1-- | 2-- Module : Network.TLS.Extra.Cipher 3-- License : BSD-style 4-- Maintainer : Vincent Hanquez <vincent@snarc.org> 5-- Stability : experimental 6-- Portability : unknown 7-- 8module Network.TLS.Extra.Cipher 9 ( 10 -- * cipher suite 11 ciphersuite_default 12 , ciphersuite_all 13 , ciphersuite_medium 14 , ciphersuite_strong 15 , ciphersuite_unencrypted 16 , ciphersuite_dhe_rsa 17 , ciphersuite_dhe_dss 18 -- * individual ciphers 19 , cipher_null_SHA1 20 , cipher_AES128_SHA1 21 , cipher_AES256_SHA1 22 , cipher_AES128_SHA256 23 , cipher_AES256_SHA256 24 , cipher_AES128CCM_SHA256 25 , cipher_AES128CCM8_SHA256 26 , cipher_AES128GCM_SHA256 27 , cipher_AES256CCM_SHA256 28 , cipher_AES256CCM8_SHA256 29 , cipher_AES256GCM_SHA384 30 , cipher_DHE_RSA_AES128_SHA1 31 , cipher_DHE_RSA_AES256_SHA1 32 , cipher_DHE_RSA_AES128_SHA256 33 , cipher_DHE_RSA_AES256_SHA256 34 , cipher_DHE_DSS_AES128_SHA1 35 , cipher_DHE_DSS_AES256_SHA1 36 , cipher_DHE_RSA_AES128CCM_SHA256 37 , cipher_DHE_RSA_AES128CCM8_SHA256 38 , cipher_DHE_RSA_AES128GCM_SHA256 39 , cipher_DHE_RSA_AES256CCM_SHA256 40 , cipher_DHE_RSA_AES256CCM8_SHA256 41 , cipher_DHE_RSA_AES256GCM_SHA384 42 , cipher_DHE_RSA_CHACHA20POLY1305_SHA256 43 , cipher_ECDHE_RSA_AES128GCM_SHA256 44 , cipher_ECDHE_RSA_AES256GCM_SHA384 45 , cipher_ECDHE_RSA_AES128CBC_SHA256 46 , cipher_ECDHE_RSA_AES128CBC_SHA 47 , cipher_ECDHE_RSA_AES256CBC_SHA 48 , cipher_ECDHE_RSA_AES256CBC_SHA384 49 , cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 50 , cipher_ECDHE_ECDSA_AES128CBC_SHA 51 , cipher_ECDHE_ECDSA_AES256CBC_SHA 52 , cipher_ECDHE_ECDSA_AES128CBC_SHA256 53 , cipher_ECDHE_ECDSA_AES256CBC_SHA384 54 , cipher_ECDHE_ECDSA_AES128CCM_SHA256 55 , cipher_ECDHE_ECDSA_AES128CCM8_SHA256 56 , cipher_ECDHE_ECDSA_AES128GCM_SHA256 57 , cipher_ECDHE_ECDSA_AES256CCM_SHA256 58 , cipher_ECDHE_ECDSA_AES256CCM8_SHA256 59 , cipher_ECDHE_ECDSA_AES256GCM_SHA384 60 , cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 61 -- TLS 1.3 62 , cipher_TLS13_AES128GCM_SHA256 63 , cipher_TLS13_AES256GCM_SHA384 64 , cipher_TLS13_CHACHA20POLY1305_SHA256 65 , cipher_TLS13_AES128CCM_SHA256 66 , cipher_TLS13_AES128CCM8_SHA256 67 -- * obsolete and non-standard ciphers 68 , cipher_RSA_3DES_EDE_CBC_SHA1 69 , cipher_RC4_128_MD5 70 , cipher_RC4_128_SHA1 71 , cipher_null_MD5 72 , cipher_DHE_DSS_RC4_SHA1 73 ) where 74 75import qualified Data.ByteString as B 76 77import Network.TLS.Types (Version(..)) 78import Network.TLS.Cipher 79import Network.TLS.Imports 80import Data.Tuple (swap) 81 82import Crypto.Cipher.AES 83import qualified Crypto.Cipher.ChaChaPoly1305 as ChaChaPoly1305 84import qualified Crypto.Cipher.RC4 as RC4 85import Crypto.Cipher.TripleDES 86import Crypto.Cipher.Types hiding (Cipher, cipherName) 87import Crypto.Error 88import qualified Crypto.MAC.Poly1305 as Poly1305 89 90takelast :: Int -> B.ByteString -> B.ByteString 91takelast i b = B.drop (B.length b - i) b 92 93aes128cbc :: BulkDirection -> BulkKey -> BulkBlock 94aes128cbc BulkEncrypt key = 95 let ctx = noFail (cipherInit key) :: AES128 96 in (\iv input -> let output = cbcEncrypt ctx (makeIV_ iv) input in (output, takelast 16 output)) 97aes128cbc BulkDecrypt key = 98 let ctx = noFail (cipherInit key) :: AES128 99 in (\iv input -> let output = cbcDecrypt ctx (makeIV_ iv) input in (output, takelast 16 input)) 100 101aes256cbc :: BulkDirection -> BulkKey -> BulkBlock 102aes256cbc BulkEncrypt key = 103 let ctx = noFail (cipherInit key) :: AES256 104 in (\iv input -> let output = cbcEncrypt ctx (makeIV_ iv) input in (output, takelast 16 output)) 105aes256cbc BulkDecrypt key = 106 let ctx = noFail (cipherInit key) :: AES256 107 in (\iv input -> let output = cbcDecrypt ctx (makeIV_ iv) input in (output, takelast 16 input)) 108 109aes128ccm :: BulkDirection -> BulkKey -> BulkAEAD 110aes128ccm BulkEncrypt key = 111 let ctx = noFail (cipherInit key) :: AES128 112 in (\nonce d ad -> 113 let mode = AEAD_CCM (B.length d) CCM_M16 CCM_L3 114 aeadIni = noFail (aeadInit mode ctx nonce) 115 in swap $ aeadSimpleEncrypt aeadIni ad d 16) 116aes128ccm BulkDecrypt key = 117 let ctx = noFail (cipherInit key) :: AES128 118 in (\nonce d ad -> 119 let mode = AEAD_CCM (B.length d) CCM_M16 CCM_L3 120 aeadIni = noFail (aeadInit mode ctx nonce) 121 in simpleDecrypt aeadIni ad d 16) 122 123aes128ccm8 :: BulkDirection -> BulkKey -> BulkAEAD 124aes128ccm8 BulkEncrypt key = 125 let ctx = noFail (cipherInit key) :: AES128 126 in (\nonce d ad -> 127 let mode = AEAD_CCM (B.length d) CCM_M8 CCM_L3 128 aeadIni = noFail (aeadInit mode ctx nonce) 129 in swap $ aeadSimpleEncrypt aeadIni ad d 8) 130aes128ccm8 BulkDecrypt key = 131 let ctx = noFail (cipherInit key) :: AES128 132 in (\nonce d ad -> 133 let mode = AEAD_CCM (B.length d) CCM_M8 CCM_L3 134 aeadIni = noFail (aeadInit mode ctx nonce) 135 in simpleDecrypt aeadIni ad d 8) 136 137aes128gcm :: BulkDirection -> BulkKey -> BulkAEAD 138aes128gcm BulkEncrypt key = 139 let ctx = noFail (cipherInit key) :: AES128 140 in (\nonce d ad -> 141 let aeadIni = noFail (aeadInit AEAD_GCM ctx nonce) 142 in swap $ aeadSimpleEncrypt aeadIni ad d 16) 143aes128gcm BulkDecrypt key = 144 let ctx = noFail (cipherInit key) :: AES128 145 in (\nonce d ad -> 146 let aeadIni = noFail (aeadInit AEAD_GCM ctx nonce) 147 in simpleDecrypt aeadIni ad d 16) 148 149aes256ccm :: BulkDirection -> BulkKey -> BulkAEAD 150aes256ccm BulkEncrypt key = 151 let ctx = noFail (cipherInit key) :: AES256 152 in (\nonce d ad -> 153 let mode = AEAD_CCM (B.length d) CCM_M16 CCM_L3 154 aeadIni = noFail (aeadInit mode ctx nonce) 155 in swap $ aeadSimpleEncrypt aeadIni ad d 16) 156aes256ccm BulkDecrypt key = 157 let ctx = noFail (cipherInit key) :: AES256 158 in (\nonce d ad -> 159 let mode = AEAD_CCM (B.length d) CCM_M16 CCM_L3 160 aeadIni = noFail (aeadInit mode ctx nonce) 161 in simpleDecrypt aeadIni ad d 16) 162 163aes256ccm8 :: BulkDirection -> BulkKey -> BulkAEAD 164aes256ccm8 BulkEncrypt key = 165 let ctx = noFail (cipherInit key) :: AES256 166 in (\nonce d ad -> 167 let mode = AEAD_CCM (B.length d) CCM_M8 CCM_L3 168 aeadIni = noFail (aeadInit mode ctx nonce) 169 in swap $ aeadSimpleEncrypt aeadIni ad d 8) 170aes256ccm8 BulkDecrypt key = 171 let ctx = noFail (cipherInit key) :: AES256 172 in (\nonce d ad -> 173 let mode = AEAD_CCM (B.length d) CCM_M8 CCM_L3 174 aeadIni = noFail (aeadInit mode ctx nonce) 175 in simpleDecrypt aeadIni ad d 8) 176 177aes256gcm :: BulkDirection -> BulkKey -> BulkAEAD 178aes256gcm BulkEncrypt key = 179 let ctx = noFail (cipherInit key) :: AES256 180 in (\nonce d ad -> 181 let aeadIni = noFail (aeadInit AEAD_GCM ctx nonce) 182 in swap $ aeadSimpleEncrypt aeadIni ad d 16) 183aes256gcm BulkDecrypt key = 184 let ctx = noFail (cipherInit key) :: AES256 185 in (\nonce d ad -> 186 let aeadIni = noFail (aeadInit AEAD_GCM ctx nonce) 187 in simpleDecrypt aeadIni ad d 16) 188 189simpleDecrypt :: AEAD cipher -> B.ByteString -> B.ByteString -> Int -> (B.ByteString, AuthTag) 190simpleDecrypt aeadIni header input taglen = (output, tag) 191 where 192 aead = aeadAppendHeader aeadIni header 193 (output, aeadFinal) = aeadDecrypt aead input 194 tag = aeadFinalize aeadFinal taglen 195 196noFail :: CryptoFailable a -> a 197noFail = throwCryptoError 198 199makeIV_ :: BlockCipher a => B.ByteString -> IV a 200makeIV_ = fromMaybe (error "makeIV_") . makeIV 201 202tripledes_ede :: BulkDirection -> BulkKey -> BulkBlock 203tripledes_ede BulkEncrypt key = 204 let ctx = noFail $ cipherInit key 205 in (\iv input -> let output = cbcEncrypt ctx (tripledes_iv iv) input in (output, takelast 8 output)) 206tripledes_ede BulkDecrypt key = 207 let ctx = noFail $ cipherInit key 208 in (\iv input -> let output = cbcDecrypt ctx (tripledes_iv iv) input in (output, takelast 8 input)) 209 210tripledes_iv :: BulkIV -> IV DES_EDE3 211tripledes_iv iv = fromMaybe (error "tripledes cipher iv internal error") $ makeIV iv 212 213rc4 :: BulkDirection -> BulkKey -> BulkStream 214rc4 _ bulkKey = BulkStream (combineRC4 $ RC4.initialize bulkKey) 215 where 216 combineRC4 ctx input = 217 let (ctx', output) = RC4.combine ctx input 218 in (output, BulkStream (combineRC4 ctx')) 219 220chacha20poly1305 :: BulkDirection -> BulkKey -> BulkAEAD 221chacha20poly1305 BulkEncrypt key nonce = 222 let st = noFail (ChaChaPoly1305.nonce12 nonce >>= ChaChaPoly1305.initialize key) 223 in (\input ad -> 224 let st2 = ChaChaPoly1305.finalizeAAD (ChaChaPoly1305.appendAAD ad st) 225 (output, st3) = ChaChaPoly1305.encrypt input st2 226 Poly1305.Auth tag = ChaChaPoly1305.finalize st3 227 in (output, AuthTag tag)) 228chacha20poly1305 BulkDecrypt key nonce = 229 let st = noFail (ChaChaPoly1305.nonce12 nonce >>= ChaChaPoly1305.initialize key) 230 in (\input ad -> 231 let st2 = ChaChaPoly1305.finalizeAAD (ChaChaPoly1305.appendAAD ad st) 232 (output, st3) = ChaChaPoly1305.decrypt input st2 233 Poly1305.Auth tag = ChaChaPoly1305.finalize st3 234 in (output, AuthTag tag)) 235 236-- | All AES and ChaCha20-Poly1305 ciphers supported ordered from strong to 237-- weak. This choice of ciphersuites should satisfy most normal needs. For 238-- otherwise strong ciphers we make little distinction between AES128 and 239-- AES256, and list each but the weakest of the AES128 ciphers ahead of the 240-- corresponding AES256 ciphers, with the ChaCha20-Poly1305 variant placed just 241-- after. 242-- 243-- The CCM ciphers all come together after the GCM variants due to their 244-- relative performance cost. 245ciphersuite_default :: [Cipher] 246ciphersuite_default = 247 [ -- First the PFS + GCM + SHA2 ciphers 248 cipher_ECDHE_ECDSA_AES128GCM_SHA256, cipher_ECDHE_ECDSA_AES256GCM_SHA384 249 , cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 250 , cipher_ECDHE_RSA_AES128GCM_SHA256, cipher_ECDHE_RSA_AES256GCM_SHA384 251 , cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 252 , cipher_DHE_RSA_AES128GCM_SHA256, cipher_DHE_RSA_AES256GCM_SHA384 253 , cipher_DHE_RSA_CHACHA20POLY1305_SHA256 254 , -- Next the PFS + CCM + SHA2 ciphers 255 cipher_ECDHE_ECDSA_AES128CCM_SHA256, cipher_ECDHE_ECDSA_AES256CCM_SHA256 256 , cipher_DHE_RSA_AES128CCM_SHA256, cipher_DHE_RSA_AES256CCM_SHA256 257 -- Next the PFS + CBC + SHA2 ciphers 258 , cipher_ECDHE_ECDSA_AES128CBC_SHA256, cipher_ECDHE_ECDSA_AES256CBC_SHA384 259 , cipher_ECDHE_RSA_AES128CBC_SHA256, cipher_ECDHE_RSA_AES256CBC_SHA384 260 , cipher_DHE_RSA_AES128_SHA256, cipher_DHE_RSA_AES256_SHA256 261 -- Next the PFS + CBC + SHA1 ciphers 262 , cipher_ECDHE_ECDSA_AES128CBC_SHA, cipher_ECDHE_ECDSA_AES256CBC_SHA 263 , cipher_ECDHE_RSA_AES128CBC_SHA, cipher_ECDHE_RSA_AES256CBC_SHA 264 , cipher_DHE_RSA_AES128_SHA1, cipher_DHE_RSA_AES256_SHA1 265 -- Next the non-PFS + GCM + SHA2 ciphers 266 , cipher_AES128GCM_SHA256, cipher_AES256GCM_SHA384 267 -- Next the non-PFS + CCM + SHA2 ciphers 268 , cipher_AES128CCM_SHA256, cipher_AES256CCM_SHA256 269 -- Next the non-PFS + CBC + SHA2 ciphers 270 , cipher_AES256_SHA256, cipher_AES128_SHA256 271 -- Next the non-PFS + CBC + SHA1 ciphers 272 , cipher_AES256_SHA1, cipher_AES128_SHA1 273 -- Nobody uses or should use DSS, RC4, 3DES or MD5 274 -- , cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1 275 -- , cipher_DHE_DSS_RC4_SHA1, cipher_RC4_128_SHA1, cipher_RC4_128_MD5 276 -- , cipher_RSA_3DES_EDE_CBC_SHA1 277 -- TLS13 (listed at the end but version is negotiated first) 278 , cipher_TLS13_AES128GCM_SHA256 279 , cipher_TLS13_AES256GCM_SHA384 280 , cipher_TLS13_CHACHA20POLY1305_SHA256 281 , cipher_TLS13_AES128CCM_SHA256 282 ] 283 284{-# WARNING ciphersuite_all "This ciphersuite list contains RC4. Use ciphersuite_strong or ciphersuite_default instead." #-} 285-- | The default ciphersuites + some not recommended last resort ciphers. 286ciphersuite_all :: [Cipher] 287ciphersuite_all = ciphersuite_default ++ 288 [ cipher_ECDHE_ECDSA_AES128CCM8_SHA256, cipher_ECDHE_ECDSA_AES256CCM8_SHA256 289 , cipher_DHE_RSA_AES128CCM8_SHA256, cipher_DHE_RSA_AES256CCM8_SHA256 290 , cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1 291 , cipher_AES128CCM8_SHA256, cipher_AES256CCM8_SHA256 292 , cipher_RSA_3DES_EDE_CBC_SHA1 293 , cipher_RC4_128_SHA1 294 , cipher_TLS13_AES128CCM8_SHA256 295 ] 296 297{-# DEPRECATED ciphersuite_medium "Use ciphersuite_strong or ciphersuite_default instead." #-} 298-- | list of medium ciphers. 299ciphersuite_medium :: [Cipher] 300ciphersuite_medium = [ cipher_RC4_128_SHA1 301 , cipher_AES128_SHA1 302 ] 303 304-- | The strongest ciphers supported. For ciphers with PFS, AEAD and SHA2, we 305-- list each AES128 variant after the corresponding AES256 and ChaCha20-Poly1305 306-- variants. For weaker constructs, we use just the AES256 form. 307-- 308-- The CCM ciphers come just after the corresponding GCM ciphers despite their 309-- relative performance cost. 310ciphersuite_strong :: [Cipher] 311ciphersuite_strong = 312 [ -- If we have PFS + AEAD + SHA2, then allow AES128, else just 256 313 cipher_ECDHE_ECDSA_AES256GCM_SHA384, cipher_ECDHE_ECDSA_AES256CCM_SHA256 314 , cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 315 , cipher_ECDHE_ECDSA_AES128GCM_SHA256, cipher_ECDHE_ECDSA_AES128CCM_SHA256 316 , cipher_ECDHE_RSA_AES256GCM_SHA384 317 , cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 318 , cipher_ECDHE_RSA_AES128GCM_SHA256 319 , cipher_DHE_RSA_AES256GCM_SHA384, cipher_DHE_RSA_AES256CCM_SHA256 320 , cipher_DHE_RSA_CHACHA20POLY1305_SHA256 321 , cipher_DHE_RSA_AES128GCM_SHA256, cipher_DHE_RSA_AES128CCM_SHA256 322 -- No AEAD 323 , cipher_ECDHE_ECDSA_AES256CBC_SHA384 324 , cipher_ECDHE_RSA_AES256CBC_SHA384 325 , cipher_DHE_RSA_AES256_SHA256 326 -- No SHA2 327 , cipher_ECDHE_ECDSA_AES256CBC_SHA 328 , cipher_ECDHE_RSA_AES256CBC_SHA 329 , cipher_DHE_RSA_AES256_SHA1 330 -- No PFS 331 , cipher_AES256GCM_SHA384 332 , cipher_AES256CCM_SHA256 333 -- Neither PFS nor AEAD, just SHA2 334 , cipher_AES256_SHA256 335 -- Last resort no PFS, AEAD or SHA2 336 , cipher_AES256_SHA1 337 -- TLS13 (listed at the end but version is negotiated first) 338 , cipher_TLS13_AES256GCM_SHA384 339 , cipher_TLS13_CHACHA20POLY1305_SHA256 340 , cipher_TLS13_AES128GCM_SHA256 341 , cipher_TLS13_AES128CCM_SHA256 342 ] 343 344-- | DHE-RSA cipher suite. This only includes ciphers bound specifically to 345-- DHE-RSA so TLS 1.3 ciphers must be added separately. 346ciphersuite_dhe_rsa :: [Cipher] 347ciphersuite_dhe_rsa = [ cipher_DHE_RSA_AES256GCM_SHA384, cipher_DHE_RSA_AES256CCM_SHA256 348 , cipher_DHE_RSA_CHACHA20POLY1305_SHA256 349 , cipher_DHE_RSA_AES128GCM_SHA256, cipher_DHE_RSA_AES128CCM_SHA256 350 , cipher_DHE_RSA_AES256_SHA256, cipher_DHE_RSA_AES128_SHA256 351 , cipher_DHE_RSA_AES256_SHA1, cipher_DHE_RSA_AES128_SHA1 352 ] 353 354ciphersuite_dhe_dss :: [Cipher] 355ciphersuite_dhe_dss = [cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1, cipher_DHE_DSS_RC4_SHA1] 356 357-- | all unencrypted ciphers, do not use on insecure network. 358ciphersuite_unencrypted :: [Cipher] 359ciphersuite_unencrypted = [cipher_null_MD5, cipher_null_SHA1] 360 361bulk_null, bulk_rc4, bulk_aes128, bulk_aes256, bulk_tripledes_ede, bulk_aes128gcm, bulk_aes256gcm :: Bulk 362bulk_aes128ccm, bulk_aes128ccm8, bulk_aes256ccm, bulk_aes256ccm8, bulk_chacha20poly1305 :: Bulk 363bulk_null = Bulk 364 { bulkName = "null" 365 , bulkKeySize = 0 366 , bulkIVSize = 0 367 , bulkExplicitIV = 0 368 , bulkAuthTagLen = 0 369 , bulkBlockSize = 0 370 , bulkF = BulkStreamF passThrough 371 } 372 where 373 passThrough _ _ = BulkStream go where go inp = (inp, BulkStream go) 374 375bulk_rc4 = Bulk 376 { bulkName = "RC4-128" 377 , bulkKeySize = 16 378 , bulkIVSize = 0 379 , bulkExplicitIV = 0 380 , bulkAuthTagLen = 0 381 , bulkBlockSize = 0 382 , bulkF = BulkStreamF rc4 383 } 384 385bulk_aes128 = Bulk 386 { bulkName = "AES128" 387 , bulkKeySize = 16 388 , bulkIVSize = 16 389 , bulkExplicitIV = 0 390 , bulkAuthTagLen = 0 391 , bulkBlockSize = 16 392 , bulkF = BulkBlockF aes128cbc 393 } 394 395bulk_aes128ccm = Bulk 396 { bulkName = "AES128CCM" 397 , bulkKeySize = 16 -- RFC 5116 Sec 5.1: K_LEN 398 , bulkIVSize = 4 -- RFC 6655 CCMNonce.salt, fixed_iv_length 399 , bulkExplicitIV = 8 400 , bulkAuthTagLen = 16 401 , bulkBlockSize = 0 -- dummy, not used 402 , bulkF = BulkAeadF aes128ccm 403 } 404 405bulk_aes128ccm8 = Bulk 406 { bulkName = "AES128CCM8" 407 , bulkKeySize = 16 -- RFC 5116 Sec 5.1: K_LEN 408 , bulkIVSize = 4 -- RFC 6655 CCMNonce.salt, fixed_iv_length 409 , bulkExplicitIV = 8 410 , bulkAuthTagLen = 8 411 , bulkBlockSize = 0 -- dummy, not used 412 , bulkF = BulkAeadF aes128ccm8 413 } 414 415bulk_aes128gcm = Bulk 416 { bulkName = "AES128GCM" 417 , bulkKeySize = 16 -- RFC 5116 Sec 5.1: K_LEN 418 , bulkIVSize = 4 -- RFC 5288 GCMNonce.salt, fixed_iv_length 419 , bulkExplicitIV = 8 420 , bulkAuthTagLen = 16 421 , bulkBlockSize = 0 -- dummy, not used 422 , bulkF = BulkAeadF aes128gcm 423 } 424 425bulk_aes256ccm = Bulk 426 { bulkName = "AES256CCM" 427 , bulkKeySize = 32 -- RFC 5116 Sec 5.1: K_LEN 428 , bulkIVSize = 4 -- RFC 6655 CCMNonce.salt, fixed_iv_length 429 , bulkExplicitIV = 8 430 , bulkAuthTagLen = 16 431 , bulkBlockSize = 0 -- dummy, not used 432 , bulkF = BulkAeadF aes256ccm 433 } 434 435bulk_aes256ccm8 = Bulk 436 { bulkName = "AES256CCM8" 437 , bulkKeySize = 32 -- RFC 5116 Sec 5.1: K_LEN 438 , bulkIVSize = 4 -- RFC 6655 CCMNonce.salt, fixed_iv_length 439 , bulkExplicitIV = 8 440 , bulkAuthTagLen = 8 441 , bulkBlockSize = 0 -- dummy, not used 442 , bulkF = BulkAeadF aes256ccm8 443 } 444 445bulk_aes256gcm = Bulk 446 { bulkName = "AES256GCM" 447 , bulkKeySize = 32 -- RFC 5116 Sec 5.1: K_LEN 448 , bulkIVSize = 4 -- RFC 5288 GCMNonce.salt, fixed_iv_length 449 , bulkExplicitIV = 8 450 , bulkAuthTagLen = 16 451 , bulkBlockSize = 0 -- dummy, not used 452 , bulkF = BulkAeadF aes256gcm 453 } 454 455bulk_aes256 = Bulk 456 { bulkName = "AES256" 457 , bulkKeySize = 32 458 , bulkIVSize = 16 459 , bulkExplicitIV = 0 460 , bulkAuthTagLen = 0 461 , bulkBlockSize = 16 462 , bulkF = BulkBlockF aes256cbc 463 } 464 465bulk_tripledes_ede = Bulk 466 { bulkName = "3DES-EDE-CBC" 467 , bulkKeySize = 24 468 , bulkIVSize = 8 469 , bulkExplicitIV = 0 470 , bulkAuthTagLen = 0 471 , bulkBlockSize = 8 472 , bulkF = BulkBlockF tripledes_ede 473 } 474 475bulk_chacha20poly1305 = Bulk 476 { bulkName = "CHACHA20POLY1305" 477 , bulkKeySize = 32 478 , bulkIVSize = 12 -- RFC 7905 section 2, fixed_iv_length 479 , bulkExplicitIV = 0 480 , bulkAuthTagLen = 16 481 , bulkBlockSize = 0 -- dummy, not used 482 , bulkF = BulkAeadF chacha20poly1305 483 } 484 485-- TLS13 bulks are same as TLS12 except they never have explicit IV 486bulk_aes128gcm_13, bulk_aes256gcm_13, bulk_aes128ccm_13, bulk_aes128ccm8_13 :: Bulk 487bulk_aes128gcm_13 = bulk_aes128gcm { bulkIVSize = 12, bulkExplicitIV = 0 } 488bulk_aes256gcm_13 = bulk_aes256gcm { bulkIVSize = 12, bulkExplicitIV = 0 } 489bulk_aes128ccm_13 = bulk_aes128ccm { bulkIVSize = 12, bulkExplicitIV = 0 } 490bulk_aes128ccm8_13 = bulk_aes128ccm8 { bulkIVSize = 12, bulkExplicitIV = 0 } 491 492-- | unencrypted cipher using RSA for key exchange and MD5 for digest 493cipher_null_MD5 :: Cipher 494cipher_null_MD5 = Cipher 495 { cipherID = 0x0001 496 , cipherName = "RSA-null-MD5" 497 , cipherBulk = bulk_null 498 , cipherHash = MD5 499 , cipherPRFHash = Nothing 500 , cipherKeyExchange = CipherKeyExchange_RSA 501 , cipherMinVer = Nothing 502 } 503 504-- | unencrypted cipher using RSA for key exchange and SHA1 for digest 505cipher_null_SHA1 :: Cipher 506cipher_null_SHA1 = Cipher 507 { cipherID = 0x0002 508 , cipherName = "RSA-null-SHA1" 509 , cipherBulk = bulk_null 510 , cipherHash = SHA1 511 , cipherPRFHash = Nothing 512 , cipherKeyExchange = CipherKeyExchange_RSA 513 , cipherMinVer = Nothing 514 } 515 516-- | RC4 cipher, RSA key exchange and MD5 for digest 517cipher_RC4_128_MD5 :: Cipher 518cipher_RC4_128_MD5 = Cipher 519 { cipherID = 0x0004 520 , cipherName = "RSA-rc4-128-md5" 521 , cipherBulk = bulk_rc4 522 , cipherHash = MD5 523 , cipherPRFHash = Nothing 524 , cipherKeyExchange = CipherKeyExchange_RSA 525 , cipherMinVer = Nothing 526 } 527 528-- | RC4 cipher, RSA key exchange and SHA1 for digest 529cipher_RC4_128_SHA1 :: Cipher 530cipher_RC4_128_SHA1 = Cipher 531 { cipherID = 0x0005 532 , cipherName = "RSA-rc4-128-sha1" 533 , cipherBulk = bulk_rc4 534 , cipherHash = SHA1 535 , cipherPRFHash = Nothing 536 , cipherKeyExchange = CipherKeyExchange_RSA 537 , cipherMinVer = Nothing 538 } 539 540-- | 3DES cipher (168 bit key), RSA key exchange and SHA1 for digest 541cipher_RSA_3DES_EDE_CBC_SHA1 :: Cipher 542cipher_RSA_3DES_EDE_CBC_SHA1 = Cipher 543 { cipherID = 0x000A 544 , cipherName = "RSA-3DES-EDE-CBC-SHA1" 545 , cipherBulk = bulk_tripledes_ede 546 , cipherHash = SHA1 547 , cipherPRFHash = Nothing 548 , cipherKeyExchange = CipherKeyExchange_RSA 549 , cipherMinVer = Nothing 550 } 551 552-- | AES cipher (128 bit key), RSA key exchange and SHA1 for digest 553cipher_AES128_SHA1 :: Cipher 554cipher_AES128_SHA1 = Cipher 555 { cipherID = 0x002F 556 , cipherName = "RSA-AES128-SHA1" 557 , cipherBulk = bulk_aes128 558 , cipherHash = SHA1 559 , cipherPRFHash = Nothing 560 , cipherKeyExchange = CipherKeyExchange_RSA 561 , cipherMinVer = Just SSL3 562 } 563 564-- | AES cipher (128 bit key), DHE key exchanged signed by DSA and SHA1 for digest 565cipher_DHE_DSS_AES128_SHA1 :: Cipher 566cipher_DHE_DSS_AES128_SHA1 = Cipher 567 { cipherID = 0x0032 568 , cipherName = "DHE-DSA-AES128-SHA1" 569 , cipherBulk = bulk_aes128 570 , cipherHash = SHA1 571 , cipherPRFHash = Nothing 572 , cipherKeyExchange = CipherKeyExchange_DHE_DSS 573 , cipherMinVer = Nothing 574 } 575 576-- | AES cipher (128 bit key), DHE key exchanged signed by RSA and SHA1 for digest 577cipher_DHE_RSA_AES128_SHA1 :: Cipher 578cipher_DHE_RSA_AES128_SHA1 = Cipher 579 { cipherID = 0x0033 580 , cipherName = "DHE-RSA-AES128-SHA1" 581 , cipherBulk = bulk_aes128 582 , cipherHash = SHA1 583 , cipherPRFHash = Nothing 584 , cipherKeyExchange = CipherKeyExchange_DHE_RSA 585 , cipherMinVer = Nothing 586 } 587 588-- | AES cipher (256 bit key), RSA key exchange and SHA1 for digest 589cipher_AES256_SHA1 :: Cipher 590cipher_AES256_SHA1 = Cipher 591 { cipherID = 0x0035 592 , cipherName = "RSA-AES256-SHA1" 593 , cipherBulk = bulk_aes256 594 , cipherHash = SHA1 595 , cipherPRFHash = Nothing 596 , cipherKeyExchange = CipherKeyExchange_RSA 597 , cipherMinVer = Just SSL3 598 } 599 600-- | AES cipher (256 bit key), DHE key exchanged signed by DSA and SHA1 for digest 601cipher_DHE_DSS_AES256_SHA1 :: Cipher 602cipher_DHE_DSS_AES256_SHA1 = cipher_DHE_DSS_AES128_SHA1 603 { cipherID = 0x0038 604 , cipherName = "DHE-DSA-AES256-SHA1" 605 , cipherBulk = bulk_aes256 606 } 607 608-- | AES cipher (256 bit key), DHE key exchanged signed by RSA and SHA1 for digest 609cipher_DHE_RSA_AES256_SHA1 :: Cipher 610cipher_DHE_RSA_AES256_SHA1 = cipher_DHE_RSA_AES128_SHA1 611 { cipherID = 0x0039 612 , cipherName = "DHE-RSA-AES256-SHA1" 613 , cipherBulk = bulk_aes256 614 } 615 616-- | AES cipher (128 bit key), RSA key exchange and SHA256 for digest 617cipher_AES128_SHA256 :: Cipher 618cipher_AES128_SHA256 = Cipher 619 { cipherID = 0x003C 620 , cipherName = "RSA-AES128-SHA256" 621 , cipherBulk = bulk_aes128 622 , cipherHash = SHA256 623 , cipherPRFHash = Just SHA256 624 , cipherKeyExchange = CipherKeyExchange_RSA 625 , cipherMinVer = Just TLS12 626 } 627 628-- | AES cipher (256 bit key), RSA key exchange and SHA256 for digest 629cipher_AES256_SHA256 :: Cipher 630cipher_AES256_SHA256 = Cipher 631 { cipherID = 0x003D 632 , cipherName = "RSA-AES256-SHA256" 633 , cipherBulk = bulk_aes256 634 , cipherHash = SHA256 635 , cipherPRFHash = Just SHA256 636 , cipherKeyExchange = CipherKeyExchange_RSA 637 , cipherMinVer = Just TLS12 638 } 639 640-- This is not registered in IANA. 641-- So, this will be removed in the next major release. 642cipher_DHE_DSS_RC4_SHA1 :: Cipher 643cipher_DHE_DSS_RC4_SHA1 = cipher_DHE_DSS_AES128_SHA1 644 { cipherID = 0x0066 645 , cipherName = "DHE-DSA-RC4-SHA1" 646 , cipherBulk = bulk_rc4 647 } 648 649cipher_DHE_RSA_AES128_SHA256 :: Cipher 650cipher_DHE_RSA_AES128_SHA256 = cipher_DHE_RSA_AES128_SHA1 651 { cipherID = 0x0067 652 , cipherName = "DHE-RSA-AES128-SHA256" 653 , cipherHash = SHA256 654 , cipherPRFHash = Just SHA256 655 , cipherMinVer = Just TLS12 656 } 657 658cipher_DHE_RSA_AES256_SHA256 :: Cipher 659cipher_DHE_RSA_AES256_SHA256 = cipher_DHE_RSA_AES128_SHA256 660 { cipherID = 0x006B 661 , cipherName = "DHE-RSA-AES256-SHA256" 662 , cipherBulk = bulk_aes256 663 } 664 665-- | AESCCM cipher (128 bit key), RSA key exchange. 666-- The SHA256 digest is used as a PRF, not as a MAC. 667cipher_AES128CCM_SHA256 :: Cipher 668cipher_AES128CCM_SHA256 = Cipher 669 { cipherID = 0xc09c 670 , cipherName = "RSA-AES128CCM-SHA256" 671 , cipherBulk = bulk_aes128ccm 672 , cipherHash = SHA256 673 , cipherPRFHash = Just SHA256 674 , cipherKeyExchange = CipherKeyExchange_RSA 675 , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 676 } 677 678-- | AESCCM8 cipher (128 bit key), RSA key exchange. 679-- The SHA256 digest is used as a PRF, not as a MAC. 680cipher_AES128CCM8_SHA256 :: Cipher 681cipher_AES128CCM8_SHA256 = Cipher 682 { cipherID = 0xc0a0 683 , cipherName = "RSA-AES128CCM8-SHA256" 684 , cipherBulk = bulk_aes128ccm8 685 , cipherHash = SHA256 686 , cipherPRFHash = Just SHA256 687 , cipherKeyExchange = CipherKeyExchange_RSA 688 , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 689 } 690 691-- | AESGCM cipher (128 bit key), RSA key exchange. 692-- The SHA256 digest is used as a PRF, not as a MAC. 693cipher_AES128GCM_SHA256 :: Cipher 694cipher_AES128GCM_SHA256 = Cipher 695 { cipherID = 0x009C 696 , cipherName = "RSA-AES128GCM-SHA256" 697 , cipherBulk = bulk_aes128gcm 698 , cipherHash = SHA256 699 , cipherPRFHash = Just SHA256 700 , cipherKeyExchange = CipherKeyExchange_RSA 701 , cipherMinVer = Just TLS12 702 } 703 704-- | AESCCM cipher (256 bit key), RSA key exchange. 705-- The SHA256 digest is used as a PRF, not as a MAC. 706cipher_AES256CCM_SHA256 :: Cipher 707cipher_AES256CCM_SHA256 = Cipher 708 { cipherID = 0xc09d 709 , cipherName = "RSA-AES256CCM-SHA256" 710 , cipherBulk = bulk_aes256ccm 711 , cipherHash = SHA256 712 , cipherPRFHash = Just SHA256 713 , cipherKeyExchange = CipherKeyExchange_RSA 714 , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 715 } 716 717-- | AESCCM8 cipher (256 bit key), RSA key exchange. 718-- The SHA256 digest is used as a PRF, not as a MAC. 719cipher_AES256CCM8_SHA256 :: Cipher 720cipher_AES256CCM8_SHA256 = Cipher 721 { cipherID = 0xc0a1 722 , cipherName = "RSA-AES256CCM8-SHA256" 723 , cipherBulk = bulk_aes256ccm8 724 , cipherHash = SHA256 725 , cipherPRFHash = Just SHA256 726 , cipherKeyExchange = CipherKeyExchange_RSA 727 , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 728 } 729 730-- | AESGCM cipher (256 bit key), RSA key exchange. 731-- The SHA384 digest is used as a PRF, not as a MAC. 732cipher_AES256GCM_SHA384 :: Cipher 733cipher_AES256GCM_SHA384 = Cipher 734 { cipherID = 0x009D 735 , cipherName = "RSA-AES256GCM-SHA384" 736 , cipherBulk = bulk_aes256gcm 737 , cipherHash = SHA384 738 , cipherPRFHash = Just SHA384 739 , cipherKeyExchange = CipherKeyExchange_RSA 740 , cipherMinVer = Just TLS12 741 } 742 743cipher_DHE_RSA_AES128CCM_SHA256 :: Cipher 744cipher_DHE_RSA_AES128CCM_SHA256 = Cipher 745 { cipherID = 0xc09e 746 , cipherName = "DHE-RSA-AES128CCM-SHA256" 747 , cipherBulk = bulk_aes128ccm 748 , cipherHash = SHA256 749 , cipherPRFHash = Just SHA256 750 , cipherKeyExchange = CipherKeyExchange_DHE_RSA 751 , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 752 } 753 754cipher_DHE_RSA_AES128CCM8_SHA256 :: Cipher 755cipher_DHE_RSA_AES128CCM8_SHA256 = Cipher 756 { cipherID = 0xc0a2 757 , cipherName = "DHE-RSA-AES128CCM8-SHA256" 758 , cipherBulk = bulk_aes128ccm8 759 , cipherHash = SHA256 760 , cipherPRFHash = Just SHA256 761 , cipherKeyExchange = CipherKeyExchange_DHE_RSA 762 , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 763 } 764 765cipher_DHE_RSA_AES128GCM_SHA256 :: Cipher 766cipher_DHE_RSA_AES128GCM_SHA256 = Cipher 767 { cipherID = 0x009E 768 , cipherName = "DHE-RSA-AES128GCM-SHA256" 769 , cipherBulk = bulk_aes128gcm 770 , cipherHash = SHA256 771 , cipherPRFHash = Just SHA256 772 , cipherKeyExchange = CipherKeyExchange_DHE_RSA 773 , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 774 } 775 776cipher_DHE_RSA_AES256CCM_SHA256 :: Cipher 777cipher_DHE_RSA_AES256CCM_SHA256 = Cipher 778 { cipherID = 0xc09f 779 , cipherName = "DHE-RSA-AES256CCM-SHA256" 780 , cipherBulk = bulk_aes256ccm 781 , cipherHash = SHA256 782 , cipherPRFHash = Just SHA256 783 , cipherKeyExchange = CipherKeyExchange_DHE_RSA 784 , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 785 } 786 787cipher_DHE_RSA_AES256CCM8_SHA256 :: Cipher 788cipher_DHE_RSA_AES256CCM8_SHA256 = Cipher 789 { cipherID = 0xc0a3 790 , cipherName = "DHE-RSA-AES256CCM8-SHA256" 791 , cipherBulk = bulk_aes256ccm8 792 , cipherHash = SHA256 793 , cipherPRFHash = Just SHA256 794 , cipherKeyExchange = CipherKeyExchange_DHE_RSA 795 , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 796 } 797 798cipher_DHE_RSA_AES256GCM_SHA384 :: Cipher 799cipher_DHE_RSA_AES256GCM_SHA384 = Cipher 800 { cipherID = 0x009F 801 , cipherName = "DHE-RSA-AES256GCM-SHA384" 802 , cipherBulk = bulk_aes256gcm 803 , cipherHash = SHA384 804 , cipherPRFHash = Just SHA384 805 , cipherKeyExchange = CipherKeyExchange_DHE_RSA 806 , cipherMinVer = Just TLS12 807 } 808 809cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 :: Cipher 810cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 = Cipher 811 { cipherID = 0xCCA8 812 , cipherName = "ECDHE-RSA-CHACHA20POLY1305-SHA256" 813 , cipherBulk = bulk_chacha20poly1305 814 , cipherHash = SHA256 815 , cipherPRFHash = Just SHA256 816 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA 817 , cipherMinVer = Just TLS12 818 } 819 820cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 :: Cipher 821cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 = Cipher 822 { cipherID = 0xCCA9 823 , cipherName = "ECDHE-ECDSA-CHACHA20POLY1305-SHA256" 824 , cipherBulk = bulk_chacha20poly1305 825 , cipherHash = SHA256 826 , cipherPRFHash = Just SHA256 827 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 828 , cipherMinVer = Just TLS12 829 } 830 831cipher_DHE_RSA_CHACHA20POLY1305_SHA256 :: Cipher 832cipher_DHE_RSA_CHACHA20POLY1305_SHA256 = Cipher 833 { cipherID = 0xCCAA 834 , cipherName = "DHE-RSA-CHACHA20POLY1305-SHA256" 835 , cipherBulk = bulk_chacha20poly1305 836 , cipherHash = SHA256 837 , cipherPRFHash = Just SHA256 838 , cipherKeyExchange = CipherKeyExchange_DHE_RSA 839 , cipherMinVer = Just TLS12 840 } 841 842cipher_TLS13_AES128GCM_SHA256 :: Cipher 843cipher_TLS13_AES128GCM_SHA256 = Cipher 844 { cipherID = 0x1301 845 , cipherName = "AES128GCM-SHA256" 846 , cipherBulk = bulk_aes128gcm_13 847 , cipherHash = SHA256 848 , cipherPRFHash = Nothing 849 , cipherKeyExchange = CipherKeyExchange_TLS13 850 , cipherMinVer = Just TLS13 851 } 852 853cipher_TLS13_AES256GCM_SHA384 :: Cipher 854cipher_TLS13_AES256GCM_SHA384 = Cipher 855 { cipherID = 0x1302 856 , cipherName = "AES256GCM-SHA384" 857 , cipherBulk = bulk_aes256gcm_13 858 , cipherHash = SHA384 859 , cipherPRFHash = Nothing 860 , cipherKeyExchange = CipherKeyExchange_TLS13 861 , cipherMinVer = Just TLS13 862 } 863 864cipher_TLS13_CHACHA20POLY1305_SHA256 :: Cipher 865cipher_TLS13_CHACHA20POLY1305_SHA256 = Cipher 866 { cipherID = 0x1303 867 , cipherName = "CHACHA20POLY1305-SHA256" 868 , cipherBulk = bulk_chacha20poly1305 869 , cipherHash = SHA256 870 , cipherPRFHash = Nothing 871 , cipherKeyExchange = CipherKeyExchange_TLS13 872 , cipherMinVer = Just TLS13 873 } 874 875cipher_TLS13_AES128CCM_SHA256 :: Cipher 876cipher_TLS13_AES128CCM_SHA256 = Cipher 877 { cipherID = 0x1304 878 , cipherName = "AES128CCM-SHA256" 879 , cipherBulk = bulk_aes128ccm_13 880 , cipherHash = SHA256 881 , cipherPRFHash = Nothing 882 , cipherKeyExchange = CipherKeyExchange_TLS13 883 , cipherMinVer = Just TLS13 884 } 885 886cipher_TLS13_AES128CCM8_SHA256 :: Cipher 887cipher_TLS13_AES128CCM8_SHA256 = Cipher 888 { cipherID = 0x1305 889 , cipherName = "AES128CCM8-SHA256" 890 , cipherBulk = bulk_aes128ccm8_13 891 , cipherHash = SHA256 892 , cipherPRFHash = Nothing 893 , cipherKeyExchange = CipherKeyExchange_TLS13 894 , cipherMinVer = Just TLS13 895 } 896 897cipher_ECDHE_ECDSA_AES128CBC_SHA :: Cipher 898cipher_ECDHE_ECDSA_AES128CBC_SHA = Cipher 899 { cipherID = 0xC009 900 , cipherName = "ECDHE-ECDSA-AES128CBC-SHA" 901 , cipherBulk = bulk_aes128 902 , cipherHash = SHA1 903 , cipherPRFHash = Nothing 904 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 905 , cipherMinVer = Just TLS10 906 } 907 908cipher_ECDHE_ECDSA_AES256CBC_SHA :: Cipher 909cipher_ECDHE_ECDSA_AES256CBC_SHA = Cipher 910 { cipherID = 0xC00A 911 , cipherName = "ECDHE-ECDSA-AES256CBC-SHA" 912 , cipherBulk = bulk_aes256 913 , cipherHash = SHA1 914 , cipherPRFHash = Nothing 915 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 916 , cipherMinVer = Just TLS10 917 } 918 919cipher_ECDHE_RSA_AES128CBC_SHA :: Cipher 920cipher_ECDHE_RSA_AES128CBC_SHA = Cipher 921 { cipherID = 0xC013 922 , cipherName = "ECDHE-RSA-AES128CBC-SHA" 923 , cipherBulk = bulk_aes128 924 , cipherHash = SHA1 925 , cipherPRFHash = Nothing 926 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA 927 , cipherMinVer = Just TLS10 928 } 929 930cipher_ECDHE_RSA_AES256CBC_SHA :: Cipher 931cipher_ECDHE_RSA_AES256CBC_SHA = Cipher 932 { cipherID = 0xC014 933 , cipherName = "ECDHE-RSA-AES256CBC-SHA" 934 , cipherBulk = bulk_aes256 935 , cipherHash = SHA1 936 , cipherPRFHash = Nothing 937 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA 938 , cipherMinVer = Just TLS10 939 } 940 941cipher_ECDHE_RSA_AES128CBC_SHA256 :: Cipher 942cipher_ECDHE_RSA_AES128CBC_SHA256 = Cipher 943 { cipherID = 0xC027 944 , cipherName = "ECDHE-RSA-AES128CBC-SHA256" 945 , cipherBulk = bulk_aes128 946 , cipherHash = SHA256 947 , cipherPRFHash = Just SHA256 948 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA 949 , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 950 } 951 952cipher_ECDHE_RSA_AES256CBC_SHA384 :: Cipher 953cipher_ECDHE_RSA_AES256CBC_SHA384 = Cipher 954 { cipherID = 0xC028 955 , cipherName = "ECDHE-RSA-AES256CBC-SHA384" 956 , cipherBulk = bulk_aes256 957 , cipherHash = SHA384 958 , cipherPRFHash = Just SHA384 959 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA 960 , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 961 } 962 963cipher_ECDHE_ECDSA_AES128CBC_SHA256 :: Cipher 964cipher_ECDHE_ECDSA_AES128CBC_SHA256 = Cipher 965 { cipherID = 0xc023 966 , cipherName = "ECDHE-ECDSA-AES128CBC-SHA256" 967 , cipherBulk = bulk_aes128 968 , cipherHash = SHA256 969 , cipherPRFHash = Just SHA256 970 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 971 , cipherMinVer = Just TLS12 -- RFC 5289 972 } 973 974cipher_ECDHE_ECDSA_AES256CBC_SHA384 :: Cipher 975cipher_ECDHE_ECDSA_AES256CBC_SHA384 = Cipher 976 { cipherID = 0xC024 977 , cipherName = "ECDHE-ECDSA-AES256CBC-SHA384" 978 , cipherBulk = bulk_aes256 979 , cipherHash = SHA384 980 , cipherPRFHash = Just SHA384 981 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 982 , cipherMinVer = Just TLS12 -- RFC 5289 983 } 984 985cipher_ECDHE_ECDSA_AES128CCM_SHA256 :: Cipher 986cipher_ECDHE_ECDSA_AES128CCM_SHA256 = Cipher 987 { cipherID = 0xc0ac 988 , cipherName = "ECDHE-ECDSA-AES128CCM-SHA256" 989 , cipherBulk = bulk_aes128ccm 990 , cipherHash = SHA256 991 , cipherPRFHash = Just SHA256 992 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 993 , cipherMinVer = Just TLS12 -- RFC 7251 994 } 995 996cipher_ECDHE_ECDSA_AES128CCM8_SHA256 :: Cipher 997cipher_ECDHE_ECDSA_AES128CCM8_SHA256 = Cipher 998 { cipherID = 0xc0ae 999 , cipherName = "ECDHE-ECDSA-AES128CCM8-SHA256" 1000 , cipherBulk = bulk_aes128ccm8 1001 , cipherHash = SHA256 1002 , cipherPRFHash = Just SHA256 1003 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 1004 , cipherMinVer = Just TLS12 -- RFC 7251 1005 } 1006 1007cipher_ECDHE_ECDSA_AES128GCM_SHA256 :: Cipher 1008cipher_ECDHE_ECDSA_AES128GCM_SHA256 = Cipher 1009 { cipherID = 0xC02B 1010 , cipherName = "ECDHE-ECDSA-AES128GCM-SHA256" 1011 , cipherBulk = bulk_aes128gcm 1012 , cipherHash = SHA256 1013 , cipherPRFHash = Just SHA256 1014 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 1015 , cipherMinVer = Just TLS12 -- RFC 5289 1016 } 1017 1018cipher_ECDHE_ECDSA_AES256CCM_SHA256 :: Cipher 1019cipher_ECDHE_ECDSA_AES256CCM_SHA256 = Cipher 1020 { cipherID = 0xc0ad 1021 , cipherName = "ECDHE-ECDSA-AES256CCM-SHA256" 1022 , cipherBulk = bulk_aes256ccm 1023 , cipherHash = SHA256 1024 , cipherPRFHash = Just SHA256 1025 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 1026 , cipherMinVer = Just TLS12 -- RFC 7251 1027 } 1028 1029cipher_ECDHE_ECDSA_AES256CCM8_SHA256 :: Cipher 1030cipher_ECDHE_ECDSA_AES256CCM8_SHA256 = Cipher 1031 { cipherID = 0xc0af 1032 , cipherName = "ECDHE-ECDSA-AES256CCM8-SHA256" 1033 , cipherBulk = bulk_aes256ccm8 1034 , cipherHash = SHA256 1035 , cipherPRFHash = Just SHA256 1036 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 1037 , cipherMinVer = Just TLS12 -- RFC 7251 1038 } 1039 1040cipher_ECDHE_ECDSA_AES256GCM_SHA384 :: Cipher 1041cipher_ECDHE_ECDSA_AES256GCM_SHA384 = Cipher 1042 { cipherID = 0xC02C 1043 , cipherName = "ECDHE-ECDSA-AES256GCM-SHA384" 1044 , cipherBulk = bulk_aes256gcm 1045 , cipherHash = SHA384 1046 , cipherPRFHash = Just SHA384 1047 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA 1048 , cipherMinVer = Just TLS12 -- RFC 5289 1049 } 1050 1051cipher_ECDHE_RSA_AES128GCM_SHA256 :: Cipher 1052cipher_ECDHE_RSA_AES128GCM_SHA256 = Cipher 1053 { cipherID = 0xC02F 1054 , cipherName = "ECDHE-RSA-AES128GCM-SHA256" 1055 , cipherBulk = bulk_aes128gcm 1056 , cipherHash = SHA256 1057 , cipherPRFHash = Just SHA256 1058 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA 1059 , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 1060 } 1061 1062cipher_ECDHE_RSA_AES256GCM_SHA384 :: Cipher 1063cipher_ECDHE_RSA_AES256GCM_SHA384 = Cipher 1064 { cipherID = 0xC030 1065 , cipherName = "ECDHE-RSA-AES256GCM-SHA384" 1066 , cipherBulk = bulk_aes256gcm 1067 , cipherHash = SHA384 1068 , cipherPRFHash = Just SHA384 1069 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA 1070 , cipherMinVer = Just TLS12 -- RFC 5289 1071 } 1072 1073-- A list of cipher suite is found from: 1074-- https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 1075