 95 ProtocolVersion.PROTOCOLS_OF_12, 96 K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256), 97 98 // 99 // Forward secrecy cipher suites. 100 // 101 102 // AES_256(GCM) - ECDHE 103 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 104 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "", 105 ProtocolVersion.PROTOCOLS_OF_12, 106 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 107 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256( 108 0xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "", 109 ProtocolVersion.PROTOCOLS_OF_12, 110 K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256), 111 112 // AES_128(GCM) - ECDHE 113 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( 114 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "", 115 ProtocolVersion.PROTOCOLS_OF_12, 116 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 117 118 // AES_256(GCM) - DHE 119 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 120 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "", 121 ProtocolVersion.PROTOCOLS_OF_12, 122 K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 123 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256( 124 0xCCAA, true, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "", 125 ProtocolVersion.PROTOCOLS_OF_12, 126 K_DHE_RSA, B_CC20_P1305, M_NULL, H_SHA256), 127 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 128 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "", 129 ProtocolVersion.PROTOCOLS_OF_12, 130 K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384), 131 132 // AES_128(GCM) - DHE 133 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 134 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "", 135 ProtocolVersion.PROTOCOLS_OF_12, 136 K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 137 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 138 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "", 139 ProtocolVersion.PROTOCOLS_OF_12, 140 K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256), 141 142 // AES_256(CBC) - ECDHE 143 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 144 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "", 145 ProtocolVersion.PROTOCOLS_OF_12, 146 K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384), 147 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 148 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "", 149 ProtocolVersion.PROTOCOLS_OF_12, 150 K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384), 151 152 // AES_128(CBC) - ECDHE 153 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( 154 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "", 155 ProtocolVersion.PROTOCOLS_OF_12, 156 K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256), 157 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( 158 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "", 159 ProtocolVersion.PROTOCOLS_OF_12, 160 K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256), 161 162 // AES_256(CBC) - DHE 163 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( 164 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "", 165 ProtocolVersion.PROTOCOLS_OF_12, 166 K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256), 167 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( 168 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "", 169 ProtocolVersion.PROTOCOLS_OF_12, 170 K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256), 171 172 // AES_128(CBC) - DHE 173 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( 174 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "", 175 ProtocolVersion.PROTOCOLS_OF_12, 176 K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256), 177 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( 178 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", 179 ProtocolVersion.PROTOCOLS_OF_12, 180 K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), 181 182 // 183 // not forward secret cipher suites. 184 // 185 186 // AES_256(GCM) 187 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 188 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", 189 ProtocolVersion.PROTOCOLS_OF_12, 190 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 191 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( 192 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "", 193 ProtocolVersion.PROTOCOLS_OF_12, 194 K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 195 196 // AES_128(GCM) 197 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( 198 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "", 199 ProtocolVersion.PROTOCOLS_OF_12, 200 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 201 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( 202 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "", 203 ProtocolVersion.PROTOCOLS_OF_12, 204 K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 205 206 // AES_256(CBC) 207 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 208 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "", 209 ProtocolVersion.PROTOCOLS_OF_12, 210 K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384), 211 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 212 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "", 213 ProtocolVersion.PROTOCOLS_OF_12, 214 K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384), 215 216 // AES_128(CBC) 217 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( 218 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "", 219 ProtocolVersion.PROTOCOLS_OF_12, 220 K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256), 221 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( 222 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "", 223 ProtocolVersion.PROTOCOLS_OF_12, 224 K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256), 225 226 // 227 // Legacy, used for compatibility 228 // 229 230 // AES_256(CBC) - ECDHE - Using SHA 231 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( 232 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "", 233 ProtocolVersion.PROTOCOLS_TO_12, 234 K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256), 235 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( 236 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "", 237 ProtocolVersion.PROTOCOLS_TO_12, 238 K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256), 239 240 // AES_128(CBC) - ECDHE - using SHA 241 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( 242 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "", 243 ProtocolVersion.PROTOCOLS_TO_12, 244 K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256), 245 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( 246 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "", 247 ProtocolVersion.PROTOCOLS_TO_12, 248 K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256), 249 250 // AES_256(CBC) - DHE - Using SHA 251 TLS_DHE_RSA_WITH_AES_256_CBC_SHA( 252 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "", 253 ProtocolVersion.PROTOCOLS_TO_12, 254 K_DHE_RSA, B_AES_256, M_SHA, H_SHA256), 255 TLS_DHE_DSS_WITH_AES_256_CBC_SHA( 256 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "", 257 ProtocolVersion.PROTOCOLS_TO_12, 258 K_DHE_DSS, B_AES_256, M_SHA, H_SHA256), 259 260 // AES_128(CBC) - DHE - using SHA 261 TLS_DHE_RSA_WITH_AES_128_CBC_SHA( 262 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "", 263 ProtocolVersion.PROTOCOLS_TO_12, 264 K_DHE_RSA, B_AES_128, M_SHA, H_SHA256), 265 TLS_DHE_DSS_WITH_AES_128_CBC_SHA( 266 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "", 267 ProtocolVersion.PROTOCOLS_TO_12, 268 K_DHE_DSS, B_AES_128, M_SHA, H_SHA256), 269 270 // AES_256(CBC) - using SHA, not forward secrecy 271 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( 272 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "", 273 ProtocolVersion.PROTOCOLS_TO_12, 274 K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256), 275 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( 276 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "", 277 ProtocolVersion.PROTOCOLS_TO_12, 278 K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256), 279 280 // AES_128(CBC) - using SHA, not forward secrecy 281 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( 282 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "", 283 ProtocolVersion.PROTOCOLS_TO_12, 284 K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256), 285 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( 286 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "", 287 ProtocolVersion.PROTOCOLS_TO_12, 288 K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256), 289 290 // 291 // deprecated, used for compatibility 292 // 293 294 // RSA, AES_256(GCM) 295 TLS_RSA_WITH_AES_256_GCM_SHA384( 296 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "", 297 ProtocolVersion.PROTOCOLS_OF_12, 298 K_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 299 300 // RSA, AES_128(GCM) 301 TLS_RSA_WITH_AES_128_GCM_SHA256( 302 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "", 303 ProtocolVersion.PROTOCOLS_OF_12, 304 K_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 305 306 // RSA, AES_256(CBC) 307 TLS_RSA_WITH_AES_256_CBC_SHA256( 308 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "", 309 ProtocolVersion.PROTOCOLS_OF_12, 310 K_RSA, B_AES_256, M_SHA256, H_SHA256), 311 312 // RSA, AES_128(CBC) 313 TLS_RSA_WITH_AES_128_CBC_SHA256( 314 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "", 315 ProtocolVersion.PROTOCOLS_OF_12, 316 K_RSA, B_AES_128, M_SHA256, H_SHA256), 317 318 // RSA, AES_256(CBC) - using SHA, not forward secrecy 319 TLS_RSA_WITH_AES_256_CBC_SHA( 320 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "", 321 ProtocolVersion.PROTOCOLS_TO_12, 322 K_RSA, B_AES_256, M_SHA, H_SHA256), 323 324 // RSA, AES_128(CBC) - using SHA, not forward secrecy 325 TLS_RSA_WITH_AES_128_CBC_SHA( 326 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "", 327 ProtocolVersion.PROTOCOLS_TO_12, 328 K_RSA, B_AES_128, M_SHA, H_SHA256), 329 330 // 3DES_EDE, forward secrecy. 331 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( 332 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 333 ProtocolVersion.PROTOCOLS_TO_12, 334 K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256), 335 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( 336 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "", 337 ProtocolVersion.PROTOCOLS_TO_12, 338 K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256), 339 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( 340 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 341 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 342 ProtocolVersion.PROTOCOLS_TO_12, 343 K_DHE_RSA, B_3DES, M_SHA, H_SHA256), 344 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( 345 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 346 "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 347 ProtocolVersion.PROTOCOLS_TO_12, 348 K_DHE_DSS, B_3DES, M_SHA, H_SHA256), 349 350 // 3DES_EDE, not forward secrecy. 351 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( 352 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 353 ProtocolVersion.PROTOCOLS_TO_12, 354 K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256), 355 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( 356 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "", 357 ProtocolVersion.PROTOCOLS_TO_12, 358 K_ECDH_RSA, B_3DES, M_SHA, H_SHA256), 359 SSL_RSA_WITH_3DES_EDE_CBC_SHA( 360 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 361 "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 362 ProtocolVersion.PROTOCOLS_TO_12, 363 K_RSA, B_3DES, M_SHA, H_SHA256), 364 365 // Renegotiation protection request Signalling Cipher Suite Value (SCSV). 366 TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior 367 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "", 368 ProtocolVersion.PROTOCOLS_TO_12, 369 K_SCSV, B_NULL, M_NULL, H_NONE), 370 371 // Definition of the CipherSuites that are supported but not enabled 372 // by default. 373 // They are listed in preference order, preferred first, using the 374 // following criteria: 375 // 1. If a cipher suite has been obsoleted, we put it at the end of 376 // the list. 377 // 2. Prefer the stronger bulk cipher, in the order of AES_256, 378 // AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. 379 // 3. Prefer the stronger MAC algorithm, in the order of SHA384, 380 // SHA256, SHA, MD5. 381 // 4. Prefer the better performance of key exchange and digital 382 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 383 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous. 384 TLS_DH_anon_WITH_AES_256_GCM_SHA384( 385 0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "", 386 ProtocolVersion.PROTOCOLS_OF_12, 387 K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384), 388 TLS_DH_anon_WITH_AES_128_GCM_SHA256( 389 0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "", 390 ProtocolVersion.PROTOCOLS_OF_12, 391 K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256), 392 TLS_DH_anon_WITH_AES_256_CBC_SHA256( 393 0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "", 394 ProtocolVersion.PROTOCOLS_OF_12, 395 K_DH_ANON, B_AES_256, M_SHA256, H_SHA256), 396 TLS_ECDH_anon_WITH_AES_256_CBC_SHA( 397 0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "", 398 ProtocolVersion.PROTOCOLS_TO_12, 399 K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256), 400 TLS_DH_anon_WITH_AES_256_CBC_SHA( 401 0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "", 402 ProtocolVersion.PROTOCOLS_TO_12, 403 K_DH_ANON, B_AES_256, M_SHA, H_SHA256), 404 TLS_DH_anon_WITH_AES_128_CBC_SHA256( 405 0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "", 406 ProtocolVersion.PROTOCOLS_OF_12, 407 K_DH_ANON, B_AES_128, M_SHA256, H_SHA256), 408 TLS_ECDH_anon_WITH_AES_128_CBC_SHA( 409 0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "", 410 ProtocolVersion.PROTOCOLS_TO_12, 411 K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256), 412 TLS_DH_anon_WITH_AES_128_CBC_SHA( 413 0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "", 414 ProtocolVersion.PROTOCOLS_TO_12, 415 K_DH_ANON, B_AES_128, M_SHA, H_SHA256), 416 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA( 417 0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "", 418 ProtocolVersion.PROTOCOLS_TO_12, 419 K_ECDH_ANON, B_3DES, M_SHA, H_SHA256), 420 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA( 421 0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 422 "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", 423 ProtocolVersion.PROTOCOLS_TO_12, 424 K_DH_ANON, B_3DES, M_SHA, H_SHA256), 425 426 // RC4 427 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( 428 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "", 429 ProtocolVersion.PROTOCOLS_TO_TLS12, 430 K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256), 431 TLS_ECDHE_RSA_WITH_RC4_128_SHA( 432 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "", 433 ProtocolVersion.PROTOCOLS_TO_TLS12, 434 K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256), 435 SSL_RSA_WITH_RC4_128_SHA( 436 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", 437 "TLS_RSA_WITH_RC4_128_SHA", 438 ProtocolVersion.PROTOCOLS_TO_TLS12, 439 K_RSA, B_RC4_128, M_SHA, H_SHA256), 440 TLS_ECDH_ECDSA_WITH_RC4_128_SHA( 441 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "", 442 ProtocolVersion.PROTOCOLS_TO_TLS12, 443 K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256), 444 TLS_ECDH_RSA_WITH_RC4_128_SHA( 445 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "", 446 ProtocolVersion.PROTOCOLS_TO_TLS12, 447 K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256), 448 SSL_RSA_WITH_RC4_128_MD5( 449 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", 450 "TLS_RSA_WITH_RC4_128_MD5", 451 ProtocolVersion.PROTOCOLS_TO_TLS12, 452 K_RSA, B_RC4_128, M_MD5, H_SHA256), 453 TLS_ECDH_anon_WITH_RC4_128_SHA( 454 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "", 455 ProtocolVersion.PROTOCOLS_TO_TLS12, 456 K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256), 457 SSL_DH_anon_WITH_RC4_128_MD5( 458 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", 459 "TLS_DH_anon_WITH_RC4_128_MD5", 460 ProtocolVersion.PROTOCOLS_TO_TLS12, 461 K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), 462 463 // Weak cipher suites obsoleted in TLS 1.2 [RFC 5246] 464 SSL_RSA_WITH_DES_CBC_SHA( 465 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", 466 "TLS_RSA_WITH_DES_CBC_SHA", 467 ProtocolVersion.PROTOCOLS_TO_11, 468 K_RSA, B_DES, M_SHA, H_NONE), 469 SSL_DHE_RSA_WITH_DES_CBC_SHA( 470 0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA", 471 "TLS_DHE_RSA_WITH_DES_CBC_SHA", 472 ProtocolVersion.PROTOCOLS_TO_11, 473 K_DHE_RSA, B_DES, M_SHA, H_NONE), 474 SSL_DHE_DSS_WITH_DES_CBC_SHA( 475 0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA", 476 "TLS_DHE_DSS_WITH_DES_CBC_SHA", 477 ProtocolVersion.PROTOCOLS_TO_11, 478 K_DHE_DSS, B_DES, M_SHA, H_NONE), 479 SSL_DH_anon_WITH_DES_CBC_SHA( 480 0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA", 481 "TLS_DH_anon_WITH_DES_CBC_SHA", 482 ProtocolVersion.PROTOCOLS_TO_11, 483 K_DH_ANON, B_DES, M_SHA, H_NONE), 484 485 // Weak cipher suites obsoleted in TLS 1.1 [RFC 4346] 486 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA( 487 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 488 "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", 489 ProtocolVersion.PROTOCOLS_TO_10, 490 K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 491 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA( 492 0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 493 "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 494 ProtocolVersion.PROTOCOLS_TO_10, 495 K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 496 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA( 497 0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 498 "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 499 ProtocolVersion.PROTOCOLS_TO_10, 500 K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE), 501 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA( 502 0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 503 "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 504 ProtocolVersion.PROTOCOLS_TO_10, 505 K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE), 506 SSL_RSA_EXPORT_WITH_RC4_40_MD5( 507 0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 508 "TLS_RSA_EXPORT_WITH_RC4_40_MD5", 509 ProtocolVersion.PROTOCOLS_TO_10, 510 K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE), 511 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5( 512 0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 513 "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", 514 ProtocolVersion.PROTOCOLS_TO_10, 515 K_DH_ANON, B_RC4_40, M_MD5, H_NONE), 516 517 // No traffic encryption cipher suites 518 TLS_RSA_WITH_NULL_SHA256( 519 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "", 520 ProtocolVersion.PROTOCOLS_OF_12, 521 K_RSA, B_NULL, M_SHA256, H_SHA256), 522 TLS_ECDHE_ECDSA_WITH_NULL_SHA( 523 0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "", 524 ProtocolVersion.PROTOCOLS_TO_12, 525 K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256), 526 TLS_ECDHE_RSA_WITH_NULL_SHA( 527 0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "", 528 ProtocolVersion.PROTOCOLS_TO_12, 529 K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256), 530 SSL_RSA_WITH_NULL_SHA( 531 0x0002, false, "SSL_RSA_WITH_NULL_SHA", 532 "TLS_RSA_WITH_NULL_SHA", 533 ProtocolVersion.PROTOCOLS_TO_12, 534 K_RSA, B_NULL, M_SHA, H_SHA256), 535 TLS_ECDH_ECDSA_WITH_NULL_SHA( 536 0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "", 537 ProtocolVersion.PROTOCOLS_TO_12, 538 K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256), 539 TLS_ECDH_RSA_WITH_NULL_SHA( 540 0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "", 541 ProtocolVersion.PROTOCOLS_TO_12, 542 K_ECDH_RSA, B_NULL, M_SHA, H_SHA256), 543 TLS_ECDH_anon_WITH_NULL_SHA( 544 0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "", 545 ProtocolVersion.PROTOCOLS_TO_12, 546 K_ECDH_ANON, B_NULL, M_SHA, H_SHA256), 547 SSL_RSA_WITH_NULL_MD5( 548 0x0001, false, "SSL_RSA_WITH_NULL_MD5", 549 "TLS_RSA_WITH_NULL_MD5", 550 ProtocolVersion.PROTOCOLS_TO_12, 551 K_RSA, B_NULL, M_MD5, H_SHA256), 552 553 // Definition of the cipher suites that are not supported but the names 554 // are known. 555 TLS_AES_128_CCM_SHA256( // TLS 1.3 556 "TLS_AES_128_CCM_SHA256", 0x1304), 557 TLS_AES_128_CCM_8_SHA256( // TLS 1.3 558 "TLS_AES_128_CCM_8_SHA256", 0x1305), 559 560 // Remaining unsupported cipher suites defined in RFC2246. 561 CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006), 562 CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007), 563 CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b), 564 CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c), 565 CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d), 566 CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e), 567 CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f), 568 CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010), 569 570 // SSL 3.0 Fortezza cipher suites 571 CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c), 572 CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d), 573 574 // 1024/56 bit exportable cipher suites from expired internet draft 575 CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062), 576 CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063), 577 CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064), 578 CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065), 579 CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066), 580 581 // Netscape old and new SSL 3.0 FIPS cipher suites 582 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html 583 CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0), 584 CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1), 585 CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe), 586 CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff), 587 588 // Unsupported Kerberos cipher suites from RFC 2712 589 CS_001E("TLS_KRB5_WITH_DES_CBC_SHA", 0x001E), 590 CS_001F("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001F), 591 CS_0020("TLS_KRB5_WITH_RC4_128_SHA", 0x0020), 592 CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021), 593 CS_0022("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022), 594 CS_0023("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023), 595 CS_0024("TLS_KRB5_WITH_RC4_128_MD5", 0x0024), 596 CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025), 597 CS_0026("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026), 598 CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027), 599 CS_0028("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028), 600 CS_0029("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029), 601 CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a), 602 CS_002B("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002B), 603 604 // Unsupported cipher suites from RFC 4162 605 CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096), 606 CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097), 607 CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098), 608 CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099), 609 CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a), 610 CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b), 611 612 // Unsupported cipher suites from RFC 4279 613 CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a), 614 CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b), 615 CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c), 616 CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d), 617 CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e), 618 CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f), 619 CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090), 620 CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091), 621 CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092), 622 CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093), 623 CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094), 624 CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095), 625 626 // Unsupported cipher suites from RFC 4785 627 CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c), 628 CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d), 629 CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e), 630 631 // Unsupported cipher suites from RFC 5246 632 CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030), 633 CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031), 634 CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036), 635 CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037), 636 CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e), 637 CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f), 638 CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068), 639 CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069), 640 641 // Unsupported cipher suites from RFC 5288 642 CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0), 643 CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1), 644 CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4), 645 CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5), 646 647 // Unsupported cipher suites from RFC 5487 648 CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8), 649 CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9), 650 CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa), 651 CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab), 652 CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac), 653 CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad), 654 CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae), 655 CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af), 656 CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0), 657 CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1), 658 CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2), 659 CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3), 660 CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4), 661 CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5), 662 CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6), 663 CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7), 664 CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8), 665 CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9), 666 667 // Unsupported cipher suites from RFC 5932 668 CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041), 669 CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042), 670 CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043), 671 CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044), 672 CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045), 673 CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046), 674 CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084), 675 CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085), 676 CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086), 677 CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087), 678 CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088), 679 CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089), 680 CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba), 681 CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb), 682 CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc), 683 CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd), 684 CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be), 685 CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf), 686 CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0), 687 CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1), 688 CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2), 689 CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3), 690 CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4), 691 CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5), 692 693 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507 694 CS_5600("TLS_FALLBACK_SCSV", 0x5600), 695 696 // Unsupported cipher suites from RFC 5054 697 CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a), 698 CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b), 699 CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c), 700 CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d), 701 CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e), 702 CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f), 703 CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020), 704 CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021), 705 CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022), 706 707 // Unsupported cipher suites from RFC 5489 708 CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033), 709 CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034), 710 CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035), 711 CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036), 712 CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037), 713 CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038), 714 CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039), 715 CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a), 716 CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b), 717 718 // Unsupported cipher suites from RFC 6209 719 CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c), 720 CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d), 721 CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e), 722 CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f), 723 CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040), 724 CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041), 725 CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042), 726 CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043), 727 CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044), 728 CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045), 729 CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046), 730 CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047), 731 CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048), 732 CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049), 733 CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a), 734 CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b), 735 CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c), 736 CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d), 737 CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e), 738 CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f), 739 CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050), 740 CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051), 741 CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052), 742 CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053), 743 CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054), 744 CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055), 745 CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056), 746 CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057), 747 CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058), 748 CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059), 749 CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a), 750 CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b), 751 CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c), 752 CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d), 753 CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e), 754 CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f), 755 CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060), 756 CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061), 757 CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062), 758 CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063), 759 CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064), 760 CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065), 761 CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066), 762 CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067), 763 CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068), 764 CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069), 765 CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a), 766 CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b), 767 CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c), 768 CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d), 769 CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e), 770 CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f), 771 CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070), 772 CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071), 773 774 // Unsupported cipher suites from RFC 6367 775 CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072), 776 CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073), 777 CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074), 778 CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075), 779 CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076), 780 CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077), 781 CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078), 782 CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079), 783 CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a), 784 CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b), 785 CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c), 786 CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d), 787 CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e), 788 CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f), 789 CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080), 790 CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081), 791 CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082), 792 CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083), 793 CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084), 794 CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085), 795 CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086), 796 CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087), 797 CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088), 798 CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089), 799 CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a), 800 CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b), 801 CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c), 802 CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d), 803 CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e), 804 CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f), 805 CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090), 806 CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091), 807 CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092), 808 CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093), 809 CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094), 810 CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095), 811 CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096), 812 CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097), 813 CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098), 814 CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099), 815 CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a), 816 CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b), 817 818 // Unsupported cipher suites from RFC 6655 819 CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c), 820 CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d), 821 CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e), 822 CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f), 823 CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0), 824 CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1), 825 CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2), 826 CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3), 827 CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4), 828 CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5), 829 CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6), 830 CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7), 831 CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8), 832 CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9), 833 CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa), 834 CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab), 835 836 // Unsupported cipher suites from RFC 7251 837 CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac), 838 CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad), 839 CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae), 840 CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af), 841 842 C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000); 843 844 final int id; 845 final boolean isDefaultEnabled; 846 final String name; 847 final List<String> aliases; 848 final List<ProtocolVersion> supportedProtocols; 849 final KeyExchange keyExchange; 850 final SSLCipher bulkCipher; 851 final MacAlg macAlg; 852 final HashAlg hashAlg; 853 854 final boolean exportable; 855 856 private static final Map<Integer, CipherSuite> cipherSuiteIds; 857 private static final Map<String, CipherSuite> cipherSuiteNames; 858 private static final List<CipherSuite> allowedCipherSuites; 859 private static final List<CipherSuite> defaultCipherSuites; 860 861 static { 862 Map<Integer, CipherSuite> ids = new HashMap<>(); 863 Map<String, CipherSuite> names = new HashMap<>(); 864 List<CipherSuite> allowedCS = new ArrayList<>(); 865 List<CipherSuite> defaultCS = new ArrayList<>(); 866 867 for(CipherSuite cs : CipherSuite.values()) { ids.put(cs.id, cs)868 ids.put(cs.id, cs); names.put(cs.name, cs)869 names.put(cs.name, cs); 870 for (String alias : cs.aliases) { names.put(alias, cs)871 names.put(alias, cs); 872 } 873 874 if (!cs.supportedProtocols.isEmpty()) { 875 allowedCS.add(cs); 876 } 877 878 if (cs.isDefaultEnabled) { 879 defaultCS.add(cs); 880 } 881 } 882 883 cipherSuiteIds = Map.copyOf(ids); 884 cipherSuiteNames = Map.copyOf(names); 885 allowedCipherSuites = List.copyOf(allowedCS); 886 defaultCipherSuites = List.copyOf(defaultCS); 887 } 888 889 // known but unsupported cipher suite CipherSuite(String name, int id)890 private CipherSuite(String name, int id) { 891 this(id, false, name, "", 892 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null); 893 } 894 895 // TLS 1.3 cipher suite CipherSuite(int id, boolean isDefaultEnabled, String name, ProtocolVersion[] supportedProtocols, SSLCipher bulkCipher, HashAlg hashAlg)896 private CipherSuite(int id, boolean isDefaultEnabled, 897 String name, ProtocolVersion[] supportedProtocols, 898 SSLCipher bulkCipher, HashAlg hashAlg) { 899 this(id, isDefaultEnabled, name, "", 900 supportedProtocols, null, bulkCipher, M_NULL, hashAlg); 901 } 902 CipherSuite(int id, boolean isDefaultEnabled, String name, String aliases, ProtocolVersion[] supportedProtocols, KeyExchange keyExchange, SSLCipher cipher, MacAlg macAlg, HashAlg hashAlg)903 private CipherSuite(int id, boolean isDefaultEnabled, 904 String name, String aliases, 905 ProtocolVersion[] supportedProtocols, 906 KeyExchange keyExchange, SSLCipher cipher, 907 MacAlg macAlg, HashAlg hashAlg) { 908 this.id = id; 909 this.isDefaultEnabled = isDefaultEnabled; 910 this.name = name; 911 if (!aliases.isEmpty()) { 912 this.aliases = Arrays.asList(aliases.split(",")); 913 } else { 914 this.aliases = Collections.emptyList(); 915 } 916 this.supportedProtocols = Arrays.asList(supportedProtocols); 917 this.keyExchange = keyExchange; 918 this.bulkCipher = cipher; 919 this.macAlg = macAlg; 920 this.hashAlg = hashAlg; 921 922 this.exportable = (cipher == null ? false : cipher.exportable); 923 } 924 nameOf(String ciperSuiteName)925 static CipherSuite nameOf(String ciperSuiteName) { 926 return cipherSuiteNames.get(ciperSuiteName); 927 } 928 valueOf(int id)929 static CipherSuite valueOf(int id) { 930 return cipherSuiteIds.get(id); 931 } 932 nameOf(int id)933 static String nameOf(int id) { 934 CipherSuite cs = cipherSuiteIds.get(id); 935 936 if (cs != null) { 937 return cs.name; 938 } 939 940 return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")"; 941 } 942 allowedCipherSuites()943 static Collection<CipherSuite> allowedCipherSuites() { 944 return allowedCipherSuites; 945 } 946 defaultCipherSuites()947 static Collection<CipherSuite> defaultCipherSuites() { 948 return defaultCipherSuites; 949 } 950 951 /** 952 * Validates and converts an array of cipher suite names. 953 * 954 * @throws IllegalArgumentException when one or more of the ciphers named 955 * by the parameter is not supported, or when the parameter is null. 956 */ validValuesOf(String[] names)957 static List<CipherSuite> validValuesOf(String[] names) { 958 if (names == null) { 959 throw new IllegalArgumentException("CipherSuites cannot be null"); 960 } 961 962 List<CipherSuite> cipherSuites = new ArrayList<>(names.length); 963 for (String name : names) { 964 if (name == null || name.isEmpty()) { 965 throw new IllegalArgumentException( 966 "The specified CipherSuites array contains " + 967 "invalid null or empty string elements"); 968 } 969 970 boolean found = false; 971 CipherSuite cs; 972 if ((cs = cipherSuiteNames.get(name)) != null 973 && !cs.supportedProtocols.isEmpty()) { 974 cipherSuites.add(cs); 975 found = true; 976 } 977 if (!found) { 978 throw new IllegalArgumentException( 979 "Unsupported CipherSuite: " + name); 980 } 981 } 982 983 return Collections.unmodifiableList(cipherSuites); 984 } 985 namesOf(List<CipherSuite> cipherSuites)986 static String[] namesOf(List<CipherSuite> cipherSuites) { 987 String[] names = new String[cipherSuites.size()]; 988 int i = 0; 989 for (CipherSuite cipherSuite : cipherSuites) { 990 names[i++] = cipherSuite.name; 991 } 992 993 return names; 994 } 995 isAvailable()996 boolean isAvailable() { 997 // Note: keyExchange is null for TLS 1.3 CipherSuites. 998 return !supportedProtocols.isEmpty() && 999 (keyExchange == null || keyExchange.isAvailable()) && 1000 bulkCipher != null && bulkCipher.isAvailable(); 1001 } 1002 supports(ProtocolVersion protocolVersion)1003 public boolean supports(ProtocolVersion protocolVersion) { 1004 return supportedProtocols.contains(protocolVersion); 1005 } 1006 isNegotiable()1007 boolean isNegotiable() { 1008 return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable(); 1009 } 1010 isAnonymous()1011 boolean isAnonymous() { 1012 return (keyExchange != null && keyExchange.isAnonymous); 1013 } 1014 1015 // See also SSLWriteCipher.calculatePacketSize(). calculatePacketSize(int fragmentSize, ProtocolVersion protocolVersion, boolean isDTLS)1016 int calculatePacketSize(int fragmentSize, 1017 ProtocolVersion protocolVersion, boolean isDTLS) { 1018 int packetSize = fragmentSize; 1019 if (bulkCipher != null && bulkCipher != B_NULL) { 1020 int blockSize = bulkCipher.ivSize; 1021 switch (bulkCipher.cipherType) { 1022 case BLOCK_CIPHER: 1023 packetSize += macAlg.size; 1024 packetSize += 1; // 1 byte padding length field 1025 packetSize += // use the minimal padding 1026 (blockSize - (packetSize % blockSize)) % blockSize; 1027 if (protocolVersion.useTLS11PlusSpec()) { 1028 packetSize += blockSize; // explicit IV 1029 } 1030 1031 break; 1032 case AEAD_CIPHER: 1033 if (protocolVersion == ProtocolVersion.TLS12 || 1034 protocolVersion == ProtocolVersion.DTLS12) { 1035 packetSize += 1036 bulkCipher.ivSize - bulkCipher.fixedIvSize; 1037 } 1038 packetSize += bulkCipher.tagSize; 1039 1040 break; 1041 default: // NULL_CIPHER or STREAM_CIPHER 1042 packetSize += macAlg.size; 1043 } 1044 } 1045 1046 return packetSize + 1047 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 1048 } 1049 1050 // See also CipherBox.calculateFragmentSize(). calculateFragSize(int packetLimit, ProtocolVersion protocolVersion, boolean isDTLS)1051 int calculateFragSize(int packetLimit, 1052 ProtocolVersion protocolVersion, boolean isDTLS) { 1053 int fragSize = packetLimit - 1054 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 1055 if (bulkCipher != null && bulkCipher != B_NULL) { 1056 int blockSize = bulkCipher.ivSize; 1057 switch (bulkCipher.cipherType) { 1058 case BLOCK_CIPHER: 1059 if (protocolVersion.useTLS11PlusSpec()) { 1060 fragSize -= blockSize; // explicit IV 1061 } 1062 fragSize -= (fragSize % blockSize); // cannot hold a block 1063 // No padding for a maximum fragment. 1064 fragSize -= 1; // 1 byte padding length field: 0x00 1065 fragSize -= macAlg.size; 1066 1067 break; 1068 case AEAD_CIPHER: 1069 fragSize -= bulkCipher.tagSize; 1070 fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize; 1071 1072 break; 1073 default: // NULL_CIPHER or STREAM_CIPHER 1074 fragSize -= macAlg.size; 1075 } 1076 } 1077 1078 return fragSize; 1079 } 1080 1081 /** 1082 * An SSL/TLS key exchange algorithm. 1083 */ 1084 static enum KeyExchange { 1085 K_NULL ("NULL", false, true, NAMED_GROUP_NONE), 1086 K_RSA ("RSA", true, false, NAMED_GROUP_NONE), 1087 K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1088 K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE), 1089 K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE), 1090 K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE), 1091 K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE), 1092 K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE), 1093 K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1094 K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE), 1095 K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE), 1096 1097 // These KeyExchanges can use either ECDHE/XDH, so we'll use a 1098 // varargs here. 1099 K_ECDH_ECDSA ("ECDH_ECDSA", JsseJce.ALLOW_ECC, false, 1100 NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), 1101 K_ECDH_RSA ("ECDH_RSA", JsseJce.ALLOW_ECC, false, 1102 NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), 1103 K_ECDHE_ECDSA ("ECDHE_ECDSA", JsseJce.ALLOW_ECC, false, 1104 NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), 1105 K_ECDHE_RSA ("ECDHE_RSA", JsseJce.ALLOW_ECC, false, 1106 NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), 1107 K_ECDH_ANON ("ECDH_anon", JsseJce.ALLOW_ECC, true, 1108 NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), 1109 1110 // renegotiation protection request signaling cipher suite 1111 K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE); 1112 1113 // name of the key exchange algorithm, e.g. DHE_DSS 1114 final String name; 1115 final boolean allowed; 1116 final NamedGroupSpec[] groupTypes; 1117 private final boolean alwaysAvailable; 1118 private final boolean isAnonymous; 1119 KeyExchange(String name, boolean allowed, boolean isAnonymous, NamedGroupSpec... groupTypes)1120 KeyExchange(String name, boolean allowed, 1121 boolean isAnonymous, NamedGroupSpec... groupTypes) { 1122 this.name = name; 1123 this.groupTypes = groupTypes; 1124 this.allowed = allowed; 1125 1126 this.alwaysAvailable = allowed && (!name.startsWith("EC")); 1127 this.isAnonymous = isAnonymous; 1128 } 1129 isAvailable()1130 boolean isAvailable() { 1131 if (alwaysAvailable) { 1132 return true; 1133 } 1134 1135 if (NamedGroupSpec.arrayContains(groupTypes, 1136 NamedGroupSpec.NAMED_GROUP_ECDHE)) { 1137 return (allowed && JsseJce.isEcAvailable()); 1138 } else { 1139 return allowed; 1140 } 1141 } 1142 1143 @Override toString()1144 public String toString() { 1145 return name; 1146 } 1147 } 1148 1149 /** 1150 * An SSL/TLS key MAC algorithm. 1151 * 1152 * Also contains a factory method to obtain an initialized MAC 1153 * for this algorithm. 1154 */ 1155 static enum MacAlg { 1156 M_NULL ("NULL", 0, 0, 0), 1157 M_MD5 ("MD5", 16, 64, 9), 1158 M_SHA ("SHA", 20, 64, 9), 1159 M_SHA256 ("SHA256", 32, 64, 9), 1160 M_SHA384 ("SHA384", 48, 128, 17); 1161 1162 // descriptive name, e.g. MD5 1163 final String name; 1164 1165 // size of the MAC value (and MAC key) in bytes 1166 final int size; 1167 1168 // block size of the underlying hash algorithm 1169 final int hashBlockSize; 1170 1171 // minimal padding size of the underlying hash algorithm 1172 final int minimalPaddingSize; 1173 MacAlg(String name, int size, int hashBlockSize, int minimalPaddingSize)1174 MacAlg(String name, int size, 1175 int hashBlockSize, int minimalPaddingSize) { 1176 this.name = name; 1177 this.size = size; 1178 this.hashBlockSize = hashBlockSize; 1179 this.minimalPaddingSize = minimalPaddingSize; 1180 } 1181 1182 @Override toString()1183 public String toString() { 1184 return name; 1185 } 1186 } 1187 1188 /** 1189 * The hash algorithms used for PRF (PseudoRandom Function) or HKDF. 1190 * 1191 * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for 1192 * generating the necessary material. 1193 */ 1194 static enum HashAlg { 1195 H_NONE ("NONE", 0, 0), 1196 H_SHA256 ("SHA-256", 32, 64), 1197 H_SHA384 ("SHA-384", 48, 128); 1198 1199 final String name; 1200 final int hashLength; 1201 final int blockSize; 1202 HashAlg(String hashAlg, int hashLength, int blockSize)1203 HashAlg(String hashAlg, int hashLength, int blockSize) { 1204 this.name = hashAlg; 1205 this.hashLength = hashLength; 1206 this.blockSize = blockSize; 1207 } 1208 1209 @Override toString()1210 public String toString() { 1211 return name; 1212 } 1213 } 1214 } 1215