/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

package org.apache.tomcat.util.net.openssl.ciphers;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;

All the standard cipher suites for SSL/TSL.
See Also:
/** * All the standard cipher suites for SSL/TSL. * * @see <a href="https://github.com/openssl/openssl/blob/master/ssl/s3_lib.c" * >OpenSSL cipher definitions</a> * @see <a href="http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4" * >The cipher suite registry</a> * @see <a href="https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/" * >Another list of cipher suites with some non-standard IDs</a> * @see <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites" * >Oracle standard names for cipher suites</a> * @see <a href="https://www.openssl.org/docs/apps/ciphers.html" * >Mapping of OpenSSL cipher suites names to registry names</a> * @see <a href="https://github.com/ssllabs/sslhaf/blob/0.1.x/suites.csv" * >SSL Labs tool - list of ciphers</a> * @see <a href="http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/e30cd0d37abf/src/java.base/share/classes/sun/security/ssl/CipherSuite.java" * >OpenJDK source code</a> */
public enum Cipher { /* Cipher 0 * TLS_NULL_WITH_NULL_NULL * Must never be negotiated. Used internally to represent the initial * unprotected state of a connection. */ /* The RSA ciphers */ // Cipher 01 TLS_RSA_WITH_NULL_MD5( 0x0001, "NULL-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.eNULL, MessageDigest.MD5, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, false, 0, 0, new String[] {"SSL_RSA_WITH_NULL_MD5"}, null ), // Cipher 02 TLS_RSA_WITH_NULL_SHA( 0x0002, "NULL-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.eNULL, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, true, 0, 0, new String[] {"SSL_RSA_WITH_NULL_SHA"}, null ), // Cipher 03 TLS_RSA_EXPORT_WITH_RC4_40_MD5( 0x0003, "EXP-RC4-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC4, MessageDigest.MD5, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 128, new String[] {"SSL_RSA_EXPORT_WITH_RC4_40_MD5"}, null ), // Cipher 04 TLS_RSA_WITH_RC4_128_MD5( 0x0004, "RC4-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC4, MessageDigest.MD5, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, new String[] {"SSL_RSA_WITH_RC4_128_MD5"}, null ), // Cipher 05 TLS_RSA_WITH_RC4_128_SHA( 0x0005, "RC4-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, new String[] {"SSL_RSA_WITH_RC4_128_SHA"}, null ), // Cipher 06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5( 0x0006, "EXP-RC2-CBC-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC2, MessageDigest.MD5, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 128, new String[] {"SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, null ), // Cipher 07 TLS_RSA_WITH_IDEA_CBC_SHA( 0x0007, "IDEA-CBC-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.IDEA, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, new String[] {"SSL_RSA_WITH_IDEA_CBC_SHA"}, null ), // Cipher 08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA( 0x0008, "EXP-DES-CBC-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 56, new String[] {"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"}, null ), // Cipher 09 TLS_RSA_WITH_DES_CBC_SHA( 0x0009, "DES-CBC-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.LOW, false, 56, 56, new String[] {"SSL_RSA_WITH_DES_CBC_SHA"}, null ), // Cipher 0A TLS_RSA_WITH_3DES_EDE_CBC_SHA( 0x000A, "DES-CBC3-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, new String[] {"SSL_RSA_WITH_3DES_EDE_CBC_SHA"}, null ), /* The DH ciphers */ // Cipher 0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA( 0x000B, "EXP-DH-DSS-DES-CBC-SHA", KeyExchange.DHd, Authentication.DH, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 56, new String[] {"SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, null ), // Cipher 0C TLS_DH_DSS_WITH_DES_CBC_SHA( 0x000C, "DH-DSS-DES-CBC-SHA", KeyExchange.DHd, Authentication.DH, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.LOW, false, 56, 56, new String[] {"SSL_DH_DSS_WITH_DES_CBC_SHA"}, null ), // Cipher 0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA( 0x000D, "DH-DSS-DES-CBC3-SHA", KeyExchange.DHd, Authentication.DH, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, new String[] {"SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, null ), // Cipher 0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA( 0x000E, "EXP-DH-RSA-DES-CBC-SHA", KeyExchange.DHr, Authentication.DH, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 56, new String[] {"SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, null ), // Cipher 0F TLS_DH_RSA_WITH_DES_CBC_SHA( 0x000F, "DH-RSA-DES-CBC-SHA", KeyExchange.DHr, Authentication.DH, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.LOW, false, 56, 56, new String[] {"SSL_DH_RSA_WITH_DES_CBC_SHA"}, null ), // Cipher 10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA( 0x0010, "DH-RSA-DES-CBC3-SHA", KeyExchange.DHr, Authentication.DH, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, new String[] {"SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, null ), /* The Ephemeral DH ciphers */ // Cipher 11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA( 0x0011, "EXP-DHE-DSS-DES-CBC-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 56, new String[] {"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, new String[] {"EXP-EDH-DSS-DES-CBC-SHA"} ), // Cipher 12 TLS_DHE_DSS_WITH_DES_CBC_SHA( 0x0012, "DHE-DSS-DES-CBC-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.LOW, false, 56, 56, new String[] {"SSL_DHE_DSS_WITH_DES_CBC_SHA"}, new String[] {"EDH-DSS-DES-CBC-SHA"} ), // Cipher 13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA( 0x0013, "DHE-DSS-DES-CBC3-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, new String[] {"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, new String[] {"EDH-DSS-DES-CBC3-SHA"} ), // Cipher 14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA( 0x0014, "EXP-DHE-RSA-DES-CBC-SHA", KeyExchange.EDH, Authentication.RSA, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 56, new String[] {"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, new String[] {"EXP-EDH-RSA-DES-CBC-SHA"} ), // Cipher 15 TLS_DHE_RSA_WITH_DES_CBC_SHA( 0x0015, "DHE-RSA-DES-CBC-SHA", KeyExchange.EDH, Authentication.RSA, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.LOW, false, 56, 56, new String[] {"SSL_DHE_RSA_WITH_DES_CBC_SHA"}, new String[] {"EDH-RSA-DES-CBC-SHA"} ), // Cipher 16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA( 0x0016, "DHE-RSA-DES-CBC3-SHA", KeyExchange.EDH, Authentication.RSA, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, new String[] {"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, new String[] {"EDH-RSA-DES-CBC3-SHA"} ), // Cipher 17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5( 0x0017, "EXP-ADH-RC4-MD5", KeyExchange.EDH, Authentication.aNULL, Encryption.RC4, MessageDigest.MD5, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 128, new String[] {"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"}, null ), // Cipher 18 TLS_DH_anon_WITH_RC4_128_MD5( 0x0018, "ADH-RC4-MD5", KeyExchange.EDH, Authentication.aNULL, Encryption.RC4, MessageDigest.MD5, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, new String[] {"SSL_DH_anon_WITH_RC4_128_MD5"}, null ), // Cipher 19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA( 0x0019, "EXP-ADH-DES-CBC-SHA", KeyExchange.EDH, Authentication.aNULL, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 128, new String[] {"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, null ), // Cipher 1A TLS_DH_anon_WITH_DES_CBC_SHA( 0x001A, "ADH-DES-CBC-SHA", KeyExchange.EDH, Authentication.aNULL, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.LOW, false, 56, 56, new String[] {"SSL_DH_anon_WITH_DES_CBC_SHA"}, null ), // Cipher 1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA( 0x001B, "ADH-DES-CBC3-SHA", KeyExchange.EDH, Authentication.aNULL, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, new String[] {"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}, null ), /* Fortezza ciphersuite from SSL 3.0 spec * Neither OpenSSL nor Java implement these ciphers and the IDs used * overlap partially with the IDs used by the Kerberos ciphers // Cipher 1C SSL_FORTEZZA_DMS_WITH_NULL_SHA( "FZA-NULL-SHA", KeyExchange.FZA, Authentication.FZA, Encryption.eNULL, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, false, 0, 0, null, null ), // Cipher 1D SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA( "FZA-FZA-CBC-SHA", KeyExchange.FZA, Authentication.FZA, Encryption.FZA, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, false, 0, 0, null, null ), // Cipher 1E - overlaps with Kerberos below SSL_FORTEZZA_DMS_WITH_RC4_128_SHA( "FZA-RC4-SHA", KeyExchange.FZA, Authentication.FZA, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), */ /* The Kerberos ciphers. OpenSSL doesn't support these. Java does but they * are used for Kerberos authentication. */ // Cipher 1E - overlaps with Fortezza above /*TLS_KRB5_WITH_DES_CBC_SHA( "KRB5-DES-CBC-SHA", KeyExchange.KRB5, Authentication.KRB5, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.LOW, false, 56, 56, null, null ), // Cipher 1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA( "KRB5-DES-CBC3-SHA", KeyExchange.KRB5, Authentication.KRB5, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 112, 168, null, null ), // Cipher 20 TLS_KRB5_WITH_RC4_128_SHA( "KRB5-RC4-SHA", KeyExchange.KRB5, Authentication.KRB5, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 21 TLS_KRB5_WITH_IDEA_CBC_SHA( "KRB5-IDEA-CBC-SHA", KeyExchange.KRB5, Authentication.KRB5, Encryption.IDEA, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 22 TLS_KRB5_WITH_DES_CBC_MD5( "KRB5-DES-CBC-MD5", KeyExchange.KRB5, Authentication.KRB5, Encryption.DES, MessageDigest.MD5, Protocol.SSLv3, false, EncryptionLevel.LOW, false, 56, 56, null, null ), // Cipher 23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5( "KRB5-DES-CBC3-MD5", KeyExchange.KRB5, Authentication.KRB5, Encryption.TRIPLE_DES, MessageDigest.MD5, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 112, 168, null, null ), // Cipher 24 TLS_KRB5_WITH_RC4_128_MD5( "KRB5-RC4-MD5", KeyExchange.KRB5, Authentication.KRB5, Encryption.RC4, MessageDigest.MD5, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 25 TLS_KRB5_WITH_IDEA_CBC_MD5( "KRB5-IDEA-CBC-MD5", KeyExchange.KRB5, Authentication.KRB5, Encryption.IDEA, MessageDigest.MD5, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA( "EXP-KRB5-DES-CBC-SHA", KeyExchange.KRB5, Authentication.KRB5, Encryption.DES, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 56, null, null ), // Cipher 27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA( "EXP-KRB5-RC2-CBC-SHA", KeyExchange.KRB5, Authentication.KRB5, Encryption.RC2, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 128, null, null ), // Cipher 28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA( "EXP-KRB5-RC4-SHA", KeyExchange.KRB5, Authentication.KRB5, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 128, null, null ), // Cipher 29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5( "EXP-KRB5-DES-CBC-MD5", KeyExchange.KRB5, Authentication.KRB5, Encryption.DES, MessageDigest.MD5, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 56, null, null ), // Cipher 2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5( "EXP-KRB5-RC2-CBC-MD5", KeyExchange.KRB5, Authentication.KRB5, Encryption.RC2, MessageDigest.MD5, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 128, null, null ), // Cipher 2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5( "EXP-KRB5-RC4-MD5", KeyExchange.KRB5, Authentication.KRB5, Encryption.RC4, MessageDigest.MD5, Protocol.SSLv3, true, EncryptionLevel.EXP40, false, 40, 128, null, null ),*/ /* PSK cipher suites from RFC 4785 */ // Cipher 2C TLS_PSK_WITH_NULL_SHA( 0x002c, "PSK-NULL-SHA", KeyExchange.PSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher 2D TLS_DHE_PSK_WITH_NULL_SHA( 0x002d, "DHE-PSK-NULL-SHA", KeyExchange.DHEPSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher 2E TLS_RSA_PSK_WITH_NULL_SHA( 0x002e, "RSA-PSK-NULL-SHA", KeyExchange.RSAPSK, Authentication.RSA, Encryption.eNULL, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), /* New AES ciphersuites */ // Cipher 2F TLS_RSA_WITH_AES_128_CBC_SHA( 0x002f, "AES128-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 30 TLS_DH_DSS_WITH_AES_128_CBC_SHA( 0x0030, "DH-DSS-AES128-SHA", KeyExchange.DHd, Authentication.DH, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 31 TLS_DH_RSA_WITH_AES_128_CBC_SHA( 0x0031, "DH-RSA-AES128-SHA", KeyExchange.DHr, Authentication.DH, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA( 0x0032, "DHE-DSS-AES128-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA( 0x0033, "DHE-RSA-AES128-SHA", KeyExchange.EDH, Authentication.RSA, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 34 TLS_DH_anon_WITH_AES_128_CBC_SHA( 0x0034, "ADH-AES128-SHA", KeyExchange.EDH, Authentication.aNULL, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 35 TLS_RSA_WITH_AES_256_CBC_SHA( 0x0035, "AES256-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 36 TLS_DH_DSS_WITH_AES_256_CBC_SHA( 0x0036, "DH-DSS-AES256-SHA", KeyExchange.DHd, Authentication.DH, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 37 TLS_DH_RSA_WITH_AES_256_CBC_SHA( 0x0037, "DH-RSA-AES256-SHA", KeyExchange.DHr, Authentication.DH, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA( 0x0038, "DHE-DSS-AES256-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA( 0x0039, "DHE-RSA-AES256-SHA", KeyExchange.EDH, Authentication.RSA, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 3A TLS_DH_anon_WITH_AES_256_CBC_SHA( 0x003A, "ADH-AES256-SHA", KeyExchange.EDH, Authentication.aNULL, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), /* TLS v1.2 ciphersuites */ // Cipher 3B TLS_RSA_WITH_NULL_SHA256( 0x003B, "NULL-SHA256", KeyExchange.RSA, Authentication.RSA, Encryption.eNULL, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher 3C TLS_RSA_WITH_AES_128_CBC_SHA256( 0x003C, "AES128-SHA256", KeyExchange.RSA, Authentication.RSA, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 3D TLS_RSA_WITH_AES_256_CBC_SHA256( 0x003D, "AES256-SHA256", KeyExchange.RSA, Authentication.RSA, Encryption.AES256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256( 0x003E, "DH-DSS-AES128-SHA256", KeyExchange.DHd, Authentication.DH, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256( 0x003F, "DH-RSA-AES128-SHA256", KeyExchange.DHr, Authentication.DH, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( 0x0040, "DHE-DSS-AES128-SHA256", KeyExchange.EDH, Authentication.DSS, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), /* Camellia ciphersuites from RFC4132 ( 128-bit portion) */ // Cipher 41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA( 0x0041, "CAMELLIA128-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.CAMELLIA128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher 42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA( 0x0042, "DH-DSS-CAMELLIA128-SHA", KeyExchange.DHd, Authentication.DH, Encryption.CAMELLIA128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher 43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA( 0x0043, "DH-RSA-CAMELLIA128-SHA", KeyExchange.DHr, Authentication.DH, Encryption.CAMELLIA128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher 44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA( 0x0044, "DHE-DSS-CAMELLIA128-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.CAMELLIA128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher 45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA( 0x0045, "DHE-RSA-CAMELLIA128-SHA", KeyExchange.EDH, Authentication.RSA, Encryption.CAMELLIA128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher 46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA( 0x0046, "ADH-CAMELLIA128-SHA", KeyExchange.EDH, Authentication.aNULL, Encryption.CAMELLIA128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), /* Experimental (and now expired) TLSv1 versions of SSLv3 ciphers. * Unsupported by Java and OpenSSL 1.1.x onwards. Some earlier OpenSSL * versions do support these. */ // Cipher 60 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5( 0x0060, "EXP1024-RC4-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC4, MessageDigest.MD5, Protocol.TLSv1, true, EncryptionLevel.EXP56, false, 56, 128, new String[] {"SSL_RSA_EXPORT1024_WITH_RC4_56_MD5"}, null ), // Cipher 61 TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5( 0x0061, "EXP1024-RC2-CBC-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC2, MessageDigest.MD5, Protocol.TLSv1, true, EncryptionLevel.EXP56, false, 56, 128, new String[] {"SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"}, null ), // Cipher 62 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA( 0x0062, "EXP1024-DES-CBC-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.DES, MessageDigest.SHA1, Protocol.TLSv1, true, EncryptionLevel.EXP56, false, 56, 56, new String[] {"SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"}, null ), // Cipher 63 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA( 0x0063, "EXP1024-DHE-DSS-DES-CBC-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.DES, MessageDigest.SHA1, Protocol.TLSv1, true, EncryptionLevel.EXP56, false, 56, 56, new String[] {"SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"}, null ), // Cipher 64 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA( 0x0064, "EXP1024-RC4-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.RC4, MessageDigest.SHA1, Protocol.TLSv1, true, EncryptionLevel.EXP56, false, 56, 128, new String[] {"SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"}, null ), // Cipher 65 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA( 0x0065, "EXP1024-DHE-DSS-RC4-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.RC4, MessageDigest.SHA1, Protocol.TLSv1, true, EncryptionLevel.EXP56, false, 56, 128, new String[] {"SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"}, null ), // Cipher 66 TLS_DHE_DSS_WITH_RC4_128_SHA( 0x0066, "DHE-DSS-RC4-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.RC4, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, false, 128, 128, new String[] {"SSL_DHE_DSS_WITH_RC4_128_SHA"}, null ), /* TLS v1.2 ciphersuites */ // Cipher 67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( 0x0067, "DHE-RSA-AES128-SHA256", KeyExchange.EDH, Authentication.RSA, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256( 0x0068, "DH-DSS-AES256-SHA256", KeyExchange.DHd, Authentication.DH, Encryption.AES256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256( 0x0069, "DH-RSA-AES256-SHA256", KeyExchange.DHr, Authentication.DH, Encryption.AES256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( 0x006A, "DHE-DSS-AES256-SHA256", KeyExchange.EDH, Authentication.DSS, Encryption.AES256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( 0x006B, "DHE-RSA-AES256-SHA256", KeyExchange.EDH, Authentication.RSA, Encryption.AES256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 6C TLS_DH_anon_WITH_AES_128_CBC_SHA256( 0x006C, "ADH-AES128-SHA256", KeyExchange.EDH, Authentication.aNULL, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 6D TLS_DH_anon_WITH_AES_256_CBC_SHA256( 0x006D, "ADH-AES256-SHA256", KeyExchange.EDH, Authentication.aNULL, Encryption.AES256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), /* GOST Ciphersuites. Unsupported by Java. OpenSSL lists them with IDs * 0x3000080 to 0x3000083 * The ciphers are not listed in the IANA registry. */ /* // Cipher 80 TLS_GOSTR341094_WITH_28147_CNT_IMIT( "GOST94-GOST89-GOST89", KeyExchange.GOST, Authentication.GOST94, Encryption.eGOST2814789CNT, MessageDigest.GOST89MAC, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 81 TLS_GOSTR341001_WITH_28147_CNT_IMIT( "GOST2001-GOST89-GOST89", KeyExchange.GOST, Authentication.GOST01, Encryption.eGOST2814789CNT, MessageDigest.GOST89MAC, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 82 TLS_GOSTR341094_WITH_NULL_GOSTR3411( "GOST94-NULL-GOST94", KeyExchange.GOST, Authentication.GOST94, Encryption.eNULL, MessageDigest.GOST94, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, false, 0, 0, null, null ), // Cipher 83 TLS_GOSTR341001_WITH_NULL_GOSTR3411( "GOST2001-NULL-GOST94", KeyExchange.GOST, Authentication.GOST01, Encryption.eNULL, MessageDigest.GOST94, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, false, 0, 0, null, null ),*/ /* Camellia ciphersuites from RFC4132 ( 256-bit portion) */ // Cipher 84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA( 0x0084, "CAMELLIA256-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.CAMELLIA256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA( 0x0085, "DH-DSS-CAMELLIA256-SHA", KeyExchange.DHd, Authentication.DH, Encryption.CAMELLIA256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA( 0x0086, "DH-RSA-CAMELLIA256-SHA", KeyExchange.DHr, Authentication.DH, Encryption.CAMELLIA256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA( 0x0087, "DHE-DSS-CAMELLIA256-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.CAMELLIA256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA( 0x0088, "DHE-RSA-CAMELLIA256-SHA", KeyExchange.EDH, Authentication.RSA, Encryption.CAMELLIA256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA( 0x0089, "ADH-CAMELLIA256-SHA", KeyExchange.EDH, Authentication.aNULL, Encryption.CAMELLIA256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 8A TLS_PSK_WITH_RC4_128_SHA( 0x008A, "PSK-RC4-SHA", KeyExchange.PSK, Authentication.PSK, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 8B TLS_PSK_WITH_3DES_EDE_CBC_SHA( 0x008B, "PSK-3DES-EDE-CBC-SHA", KeyExchange.PSK, Authentication.PSK, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher 8C TLS_PSK_WITH_AES_128_CBC_SHA( 0x008C, "PSK-AES128-CBC-SHA", KeyExchange.PSK, Authentication.PSK, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 8D TLS_PSK_WITH_AES_256_CBC_SHA( 0x008D, "PSK-AES256-CBC-SHA", KeyExchange.PSK, Authentication.PSK, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 8E TLS_DHE_PSK_WITH_RC4_128_SHA( 0x008E, "DHE-PSK-RC4-SHA", KeyExchange.DHEPSK, Authentication.PSK, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA( 0x008F, "DHE-PSK-3DES-EDE-CBC-SHA", KeyExchange.DHEPSK, Authentication.PSK, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher 90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA( 0x0090, "DHE-PSK-AES128-CBC-SHA", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA( 0x0091, "DHE-PSK-AES256-CBC-SHA", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 92 TLS_RSA_PSK_WITH_RC4_128_SHA( 0x0092, "RSA-PSK-RC4-SHA", KeyExchange.RSAPSK, Authentication.RSA, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA( 0x0093, "RSA-PSK-3DES-EDE-CBC-SHA", KeyExchange.RSAPSK, Authentication.RSA, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher 94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA( 0x0094, "RSA-PSK-AES128-CBC-SHA", KeyExchange.RSAPSK, Authentication.RSA, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA( 0x0095, "RSA-PSK-AES256-CBC-SHA", KeyExchange.RSAPSK, Authentication.RSA, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), /* SEED ciphersuites from RFC4162 */ // Cipher 96 TLS_RSA_WITH_SEED_CBC_SHA( 0x0096, "SEED-SHA", KeyExchange.RSA, Authentication.RSA, Encryption.SEED, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 97 TLS_DH_DSS_WITH_SEED_CBC_SHA( 0x0097, "DH-DSS-SEED-SHA", KeyExchange.DHd, Authentication.DH, Encryption.SEED, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 98 TLS_DH_RSA_WITH_SEED_CBC_SHA( 0x0098, "DH-RSA-SEED-SHA", KeyExchange.DHr, Authentication.DH, Encryption.SEED, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 99 TLS_DHE_DSS_WITH_SEED_CBC_SHA( 0x0099, "DHE-DSS-SEED-SHA", KeyExchange.EDH, Authentication.DSS, Encryption.SEED, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 9A TLS_DHE_RSA_WITH_SEED_CBC_SHA( 0x009A, "DHE-RSA-SEED-SHA", KeyExchange.EDH, Authentication.RSA, Encryption.SEED, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 9B TLS_DH_anon_WITH_SEED_CBC_SHA( 0x009B, "ADH-SEED-SHA", KeyExchange.EDH, Authentication.aNULL, Encryption.SEED, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), /* GCM ciphersuites from RFC5288 */ // Cipher 9C TLS_RSA_WITH_AES_128_GCM_SHA256( 0x009C, "AES128-GCM-SHA256", KeyExchange.RSA, Authentication.RSA, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 9D TLS_RSA_WITH_AES_256_GCM_SHA384( 0x009D, "AES256-GCM-SHA384", KeyExchange.RSA, Authentication.RSA, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 0x009E, "DHE-RSA-AES128-GCM-SHA256", KeyExchange.EDH, Authentication.RSA, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 0x009F, "DHE-RSA-AES256-GCM-SHA384", KeyExchange.EDH, Authentication.RSA, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher A0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256( 0x00A0, "DH-RSA-AES128-GCM-SHA256", KeyExchange.DHr, Authentication.DH, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher A1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384( 0x00A1, "DH-RSA-AES256-GCM-SHA384", KeyExchange.DHr, Authentication.DH, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher A2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 0x00A2, "DHE-DSS-AES128-GCM-SHA256", KeyExchange.EDH, Authentication.DSS, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher A3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 0x00A3, "DHE-DSS-AES256-GCM-SHA384", KeyExchange.EDH, Authentication.DSS, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher A4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256( 0x00A4, "DH-DSS-AES128-GCM-SHA256", KeyExchange.DHd, Authentication.DH, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher A5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384( 0x00A5, "DH-DSS-AES256-GCM-SHA384", KeyExchange.DHd, Authentication.DH, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher A6 TLS_DH_anon_WITH_AES_128_GCM_SHA256( 0x00A6, "ADH-AES128-GCM-SHA256", KeyExchange.EDH, Authentication.aNULL, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher A7 TLS_DH_anon_WITH_AES_256_GCM_SHA384( 0x00A7, "ADH-AES256-GCM-SHA384", KeyExchange.EDH, Authentication.aNULL, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher A8 TLS_PSK_WITH_AES_128_GCM_SHA256( 0x00A8, "PSK-AES128-GCM-SHA256", KeyExchange.PSK, Authentication.PSK, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher A9 TLS_PSK_WITH_AES_256_GCM_SHA384( 0x00A9, "PSK-AES256-GCM-SHA384", KeyExchange.PSK, Authentication.PSK, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher AA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256( 0x00AA, "DHE-PSK-AES128-GCM-SHA256", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher AB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384( 0x00AB, "DHE-PSK-AES256-GCM-SHA384", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher AC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256( 0x00AC, "RSA-PSK-AES128-GCM-SHA256", KeyExchange.RSAPSK, Authentication.RSA, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher AD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384( 0x00AD, "RSA-PSK-AES256-GCM-SHA384", KeyExchange.RSAPSK, Authentication.RSA, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher AE TLS_PSK_WITH_AES_128_CBC_SHA256 ( 0x00AE, "PSK-AES128-CBC-SHA256", KeyExchange.PSK, Authentication.PSK, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher AF TLS_PSK_WITH_AES_256_CBC_SHA384 ( 0x00AF, "PSK-AES256-CBC-SHA384", KeyExchange.PSK, Authentication.PSK, Encryption.AES256, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher B0 TLS_PSK_WITH_NULL_SHA256 ( 0x00B0, "PSK-NULL-SHA256", KeyExchange.PSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher B1 TLS_PSK_WITH_NULL_SHA384 ( 0x00B1, "PSK-NULL-SHA384", KeyExchange.PSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher B2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256( 0x00B2, "DHE-PSK-AES128-CBC-SHA256", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher B3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384( 0x00B3, "DHE-PSK-AES256-CBC-SHA384", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES256, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher B4 TLS_DHE_PSK_WITH_NULL_SHA256 ( 0x00B4, "DHE-PSK-NULL-SHA256", KeyExchange.DHEPSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher B5 TLS_DHE_PSK_WITH_NULL_SHA384 ( 0x00B5, "DHE-PSK-NULL-SHA384", KeyExchange.DHEPSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher B6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256( 0x00B6, "RSA-PSK-AES128-CBC-SHA256", KeyExchange.RSAPSK, Authentication.RSA, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher B7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384( 0x00B7, "RSA-PSK-AES256-CBC-SHA384", KeyExchange.RSAPSK, Authentication.RSA, Encryption.AES256, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher B8 TLS_RSA_PSK_WITH_NULL_SHA256 ( 0x00B8, "RSA-PSK-NULL-SHA256", KeyExchange.RSAPSK, Authentication.RSA, Encryption.eNULL, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher B9 TLS_RSA_PSK_WITH_NULL_SHA384 ( 0x00B9, "RSA-PSK-NULL-SHA384", KeyExchange.RSAPSK, Authentication.RSA, Encryption.eNULL, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher BA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256( 0x00BA, "CAMELLIA128-SHA256", KeyExchange.RSA, Authentication.RSA, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher BB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256( 0x00BB, "DH-DSS-CAMELLIA128-SHA256", KeyExchange.DHd, Authentication.DH, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher BC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256( 0x00BC, "DH-RSA-CAMELLIA128-SHA256", KeyExchange.DHr, Authentication.DH, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher BD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256( 0x00BD, "DHE-DSS-CAMELLIA128-SHA256", KeyExchange.EDH, Authentication.DSS, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher BE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256( 0x00BE, "DHE-RSA-CAMELLIA128-SHA256", KeyExchange.EDH, Authentication.RSA, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher BF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256( 0x00BF, "ADH-CAMELLIA128-SHA256", KeyExchange.EDH, Authentication.aNULL, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256( 0x00C0, "CAMELLIA256-SHA256", KeyExchange.RSA, Authentication.RSA, Encryption.CAMELLIA256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256( 0x00C1, "DH-DSS-CAMELLIA256-SHA256", KeyExchange.DHd, Authentication.DH, Encryption.CAMELLIA256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256( 0x00C2, "DH-RSA-CAMELLIA256-SHA256", KeyExchange.DHr, Authentication.DH, Encryption.CAMELLIA256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256( 0x00C3, "DHE-DSS-CAMELLIA256-SHA256", KeyExchange.EDH, Authentication.DSS, Encryption.CAMELLIA256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256( 0x00C4, "DHE-RSA-CAMELLIA256-SHA256", KeyExchange.EDH, Authentication.RSA, Encryption.CAMELLIA256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256( 0x00C5, "ADH-CAMELLIA256-SHA256", KeyExchange.EDH, Authentication.aNULL, Encryption.CAMELLIA256, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 0x00FF TLS_EMPTY_RENEGOTIATION_INFO_SCSV // TLS 1.3 ciphers (draft - v26) // Cipher 1301 TLS_AES_128_GCM_SHA256( 0x1301, "TLS_AES_128_GCM_SHA256", KeyExchange.ANY, Authentication.ANY, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 1302 TLS_AES_256_GCM_SHA384( 0x1302, "TLS_AES_256_GCM_SHA384", KeyExchange.ANY, Authentication.ANY, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 1303 TLS_CHACHA20_POLY1305_SHA256( 0x1303, "TLS_CHACHA20_POLY1305_SHA256", KeyExchange.ANY, Authentication.ANY, Encryption.CHACHA20POLY1305, MessageDigest.AEAD, Protocol.TLSv1_3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher 1304 TLS_AES_128_CCM_SHA256( 0x1304, "TLS_AES_128_CCM_SHA256", KeyExchange.ANY, Authentication.ANY, Encryption.AES128CCM, MessageDigest.AEAD, Protocol.TLSv1_3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher 1305 TLS_AES_128_CCM_8_SHA256( 0x1305, "TLS_AES_128_CCM_8_SHA256", KeyExchange.ANY, Authentication.ANY, Encryption.AES128CCM8, MessageDigest.AEAD, Protocol.TLSv1_3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), /* * Cipher 0x5600 TLS_FALLBACK_SCSV * * No other ciphers defined until 0xC001 below */ /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt ( Mar 15, 2001) */ // Cipher C001 TLS_ECDH_ECDSA_WITH_NULL_SHA( 0xC001, "ECDH-ECDSA-NULL-SHA", KeyExchange.ECDHe, Authentication.ECDH, Encryption.eNULL, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher C002 TLS_ECDH_ECDSA_WITH_RC4_128_SHA( 0xC002, "ECDH-ECDSA-RC4-SHA", KeyExchange.ECDHe, Authentication.ECDH, Encryption.RC4, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher C003 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( 0xC003, "ECDH-ECDSA-DES-CBC3-SHA", KeyExchange.ECDHe, Authentication.ECDH, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher C004 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( 0xC004, "ECDH-ECDSA-AES128-SHA", KeyExchange.ECDHe, Authentication.ECDH, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C005 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( 0xC005, "ECDH-ECDSA-AES256-SHA", KeyExchange.ECDHe, Authentication.ECDH, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C006 TLS_ECDHE_ECDSA_WITH_NULL_SHA( 0xC006, "ECDHE-ECDSA-NULL-SHA", KeyExchange.EECDH, Authentication.ECDSA, Encryption.eNULL, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher C007 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( 0xC007, "ECDHE-ECDSA-RC4-SHA", KeyExchange.EECDH, Authentication.ECDSA, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher C008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( 0xC008, "ECDHE-ECDSA-DES-CBC3-SHA", KeyExchange.EECDH, Authentication.ECDSA, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher C009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( 0xC009, "ECDHE-ECDSA-AES128-SHA", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES128, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( 0xC00A, "ECDHE-ECDSA-AES256-SHA", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES256, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C00B TLS_ECDH_RSA_WITH_NULL_SHA( 0xC00B, "ECDH-RSA-NULL-SHA", KeyExchange.ECDHr, Authentication.ECDH, Encryption.eNULL, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher C00C TLS_ECDH_RSA_WITH_RC4_128_SHA( 0xC00C, "ECDH-RSA-RC4-SHA", KeyExchange.ECDHr, Authentication.ECDH, Encryption.RC4, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher C00D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( 0xC00D, "ECDH-RSA-DES-CBC3-SHA", KeyExchange.ECDHr, Authentication.ECDH, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher C00E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( 0xC00E, "ECDH-RSA-AES128-SHA", KeyExchange.ECDHr, Authentication.ECDH, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C00F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( 0xC00F, "ECDH-RSA-AES256-SHA", KeyExchange.ECDHr, Authentication.ECDH, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C010 TLS_ECDHE_RSA_WITH_NULL_SHA( 0xC010, "ECDHE-RSA-NULL-SHA", KeyExchange.EECDH, Authentication.RSA, Encryption.eNULL, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher C011 TLS_ECDHE_RSA_WITH_RC4_128_SHA( 0xC011, "ECDHE-RSA-RC4-SHA", KeyExchange.EECDH, Authentication.RSA, Encryption.RC4, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher C012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( 0xC012, "ECDHE-RSA-DES-CBC3-SHA", KeyExchange.EECDH, Authentication.RSA, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher C013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( 0xC013, "ECDHE-RSA-AES128-SHA", KeyExchange.EECDH, Authentication.RSA, Encryption.AES128, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( 0xC014, "ECDHE-RSA-AES256-SHA", KeyExchange.EECDH, Authentication.RSA, Encryption.AES256, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C015 TLS_ECDH_anon_WITH_NULL_SHA( 0xC015, "AECDH-NULL-SHA", KeyExchange.EECDH, Authentication.aNULL, Encryption.eNULL, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), // Cipher C016 TLS_ECDH_anon_WITH_RC4_128_SHA( 0xC016, "AECDH-RC4-SHA", KeyExchange.EECDH, Authentication.aNULL, Encryption.RC4, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher C017 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA( 0xC017, "AECDH-DES-CBC3-SHA", KeyExchange.EECDH, Authentication.aNULL, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher C018 TLS_ECDH_anon_WITH_AES_128_CBC_SHA( 0xC018, "AECDH-AES128-SHA", KeyExchange.EECDH, Authentication.aNULL, Encryption.AES128, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C019 TLS_ECDH_anon_WITH_AES_256_CBC_SHA( 0xC019, "AECDH-AES256-SHA", KeyExchange.EECDH, Authentication.aNULL, Encryption.AES256, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), /* SRP ciphersuite from RFC 5054 */ // Cipher C01A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA( 0xC01A, "SRP-3DES-EDE-CBC-SHA", KeyExchange.SRP, Authentication.SRP, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 112, 168, null, null ), // Cipher C01B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA( 0xC01B, "SRP-RSA-3DES-EDE-CBC-SHA", KeyExchange.SRP, Authentication.RSA, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 112, 168, null, null ), // Cipher C01C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA( 0xC01C, "SRP-DSS-3DES-EDE-CBC-SHA", KeyExchange.SRP, Authentication.DSS, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.MEDIUM, false, 112, 168, null, null ), // Cipher C01D TLS_SRP_SHA_WITH_AES_128_CBC_SHA( 0xC01D, "SRP-AES-128-CBC-SHA", KeyExchange.SRP, Authentication.SRP, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C01E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA( 0xC01E, "SRP-RSA-AES-128-CBC-SHA", KeyExchange.SRP, Authentication.RSA, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C01F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA( 0xC01F, "SRP-DSS-AES-128-CBC-SHA", KeyExchange.SRP, Authentication.DSS, Encryption.AES128, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C020 TLS_SRP_SHA_WITH_AES_256_CBC_SHA( 0xC020, "SRP-AES-256-CBC-SHA", KeyExchange.SRP, Authentication.SRP, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C021 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA( 0xC021, "SRP-RSA-AES-256-CBC-SHA", KeyExchange.SRP, Authentication.RSA, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C022 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA( 0xC022, "SRP-DSS-AES-256-CBC-SHA", KeyExchange.SRP, Authentication.DSS, Encryption.AES256, MessageDigest.SHA1, Protocol.SSLv3, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ // Cipher C023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( 0xC023, "ECDHE-ECDSA-AES128-SHA256", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 0xC024, "ECDHE-ECDSA-AES256-SHA384", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES256, MessageDigest.SHA384, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C025 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( 0xC025, "ECDH-ECDSA-AES128-SHA256", KeyExchange.ECDHe, Authentication.ECDH, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C026 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 0xC026, "ECDH-ECDSA-AES256-SHA384", KeyExchange.ECDHe, Authentication.ECDH, Encryption.AES256, MessageDigest.SHA384, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( 0xC027, "ECDHE-RSA-AES128-SHA256", KeyExchange.EECDH, Authentication.RSA, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 0xC028, "ECDHE-RSA-AES256-SHA384", KeyExchange.EECDH, Authentication.RSA, Encryption.AES256, MessageDigest.SHA384, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C029 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( 0xC029, "ECDH-RSA-AES128-SHA256", KeyExchange.ECDHr, Authentication.ECDH, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C02A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 0xC02A, "ECDH-RSA-AES256-SHA384", KeyExchange.ECDHr, Authentication.ECDH, Encryption.AES256, MessageDigest.SHA384, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), /* GCM based TLS v1.2 ciphersuites from RFC5289 */ // Cipher C02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256( 0xC02B, "ECDHE-ECDSA-AES128-GCM-SHA256", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C02C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384( 0xC02C, "ECDHE-ECDSA-AES256-GCM-SHA384", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C02D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( 0xC02D, "ECDH-ECDSA-AES128-GCM-SHA256", KeyExchange.ECDHe, Authentication.ECDH, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C02E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 0xC02E, "ECDH-ECDSA-AES256-GCM-SHA384", KeyExchange.ECDHe, Authentication.ECDH, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( 0xC02F, "ECDHE-RSA-AES128-GCM-SHA256", KeyExchange.EECDH, Authentication.RSA, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 0xC030, "ECDHE-RSA-AES256-GCM-SHA384", KeyExchange.EECDH, Authentication.RSA, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C031 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( 0xC031, "ECDH-RSA-AES128-GCM-SHA256", KeyExchange.ECDHr, Authentication.ECDH, Encryption.AES128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C032 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( 0xC032, "ECDH-RSA-AES256-GCM-SHA384", KeyExchange.ECDHr, Authentication.ECDH, Encryption.AES256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C033 TLS_ECDHE_PSK_WITH_RC4_128_SHA( 0xC033, "ECDHE-PSK-RC4-SHA", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.RC4, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher C034 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA( 0xC034, "ECDHE-PSK-3DES-EDE-CBC-SHA", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.TRIPLE_DES, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.MEDIUM, true, 112, 168, null, null ), // Cipher C035 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA( 0xC035, "ECDHE-PSK-AES128-CBC-SHA", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.AES128, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C036 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA( 0xC036, "ECDHE-PSK-AES256-CBC-SHA", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.AES256, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256( 0xC037, "ECDHE-PSK-AES128-CBC-SHA256", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.AES128, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384( 0xC038, "ECDHE-PSK-AES256-CBC-SHA384", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.AES256, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), TLS_ECDHE_PSK_WITH_NULL_SHA( 0xC039, "ECDHE-PSK-NULL-SHA", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA1, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), TLS_ECDHE_PSK_WITH_NULL_SHA256( 0xC03A, "ECDHE-PSK-NULL-SHA256", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), TLS_ECDHE_PSK_WITH_NULL_SHA384( 0xC03B, "ECDHE-PSK-NULL-SHA384", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.eNULL, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.STRONG_NONE, true, 0, 0, null, null ), /* ARIA ciphers 0xC03C to 0xC04F * Unsupported by both Java and OpenSSL */ TLS_RSA_WITH_ARIA_128_GCM_SHA256( 0xC050, "ARIA128-GCM-SHA256", KeyExchange.RSA, Authentication.RSA, Encryption.ARIA128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), TLS_RSA_WITH_ARIA_256_GCM_SHA384( 0xC051, "ARIA256-GCM-SHA384", KeyExchange.RSA, Authentication.RSA, Encryption.ARIA256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256( 0xC052, "DHE-RSA-ARIA128-GCM-SHA256", KeyExchange.EDH, Authentication.RSA, Encryption.ARIA128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384( 0xC053, "DHE-RSA-ARIA256-GCM-SHA384", KeyExchange.EDH, Authentication.RSA, Encryption.ARIA256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), /* ARIA ciphers 0xC054 to 0xC055 * Unsupported by both Java and OpenSSL */ TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256( 0xC056, "DHE-DSS-ARIA128-GCM-SHA256", KeyExchange.EDH, Authentication.DSS, Encryption.ARIA128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384( 0xC057, "DHE-DSS-ARIA256-GCM-SHA384", KeyExchange.EDH, Authentication.DSS, Encryption.ARIA256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), /* ARIA ciphers 0xC058 to 0xC05B * Unsupported by both Java and OpenSSL */ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256( 0xC05C, "ECDHE-ECDSA-ARIA128-GCM-SHA256", KeyExchange.EECDH, Authentication.ECDSA, Encryption.ARIA128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384( 0xC05D, "ECDHE-ECDSA-ARIA256-GCM-SHA384", KeyExchange.EECDH, Authentication.ECDSA, Encryption.ARIA256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), /* ARIA ciphers 0xC05E to 0xC05F * Unsupported by both Java and OpenSSL */ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256( 0xC060, "ECDHE-ARIA128-GCM-SHA256", KeyExchange.EECDH, Authentication.RSA, Encryption.ARIA128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384( 0xC061, "ECDHE-ARIA256-GCM-SHA384", KeyExchange.EECDH, Authentication.RSA, Encryption.ARIA256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), /* ARIA ciphers 0xC062 to 0xC069 * Unsupported by both Java and OpenSSL */ TLS_PSK_WITH_ARIA_128_GCM_SHA256( 0xC06A, "PSK-ARIA128-GCM-SHA256", KeyExchange.PSK, Authentication.PSK, Encryption.ARIA128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), TLS_PSK_WITH_ARIA_256_GCM_SHA384( 0xC06B, "PSK-ARIA256-GCM-SHA384", KeyExchange.PSK, Authentication.PSK, Encryption.ARIA256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256( 0xC06C, "DHE-PSK-ARIA128-GCM-SHA256", KeyExchange.DHEPSK, Authentication.PSK, Encryption.ARIA128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384( 0xC06D, "DHE-PSK-ARIA256-GCM-SHA384", KeyExchange.DHEPSK, Authentication.PSK, Encryption.ARIA256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256( 0xC06E, "RSA-PSK-ARIA128-GCM-SHA256", KeyExchange.RSAPSK, Authentication.RSA, Encryption.ARIA128GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384( 0xC06F, "RSA-PSK-ARIA256-GCM-SHA384", KeyExchange.RSAPSK, Authentication.RSA, Encryption.ARIA256GCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), /* ARIA ciphers 0xC070 to 0xC071 * Unsupported by both Java and OpenSSL */ // Cipher C072 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256( 0xC072, "ECDHE-ECDSA-CAMELLIA128-SHA256", KeyExchange.EECDH, Authentication.ECDSA, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C073 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384( 0xC073, "ECDHE-ECDSA-CAMELLIA256-SHA384", KeyExchange.EECDH, Authentication.ECDSA, Encryption.CAMELLIA256, MessageDigest.SHA384, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C074 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256( 0xC074, "ECDH-ECDSA-CAMELLIA128-SHA256", KeyExchange.ECDHe, Authentication.ECDH, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C075 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384( 0xC075, "ECDH-ECDSA-CAMELLIA256-SHA384", KeyExchange.ECDHe, Authentication.ECDH, Encryption.CAMELLIA256, MessageDigest.SHA384, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C076 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256( 0xC076, "ECDHE-RSA-CAMELLIA128-SHA256", KeyExchange.EECDH, Authentication.RSA, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C077 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384( 0xC077, "ECDHE-RSA-CAMELLIA256-SHA384", KeyExchange.EECDH, Authentication.RSA, Encryption.CAMELLIA256, MessageDigest.SHA384, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C078 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256( 0xC078, "ECDH-RSA-CAMELLIA128-SHA256", KeyExchange.ECDHr, Authentication.ECDH, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 128, 128, null, null ), // Cipher C079 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384( 0xC079, "ECDH-RSA-CAMELLIA256-SHA384", KeyExchange.ECDHr, Authentication.ECDH, Encryption.CAMELLIA256, MessageDigest.SHA384, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, true, 256, 256, null, null ), // Cipher C094 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256( 0xC094, "PSK-CAMELLIA128-SHA256", KeyExchange.PSK, Authentication.PSK, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C095 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384( 0xC095, "PSK-CAMELLIA256-SHA384", KeyExchange.PSK, Authentication.PSK, Encryption.CAMELLIA256, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C096 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256( 0xC096, "DHE-PSK-CAMELLIA128-SHA256", KeyExchange.DHEPSK, Authentication.PSK, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C097 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384( 0xC097, "DHE-PSK-CAMELLIA256-SHA384", KeyExchange.DHEPSK, Authentication.PSK, Encryption.CAMELLIA256, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C098 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256( 0xC098, "RSA-PSK-CAMELLIA128-SHA256", KeyExchange.RSAPSK, Authentication.RSA, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C099 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384( 0xC099, "RSA-PSK-CAMELLIA256-SHA384", KeyExchange.RSAPSK, Authentication.RSA, Encryption.CAMELLIA256, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C09A TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256( 0xC09A, "ECDHE-PSK-CAMELLIA128-SHA256", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.CAMELLIA128, MessageDigest.SHA256, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C09B TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384( 0xC09B, "ECDHE-PSK-CAMELLIA256-SHA384", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.CAMELLIA256, MessageDigest.SHA384, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // CCM ciphersuites from RFC6655 // Cipher C09C TLS_RSA_WITH_AES_128_CCM( 0xC09C, "AES128-CCM", KeyExchange.RSA, Authentication.RSA, Encryption.AES128CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C09D TLS_RSA_WITH_AES_256_CCM( 0xC09D, "AES256-CCM", KeyExchange.RSA, Authentication.RSA, Encryption.AES256CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C09E TLS_DHE_RSA_WITH_AES_128_CCM( 0xC09E, "DHE-RSA-AES128-CCM", KeyExchange.EDH, Authentication.RSA, Encryption.AES128CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C09F TLS_DHE_RSA_WITH_AES_256_CCM( 0xC09F, "DHE-RSA-AES256-CCM", KeyExchange.EDH, Authentication.RSA, Encryption.AES256CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C0A0 TLS_RSA_WITH_AES_128_CCM_8( 0xC0A0, "AES128-CCM8", KeyExchange.RSA, Authentication.RSA, Encryption.AES128CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0A1 TLS_RSA_WITH_AES_256_CCM_8( 0xC0A1, "AES256-CCM8", KeyExchange.RSA, Authentication.RSA, Encryption.AES256CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C0A2 TLS_DHE_RSA_WITH_AES_128_CCM_8( 0xC0A2, "DHE-RSA-AES128-CCM8", KeyExchange.EDH, Authentication.RSA, Encryption.AES128CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0A3 TLS_DHE_RSA_WITH_AES_256_CCM_8( 0xC0A3, "DHE-RSA-AES256-CCM8", KeyExchange.EDH, Authentication.RSA, Encryption.AES256CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C0A4 TLS_PSK_WITH_AES_128_CCM( 0xC0A4, "PSK-AES128-CCM", KeyExchange.PSK, Authentication.PSK, Encryption.AES128CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0A5 TLS_PSK_WITH_AES_256_CCM( 0xC0A5, "PSK-AES256-CCM", KeyExchange.PSK, Authentication.PSK, Encryption.AES256CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C0A6 TLS_DHE_PSK_WITH_AES_128_CCM( 0xC0A6, "DHE-PSK-AES128-CCM", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES128CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0A7 TLS_DHE_PSK_WITH_AES_256_CCM( 0xC0A7, "DHE-PSK-AES256-CCM", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES256CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C0A8 TLS_PSK_WITH_AES_128_CCM_8( 0xC0A8, "PSK-AES128-CCM8", KeyExchange.PSK, Authentication.PSK, Encryption.AES128CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0A9 TLS_PSK_WITH_AES_256_CCM_8( 0xC0A9, "PSK-AES256-CCM8", KeyExchange.PSK, Authentication.PSK, Encryption.AES256CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C0AA TLS_PSK_DHE_WITH_AES_128_CCM_8( 0xC0AA, "DHE-PSK-AES128-CCM8", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES128CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0AB TLS_PSK_DHE_WITH_AES_256_CCM_8( 0xC0AB, "DHE-PSK-AES256-CCM8", KeyExchange.DHEPSK, Authentication.PSK, Encryption.AES256CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // CCM ciphersuites from RFC7251 // Cipher C0AC TLS_ECDHE_ECDSA_WITH_AES_128_CCM( 0xC0AC, "ECDHE-ECDSA-AES128-CCM", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES128CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM( 0xC0AD, "ECDHE-ECDSA-AES256-CCM", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES256CCM, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher C0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8( 0xC0AE, "ECDHE-ECDSA-AES128-CCM8", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES128CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 128, 128, null, null ), // Cipher C0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8( 0xC0AF, "ECDHE-ECDSA-AES256-CCM8", KeyExchange.EECDH, Authentication.ECDSA, Encryption.AES256CCM8, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Draft: https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256( 0xCCA8, "ECDHE-RSA-CHACHA20-POLY1305", KeyExchange.EECDH, Authentication.RSA, Encryption.CHACHA20POLY1305, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256( 0xCCA9, "ECDHE-ECDSA-CHACHA20-POLY1305", KeyExchange.EECDH, Authentication.ECDSA, Encryption.CHACHA20POLY1305, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256( 0xCCAA, "DHE-RSA-CHACHA20-POLY1305", KeyExchange.EDH, Authentication.RSA, Encryption.CHACHA20POLY1305, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_PSK_WITH_CHACHA20_POLY1305_SHA256( 0xCCAB, "PSK-CHACHA20-POLY1305", KeyExchange.PSK, Authentication.PSK, Encryption.CHACHA20POLY1305, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256( 0xCCAC, "ECDHE-PSK-CHACHA20-POLY1305", KeyExchange.ECDHEPSK, Authentication.PSK, Encryption.CHACHA20POLY1305, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256( 0xCCAD, "DHE-PSK-CHACHA20-POLY1305", KeyExchange.DHEPSK, Authentication.PSK, Encryption.CHACHA20POLY1305, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256( 0xCCAE, "RSA-PSK-CHACHA20-POLY1305", KeyExchange.RSAPSK, Authentication.RSA, Encryption.CHACHA20POLY1305, MessageDigest.AEAD, Protocol.TLSv1_2, false, EncryptionLevel.HIGH, false, 256, 256, null, null ), // Cipher 0x010080 (SSLv2) // RC4_128_WITH_MD5 SSL_CK_RC4_128_WITH_MD5( -1, "RC4-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC4, MessageDigest.MD5, Protocol.SSLv2, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 0x020080 (SSLv2) SSL2_RC4_128_EXPORT40_WITH_MD5( -1, "EXP-RC4-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC4, MessageDigest.MD5, Protocol.SSLv2, true, EncryptionLevel.EXP40, false, 40, 128, new String[] {"SSL_RC4_128_EXPORT40_WITH_MD5"}, null ), // Cipher 0x030080 (SSLv2) // RC2_128_CBC_WITH_MD5 SSL_CK_RC2_128_CBC_WITH_MD5( -1, "RC2-CBC-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC2, MessageDigest.MD5, Protocol.SSLv2, false, EncryptionLevel.MEDIUM, false, 128, 128, null, null ), // Cipher 0x040080 (SSLv2) // RC2_128_CBC_EXPORT40_WITH_MD5 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5( -1, "EXP-RC2-CBC-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.RC2, MessageDigest.MD5, Protocol.SSLv2, true, EncryptionLevel.EXP40, false, 40, 128, null, null ), // Cipher 0x050080 (SSLv2) // IDEA_128_CBC_WITH_MD5 SSL2_IDEA_128_CBC_WITH_MD5( -1, "IDEA-CBC-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.IDEA, MessageDigest.MD5, Protocol.SSLv2, false, EncryptionLevel.MEDIUM, false, 128, 128, new String[] {"SSL_CK_IDEA_128_CBC_WITH_MD5"}, null ), // Cipher 0x060040 (SSLv2) // DES_64_CBC_WITH_MD5 SSL2_DES_64_CBC_WITH_MD5( -1, "DES-CBC-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.DES, MessageDigest.MD5, Protocol.SSLv2, false, EncryptionLevel.LOW, false, 56, 56, new String[] {"SSL_CK_DES_64_CBC_WITH_MD5"}, null ), // Cipher 0x0700C0 (SSLv2) // DES_192_EDE3_CBC_WITH_MD5 SSL2_DES_192_EDE3_CBC_WITH_MD5( -1, "DES-CBC3-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.TRIPLE_DES, MessageDigest.MD5, Protocol.SSLv2, false, EncryptionLevel.MEDIUM, false, 112, 168, new String[] {"SSL_CK_DES_192_EDE3_CBC_WITH_MD5"}, null ); /* TEMP_GOST_TLS*/ /* // Cipher FF00 TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5( "GOST-MD5", KeyExchange.RSA, Authentication.RSA, Encryption.eGOST2814789CNT, MessageDigest.MD5, Protocol.TLSv1, false, EncryptionLevel.HIGH, false, 256, 256 ), TLS_RSA_WITH_28147_CNT_GOST94( "GOST-GOST94", KeyExchange.RSA, Authentication.RSA, Encryption.eGOST2814789CNT, MessageDigest.GOST94, Protocol.TLSv1, false, EncryptionLevel.HIGH,false, 256, 256 ), { 1, "GOST-GOST89MAC", 0x0300ff02, KeyExchange.RSA, Authentication.RSA, Encryption.eGOST2814789CNT, MessageDigest.GOST89MAC, Protocol.TLSv1, false, EncryptionLevel.HIGH,false, 256, 256 ), { 1, "GOST-GOST89STREAM", 0x0300ff03, KeyExchange.RSA, Authentication.RSA, Encryption.eGOST2814789CNT, MessageDigest.GOST89MAC, Protocol.TLSv1, false, EncryptionLevel.HIGH,false, 256, 256 },*/ private final int id; private final String openSSLAlias; private final Set<String> openSSLAltNames; private final Set<String> jsseNames; private final KeyExchange kx; private final Authentication au; private final Encryption enc; private final MessageDigest mac; private final Protocol protocol; private final boolean export; private final EncryptionLevel level; private final boolean fipsCompatible;
Number of bits really used
/** * Number of bits really used */
private final int strength_bits;
Number of bits for algorithm
/** * Number of bits for algorithm */
private final int alg_bits; private Cipher(int id, String openSSLAlias, KeyExchange kx, Authentication au, Encryption enc, MessageDigest mac, Protocol protocol, boolean export, EncryptionLevel level, boolean fipsCompatible, int strength_bits, int alg_bits, String[] jsseAltNames, String[] openSSlAltNames) { this.id = id; this.openSSLAlias = openSSLAlias; if (openSSlAltNames != null && openSSlAltNames.length != 0) { Set<String> altNames = new HashSet<>(Arrays.asList(openSSlAltNames)); this.openSSLAltNames = Collections.unmodifiableSet(altNames); } else { this.openSSLAltNames = Collections.emptySet(); } Set<String> jsseNames = new LinkedHashSet<>(); if (jsseAltNames != null && jsseAltNames.length != 0) { jsseNames.addAll(Arrays.asList(jsseAltNames)); } jsseNames.add(name()); this.jsseNames = Collections.unmodifiableSet(jsseNames); this.kx = kx; this.au = au; this.enc = enc; this.mac = mac; this.protocol = protocol; this.export = export; this.level = level; this.fipsCompatible = fipsCompatible; this.strength_bits = strength_bits; this.alg_bits = alg_bits; } public int getId() { return id; } public String getOpenSSLAlias() { return openSSLAlias; } public Set<String> getOpenSSLAltNames() { return openSSLAltNames; } public Set<String> getJsseNames() { return jsseNames; } public KeyExchange getKx() { return kx; } public Authentication getAu() { return au; } public Encryption getEnc() { return enc; } public MessageDigest getMac() { return mac; } public Protocol getProtocol() { return protocol; } public boolean isExport() { return export; } public EncryptionLevel getLevel() { return level; } public boolean isFipsCompatible() { return fipsCompatible; } public int getStrength_bits() { return strength_bits; } public int getAlg_bits() { return alg_bits; } private static final Map<Integer,Cipher> idMap = new HashMap<>(); static { for (Cipher cipher : Cipher.values()) { int id = cipher.getId(); if (id > 0 && id < 0xFFFF) { idMap.put(Integer.valueOf(id), cipher); } } } public static Cipher valueOf(int cipherId) { return idMap.get(Integer.valueOf(cipherId)); } }