|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
|
|
package sun.security.ssl; |
|
|
|
import java.util.ArrayList; |
|
import java.util.Arrays; |
|
import java.util.Collection; |
|
import java.util.Collections; |
|
import java.util.LinkedList; |
|
import java.util.List; |
|
import static sun.security.ssl.CipherSuite.HashAlg.*; |
|
import static sun.security.ssl.CipherSuite.KeyExchange.*; |
|
import static sun.security.ssl.CipherSuite.MacAlg.*; |
|
import static sun.security.ssl.SSLCipher.*; |
|
import sun.security.ssl.NamedGroup.NamedGroupSpec; |
|
import static sun.security.ssl.NamedGroup.NamedGroupSpec.*; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
enum CipherSuite { |
|
// |
|
// in preference order |
|
// |
|
|
|
// Definition of the CipherSuites that are enabled by default. |
|
// |
|
// They are listed in preference order, most preferred first, using |
|
// the following criteria: |
|
// 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be |
|
// changed later, see below). |
|
// 2. Prefer forward secrecy cipher suites. |
|
// 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM), |
|
// AES_128(GCM), AES_256, AES_128, 3DES-EDE. |
|
// 4. Prefer the stronger MAC algorithm, in the order of SHA384, |
|
// SHA256, SHA, MD5. |
|
// 5. Prefer the better performance of key exchange and digital |
|
// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, |
|
// DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA. |
|
|
|
|
|
TLS_AES_256_GCM_SHA384( |
|
0x1302, true, "TLS_AES_256_GCM_SHA384", |
|
ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384), |
|
TLS_AES_128_GCM_SHA256( |
|
0x1301, true, "TLS_AES_128_GCM_SHA256", |
|
ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256), |
|
TLS_CHACHA20_POLY1305_SHA256( |
|
0x1303, true, "TLS_CHACHA20_POLY1305_SHA256", |
|
ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256), |
|
|
|
// Suite B compliant cipher suites, see RFC 6460. |
|
// |
|
// Note that, at present this provider is not Suite B compliant. The |
|
// preference order of the GCM cipher suites does not follow the spec |
|
// of RFC 6460. In this section, only two cipher suites are listed |
|
// so that applications can make use of Suite-B compliant cipher |
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384( |
|
0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), |
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256( |
|
0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), |
|
|
|
// Not suite B, but we want it to position the suite early in the list |
|
|
|
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256( |
|
0xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256), |
|
|
|
// |
|
// Forward secrecy cipher suites. |
|
// |
|
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( |
|
0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), |
|
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256( |
|
0xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256), |
|
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( |
|
0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), |
|
|
|
|
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( |
|
0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), |
|
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256( |
|
0xCCAA, true, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_RSA, B_CC20_P1305, M_NULL, H_SHA256), |
|
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( |
|
0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384), |
|
|
|
|
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( |
|
0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), |
|
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( |
|
0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256), |
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( |
|
0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384), |
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( |
|
0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384), |
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( |
|
0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256), |
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( |
|
0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256), |
|
|
|
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( |
|
0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256), |
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( |
|
0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256), |
|
|
|
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( |
|
0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256), |
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( |
|
0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), |
|
|
|
// |
|
// not forward secret cipher suites. |
|
// |
|
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( |
|
0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), |
|
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( |
|
0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384), |
|
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( |
|
0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), |
|
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( |
|
0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256), |
|
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( |
|
0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384), |
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( |
|
0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384), |
|
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( |
|
0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256), |
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( |
|
0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256), |
|
|
|
// |
|
// Legacy, used for compatibility |
|
// |
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( |
|
0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256), |
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( |
|
0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( |
|
0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256), |
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( |
|
0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA( |
|
0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DHE_RSA, B_AES_256, M_SHA, H_SHA256), |
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA( |
|
0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DHE_DSS, B_AES_256, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA( |
|
0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DHE_RSA, B_AES_128, M_SHA, H_SHA256), |
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA( |
|
0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DHE_DSS, B_AES_128, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( |
|
0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256), |
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( |
|
0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( |
|
0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256), |
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( |
|
0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256), |
|
|
|
// |
|
// deprecated, used for compatibility |
|
// |
|
|
|
|
|
TLS_RSA_WITH_AES_256_GCM_SHA384( |
|
0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_RSA, B_AES_256_GCM, M_NULL, H_SHA384), |
|
|
|
|
|
TLS_RSA_WITH_AES_128_GCM_SHA256( |
|
0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_RSA, B_AES_128_GCM, M_NULL, H_SHA256), |
|
|
|
|
|
TLS_RSA_WITH_AES_256_CBC_SHA256( |
|
0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_RSA, B_AES_256, M_SHA256, H_SHA256), |
|
|
|
|
|
TLS_RSA_WITH_AES_128_CBC_SHA256( |
|
0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_RSA, B_AES_128, M_SHA256, H_SHA256), |
|
|
|
|
|
TLS_RSA_WITH_AES_256_CBC_SHA( |
|
0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_RSA, B_AES_256, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_RSA_WITH_AES_128_CBC_SHA( |
|
0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_RSA, B_AES_128, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( |
|
0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256), |
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( |
|
0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256), |
|
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( |
|
0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DHE_RSA, B_3DES, M_SHA, H_SHA256), |
|
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( |
|
0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DHE_DSS, B_3DES, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( |
|
0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256), |
|
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( |
|
0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_RSA, B_3DES, M_SHA, H_SHA256), |
|
SSL_RSA_WITH_3DES_EDE_CBC_SHA( |
|
0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_RSA_WITH_3DES_EDE_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_RSA, B_3DES, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_EMPTY_RENEGOTIATION_INFO_SCSV( |
|
0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_SCSV, B_NULL, M_NULL, H_NONE), |
|
|
|
// Definition of the CipherSuites that are supported but not enabled |
|
// by default. |
|
// They are listed in preference order, preferred first, using the |
|
// following criteria: |
|
// 1. If a cipher suite has been obsoleted, we put it at the end of |
|
// the list. |
|
// 2. Prefer the stronger bulk cipher, in the order of AES_256, |
|
// AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. |
|
// 3. Prefer the stronger MAC algorithm, in the order of SHA384, |
|
// SHA256, SHA, MD5. |
|
// 4. Prefer the better performance of key exchange and digital |
|
// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, |
|
|
|
TLS_DH_anon_WITH_AES_256_GCM_SHA384( |
|
0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384), |
|
TLS_DH_anon_WITH_AES_128_GCM_SHA256( |
|
0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256), |
|
TLS_DH_anon_WITH_AES_256_CBC_SHA256( |
|
0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DH_ANON, B_AES_256, M_SHA256, H_SHA256), |
|
TLS_ECDH_anon_WITH_AES_256_CBC_SHA( |
|
0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256), |
|
TLS_DH_anon_WITH_AES_256_CBC_SHA( |
|
0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DH_ANON, B_AES_256, M_SHA, H_SHA256), |
|
TLS_DH_anon_WITH_AES_128_CBC_SHA256( |
|
0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_DH_ANON, B_AES_128, M_SHA256, H_SHA256), |
|
TLS_ECDH_anon_WITH_AES_128_CBC_SHA( |
|
0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256), |
|
TLS_DH_anon_WITH_AES_128_CBC_SHA( |
|
0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DH_ANON, B_AES_128, M_SHA, H_SHA256), |
|
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA( |
|
0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_ANON, B_3DES, M_SHA, H_SHA256), |
|
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA( |
|
0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_DH_ANON, B_3DES, M_SHA, H_SHA256), |
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( |
|
0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_TLS12, |
|
K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256), |
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA( |
|
0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_TLS12, |
|
K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256), |
|
SSL_RSA_WITH_RC4_128_SHA( |
|
0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", |
|
"TLS_RSA_WITH_RC4_128_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_TLS12, |
|
K_RSA, B_RC4_128, M_SHA, H_SHA256), |
|
TLS_ECDH_ECDSA_WITH_RC4_128_SHA( |
|
0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_TLS12, |
|
K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256), |
|
TLS_ECDH_RSA_WITH_RC4_128_SHA( |
|
0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_TLS12, |
|
K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256), |
|
SSL_RSA_WITH_RC4_128_MD5( |
|
0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", |
|
"TLS_RSA_WITH_RC4_128_MD5", |
|
ProtocolVersion.PROTOCOLS_TO_TLS12, |
|
K_RSA, B_RC4_128, M_MD5, H_SHA256), |
|
TLS_ECDH_anon_WITH_RC4_128_SHA( |
|
0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_TLS12, |
|
K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256), |
|
SSL_DH_anon_WITH_RC4_128_MD5( |
|
0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", |
|
"TLS_DH_anon_WITH_RC4_128_MD5", |
|
ProtocolVersion.PROTOCOLS_TO_TLS12, |
|
K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), |
|
|
|
|
|
SSL_RSA_WITH_DES_CBC_SHA( |
|
0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", |
|
"TLS_RSA_WITH_DES_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_11, |
|
K_RSA, B_DES, M_SHA, H_NONE), |
|
SSL_DHE_RSA_WITH_DES_CBC_SHA( |
|
0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA", |
|
"TLS_DHE_RSA_WITH_DES_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_11, |
|
K_DHE_RSA, B_DES, M_SHA, H_NONE), |
|
SSL_DHE_DSS_WITH_DES_CBC_SHA( |
|
0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_DES_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_11, |
|
K_DHE_DSS, B_DES, M_SHA, H_NONE), |
|
SSL_DH_anon_WITH_DES_CBC_SHA( |
|
0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA", |
|
"TLS_DH_anon_WITH_DES_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_11, |
|
K_DH_ANON, B_DES, M_SHA, H_NONE), |
|
|
|
|
|
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA( |
|
0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", |
|
"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_10, |
|
K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), |
|
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA( |
|
0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", |
|
"TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_10, |
|
K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), |
|
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA( |
|
0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", |
|
"TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_10, |
|
K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE), |
|
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA( |
|
0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", |
|
"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_10, |
|
K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE), |
|
SSL_RSA_EXPORT_WITH_RC4_40_MD5( |
|
0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", |
|
"TLS_RSA_EXPORT_WITH_RC4_40_MD5", |
|
ProtocolVersion.PROTOCOLS_TO_10, |
|
K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE), |
|
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5( |
|
0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", |
|
"TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", |
|
ProtocolVersion.PROTOCOLS_TO_10, |
|
K_DH_ANON, B_RC4_40, M_MD5, H_NONE), |
|
|
|
|
|
TLS_RSA_WITH_NULL_SHA256( |
|
0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "", |
|
ProtocolVersion.PROTOCOLS_OF_12, |
|
K_RSA, B_NULL, M_SHA256, H_SHA256), |
|
TLS_ECDHE_ECDSA_WITH_NULL_SHA( |
|
0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256), |
|
TLS_ECDHE_RSA_WITH_NULL_SHA( |
|
0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256), |
|
SSL_RSA_WITH_NULL_SHA( |
|
0x0002, false, "SSL_RSA_WITH_NULL_SHA", |
|
"TLS_RSA_WITH_NULL_SHA", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_RSA, B_NULL, M_SHA, H_SHA256), |
|
TLS_ECDH_ECDSA_WITH_NULL_SHA( |
|
0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256), |
|
TLS_ECDH_RSA_WITH_NULL_SHA( |
|
0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_RSA, B_NULL, M_SHA, H_SHA256), |
|
TLS_ECDH_anon_WITH_NULL_SHA( |
|
0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_ECDH_ANON, B_NULL, M_SHA, H_SHA256), |
|
SSL_RSA_WITH_NULL_MD5( |
|
0x0001, false, "SSL_RSA_WITH_NULL_MD5", |
|
"TLS_RSA_WITH_NULL_MD5", |
|
ProtocolVersion.PROTOCOLS_TO_12, |
|
K_RSA, B_NULL, M_MD5, H_SHA256), |
|
|
|
// Definition of the cipher suites that are not supported but the names |
|
|
|
TLS_AES_128_CCM_SHA256( |
|
"TLS_AES_128_CCM_SHA256", 0x1304), |
|
TLS_AES_128_CCM_8_SHA256( |
|
"TLS_AES_128_CCM_8_SHA256", 0x1305), |
|
|
|
|
|
CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006), |
|
CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007), |
|
CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b), |
|
CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c), |
|
CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d), |
|
CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e), |
|
CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f), |
|
CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010), |
|
|
|
|
|
CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c), |
|
CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d), |
|
|
|
|
|
CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062), |
|
CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063), |
|
CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064), |
|
CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065), |
|
CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066), |
|
|
|
// Netscape old and new SSL 3.0 FIPS cipher suites |
|
|
|
CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0), |
|
CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1), |
|
CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe), |
|
CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff), |
|
|
|
|
|
CS_001E("TLS_KRB5_WITH_DES_CBC_SHA", 0x001E), |
|
CS_001F("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001F), |
|
CS_0020("TLS_KRB5_WITH_RC4_128_SHA", 0x0020), |
|
CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021), |
|
CS_0022("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022), |
|
CS_0023("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023), |
|
CS_0024("TLS_KRB5_WITH_RC4_128_MD5", 0x0024), |
|
CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025), |
|
CS_0026("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026), |
|
CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027), |
|
CS_0028("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028), |
|
CS_0029("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029), |
|
CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a), |
|
CS_002B("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002B), |
|
|
|
|
|
CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096), |
|
CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097), |
|
CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098), |
|
CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099), |
|
CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a), |
|
CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b), |
|
|
|
|
|
CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a), |
|
CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b), |
|
CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c), |
|
CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d), |
|
CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e), |
|
CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f), |
|
CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090), |
|
CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091), |
|
CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092), |
|
CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093), |
|
CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094), |
|
CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095), |
|
|
|
|
|
CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c), |
|
CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d), |
|
CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e), |
|
|
|
|
|
CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030), |
|
CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031), |
|
CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036), |
|
CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037), |
|
CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e), |
|
CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f), |
|
CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068), |
|
CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069), |
|
|
|
|
|
CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0), |
|
CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1), |
|
CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4), |
|
CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5), |
|
|
|
|
|
CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8), |
|
CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9), |
|
CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa), |
|
CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab), |
|
CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac), |
|
CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad), |
|
CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae), |
|
CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af), |
|
CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0), |
|
CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1), |
|
CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2), |
|
CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3), |
|
CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4), |
|
CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5), |
|
CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6), |
|
CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7), |
|
CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8), |
|
CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9), |
|
|
|
|
|
CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041), |
|
CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042), |
|
CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043), |
|
CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044), |
|
CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045), |
|
CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046), |
|
CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084), |
|
CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085), |
|
CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086), |
|
CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087), |
|
CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088), |
|
CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089), |
|
CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba), |
|
CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb), |
|
CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc), |
|
CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd), |
|
CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be), |
|
CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf), |
|
CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0), |
|
CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1), |
|
CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2), |
|
CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3), |
|
CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4), |
|
CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5), |
|
|
|
|
|
CS_5600("TLS_FALLBACK_SCSV", 0x5600), |
|
|
|
|
|
CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a), |
|
CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b), |
|
CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c), |
|
CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d), |
|
CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e), |
|
CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f), |
|
CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020), |
|
CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021), |
|
CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022), |
|
|
|
|
|
CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033), |
|
CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034), |
|
CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035), |
|
CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036), |
|
CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037), |
|
CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038), |
|
CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039), |
|
CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a), |
|
CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b), |
|
|
|
|
|
CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c), |
|
CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d), |
|
CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e), |
|
CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f), |
|
CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040), |
|
CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041), |
|
CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042), |
|
CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043), |
|
CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044), |
|
CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045), |
|
CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046), |
|
CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047), |
|
CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048), |
|
CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049), |
|
CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a), |
|
CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b), |
|
CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c), |
|
CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d), |
|
CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e), |
|
CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f), |
|
CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050), |
|
CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051), |
|
CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052), |
|
CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053), |
|
CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054), |
|
CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055), |
|
CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056), |
|
CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057), |
|
CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058), |
|
CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059), |
|
CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a), |
|
CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b), |
|
CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c), |
|
CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d), |
|
CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e), |
|
CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f), |
|
CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060), |
|
CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061), |
|
CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062), |
|
CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063), |
|
CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064), |
|
CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065), |
|
CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066), |
|
CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067), |
|
CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068), |
|
CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069), |
|
CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a), |
|
CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b), |
|
CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c), |
|
CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d), |
|
CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e), |
|
CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f), |
|
CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070), |
|
CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071), |
|
|
|
|
|
CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072), |
|
CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073), |
|
CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074), |
|
CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075), |
|
CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076), |
|
CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077), |
|
CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078), |
|
CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079), |
|
CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a), |
|
CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b), |
|
CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c), |
|
CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d), |
|
CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e), |
|
CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f), |
|
CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080), |
|
CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081), |
|
CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082), |
|
CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083), |
|
CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084), |
|
CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085), |
|
CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086), |
|
CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087), |
|
CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088), |
|
CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089), |
|
CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a), |
|
CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b), |
|
CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c), |
|
CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d), |
|
CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e), |
|
CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f), |
|
CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090), |
|
CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091), |
|
CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092), |
|
CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093), |
|
CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094), |
|
CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095), |
|
CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096), |
|
CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097), |
|
CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098), |
|
CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099), |
|
CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a), |
|
CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b), |
|
|
|
|
|
CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c), |
|
CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d), |
|
CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e), |
|
CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f), |
|
CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0), |
|
CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1), |
|
CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2), |
|
CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3), |
|
CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4), |
|
CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5), |
|
CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6), |
|
CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7), |
|
CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8), |
|
CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9), |
|
CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa), |
|
CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab), |
|
|
|
|
|
CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac), |
|
CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad), |
|
CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae), |
|
CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af), |
|
|
|
C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000); |
|
|
|
final int id; |
|
final boolean isDefaultEnabled; |
|
final String name; |
|
final List<String> aliases; |
|
final List<ProtocolVersion> supportedProtocols; |
|
final KeyExchange keyExchange; |
|
final SSLCipher bulkCipher; |
|
final MacAlg macAlg; |
|
final HashAlg hashAlg; |
|
|
|
final boolean exportable; |
|
|
|
|
|
private CipherSuite(String name, int id) { |
|
this(id, false, name, "", |
|
ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null); |
|
} |
|
|
|
|
|
private CipherSuite(int id, boolean isDefaultEnabled, |
|
String name, ProtocolVersion[] supportedProtocols, |
|
SSLCipher bulkCipher, HashAlg hashAlg) { |
|
this(id, isDefaultEnabled, name, "", |
|
supportedProtocols, null, bulkCipher, M_NULL, hashAlg); |
|
} |
|
|
|
private CipherSuite(int id, boolean isDefaultEnabled, |
|
String name, String aliases, |
|
ProtocolVersion[] supportedProtocols, |
|
KeyExchange keyExchange, SSLCipher cipher, |
|
MacAlg macAlg, HashAlg hashAlg) { |
|
this.id = id; |
|
this.isDefaultEnabled = isDefaultEnabled; |
|
this.name = name; |
|
if (!aliases.isEmpty()) { |
|
this.aliases = Arrays.asList(aliases.split(",")); |
|
} else { |
|
this.aliases = Collections.emptyList(); |
|
} |
|
this.supportedProtocols = Arrays.asList(supportedProtocols); |
|
this.keyExchange = keyExchange; |
|
this.bulkCipher = cipher; |
|
this.macAlg = macAlg; |
|
this.hashAlg = hashAlg; |
|
|
|
this.exportable = (cipher != null && cipher.exportable); |
|
} |
|
|
|
static CipherSuite nameOf(String ciperSuiteName) { |
|
for (CipherSuite cs : CipherSuite.values()) { |
|
if (cs.name.equals(ciperSuiteName) || |
|
cs.aliases.contains(ciperSuiteName)) { |
|
return cs; |
|
} |
|
} |
|
|
|
return null; |
|
} |
|
|
|
static CipherSuite valueOf(int id) { |
|
for (CipherSuite cs : CipherSuite.values()) { |
|
if (cs.id == id) { |
|
return cs; |
|
} |
|
} |
|
|
|
return null; |
|
} |
|
|
|
static String nameOf(int id) { |
|
for (CipherSuite cs : CipherSuite.values()) { |
|
if (cs.id == id) { |
|
return cs.name; |
|
} |
|
} |
|
|
|
return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")"; |
|
} |
|
|
|
static Collection<CipherSuite> allowedCipherSuites() { |
|
Collection<CipherSuite> cipherSuites = new LinkedList<>(); |
|
for (CipherSuite cs : CipherSuite.values()) { |
|
if (!cs.supportedProtocols.isEmpty()) { |
|
cipherSuites.add(cs); |
|
} else { |
|
// values() is ordered, remaining cipher suites are |
|
|
|
break; |
|
} |
|
} |
|
return cipherSuites; |
|
} |
|
|
|
static Collection<CipherSuite> defaultCipherSuites() { |
|
Collection<CipherSuite> cipherSuites = new LinkedList<>(); |
|
for (CipherSuite cs : CipherSuite.values()) { |
|
if (cs.isDefaultEnabled) { |
|
cipherSuites.add(cs); |
|
} else { |
|
// values() is ordered, remaining cipher suites are |
|
|
|
break; |
|
} |
|
} |
|
return cipherSuites; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
static List<CipherSuite> validValuesOf(String[] names) { |
|
if (names == null) { |
|
throw new IllegalArgumentException("CipherSuites cannot be null"); |
|
} |
|
|
|
List<CipherSuite> cipherSuites = new ArrayList<>(names.length); |
|
for (String name : names) { |
|
if (name == null || name.isEmpty()) { |
|
throw new IllegalArgumentException( |
|
"The specified CipherSuites array contains " + |
|
"invalid null or empty string elements"); |
|
} |
|
|
|
boolean found = false; |
|
for (CipherSuite cs : CipherSuite.values()) { |
|
if (!cs.supportedProtocols.isEmpty()) { |
|
if (cs.name.equals(name) || |
|
cs.aliases.contains(name)) { |
|
cipherSuites.add(cs); |
|
found = true; |
|
break; |
|
} |
|
} else { |
|
// values() is ordered, remaining cipher suites are |
|
|
|
break; |
|
} |
|
} |
|
if (!found) { |
|
throw new IllegalArgumentException( |
|
"Unsupported CipherSuite: " + name); |
|
} |
|
} |
|
|
|
return Collections.unmodifiableList(cipherSuites); |
|
} |
|
|
|
static String[] namesOf(List<CipherSuite> cipherSuites) { |
|
String[] names = new String[cipherSuites.size()]; |
|
int i = 0; |
|
for (CipherSuite cipherSuite : cipherSuites) { |
|
names[i++] = cipherSuite.name; |
|
} |
|
|
|
return names; |
|
} |
|
|
|
boolean isAvailable() { |
|
|
|
return !supportedProtocols.isEmpty() && |
|
(keyExchange == null || keyExchange.isAvailable()) && |
|
bulkCipher != null && bulkCipher.isAvailable(); |
|
} |
|
|
|
public boolean supports(ProtocolVersion protocolVersion) { |
|
return supportedProtocols.contains(protocolVersion); |
|
} |
|
|
|
boolean isNegotiable() { |
|
return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable(); |
|
} |
|
|
|
boolean isAnonymous() { |
|
return (keyExchange != null && keyExchange.isAnonymous); |
|
} |
|
|
|
|
|
int calculatePacketSize(int fragmentSize, |
|
ProtocolVersion protocolVersion, boolean isDTLS) { |
|
int packetSize = fragmentSize; |
|
if (bulkCipher != null && bulkCipher != B_NULL) { |
|
int blockSize = bulkCipher.ivSize; |
|
switch (bulkCipher.cipherType) { |
|
case BLOCK_CIPHER: |
|
packetSize += macAlg.size; |
|
packetSize += 1; |
|
packetSize += |
|
(blockSize - (packetSize % blockSize)) % blockSize; |
|
if (protocolVersion.useTLS11PlusSpec()) { |
|
packetSize += blockSize; |
|
} |
|
|
|
break; |
|
case AEAD_CIPHER: |
|
if (protocolVersion == ProtocolVersion.TLS12 || |
|
protocolVersion == ProtocolVersion.DTLS12) { |
|
packetSize += |
|
bulkCipher.ivSize - bulkCipher.fixedIvSize; |
|
} |
|
packetSize += bulkCipher.tagSize; |
|
|
|
break; |
|
default: |
|
packetSize += macAlg.size; |
|
} |
|
} |
|
|
|
return packetSize + |
|
(isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); |
|
} |
|
|
|
|
|
int calculateFragSize(int packetLimit, |
|
ProtocolVersion protocolVersion, boolean isDTLS) { |
|
int fragSize = packetLimit - |
|
(isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); |
|
if (bulkCipher != null && bulkCipher != B_NULL) { |
|
int blockSize = bulkCipher.ivSize; |
|
switch (bulkCipher.cipherType) { |
|
case BLOCK_CIPHER: |
|
if (protocolVersion.useTLS11PlusSpec()) { |
|
fragSize -= blockSize; |
|
} |
|
fragSize -= (fragSize % blockSize); |
|
// No padding for a maximum fragment. |
|
fragSize -= 1; |
|
fragSize -= macAlg.size; |
|
|
|
break; |
|
case AEAD_CIPHER: |
|
fragSize -= bulkCipher.tagSize; |
|
fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize; |
|
|
|
break; |
|
default: |
|
fragSize -= macAlg.size; |
|
} |
|
} |
|
|
|
return fragSize; |
|
} |
|
|
|
|
|
|
|
*/ |
|
static enum KeyExchange { |
|
K_NULL ("NULL", false, true, NAMED_GROUP_NONE), |
|
K_RSA ("RSA", true, false, NAMED_GROUP_NONE), |
|
K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE), |
|
K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE), |
|
K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE), |
|
K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE), |
|
K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE), |
|
K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE), |
|
K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE), |
|
K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE), |
|
K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE), |
|
|
|
// These KeyExchanges can use either ECDHE/XDH, so we'll use a |
|
|
|
K_ECDH_ECDSA ("ECDH_ECDSA", JsseJce.ALLOW_ECC, false, |
|
NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), |
|
K_ECDH_RSA ("ECDH_RSA", JsseJce.ALLOW_ECC, false, |
|
NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), |
|
K_ECDHE_ECDSA ("ECDHE_ECDSA", JsseJce.ALLOW_ECC, false, |
|
NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), |
|
K_ECDHE_RSA ("ECDHE_RSA", JsseJce.ALLOW_ECC, false, |
|
NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), |
|
K_ECDH_ANON ("ECDH_anon", JsseJce.ALLOW_ECC, true, |
|
NAMED_GROUP_ECDHE, NAMED_GROUP_XDH), |
|
|
|
|
|
K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE); |
|
|
|
|
|
final String name; |
|
final boolean allowed; |
|
final NamedGroupSpec[] groupTypes; |
|
private final boolean alwaysAvailable; |
|
private final boolean isAnonymous; |
|
|
|
KeyExchange(String name, boolean allowed, |
|
boolean isAnonymous, NamedGroupSpec... groupTypes) { |
|
this.name = name; |
|
this.groupTypes = groupTypes; |
|
this.allowed = allowed; |
|
|
|
this.alwaysAvailable = allowed && (!name.startsWith("EC")); |
|
this.isAnonymous = isAnonymous; |
|
} |
|
|
|
boolean isAvailable() { |
|
if (alwaysAvailable) { |
|
return true; |
|
} |
|
|
|
if (NamedGroupSpec.arrayContains(groupTypes, |
|
NamedGroupSpec.NAMED_GROUP_ECDHE)) { |
|
return (allowed && JsseJce.isEcAvailable()); |
|
} else { |
|
return allowed; |
|
} |
|
} |
|
|
|
@Override |
|
public String toString() { |
|
return name; |
|
} |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
static enum MacAlg { |
|
M_NULL ("NULL", 0, 0, 0), |
|
M_MD5 ("MD5", 16, 64, 9), |
|
M_SHA ("SHA", 20, 64, 9), |
|
M_SHA256 ("SHA256", 32, 64, 9), |
|
M_SHA384 ("SHA384", 48, 128, 17); |
|
|
|
|
|
final String name; |
|
|
|
|
|
final int size; |
|
|
|
|
|
final int hashBlockSize; |
|
|
|
|
|
final int minimalPaddingSize; |
|
|
|
MacAlg(String name, int size, |
|
int hashBlockSize, int minimalPaddingSize) { |
|
this.name = name; |
|
this.size = size; |
|
this.hashBlockSize = hashBlockSize; |
|
this.minimalPaddingSize = minimalPaddingSize; |
|
} |
|
|
|
@Override |
|
public String toString() { |
|
return name; |
|
} |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
static enum HashAlg { |
|
H_NONE ("NONE", 0, 0), |
|
H_SHA256 ("SHA-256", 32, 64), |
|
H_SHA384 ("SHA-384", 48, 128); |
|
|
|
final String name; |
|
final int hashLength; |
|
final int blockSize; |
|
|
|
HashAlg(String hashAlg, int hashLength, int blockSize) { |
|
this.name = hashAlg; |
|
this.hashLength = hashLength; |
|
this.blockSize = blockSize; |
|
} |
|
|
|
@Override |
|
public String toString() { |
|
return name; |
|
} |
|
} |
|
} |