1 /* 2 * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.util.ArrayList; 29 import java.util.Arrays; 30 import java.util.Collection; 31 import java.util.Collections; 32 import java.util.LinkedList; 33 import java.util.List; 34 import static sun.security.ssl.CipherSuite.HashAlg.*; 35 import static sun.security.ssl.CipherSuite.KeyExchange.*; 36 import static sun.security.ssl.CipherSuite.MacAlg.*; 37 import static sun.security.ssl.SSLCipher.*; 38 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType; 39 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*; 40 41 /** 42 * Enum for SSL/TLS cipher suites. 43 * 44 * Please refer to the "TLS Cipher Suite Registry" section for more details 45 * about each cipher suite: 46 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xml 47 */ 48 enum CipherSuite { 49 // 50 // in preference order 51 // 52 53 // Definition of the CipherSuites that are enabled by default. 54 // 55 // They are listed in preference order, most preferred first, using 56 // the following criteria: 57 // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be 58 // changed later, see below). 59 // 2. Prefer forward secrecy cipher suites. 60 // 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM), 61 // AES_128(GCM), AES_256, AES_128, 3DES-EDE. 62 // 4. Prefer the stronger MAC algorithm, in the order of SHA384, 63 // SHA256, SHA, MD5. 64 // 5. Prefer the better performance of key exchange and digital 65 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 66 // DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA. 67 68 // TLS 1.3 cipher suites. 69 TLS_AES_256_GCM_SHA384( 70 0x1302, true, "TLS_AES_256_GCM_SHA384", 71 ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384), 72 TLS_AES_128_GCM_SHA256( 73 0x1301, true, "TLS_AES_128_GCM_SHA256", 74 ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256), 75 76 // Suite B compliant cipher suites, see RFC 6460. 77 // 78 // Note that, at present this provider is not Suite B compliant. The 79 // preference order of the GCM cipher suites does not follow the spec 80 // of RFC 6460. In this section, only two cipher suites are listed 81 // so that applications can make use of Suite-B compliant cipher 82 // suite firstly. 83 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384( 84 0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "", 85 ProtocolVersion.PROTOCOLS_OF_12, 86 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 87 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256( 88 0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "", 89 ProtocolVersion.PROTOCOLS_OF_12, 90 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 91 92 // 93 // Forward screcy cipher suites. 94 // 95 96 // AES_256(GCM) - ECDHE 97 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 98 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "", 99 ProtocolVersion.PROTOCOLS_OF_12, 100 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 101 102 // AES_128(GCM) - ECDHE 103 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( 104 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "", 105 ProtocolVersion.PROTOCOLS_OF_12, 106 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 107 108 // AES_256(GCM) - DHE 109 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 110 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "", 111 ProtocolVersion.PROTOCOLS_OF_12, 112 K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 113 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 114 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "", 115 ProtocolVersion.PROTOCOLS_OF_12, 116 K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384), 117 118 // AES_128(GCM) - DHE 119 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 120 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "", 121 ProtocolVersion.PROTOCOLS_OF_12, 122 K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 123 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 124 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "", 125 ProtocolVersion.PROTOCOLS_OF_12, 126 K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256), 127 128 // AES_256(CBC) - ECDHE 129 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 130 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "", 131 ProtocolVersion.PROTOCOLS_OF_12, 132 K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384), 133 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 134 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "", 135 ProtocolVersion.PROTOCOLS_OF_12, 136 K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384), 137 138 // AES_128(CBC) - ECDHE 139 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( 140 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "", 141 ProtocolVersion.PROTOCOLS_OF_12, 142 K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256), 143 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( 144 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "", 145 ProtocolVersion.PROTOCOLS_OF_12, 146 K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256), 147 148 // AES_256(CBC) - DHE 149 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( 150 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "", 151 ProtocolVersion.PROTOCOLS_OF_12, 152 K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256), 153 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( 154 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "", 155 ProtocolVersion.PROTOCOLS_OF_12, 156 K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256), 157 158 // AES_128(CBC) - DHE 159 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( 160 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "", 161 ProtocolVersion.PROTOCOLS_OF_12, 162 K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256), 163 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( 164 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", 165 ProtocolVersion.PROTOCOLS_OF_12, 166 K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), 167 168 // 169 // not forward screcy cipher suites. 170 // 171 172 // AES_256(GCM) 173 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 174 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", 175 ProtocolVersion.PROTOCOLS_OF_12, 176 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 177 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( 178 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "", 179 ProtocolVersion.PROTOCOLS_OF_12, 180 K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 181 182 // AES_128(GCM) 183 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( 184 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "", 185 ProtocolVersion.PROTOCOLS_OF_12, 186 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 187 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( 188 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "", 189 ProtocolVersion.PROTOCOLS_OF_12, 190 K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 191 192 // AES_256(CBC) 193 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 194 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "", 195 ProtocolVersion.PROTOCOLS_OF_12, 196 K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384), 197 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 198 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "", 199 ProtocolVersion.PROTOCOLS_OF_12, 200 K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384), 201 202 // AES_128(CBC) 203 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( 204 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "", 205 ProtocolVersion.PROTOCOLS_OF_12, 206 K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256), 207 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( 208 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "", 209 ProtocolVersion.PROTOCOLS_OF_12, 210 K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256), 211 212 // 213 // Legacy, used for compatibility 214 // 215 216 // AES_256(CBC) - ECDHE - Using SHA 217 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( 218 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "", 219 ProtocolVersion.PROTOCOLS_TO_12, 220 K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256), 221 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( 222 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "", 223 ProtocolVersion.PROTOCOLS_TO_12, 224 K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256), 225 226 // AES_128(CBC) - ECDHE - using SHA 227 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( 228 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "", 229 ProtocolVersion.PROTOCOLS_TO_12, 230 K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256), 231 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( 232 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "", 233 ProtocolVersion.PROTOCOLS_TO_12, 234 K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256), 235 236 // AES_256(CBC) - DHE - Using SHA 237 TLS_DHE_RSA_WITH_AES_256_CBC_SHA( 238 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "", 239 ProtocolVersion.PROTOCOLS_TO_12, 240 K_DHE_RSA, B_AES_256, M_SHA, H_SHA256), 241 TLS_DHE_DSS_WITH_AES_256_CBC_SHA( 242 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "", 243 ProtocolVersion.PROTOCOLS_TO_12, 244 K_DHE_DSS, B_AES_256, M_SHA, H_SHA256), 245 246 // AES_128(CBC) - DHE - using SHA 247 TLS_DHE_RSA_WITH_AES_128_CBC_SHA( 248 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "", 249 ProtocolVersion.PROTOCOLS_TO_12, 250 K_DHE_RSA, B_AES_128, M_SHA, H_SHA256), 251 TLS_DHE_DSS_WITH_AES_128_CBC_SHA( 252 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "", 253 ProtocolVersion.PROTOCOLS_TO_12, 254 K_DHE_DSS, B_AES_128, M_SHA, H_SHA256), 255 256 // AES_256(CBC) - using SHA, not forward screcy 257 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( 258 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "", 259 ProtocolVersion.PROTOCOLS_TO_12, 260 K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256), 261 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( 262 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "", 263 ProtocolVersion.PROTOCOLS_TO_12, 264 K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256), 265 266 // AES_128(CBC) - using SHA, not forward screcy 267 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( 268 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "", 269 ProtocolVersion.PROTOCOLS_TO_12, 270 K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256), 271 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( 272 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "", 273 ProtocolVersion.PROTOCOLS_TO_12, 274 K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256), 275 276 // 277 // deprecated, used for compatibility 278 // 279 280 // RSA, AES_256(GCM) 281 TLS_RSA_WITH_AES_256_GCM_SHA384( 282 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "", 283 ProtocolVersion.PROTOCOLS_OF_12, 284 K_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 285 286 // RSA, AES_128(GCM) 287 TLS_RSA_WITH_AES_128_GCM_SHA256( 288 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "", 289 ProtocolVersion.PROTOCOLS_OF_12, 290 K_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 291 292 // RSA, AES_256(CBC) 293 TLS_RSA_WITH_AES_256_CBC_SHA256( 294 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "", 295 ProtocolVersion.PROTOCOLS_OF_12, 296 K_RSA, B_AES_256, M_SHA256, H_SHA256), 297 298 // RSA, AES_128(CBC) 299 TLS_RSA_WITH_AES_128_CBC_SHA256( 300 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "", 301 ProtocolVersion.PROTOCOLS_OF_12, 302 K_RSA, B_AES_128, M_SHA256, H_SHA256), 303 304 // RSA, AES_256(CBC) - using SHA, not forward screcy 305 TLS_RSA_WITH_AES_256_CBC_SHA( 306 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "", 307 ProtocolVersion.PROTOCOLS_TO_12, 308 K_RSA, B_AES_256, M_SHA, H_SHA256), 309 310 // RSA, AES_128(CBC) - using SHA, not forward screcy 311 TLS_RSA_WITH_AES_128_CBC_SHA( 312 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "", 313 ProtocolVersion.PROTOCOLS_TO_12, 314 K_RSA, B_AES_128, M_SHA, H_SHA256), 315 316 // 3DES_EDE, forward secrecy. 317 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( 318 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 319 ProtocolVersion.PROTOCOLS_TO_12, 320 K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256), 321 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( 322 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "", 323 ProtocolVersion.PROTOCOLS_TO_12, 324 K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256), 325 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( 326 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 327 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 328 ProtocolVersion.PROTOCOLS_TO_12, 329 K_DHE_RSA, B_3DES, M_SHA, H_SHA256), 330 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( 331 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 332 "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 333 ProtocolVersion.PROTOCOLS_TO_12, 334 K_DHE_DSS, B_3DES, M_SHA, H_SHA256), 335 336 // 3DES_EDE, not forward secrecy. 337 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( 338 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 339 ProtocolVersion.PROTOCOLS_TO_12, 340 K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256), 341 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( 342 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "", 343 ProtocolVersion.PROTOCOLS_TO_12, 344 K_ECDH_RSA, B_3DES, M_SHA, H_SHA256), 345 SSL_RSA_WITH_3DES_EDE_CBC_SHA( 346 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 347 "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 348 ProtocolVersion.PROTOCOLS_TO_12, 349 K_RSA, B_3DES, M_SHA, H_SHA256), 350 351 // Renegotiation protection request Signalling Cipher Suite Value (SCSV). 352 TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior 353 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "", 354 ProtocolVersion.PROTOCOLS_TO_12, 355 K_SCSV, B_NULL, M_NULL, H_NONE), 356 357 // Definition of the CipherSuites that are supported but not enabled 358 // by default. 359 // They are listed in preference order, preferred first, using the 360 // following criteria: 361 // 1. If a cipher suite has been obsoleted, we put it at the end of 362 // the list. 363 // 2. Prefer the stronger bulk cipher, in the order of AES_256, 364 // AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. 365 // 3. Prefer the stronger MAC algorithm, in the order of SHA384, 366 // SHA256, SHA, MD5. 367 // 4. Prefer the better performance of key exchange and digital 368 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 369 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous. 370 TLS_DH_anon_WITH_AES_256_GCM_SHA384( 371 0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "", 372 ProtocolVersion.PROTOCOLS_OF_12, 373 K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384), 374 TLS_DH_anon_WITH_AES_128_GCM_SHA256( 375 0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "", 376 ProtocolVersion.PROTOCOLS_OF_12, 377 K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256), 378 TLS_DH_anon_WITH_AES_256_CBC_SHA256( 379 0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "", 380 ProtocolVersion.PROTOCOLS_OF_12, 381 K_DH_ANON, B_AES_256, M_SHA256, H_SHA256), 382 TLS_ECDH_anon_WITH_AES_256_CBC_SHA( 383 0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "", 384 ProtocolVersion.PROTOCOLS_TO_12, 385 K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256), 386 TLS_DH_anon_WITH_AES_256_CBC_SHA( 387 0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "", 388 ProtocolVersion.PROTOCOLS_TO_12, 389 K_DH_ANON, B_AES_256, M_SHA, H_SHA256), 390 TLS_DH_anon_WITH_AES_128_CBC_SHA256( 391 0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "", 392 ProtocolVersion.PROTOCOLS_OF_12, 393 K_DH_ANON, B_AES_128, M_SHA256, H_SHA256), 394 TLS_ECDH_anon_WITH_AES_128_CBC_SHA( 395 0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "", 396 ProtocolVersion.PROTOCOLS_TO_12, 397 K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256), 398 TLS_DH_anon_WITH_AES_128_CBC_SHA( 399 0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "", 400 ProtocolVersion.PROTOCOLS_TO_12, 401 K_DH_ANON, B_AES_128, M_SHA, H_SHA256), 402 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA( 403 0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "", 404 ProtocolVersion.PROTOCOLS_TO_12, 405 K_ECDH_ANON, B_3DES, M_SHA, H_SHA256), 406 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA( 407 0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 408 "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", 409 ProtocolVersion.PROTOCOLS_TO_12, 410 K_DH_ANON, B_3DES, M_SHA, H_SHA256), 411 412 // RC4 413 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( 414 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "", 415 ProtocolVersion.PROTOCOLS_TO_TLS12, 416 K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256), 417 TLS_ECDHE_RSA_WITH_RC4_128_SHA( 418 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "", 419 ProtocolVersion.PROTOCOLS_TO_TLS12, 420 K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256), 421 SSL_RSA_WITH_RC4_128_SHA( 422 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", 423 "TLS_RSA_WITH_RC4_128_SHA", 424 ProtocolVersion.PROTOCOLS_TO_TLS12, 425 K_RSA, B_RC4_128, M_SHA, H_SHA256), 426 TLS_ECDH_ECDSA_WITH_RC4_128_SHA( 427 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "", 428 ProtocolVersion.PROTOCOLS_TO_TLS12, 429 K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256), 430 TLS_ECDH_RSA_WITH_RC4_128_SHA( 431 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "", 432 ProtocolVersion.PROTOCOLS_TO_TLS12, 433 K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256), 434 SSL_RSA_WITH_RC4_128_MD5( 435 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", 436 "TLS_RSA_WITH_RC4_128_MD5", 437 ProtocolVersion.PROTOCOLS_TO_TLS12, 438 K_RSA, B_RC4_128, M_MD5, H_SHA256), 439 TLS_ECDH_anon_WITH_RC4_128_SHA( 440 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "", 441 ProtocolVersion.PROTOCOLS_TO_TLS12, 442 K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256), 443 SSL_DH_anon_WITH_RC4_128_MD5( 444 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", 445 "TLS_DH_anon_WITH_RC4_128_MD5", 446 ProtocolVersion.PROTOCOLS_TO_TLS12, 447 K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), 448 449 // Weak cipher suites obsoleted in TLS 1.2 [RFC 5246] 450 SSL_RSA_WITH_DES_CBC_SHA( 451 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", 452 "TLS_RSA_WITH_DES_CBC_SHA", 453 ProtocolVersion.PROTOCOLS_TO_11, 454 K_RSA, B_DES, M_SHA, H_NONE), 455 SSL_DHE_RSA_WITH_DES_CBC_SHA( 456 0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA", 457 "TLS_DHE_RSA_WITH_DES_CBC_SHA", 458 ProtocolVersion.PROTOCOLS_TO_11, 459 K_DHE_RSA, B_DES, M_SHA, H_NONE), 460 SSL_DHE_DSS_WITH_DES_CBC_SHA( 461 0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA", 462 "TLS_DHE_DSS_WITH_DES_CBC_SHA", 463 ProtocolVersion.PROTOCOLS_TO_11, 464 K_DHE_DSS, B_DES, M_SHA, H_NONE), 465 SSL_DH_anon_WITH_DES_CBC_SHA( 466 0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA", 467 "TLS_DH_anon_WITH_DES_CBC_SHA", 468 ProtocolVersion.PROTOCOLS_TO_11, 469 K_DH_ANON, B_DES, M_SHA, H_NONE), 470 471 // Weak cipher suites obsoleted in TLS 1.1 [RFC 4346] 472 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA( 473 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 474 "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", 475 ProtocolVersion.PROTOCOLS_TO_10, 476 K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 477 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA( 478 0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 479 "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 480 ProtocolVersion.PROTOCOLS_TO_10, 481 K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 482 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA( 483 0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 484 "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 485 ProtocolVersion.PROTOCOLS_TO_10, 486 K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE), 487 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA( 488 0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 489 "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 490 ProtocolVersion.PROTOCOLS_TO_10, 491 K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE), 492 SSL_RSA_EXPORT_WITH_RC4_40_MD5( 493 0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 494 "TLS_RSA_EXPORT_WITH_RC4_40_MD5", 495 ProtocolVersion.PROTOCOLS_TO_10, 496 K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE), 497 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5( 498 0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 499 "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", 500 ProtocolVersion.PROTOCOLS_TO_10, 501 K_DH_ANON, B_RC4_40, M_MD5, H_NONE), 502 503 // No traffic encryption cipher suites 504 TLS_RSA_WITH_NULL_SHA256( 505 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "", 506 ProtocolVersion.PROTOCOLS_OF_12, 507 K_RSA, B_NULL, M_SHA256, H_SHA256), 508 TLS_ECDHE_ECDSA_WITH_NULL_SHA( 509 0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "", 510 ProtocolVersion.PROTOCOLS_TO_12, 511 K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256), 512 TLS_ECDHE_RSA_WITH_NULL_SHA( 513 0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "", 514 ProtocolVersion.PROTOCOLS_TO_12, 515 K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256), 516 SSL_RSA_WITH_NULL_SHA( 517 0x0002, false, "SSL_RSA_WITH_NULL_SHA", 518 "TLS_RSA_WITH_NULL_SHA", 519 ProtocolVersion.PROTOCOLS_TO_12, 520 K_RSA, B_NULL, M_SHA, H_SHA256), 521 TLS_ECDH_ECDSA_WITH_NULL_SHA( 522 0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "", 523 ProtocolVersion.PROTOCOLS_TO_12, 524 K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256), 525 TLS_ECDH_RSA_WITH_NULL_SHA( 526 0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "", 527 ProtocolVersion.PROTOCOLS_TO_12, 528 K_ECDH_RSA, B_NULL, M_SHA, H_SHA256), 529 TLS_ECDH_anon_WITH_NULL_SHA( 530 0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "", 531 ProtocolVersion.PROTOCOLS_TO_12, 532 K_ECDH_ANON, B_NULL, M_SHA, H_SHA256), 533 SSL_RSA_WITH_NULL_MD5( 534 0x0001, false, "SSL_RSA_WITH_NULL_MD5", 535 "TLS_RSA_WITH_NULL_MD5", 536 ProtocolVersion.PROTOCOLS_TO_12, 537 K_RSA, B_NULL, M_MD5, H_SHA256), 538 539 540 // Supported Kerberos ciphersuites from RFC2712 541 TLS_KRB5_WITH_3DES_EDE_CBC_SHA( 542 0x001f, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "", 543 ProtocolVersion.PROTOCOLS_TO_12, 544 K_KRB5, B_3DES, M_SHA, H_SHA256), 545 TLS_KRB5_WITH_3DES_EDE_CBC_MD5( 546 0x0023, false, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "", 547 ProtocolVersion.PROTOCOLS_TO_12, 548 K_KRB5, B_3DES, M_MD5, H_SHA256), 549 TLS_KRB5_WITH_RC4_128_SHA( 550 0x0020, false, "TLS_KRB5_WITH_RC4_128_SHA", "", 551 ProtocolVersion.PROTOCOLS_TO_12, 552 K_KRB5, B_RC4_128, M_SHA, H_SHA256), 553 TLS_KRB5_WITH_RC4_128_MD5( 554 0x0024, false, "TLS_KRB5_WITH_RC4_128_MD5", "", 555 ProtocolVersion.PROTOCOLS_TO_12, 556 K_KRB5, B_RC4_128, M_MD5, H_SHA256), 557 TLS_KRB5_WITH_DES_CBC_SHA( 558 0x001e, false, "TLS_KRB5_WITH_DES_CBC_SHA", "", 559 ProtocolVersion.PROTOCOLS_TO_11, 560 K_KRB5, B_DES, M_SHA, H_SHA256), 561 TLS_KRB5_WITH_DES_CBC_MD5( 562 0x0022, false, "TLS_KRB5_WITH_DES_CBC_MD5", "", 563 ProtocolVersion.PROTOCOLS_TO_11, 564 K_KRB5, B_DES, M_MD5, H_SHA256), 565 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA( 566 0x0026, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "", 567 ProtocolVersion.PROTOCOLS_TO_10, 568 K_KRB5_EXPORT, B_DES_40, M_SHA, H_SHA256), 569 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5( 570 0x0029, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "", 571 ProtocolVersion.PROTOCOLS_TO_10, 572 K_KRB5_EXPORT, B_DES_40, M_MD5, H_SHA256), 573 TLS_KRB5_EXPORT_WITH_RC4_40_SHA( 574 0x0028, false, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "", 575 ProtocolVersion.PROTOCOLS_TO_10, 576 K_KRB5_EXPORT, B_RC4_40, M_SHA, H_SHA256), 577 TLS_KRB5_EXPORT_WITH_RC4_40_MD5( 578 0x002B, false, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "", 579 ProtocolVersion.PROTOCOLS_TO_10, 580 K_KRB5_EXPORT, B_RC4_40, M_MD5, H_SHA256), 581 582 // Definition of the cipher suites that are not supported but the names 583 // are known. 584 TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3 585 "TLS_CHACHA20_POLY1305_SHA256", 0x1303), 586 TLS_AES_128_CCM_SHA256( // TLS 1.3 587 "TLS_AES_128_CCM_SHA256", 0x1304), 588 TLS_AES_128_CCM_8_SHA256( // TLS 1.3 589 "TLS_AES_128_CCM_8_SHA256", 0x1305), 590 591 // Remaining unsupported cipher suites defined in RFC2246. 592 CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006), 593 CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007), 594 CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b), 595 CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c), 596 CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d), 597 CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e), 598 CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f), 599 CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010), 600 601 // SSL 3.0 Fortezza cipher suites 602 CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c), 603 CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d), 604 605 // 1024/56 bit exportable cipher suites from expired internet draft 606 CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062), 607 CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063), 608 CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064), 609 CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065), 610 CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066), 611 612 // Netscape old and new SSL 3.0 FIPS cipher suites 613 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html 614 CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0), 615 CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1), 616 CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe), 617 CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff), 618 619 // Unsupported Kerberos cipher suites from RFC 2712 620 CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021), 621 CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025), 622 CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027), 623 CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a), 624 625 // Unsupported cipher suites from RFC 4162 626 CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096), 627 CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097), 628 CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098), 629 CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099), 630 CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a), 631 CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b), 632 633 // Unsupported cipher suites from RFC 4279 634 CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a), 635 CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b), 636 CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c), 637 CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d), 638 CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e), 639 CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f), 640 CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090), 641 CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091), 642 CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092), 643 CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093), 644 CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094), 645 CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095), 646 647 // Unsupported cipher suites from RFC 4785 648 CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c), 649 CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d), 650 CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e), 651 652 // Unsupported cipher suites from RFC 5246 653 CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030), 654 CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031), 655 CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036), 656 CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037), 657 CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e), 658 CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f), 659 CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068), 660 CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069), 661 662 // Unsupported cipher suites from RFC 5288 663 CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0), 664 CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1), 665 CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4), 666 CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5), 667 668 // Unsupported cipher suites from RFC 5487 669 CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8), 670 CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9), 671 CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa), 672 CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab), 673 CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac), 674 CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad), 675 CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae), 676 CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af), 677 CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0), 678 CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1), 679 CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2), 680 CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3), 681 CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4), 682 CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5), 683 CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6), 684 CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7), 685 CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8), 686 CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9), 687 688 // Unsupported cipher suites from RFC 5932 689 CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041), 690 CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042), 691 CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043), 692 CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044), 693 CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045), 694 CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046), 695 CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084), 696 CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085), 697 CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086), 698 CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087), 699 CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088), 700 CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089), 701 CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba), 702 CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb), 703 CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc), 704 CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd), 705 CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be), 706 CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf), 707 CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0), 708 CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1), 709 CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2), 710 CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3), 711 CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4), 712 CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5), 713 714 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507 715 CS_5600("TLS_FALLBACK_SCSV", 0x5600), 716 717 // Unsupported cipher suites from RFC 5054 718 CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a), 719 CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b), 720 CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c), 721 CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d), 722 CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e), 723 CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f), 724 CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020), 725 CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021), 726 CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022), 727 728 // Unsupported cipher suites from RFC 5489 729 CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033), 730 CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034), 731 CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035), 732 CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036), 733 CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037), 734 CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038), 735 CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039), 736 CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a), 737 CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b), 738 739 // Unsupported cipher suites from RFC 6209 740 CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c), 741 CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d), 742 CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e), 743 CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f), 744 CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040), 745 CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041), 746 CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042), 747 CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043), 748 CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044), 749 CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045), 750 CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046), 751 CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047), 752 CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048), 753 CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049), 754 CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a), 755 CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b), 756 CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c), 757 CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d), 758 CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e), 759 CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f), 760 CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050), 761 CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051), 762 CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052), 763 CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053), 764 CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054), 765 CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055), 766 CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056), 767 CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057), 768 CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058), 769 CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059), 770 CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a), 771 CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b), 772 CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c), 773 CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d), 774 CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e), 775 CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f), 776 CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060), 777 CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061), 778 CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062), 779 CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063), 780 CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064), 781 CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065), 782 CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066), 783 CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067), 784 CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068), 785 CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069), 786 CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a), 787 CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b), 788 CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c), 789 CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d), 790 CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e), 791 CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f), 792 CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070), 793 CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071), 794 795 // Unsupported cipher suites from RFC 6367 796 CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072), 797 CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073), 798 CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074), 799 CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075), 800 CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076), 801 CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077), 802 CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078), 803 CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079), 804 CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a), 805 CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b), 806 CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c), 807 CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d), 808 CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e), 809 CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f), 810 CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080), 811 CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081), 812 CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082), 813 CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083), 814 CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084), 815 CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085), 816 CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086), 817 CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087), 818 CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088), 819 CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089), 820 CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a), 821 CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b), 822 CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c), 823 CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d), 824 CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e), 825 CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f), 826 CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090), 827 CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091), 828 CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092), 829 CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093), 830 CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094), 831 CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095), 832 CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096), 833 CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097), 834 CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098), 835 CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099), 836 CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a), 837 CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b), 838 839 // Unsupported cipher suites from RFC 6655 840 CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c), 841 CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d), 842 CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e), 843 CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f), 844 CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0), 845 CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1), 846 CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2), 847 CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3), 848 CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4), 849 CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5), 850 CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6), 851 CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7), 852 CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8), 853 CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9), 854 CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa), 855 CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab), 856 857 // Unsupported cipher suites from RFC 7251 858 CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac), 859 CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad), 860 CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae), 861 CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af), 862 863 C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000); 864 865 final int id; 866 final boolean isDefaultEnabled; 867 final String name; 868 final List<String> aliases; 869 final List<ProtocolVersion> supportedProtocols; 870 final KeyExchange keyExchange; 871 final SSLCipher bulkCipher; 872 final MacAlg macAlg; 873 final HashAlg hashAlg; 874 875 final boolean exportable; 876 877 // known but unsupported cipher suite CipherSuite(String name, int id)878 private CipherSuite(String name, int id) { 879 this(id, false, name, "", 880 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null); 881 } 882 883 // TLS 1.3 cipher suite CipherSuite(int id, boolean isDefaultEnabled, String name, ProtocolVersion[] supportedProtocols, SSLCipher bulkCipher, HashAlg hashAlg)884 private CipherSuite(int id, boolean isDefaultEnabled, 885 String name, ProtocolVersion[] supportedProtocols, 886 SSLCipher bulkCipher, HashAlg hashAlg) { 887 this(id, isDefaultEnabled, name, "", 888 supportedProtocols, null, bulkCipher, M_NULL, hashAlg); 889 } 890 CipherSuite(int id, boolean isDefaultEnabled, String name, String aliases, ProtocolVersion[] supportedProtocols, KeyExchange keyExchange, SSLCipher cipher, MacAlg macAlg, HashAlg hashAlg)891 private CipherSuite(int id, boolean isDefaultEnabled, 892 String name, String aliases, 893 ProtocolVersion[] supportedProtocols, 894 KeyExchange keyExchange, SSLCipher cipher, 895 MacAlg macAlg, HashAlg hashAlg) { 896 this.id = id; 897 this.isDefaultEnabled = isDefaultEnabled; 898 this.name = name; 899 if (!aliases.isEmpty()) { 900 this.aliases = Arrays.asList(aliases.split(",")); 901 } else { 902 this.aliases = Collections.emptyList(); 903 } 904 this.supportedProtocols = Arrays.asList(supportedProtocols); 905 this.keyExchange = keyExchange; 906 this.bulkCipher = cipher; 907 this.macAlg = macAlg; 908 this.hashAlg = hashAlg; 909 910 this.exportable = (cipher == null ? false : cipher.exportable); 911 } 912 nameOf(String ciperSuiteName)913 static CipherSuite nameOf(String ciperSuiteName) { 914 for (CipherSuite cs : CipherSuite.values()) { 915 if (cs.name.equals(ciperSuiteName) || 916 cs.aliases.contains(ciperSuiteName)) { 917 return cs; 918 } 919 } 920 921 return null; 922 } 923 valueOf(int id)924 static CipherSuite valueOf(int id) { 925 for (CipherSuite cs : CipherSuite.values()) { 926 if (cs.id == id) { 927 return cs; 928 } 929 } 930 931 return null; 932 } 933 nameOf(int id)934 static String nameOf(int id) { 935 for (CipherSuite cs : CipherSuite.values()) { 936 if (cs.id == id) { 937 return cs.name; 938 } 939 } 940 941 return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")"; 942 } 943 allowedCipherSuites()944 static Collection<CipherSuite> allowedCipherSuites() { 945 Collection<CipherSuite> cipherSuites = new LinkedList<>(); 946 for (CipherSuite cs : CipherSuite.values()) { 947 if (!cs.supportedProtocols.isEmpty()) { 948 cipherSuites.add(cs); 949 } else { 950 // values() is ordered, remaining cipher suites are 951 // not supported. 952 break; 953 } 954 } 955 return cipherSuites; 956 } 957 defaultCipherSuites()958 static Collection<CipherSuite> defaultCipherSuites() { 959 Collection<CipherSuite> cipherSuites = new LinkedList<>(); 960 for (CipherSuite cs : CipherSuite.values()) { 961 if (cs.isDefaultEnabled) { 962 cipherSuites.add(cs); 963 } else { 964 // values() is ordered, remaining cipher suites are 965 // not enabled. 966 break; 967 } 968 } 969 return cipherSuites; 970 } 971 972 /** 973 * Validates and converts an array of cipher suite names. 974 * 975 * @throws IllegalArgumentException when one or more of the ciphers named 976 * by the parameter is not supported, or when the parameter is null. 977 */ validValuesOf(String[] names)978 static List<CipherSuite> validValuesOf(String[] names) { 979 if (names == null) { 980 throw new IllegalArgumentException("CipherSuites cannot be null"); 981 } 982 983 List<CipherSuite> cipherSuites = new ArrayList<>(names.length); 984 for (String name : names) { 985 if (name == null || name.isEmpty()) { 986 throw new IllegalArgumentException( 987 "The specified CipherSuites array contains " + 988 "invalid null or empty string elements"); 989 } 990 991 boolean found = false; 992 for (CipherSuite cs : CipherSuite.values()) { 993 if (!cs.supportedProtocols.isEmpty()) { 994 if (cs.name.equals(name) || 995 cs.aliases.contains(name)) { 996 cipherSuites.add(cs); 997 found = true; 998 break; 999 } 1000 } else { 1001 // values() is ordered, remaining cipher suites are 1002 // not supported. 1003 break; 1004 } 1005 } 1006 if (!found) { 1007 throw new IllegalArgumentException( 1008 "Unsupported CipherSuite: " + name); 1009 } 1010 } 1011 1012 return Collections.unmodifiableList(cipherSuites); 1013 } 1014 namesOf(List<CipherSuite> cipherSuites)1015 static String[] namesOf(List<CipherSuite> cipherSuites) { 1016 String[] names = new String[cipherSuites.size()]; 1017 int i = 0; 1018 for (CipherSuite cipherSuite : cipherSuites) { 1019 names[i++] = cipherSuite.name; 1020 } 1021 1022 return names; 1023 } 1024 isAvailable()1025 boolean isAvailable() { 1026 // Note: keyExchange is null for TLS 1.3 CipherSuites. 1027 return !supportedProtocols.isEmpty() && 1028 (keyExchange == null || keyExchange.isAvailable()) && 1029 bulkCipher != null && bulkCipher.isAvailable(); 1030 } 1031 supports(ProtocolVersion protocolVersion)1032 public boolean supports(ProtocolVersion protocolVersion) { 1033 return supportedProtocols.contains(protocolVersion); 1034 } 1035 isNegotiable()1036 boolean isNegotiable() { 1037 return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable(); 1038 } 1039 isAnonymous()1040 boolean isAnonymous() { 1041 return (keyExchange != null && keyExchange.isAnonymous); 1042 } 1043 1044 // See also SSLWriteCipher.calculatePacketSize(). calculatePacketSize(int fragmentSize, ProtocolVersion protocolVersion)1045 int calculatePacketSize(int fragmentSize, 1046 ProtocolVersion protocolVersion) { 1047 int packetSize = fragmentSize; 1048 if (bulkCipher != null && bulkCipher != B_NULL) { 1049 int blockSize = bulkCipher.ivSize; 1050 switch (bulkCipher.cipherType) { 1051 case BLOCK_CIPHER: 1052 packetSize += macAlg.size; 1053 packetSize += 1; // 1 byte padding length field 1054 packetSize += // use the minimal padding 1055 (blockSize - (packetSize % blockSize)) % blockSize; 1056 if (protocolVersion.useTLS11PlusSpec()) { 1057 packetSize += blockSize; // explicit IV 1058 } 1059 1060 break; 1061 case AEAD_CIPHER: 1062 if (protocolVersion == ProtocolVersion.TLS12) { 1063 packetSize += 1064 bulkCipher.ivSize - bulkCipher.fixedIvSize; 1065 } 1066 packetSize += bulkCipher.tagSize; 1067 1068 break; 1069 default: // NULL_CIPHER or STREAM_CIPHER 1070 packetSize += macAlg.size; 1071 } 1072 } 1073 1074 return packetSize + SSLRecord.headerSize; 1075 } 1076 1077 // See also CipherBox.calculateFragmentSize(). calculateFragSize(int packetLimit, ProtocolVersion protocolVersion)1078 int calculateFragSize(int packetLimit, 1079 ProtocolVersion protocolVersion) { 1080 int fragSize = packetLimit - SSLRecord.headerSize; 1081 if (bulkCipher != null && bulkCipher != B_NULL) { 1082 int blockSize = bulkCipher.ivSize; 1083 switch (bulkCipher.cipherType) { 1084 case BLOCK_CIPHER: 1085 if (protocolVersion.useTLS11PlusSpec()) { 1086 fragSize -= blockSize; // explicit IV 1087 } 1088 fragSize -= (fragSize % blockSize); // cannot hold a block 1089 // No padding for a maximum fragment. 1090 fragSize -= 1; // 1 byte padding length field: 0x00 1091 fragSize -= macAlg.size; 1092 1093 break; 1094 case AEAD_CIPHER: 1095 fragSize -= bulkCipher.tagSize; 1096 fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize; 1097 1098 break; 1099 default: // NULL_CIPHER or STREAM_CIPHER 1100 fragSize -= macAlg.size; 1101 } 1102 } 1103 1104 return fragSize; 1105 } 1106 1107 /** 1108 * An SSL/TLS key exchange algorithm. 1109 */ 1110 static enum KeyExchange { 1111 K_NULL ("NULL", false, true, NAMED_GROUP_NONE), 1112 K_RSA ("RSA", true, false, NAMED_GROUP_NONE), 1113 K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1114 K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE), 1115 K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE), 1116 K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE), 1117 K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE), 1118 K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE), 1119 K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1120 K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE), 1121 K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE), 1122 1123 K_ECDH_ECDSA ("ECDH_ECDSA", true, false, NAMED_GROUP_ECDHE), 1124 K_ECDH_RSA ("ECDH_RSA", true, false, NAMED_GROUP_ECDHE), 1125 K_ECDHE_ECDSA ("ECDHE_ECDSA", true, false, NAMED_GROUP_ECDHE), 1126 K_ECDHE_RSA ("ECDHE_RSA", true, false, NAMED_GROUP_ECDHE), 1127 K_ECDH_ANON ("ECDH_anon", true, true, NAMED_GROUP_ECDHE), 1128 1129 // Kerberos cipher suites 1130 K_KRB5 ("KRB5", true, false, NAMED_GROUP_NONE), 1131 K_KRB5_EXPORT ("KRB5_EXPORT", true, false, NAMED_GROUP_NONE), 1132 1133 // renegotiation protection request signaling cipher suite 1134 K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE); 1135 1136 // name of the key exchange algorithm, e.g. DHE_DSS 1137 final String name; 1138 final boolean allowed; 1139 final NamedGroupType groupType; 1140 private final boolean alwaysAvailable; 1141 private final boolean isAnonymous; 1142 KeyExchange(String name, boolean allowed, boolean isAnonymous, NamedGroupType groupType)1143 KeyExchange(String name, boolean allowed, 1144 boolean isAnonymous, NamedGroupType groupType) { 1145 this.name = name; 1146 if (groupType == NAMED_GROUP_ECDHE) { 1147 this.allowed = JsseJce.ALLOW_ECC; 1148 } else { 1149 this.allowed = allowed; 1150 } 1151 this.groupType = groupType; 1152 this.alwaysAvailable = allowed && (!name.startsWith("EC")); 1153 this.isAnonymous = isAnonymous; 1154 } 1155 isAvailable()1156 boolean isAvailable() { 1157 if (alwaysAvailable) { 1158 return true; 1159 } 1160 1161 if (groupType == NAMED_GROUP_ECDHE) { 1162 return (allowed && JsseJce.isEcAvailable()); 1163 } else if (name.startsWith("KRB")) { 1164 return (allowed && JsseJce.isKerberosAvailable()); 1165 } else { 1166 return allowed; 1167 } 1168 } 1169 1170 @Override toString()1171 public String toString() { 1172 return name; 1173 } 1174 } 1175 1176 /** 1177 * An SSL/TLS key MAC algorithm. 1178 * 1179 * Also contains a factory method to obtain an initialized MAC 1180 * for this algorithm. 1181 */ 1182 static enum MacAlg { 1183 M_NULL ("NULL", 0, 0, 0), 1184 M_MD5 ("MD5", 16, 64, 9), 1185 M_SHA ("SHA", 20, 64, 9), 1186 M_SHA256 ("SHA256", 32, 64, 9), 1187 M_SHA384 ("SHA384", 48, 128, 17); 1188 1189 // descriptive name, e.g. MD5 1190 final String name; 1191 1192 // size of the MAC value (and MAC key) in bytes 1193 final int size; 1194 1195 // block size of the underlying hash algorithm 1196 final int hashBlockSize; 1197 1198 // minimal padding size of the underlying hash algorithm 1199 final int minimalPaddingSize; 1200 MacAlg(String name, int size, int hashBlockSize, int minimalPaddingSize)1201 MacAlg(String name, int size, 1202 int hashBlockSize, int minimalPaddingSize) { 1203 this.name = name; 1204 this.size = size; 1205 this.hashBlockSize = hashBlockSize; 1206 this.minimalPaddingSize = minimalPaddingSize; 1207 } 1208 1209 @Override toString()1210 public String toString() { 1211 return name; 1212 } 1213 } 1214 1215 /** 1216 * The hash algorithms used for PRF (PseudoRandom Function) or HKDF. 1217 * 1218 * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for 1219 * generating the necessary material. 1220 */ 1221 static enum HashAlg { 1222 H_NONE ("NONE", 0, 0), 1223 H_SHA256 ("SHA-256", 32, 64), 1224 H_SHA384 ("SHA-384", 48, 128); 1225 1226 final String name; 1227 final int hashLength; 1228 final int blockSize; 1229 HashAlg(String hashAlg, int hashLength, int blockSize)1230 HashAlg(String hashAlg, int hashLength, int blockSize) { 1231 this.name = hashAlg; 1232 this.hashLength = hashLength; 1233 this.blockSize = blockSize; 1234 } 1235 1236 @Override toString()1237 public String toString() { 1238 return name; 1239 } 1240 } 1241 } 1242