jdk-sandbox: jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java@1f25b971e59a (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	2	* Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26
90ce3da70b43 Initial load duke parents: diff changeset	27	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	28
90ce3da70b43 Initial load duke parents: diff changeset	29	import java.util.*;
90ce3da70b43 Initial load duke parents: diff changeset	30
90ce3da70b43 Initial load duke parents: diff changeset	31	import java.security.NoSuchAlgorithmException;
90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.InvalidKeyException;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	33	import java.security.SecureRandom;
11904 f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	34	import java.security.KeyManagementException;
2 90ce3da70b43 Initial load duke parents: diff changeset	35
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	36	import javax.crypto.Cipher;
2 90ce3da70b43 Initial load duke parents: diff changeset	37	import javax.crypto.SecretKey;
90ce3da70b43 Initial load duke parents: diff changeset	38	import javax.crypto.spec.IvParameterSpec;
90ce3da70b43 Initial load duke parents: diff changeset	39	import javax.crypto.spec.SecretKeySpec;
90ce3da70b43 Initial load duke parents: diff changeset	40
90ce3da70b43 Initial load duke parents: diff changeset	41	import static sun.security.ssl.CipherSuite.KeyExchange.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	42	import static sun.security.ssl.CipherSuite.PRF.*;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	43	import static sun.security.ssl.CipherSuite.CipherType.*;
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	44	import static sun.security.ssl.CipherSuite.MacAlg.*;
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	45	import static sun.security.ssl.CipherSuite.BulkCipher.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	46	import static sun.security.ssl.JsseJce.*;
90ce3da70b43 Initial load duke parents: diff changeset	47
90ce3da70b43 Initial load duke parents: diff changeset	48	/**
90ce3da70b43 Initial load duke parents: diff changeset	49	* An SSL/TLS CipherSuite. Constants for the standard key exchange, cipher,
90ce3da70b43 Initial load duke parents: diff changeset	50	* and mac algorithms are also defined in this class.
90ce3da70b43 Initial load duke parents: diff changeset	51	*
90ce3da70b43 Initial load duke parents: diff changeset	52	* The CipherSuite class and the inner classes defined in this file roughly
90ce3da70b43 Initial load duke parents: diff changeset	53	* follow the type safe enum pattern described in Effective Java. This means:
90ce3da70b43 Initial load duke parents: diff changeset	54	*
90ce3da70b43 Initial load duke parents: diff changeset	55	* . instances are immutable, classes are final
90ce3da70b43 Initial load duke parents: diff changeset	56	*
90ce3da70b43 Initial load duke parents: diff changeset	57	* . there is a unique instance of every value, i.e. there are never two
90ce3da70b43 Initial load duke parents: diff changeset	58	* instances representing the same CipherSuite, etc. This means equality
90ce3da70b43 Initial load duke parents: diff changeset	59	* tests can be performed using == instead of equals() (although that works
90ce3da70b43 Initial load duke parents: diff changeset	60	* as well). [A minor exception are unsupported CipherSuites read from a
90ce3da70b43 Initial load duke parents: diff changeset	61	* handshake message, but this is usually irrelevant]
90ce3da70b43 Initial load duke parents: diff changeset	62	*
90ce3da70b43 Initial load duke parents: diff changeset	63	* . instances are obtained using the static valueOf() factory methods.
90ce3da70b43 Initial load duke parents: diff changeset	64	*
90ce3da70b43 Initial load duke parents: diff changeset	65	* . properties are defined as final variables and made available as
90ce3da70b43 Initial load duke parents: diff changeset	66	* package private variables without method accessors
90ce3da70b43 Initial load duke parents: diff changeset	67	*
90ce3da70b43 Initial load duke parents: diff changeset	68	* . if the member variable allowed is false, the given algorithm is either
90ce3da70b43 Initial load duke parents: diff changeset	69	* unavailable or disabled at compile time
90ce3da70b43 Initial load duke parents: diff changeset	70	*
90ce3da70b43 Initial load duke parents: diff changeset	71	*/
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 9035 diff changeset	72	final class CipherSuite implements Comparable<CipherSuite> {
2 90ce3da70b43 Initial load duke parents: diff changeset	73
90ce3da70b43 Initial load duke parents: diff changeset	74	// minimum priority for supported CipherSuites
90ce3da70b43 Initial load duke parents: diff changeset	75	final static int SUPPORTED_SUITES_PRIORITY = 1;
90ce3da70b43 Initial load duke parents: diff changeset	76
90ce3da70b43 Initial load duke parents: diff changeset	77	// minimum priority for default enabled CipherSuites
90ce3da70b43 Initial load duke parents: diff changeset	78	final static int DEFAULT_SUITES_PRIORITY = 300;
90ce3da70b43 Initial load duke parents: diff changeset	79
90ce3da70b43 Initial load duke parents: diff changeset	80	// Flag indicating if CipherSuite availability can change dynamically.
90ce3da70b43 Initial load duke parents: diff changeset	81	// This is the case when we rely on a JCE cipher implementation that
90ce3da70b43 Initial load duke parents: diff changeset	82	// may not be available in the installed JCE providers.
4236 02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 3957 diff changeset	83	// It is true because we might not have an ECC implementation.
2 90ce3da70b43 Initial load duke parents: diff changeset	84	final static boolean DYNAMIC_AVAILABILITY = true;
90ce3da70b43 Initial load duke parents: diff changeset	85
90ce3da70b43 Initial load duke parents: diff changeset	86	private final static boolean ALLOW_ECC = Debug.getBooleanProperty
90ce3da70b43 Initial load duke parents: diff changeset	87	("com.sun.net.ssl.enableECC", true);
90ce3da70b43 Initial load duke parents: diff changeset	88
90ce3da70b43 Initial load duke parents: diff changeset	89	// Map Integer(id) -> CipherSuite
90ce3da70b43 Initial load duke parents: diff changeset	90	// contains all known CipherSuites
90ce3da70b43 Initial load duke parents: diff changeset	91	private final static Map<Integer,CipherSuite> idMap;
90ce3da70b43 Initial load duke parents: diff changeset	92
90ce3da70b43 Initial load duke parents: diff changeset	93	// Map String(name) -> CipherSuite
90ce3da70b43 Initial load duke parents: diff changeset	94	// contains only supported CipherSuites (i.e. allowed == true)
90ce3da70b43 Initial load duke parents: diff changeset	95	private final static Map<String,CipherSuite> nameMap;
90ce3da70b43 Initial load duke parents: diff changeset	96
90ce3da70b43 Initial load duke parents: diff changeset	97	// Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5
90ce3da70b43 Initial load duke parents: diff changeset	98	// we use TLS_* only for new CipherSuites, still SSL_* for old ones
90ce3da70b43 Initial load duke parents: diff changeset	99	final String name;
90ce3da70b43 Initial load duke parents: diff changeset	100
90ce3da70b43 Initial load duke parents: diff changeset	101	// id in 16 bit MSB format, i.e. 0x0004 for SSL_RSA_WITH_RC4_128_MD5
90ce3da70b43 Initial load duke parents: diff changeset	102	final int id;
90ce3da70b43 Initial load duke parents: diff changeset	103
90ce3da70b43 Initial load duke parents: diff changeset	104	// priority for the internal default preference order. the higher the
90ce3da70b43 Initial load duke parents: diff changeset	105	// better. Each supported CipherSuite must have a unique priority.
90ce3da70b43 Initial load duke parents: diff changeset	106	// Ciphersuites with priority >= DEFAULT_SUITES_PRIORITY are enabled
90ce3da70b43 Initial load duke parents: diff changeset	107	// by default
90ce3da70b43 Initial load duke parents: diff changeset	108	final int priority;
90ce3da70b43 Initial load duke parents: diff changeset	109
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	110	// key exchange, bulk cipher, mac and prf algorithms. See those
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	111	// classes below.
2 90ce3da70b43 Initial load duke parents: diff changeset	112	final KeyExchange keyExchange;
90ce3da70b43 Initial load duke parents: diff changeset	113	final BulkCipher cipher;
90ce3da70b43 Initial load duke parents: diff changeset	114	final MacAlg macAlg;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	115	final PRF prfAlg;
2 90ce3da70b43 Initial load duke parents: diff changeset	116
90ce3da70b43 Initial load duke parents: diff changeset	117	// whether a CipherSuite qualifies as exportable under 512/40 bit rules.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	118	// TLS 1.1+ (RFC 4346) must not negotiate to these suites.
2 90ce3da70b43 Initial load duke parents: diff changeset	119	final boolean exportable;
90ce3da70b43 Initial load duke parents: diff changeset	120
90ce3da70b43 Initial load duke parents: diff changeset	121	// true iff implemented and enabled at compile time
90ce3da70b43 Initial load duke parents: diff changeset	122	final boolean allowed;
90ce3da70b43 Initial load duke parents: diff changeset	123
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	124	// obsoleted since protocol version
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	125	final int obsoleted;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	126
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	127	// supported since protocol version
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	128	final int supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	129
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	130	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	131	* Constructor for implemented CipherSuites.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	132	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	133	private CipherSuite(String name, int id, int priority,
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	134	KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	135	boolean allowed, int obsoleted, int supported, PRF prfAlg) {
2 90ce3da70b43 Initial load duke parents: diff changeset	136	this.name = name;
90ce3da70b43 Initial load duke parents: diff changeset	137	this.id = id;
90ce3da70b43 Initial load duke parents: diff changeset	138	this.priority = priority;
90ce3da70b43 Initial load duke parents: diff changeset	139	this.keyExchange = keyExchange;
90ce3da70b43 Initial load duke parents: diff changeset	140	this.cipher = cipher;
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	141	this.macAlg = mac;
2 90ce3da70b43 Initial load duke parents: diff changeset	142	this.exportable = cipher.exportable;
90ce3da70b43 Initial load duke parents: diff changeset	143	allowed &= keyExchange.allowed;
90ce3da70b43 Initial load duke parents: diff changeset	144	allowed &= cipher.allowed;
90ce3da70b43 Initial load duke parents: diff changeset	145	this.allowed = allowed;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	146	this.obsoleted = obsoleted;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	147	this.supported = supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	148	this.prfAlg = prfAlg;
2 90ce3da70b43 Initial load duke parents: diff changeset	149	}
90ce3da70b43 Initial load duke parents: diff changeset	150
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	151	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	152	* Constructor for unimplemented CipherSuites.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	153	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	154	private CipherSuite(String name, int id) {
90ce3da70b43 Initial load duke parents: diff changeset	155	this.name = name;
90ce3da70b43 Initial load duke parents: diff changeset	156	this.id = id;
90ce3da70b43 Initial load duke parents: diff changeset	157	this.allowed = false;
90ce3da70b43 Initial load duke parents: diff changeset	158
90ce3da70b43 Initial load duke parents: diff changeset	159	this.priority = 0;
90ce3da70b43 Initial load duke parents: diff changeset	160	this.keyExchange = null;
90ce3da70b43 Initial load duke parents: diff changeset	161	this.cipher = null;
90ce3da70b43 Initial load duke parents: diff changeset	162	this.macAlg = null;
90ce3da70b43 Initial load duke parents: diff changeset	163	this.exportable = false;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	164	this.obsoleted = ProtocolVersion.LIMIT_MAX_VALUE;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	165	this.supported = ProtocolVersion.LIMIT_MIN_VALUE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	166	this.prfAlg = P_NONE;
2 90ce3da70b43 Initial load duke parents: diff changeset	167	}
90ce3da70b43 Initial load duke parents: diff changeset	168
90ce3da70b43 Initial load duke parents: diff changeset	169	/**
90ce3da70b43 Initial load duke parents: diff changeset	170	* Return whether this CipherSuite is available for use. A
90ce3da70b43 Initial load duke parents: diff changeset	171	* CipherSuite may be unavailable even if it is supported
90ce3da70b43 Initial load duke parents: diff changeset	172	* (i.e. allowed == true) if the required JCE cipher is not installed.
90ce3da70b43 Initial load duke parents: diff changeset	173	* In some configuration, this situation may change over time, call
90ce3da70b43 Initial load duke parents: diff changeset	174	* CipherSuiteList.clearAvailableCache() before this method to obtain
90ce3da70b43 Initial load duke parents: diff changeset	175	* the most current status.
90ce3da70b43 Initial load duke parents: diff changeset	176	*/
90ce3da70b43 Initial load duke parents: diff changeset	177	boolean isAvailable() {
90ce3da70b43 Initial load duke parents: diff changeset	178	return allowed && keyExchange.isAvailable() && cipher.isAvailable();
90ce3da70b43 Initial load duke parents: diff changeset	179	}
90ce3da70b43 Initial load duke parents: diff changeset	180
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	181	boolean isNegotiable() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	182	return this != C_SCSV && isAvailable();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	183	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	184
2 90ce3da70b43 Initial load duke parents: diff changeset	185	/**
90ce3da70b43 Initial load duke parents: diff changeset	186	* Compares CipherSuites based on their priority. Has the effect of
90ce3da70b43 Initial load duke parents: diff changeset	187	* sorting CipherSuites when put in a sorted collection, which is
90ce3da70b43 Initial load duke parents: diff changeset	188	* used by CipherSuiteList. Follows standard Comparable contract.
90ce3da70b43 Initial load duke parents: diff changeset	189	*
90ce3da70b43 Initial load duke parents: diff changeset	190	* Note that for unsupported CipherSuites parsed from a handshake
90ce3da70b43 Initial load duke parents: diff changeset	191	* message we violate the equals() contract.
90ce3da70b43 Initial load duke parents: diff changeset	192	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 11904 diff changeset	193	@Override
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 9035 diff changeset	194	public int compareTo(CipherSuite o) {
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 9035 diff changeset	195	return o.priority - priority;
2 90ce3da70b43 Initial load duke parents: diff changeset	196	}
90ce3da70b43 Initial load duke parents: diff changeset	197
90ce3da70b43 Initial load duke parents: diff changeset	198	/**
90ce3da70b43 Initial load duke parents: diff changeset	199	* Returns this.name.
90ce3da70b43 Initial load duke parents: diff changeset	200	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 11904 diff changeset	201	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	202	public String toString() {
90ce3da70b43 Initial load duke parents: diff changeset	203	return name;
90ce3da70b43 Initial load duke parents: diff changeset	204	}
90ce3da70b43 Initial load duke parents: diff changeset	205
90ce3da70b43 Initial load duke parents: diff changeset	206	/**
90ce3da70b43 Initial load duke parents: diff changeset	207	* Return a CipherSuite for the given name. The returned CipherSuite
90ce3da70b43 Initial load duke parents: diff changeset	208	* is supported by this implementation but may not actually be
90ce3da70b43 Initial load duke parents: diff changeset	209	* currently useable. See isAvailable().
90ce3da70b43 Initial load duke parents: diff changeset	210	*
90ce3da70b43 Initial load duke parents: diff changeset	211	* @exception IllegalArgumentException if the CipherSuite is unknown or
90ce3da70b43 Initial load duke parents: diff changeset	212	* unsupported.
90ce3da70b43 Initial load duke parents: diff changeset	213	*/
90ce3da70b43 Initial load duke parents: diff changeset	214	static CipherSuite valueOf(String s) {
90ce3da70b43 Initial load duke parents: diff changeset	215	if (s == null) {
90ce3da70b43 Initial load duke parents: diff changeset	216	throw new IllegalArgumentException("Name must not be null");
90ce3da70b43 Initial load duke parents: diff changeset	217	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	218
51 6fe31bc95bbc 6600143: Remove another 450 unnecessary casts martin parents: 2 diff changeset	219	CipherSuite c = nameMap.get(s);
2 90ce3da70b43 Initial load duke parents: diff changeset	220	if ((c == null) \|\| (c.allowed == false)) {
90ce3da70b43 Initial load duke parents: diff changeset	221	throw new IllegalArgumentException("Unsupported ciphersuite " + s);
90ce3da70b43 Initial load duke parents: diff changeset	222	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	223
2 90ce3da70b43 Initial load duke parents: diff changeset	224	return c;
90ce3da70b43 Initial load duke parents: diff changeset	225	}
90ce3da70b43 Initial load duke parents: diff changeset	226
90ce3da70b43 Initial load duke parents: diff changeset	227	/**
90ce3da70b43 Initial load duke parents: diff changeset	228	* Return a CipherSuite with the given ID. A temporary object is
90ce3da70b43 Initial load duke parents: diff changeset	229	* constructed if the ID is unknown. Use isAvailable() to verify that
90ce3da70b43 Initial load duke parents: diff changeset	230	* the CipherSuite can actually be used.
90ce3da70b43 Initial load duke parents: diff changeset	231	*/
90ce3da70b43 Initial load duke parents: diff changeset	232	static CipherSuite valueOf(int id1, int id2) {
90ce3da70b43 Initial load duke parents: diff changeset	233	id1 &= 0xff;
90ce3da70b43 Initial load duke parents: diff changeset	234	id2 &= 0xff;
90ce3da70b43 Initial load duke parents: diff changeset	235	int id = (id1 << 8) \| id2;
90ce3da70b43 Initial load duke parents: diff changeset	236	CipherSuite c = idMap.get(id);
90ce3da70b43 Initial load duke parents: diff changeset	237	if (c == null) {
90ce3da70b43 Initial load duke parents: diff changeset	238	String h1 = Integer.toString(id1, 16);
90ce3da70b43 Initial load duke parents: diff changeset	239	String h2 = Integer.toString(id2, 16);
90ce3da70b43 Initial load duke parents: diff changeset	240	c = new CipherSuite("Unknown 0x" + h1 + ":0x" + h2, id);
90ce3da70b43 Initial load duke parents: diff changeset	241	}
90ce3da70b43 Initial load duke parents: diff changeset	242	return c;
90ce3da70b43 Initial load duke parents: diff changeset	243	}
90ce3da70b43 Initial load duke parents: diff changeset	244
90ce3da70b43 Initial load duke parents: diff changeset	245	// for use by CipherSuiteList only
90ce3da70b43 Initial load duke parents: diff changeset	246	static Collection<CipherSuite> allowedCipherSuites() {
90ce3da70b43 Initial load duke parents: diff changeset	247	return nameMap.values();
90ce3da70b43 Initial load duke parents: diff changeset	248	}
90ce3da70b43 Initial load duke parents: diff changeset	249
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	250	/*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	251	* Use this method when all of the values need to be specified.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	252	* This is primarily used when defining a new ciphersuite for
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	253	* TLS 1.2+ that doesn't use the "default" PRF.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	254	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	255	private static void add(String name, int id, int priority,
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	256	KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	257	boolean allowed, int obsoleted, int supported, PRF prf) {
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	258
2 90ce3da70b43 Initial load duke parents: diff changeset	259	CipherSuite c = new CipherSuite(name, id, priority, keyExchange,
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	260	cipher, mac, allowed, obsoleted, supported, prf);
2 90ce3da70b43 Initial load duke parents: diff changeset	261	if (idMap.put(id, c) != null) {
90ce3da70b43 Initial load duke parents: diff changeset	262	throw new RuntimeException("Duplicate ciphersuite definition: "
90ce3da70b43 Initial load duke parents: diff changeset	263	+ id + ", " + name);
90ce3da70b43 Initial load duke parents: diff changeset	264	}
90ce3da70b43 Initial load duke parents: diff changeset	265	if (c.allowed) {
90ce3da70b43 Initial load duke parents: diff changeset	266	if (nameMap.put(name, c) != null) {
90ce3da70b43 Initial load duke parents: diff changeset	267	throw new RuntimeException("Duplicate ciphersuite definition: "
90ce3da70b43 Initial load duke parents: diff changeset	268	+ id + ", " + name);
90ce3da70b43 Initial load duke parents: diff changeset	269	}
90ce3da70b43 Initial load duke parents: diff changeset	270	}
90ce3da70b43 Initial load duke parents: diff changeset	271	}
90ce3da70b43 Initial load duke parents: diff changeset	272
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	273	/*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	274	* Use this method when there is no lower protocol limit where this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	275	* suite can be used, and the PRF is P_SHA256. That is, the
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	276	* existing ciphersuites. From RFC 5246:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	277	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	278	* All cipher suites in this document use P_SHA256.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	279	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	280	private static void add(String name, int id, int priority,
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	281	KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	282	boolean allowed, int obsoleted) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	283	// If this is an obsoleted suite, then don't let the TLS 1.2
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	284	// protocol have a valid PRF value.
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	285	PRF prf = obsoleted < ProtocolVersion.TLS12.v ? P_NONE : P_SHA256;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	286
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	287	add(name, id, priority, keyExchange, cipher, mac, allowed, obsoleted,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	288	ProtocolVersion.LIMIT_MIN_VALUE, prf);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	289	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	290
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	291	/*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	292	* Use this method when there is no upper protocol limit. That is,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	293	* suites which have not been obsoleted.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	294	*/
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	295	private static void add(String name, int id, int priority,
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	296	KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	297	boolean allowed) {
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	298	add(name, id, priority, keyExchange, cipher, mac, allowed,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	299	ProtocolVersion.LIMIT_MAX_VALUE);
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	300	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	301
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	302	/*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	303	* Use this method to define an unimplemented suite. This provides
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	304	* a number<->name mapping that can be used for debugging.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	305	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	306	private static void add(String name, int id) {
90ce3da70b43 Initial load duke parents: diff changeset	307	CipherSuite c = new CipherSuite(name, id);
90ce3da70b43 Initial load duke parents: diff changeset	308	if (idMap.put(id, c) != null) {
90ce3da70b43 Initial load duke parents: diff changeset	309	throw new RuntimeException("Duplicate ciphersuite definition: "
90ce3da70b43 Initial load duke parents: diff changeset	310	+ id + ", " + name);
90ce3da70b43 Initial load duke parents: diff changeset	311	}
90ce3da70b43 Initial load duke parents: diff changeset	312	}
90ce3da70b43 Initial load duke parents: diff changeset	313
90ce3da70b43 Initial load duke parents: diff changeset	314	/**
90ce3da70b43 Initial load duke parents: diff changeset	315	* An SSL/TLS key exchange algorithm.
90ce3da70b43 Initial load duke parents: diff changeset	316	*/
90ce3da70b43 Initial load duke parents: diff changeset	317	static enum KeyExchange {
90ce3da70b43 Initial load duke parents: diff changeset	318
90ce3da70b43 Initial load duke parents: diff changeset	319	// key exchange algorithms
90ce3da70b43 Initial load duke parents: diff changeset	320	K_NULL ("NULL", false),
90ce3da70b43 Initial load duke parents: diff changeset	321	K_RSA ("RSA", true),
90ce3da70b43 Initial load duke parents: diff changeset	322	K_RSA_EXPORT ("RSA_EXPORT", true),
90ce3da70b43 Initial load duke parents: diff changeset	323	K_DH_RSA ("DH_RSA", false),
90ce3da70b43 Initial load duke parents: diff changeset	324	K_DH_DSS ("DH_DSS", false),
90ce3da70b43 Initial load duke parents: diff changeset	325	K_DHE_DSS ("DHE_DSS", true),
90ce3da70b43 Initial load duke parents: diff changeset	326	K_DHE_RSA ("DHE_RSA", true),
90ce3da70b43 Initial load duke parents: diff changeset	327	K_DH_ANON ("DH_anon", true),
90ce3da70b43 Initial load duke parents: diff changeset	328
90ce3da70b43 Initial load duke parents: diff changeset	329	K_ECDH_ECDSA ("ECDH_ECDSA", ALLOW_ECC),
90ce3da70b43 Initial load duke parents: diff changeset	330	K_ECDH_RSA ("ECDH_RSA", ALLOW_ECC),
90ce3da70b43 Initial load duke parents: diff changeset	331	K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC),
90ce3da70b43 Initial load duke parents: diff changeset	332	K_ECDHE_RSA ("ECDHE_RSA", ALLOW_ECC),
90ce3da70b43 Initial load duke parents: diff changeset	333	K_ECDH_ANON ("ECDH_anon", ALLOW_ECC),
90ce3da70b43 Initial load duke parents: diff changeset	334
90ce3da70b43 Initial load duke parents: diff changeset	335	// Kerberos cipher suites
90ce3da70b43 Initial load duke parents: diff changeset	336	K_KRB5 ("KRB5", true),
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	337	K_KRB5_EXPORT("KRB5_EXPORT", true),
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	338
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	339	// renegotiation protection request signaling cipher suite
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	340	K_SCSV ("SCSV", true);
2 90ce3da70b43 Initial load duke parents: diff changeset	341
90ce3da70b43 Initial load duke parents: diff changeset	342	// name of the key exchange algorithm, e.g. DHE_DSS
90ce3da70b43 Initial load duke parents: diff changeset	343	final String name;
90ce3da70b43 Initial load duke parents: diff changeset	344	final boolean allowed;
90ce3da70b43 Initial load duke parents: diff changeset	345	private final boolean alwaysAvailable;
90ce3da70b43 Initial load duke parents: diff changeset	346
90ce3da70b43 Initial load duke parents: diff changeset	347	KeyExchange(String name, boolean allowed) {
90ce3da70b43 Initial load duke parents: diff changeset	348	this.name = name;
90ce3da70b43 Initial load duke parents: diff changeset	349	this.allowed = allowed;
3957 c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	350	this.alwaysAvailable = allowed &&
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	351	(!name.startsWith("EC")) && (!name.startsWith("KRB"));
2 90ce3da70b43 Initial load duke parents: diff changeset	352	}
90ce3da70b43 Initial load duke parents: diff changeset	353
90ce3da70b43 Initial load duke parents: diff changeset	354	boolean isAvailable() {
90ce3da70b43 Initial load duke parents: diff changeset	355	if (alwaysAvailable) {
90ce3da70b43 Initial load duke parents: diff changeset	356	return true;
90ce3da70b43 Initial load duke parents: diff changeset	357	}
3957 c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	358
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	359	if (name.startsWith("EC")) {
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	360	return (allowed && JsseJce.isEcAvailable());
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	361	} else if (name.startsWith("KRB")) {
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	362	return (allowed && JsseJce.isKerberosAvailable());
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	363	} else {
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	364	return allowed;
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present vinnie parents: 715 diff changeset	365	}
2 90ce3da70b43 Initial load duke parents: diff changeset	366	}
90ce3da70b43 Initial load duke parents: diff changeset	367
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 11904 diff changeset	368	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	369	public String toString() {
90ce3da70b43 Initial load duke parents: diff changeset	370	return name;
90ce3da70b43 Initial load duke parents: diff changeset	371	}
90ce3da70b43 Initial load duke parents: diff changeset	372	}
90ce3da70b43 Initial load duke parents: diff changeset	373
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	374	static enum CipherType {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	375	STREAM_CIPHER, // null or stream cipher
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	376	BLOCK_CIPHER, // block cipher in CBC mode
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	377	AEAD_CIPHER // AEAD cipher
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	378	}
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	379
2 90ce3da70b43 Initial load duke parents: diff changeset	380	/**
90ce3da70b43 Initial load duke parents: diff changeset	381	* An SSL/TLS bulk cipher algorithm. One instance per combination of
90ce3da70b43 Initial load duke parents: diff changeset	382	* cipher and key length.
90ce3da70b43 Initial load duke parents: diff changeset	383	*
90ce3da70b43 Initial load duke parents: diff changeset	384	* Also contains a factory method to obtain in initialized CipherBox
90ce3da70b43 Initial load duke parents: diff changeset	385	* for this algorithm.
90ce3da70b43 Initial load duke parents: diff changeset	386	*/
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	387	static enum BulkCipher {
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	388
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	389	// export strength ciphers
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	390	B_NULL("NULL", STREAM_CIPHER, 0, 0, 0, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	391	B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	392	B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	393	B_DES_40(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	394
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	395	// domestic strength ciphers
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	396	B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	397	B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	398	B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	399	B_IDEA("IDEA", BLOCK_CIPHER, 16, 8, 0, false),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	400	B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	401	B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	402	B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	403	B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true);
2 90ce3da70b43 Initial load duke parents: diff changeset	404
90ce3da70b43 Initial load duke parents: diff changeset	405	// Map BulkCipher -> Boolean(available)
90ce3da70b43 Initial load duke parents: diff changeset	406	private final static Map<BulkCipher,Boolean> availableCache =
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7807 diff changeset	407	new HashMap<>(8);
2 90ce3da70b43 Initial load duke parents: diff changeset	408
90ce3da70b43 Initial load duke parents: diff changeset	409	// descriptive name including key size, e.g. AES/128
90ce3da70b43 Initial load duke parents: diff changeset	410	final String description;
90ce3da70b43 Initial load duke parents: diff changeset	411
90ce3da70b43 Initial load duke parents: diff changeset	412	// JCE cipher transformation string, e.g. AES/CBC/NoPadding
90ce3da70b43 Initial load duke parents: diff changeset	413	final String transformation;
90ce3da70b43 Initial load duke parents: diff changeset	414
90ce3da70b43 Initial load duke parents: diff changeset	415	// algorithm name, e.g. AES
90ce3da70b43 Initial load duke parents: diff changeset	416	final String algorithm;
90ce3da70b43 Initial load duke parents: diff changeset	417
90ce3da70b43 Initial load duke parents: diff changeset	418	// supported and compile time enabled. Also see isAvailable()
90ce3da70b43 Initial load duke parents: diff changeset	419	final boolean allowed;
90ce3da70b43 Initial load duke parents: diff changeset	420
90ce3da70b43 Initial load duke parents: diff changeset	421	// number of bytes of entropy in the key
90ce3da70b43 Initial load duke parents: diff changeset	422	final int keySize;
90ce3da70b43 Initial load duke parents: diff changeset	423
90ce3da70b43 Initial load duke parents: diff changeset	424	// length of the actual cipher key in bytes.
90ce3da70b43 Initial load duke parents: diff changeset	425	// for non-exportable ciphers, this is the same as keySize
90ce3da70b43 Initial load duke parents: diff changeset	426	final int expandedKeySize;
90ce3da70b43 Initial load duke parents: diff changeset	427
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	428	// size of the IV
2 90ce3da70b43 Initial load duke parents: diff changeset	429	final int ivSize;
90ce3da70b43 Initial load duke parents: diff changeset	430
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	431	// size of fixed IV
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	432	//
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	433	// record_iv_length = ivSize - fixedIvSize
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	434	final int fixedIvSize;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	435
2 90ce3da70b43 Initial load duke parents: diff changeset	436	// exportable under 512/40 bit rules
90ce3da70b43 Initial load duke parents: diff changeset	437	final boolean exportable;
90ce3da70b43 Initial load duke parents: diff changeset	438
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 9035 diff changeset	439	// Is the cipher algorithm of Cipher Block Chaining (CBC) mode?
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	440	final CipherType cipherType;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	441
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	442	// size of the authentication tag, only applicable to cipher suites in
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	443	// Galois Counter Mode (GCM)
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	444	//
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	445	// As far as we know, all supported GCM cipher suites use 128-bits
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	446	// authentication tags.
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	447	final int tagSize = 16;
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 9035 diff changeset	448
11904 f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	449	// The secure random used to detect the cipher availability.
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	450	private final static SecureRandom secureRandom;
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	451
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	452	static {
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	453	try {
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	454	secureRandom = JsseJce.getSecureRandom();
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	455	} catch (KeyManagementException kme) {
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	456	throw new RuntimeException(kme);
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	457	}
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	458	}
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	459
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	460	BulkCipher(String transformation, CipherType cipherType, int keySize,
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	461	int expandedKeySize, int ivSize,
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	462	int fixedIvSize, boolean allowed) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	463
2 90ce3da70b43 Initial load duke parents: diff changeset	464	this.transformation = transformation;
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 9035 diff changeset	465	String[] splits = transformation.split("/");
1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 9035 diff changeset	466	this.algorithm = splits[0];
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	467	this.cipherType = cipherType;
2 90ce3da70b43 Initial load duke parents: diff changeset	468	this.description = this.algorithm + "/" + (keySize << 3);
90ce3da70b43 Initial load duke parents: diff changeset	469	this.keySize = keySize;
90ce3da70b43 Initial load duke parents: diff changeset	470	this.ivSize = ivSize;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	471	this.fixedIvSize = fixedIvSize;
2 90ce3da70b43 Initial load duke parents: diff changeset	472	this.allowed = allowed;
90ce3da70b43 Initial load duke parents: diff changeset	473
90ce3da70b43 Initial load duke parents: diff changeset	474	this.expandedKeySize = expandedKeySize;
90ce3da70b43 Initial load duke parents: diff changeset	475	this.exportable = true;
90ce3da70b43 Initial load duke parents: diff changeset	476	}
90ce3da70b43 Initial load duke parents: diff changeset	477
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	478	BulkCipher(String transformation, CipherType cipherType, int keySize,
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	479	int ivSize, int fixedIvSize, boolean allowed) {
2 90ce3da70b43 Initial load duke parents: diff changeset	480	this.transformation = transformation;
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 9035 diff changeset	481	String[] splits = transformation.split("/");
1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 9035 diff changeset	482	this.algorithm = splits[0];
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	483	this.cipherType = cipherType;
2 90ce3da70b43 Initial load duke parents: diff changeset	484	this.description = this.algorithm + "/" + (keySize << 3);
90ce3da70b43 Initial load duke parents: diff changeset	485	this.keySize = keySize;
90ce3da70b43 Initial load duke parents: diff changeset	486	this.ivSize = ivSize;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	487	this.fixedIvSize = fixedIvSize;
2 90ce3da70b43 Initial load duke parents: diff changeset	488	this.allowed = allowed;
90ce3da70b43 Initial load duke parents: diff changeset	489
90ce3da70b43 Initial load duke parents: diff changeset	490	this.expandedKeySize = keySize;
90ce3da70b43 Initial load duke parents: diff changeset	491	this.exportable = false;
90ce3da70b43 Initial load duke parents: diff changeset	492	}
90ce3da70b43 Initial load duke parents: diff changeset	493
90ce3da70b43 Initial load duke parents: diff changeset	494	/**
90ce3da70b43 Initial load duke parents: diff changeset	495	* Return an initialized CipherBox for this BulkCipher.
90ce3da70b43 Initial load duke parents: diff changeset	496	* IV must be null for stream ciphers.
90ce3da70b43 Initial load duke parents: diff changeset	497	*
90ce3da70b43 Initial load duke parents: diff changeset	498	* @exception NoSuchAlgorithmException if anything goes wrong
90ce3da70b43 Initial load duke parents: diff changeset	499	*/
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	500	CipherBox newCipher(ProtocolVersion version, SecretKey key,
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	501	IvParameterSpec iv, SecureRandom random,
2 90ce3da70b43 Initial load duke parents: diff changeset	502	boolean encrypt) throws NoSuchAlgorithmException {
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	503	return CipherBox.newCipherBox(version, this,
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	504	key, iv, random, encrypt);
2 90ce3da70b43 Initial load duke parents: diff changeset	505	}
90ce3da70b43 Initial load duke parents: diff changeset	506
90ce3da70b43 Initial load duke parents: diff changeset	507	/**
90ce3da70b43 Initial load duke parents: diff changeset	508	* Test if this bulk cipher is available. For use by CipherSuite.
90ce3da70b43 Initial load duke parents: diff changeset	509	*
90ce3da70b43 Initial load duke parents: diff changeset	510	* Currently all supported ciphers except AES are always available
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	511	* via the JSSE internal implementations. We also assume AES/128 of
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	512	* CBC mode is always available since it is shipped with the SunJCE
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	513	* provider. However, AES/256 is unavailable when the default JCE
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	514	* policy jurisdiction files are installed because of key length
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	515	* restrictions, and AEAD is unavailable when the underlying providers
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	516	* do not support AEAD/GCM mode.
2 90ce3da70b43 Initial load duke parents: diff changeset	517	*/
90ce3da70b43 Initial load duke parents: diff changeset	518	boolean isAvailable() {
90ce3da70b43 Initial load duke parents: diff changeset	519	if (allowed == false) {
90ce3da70b43 Initial load duke parents: diff changeset	520	return false;
90ce3da70b43 Initial load duke parents: diff changeset	521	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	522
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	523	if ((this == B_AES_256) \|\|
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	524	(this.cipherType == CipherType.AEAD_CIPHER)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	525	return isAvailable(this);
90ce3da70b43 Initial load duke parents: diff changeset	526	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	527
2 90ce3da70b43 Initial load duke parents: diff changeset	528	// always available
90ce3da70b43 Initial load duke parents: diff changeset	529	return true;
90ce3da70b43 Initial load duke parents: diff changeset	530	}
90ce3da70b43 Initial load duke parents: diff changeset	531
90ce3da70b43 Initial load duke parents: diff changeset	532	// for use by CipherSuiteList.clearAvailableCache();
90ce3da70b43 Initial load duke parents: diff changeset	533	static synchronized void clearAvailableCache() {
90ce3da70b43 Initial load duke parents: diff changeset	534	if (DYNAMIC_AVAILABILITY) {
90ce3da70b43 Initial load duke parents: diff changeset	535	availableCache.clear();
90ce3da70b43 Initial load duke parents: diff changeset	536	}
90ce3da70b43 Initial load duke parents: diff changeset	537	}
90ce3da70b43 Initial load duke parents: diff changeset	538
90ce3da70b43 Initial load duke parents: diff changeset	539	private static synchronized boolean isAvailable(BulkCipher cipher) {
51 6fe31bc95bbc 6600143: Remove another 450 unnecessary casts martin parents: 2 diff changeset	540	Boolean b = availableCache.get(cipher);
2 90ce3da70b43 Initial load duke parents: diff changeset	541	if (b == null) {
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	542	int keySizeInBits = cipher.keySize * 8;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	543	if (keySizeInBits > 128) { // need the JCE unlimited
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	544	// strength jurisdiction policy
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	545	try {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	546	if (Cipher.getMaxAllowedKeyLength(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	547	cipher.transformation) < keySizeInBits) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	548	b = Boolean.FALSE;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	549	}
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	550	} catch (Exception e) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	551	b = Boolean.FALSE;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	552	}
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	553	}
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	554
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	555	if (b == null) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	556	b = Boolean.FALSE; // may be reset to TRUE if
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	557	// the cipher is available
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	558	CipherBox temporary = null;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	559	try {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	560	SecretKey key = new SecretKeySpec(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	561	new byte[cipher.expandedKeySize],
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	562	cipher.algorithm);
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	563	IvParameterSpec iv;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	564	if (cipher.cipherType == CipherType.AEAD_CIPHER) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	565	iv = new IvParameterSpec(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	566	new byte[cipher.fixedIvSize]);
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	567	} else {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	568	iv = new IvParameterSpec(new byte[cipher.ivSize]);
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	569	}
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	570	temporary = cipher.newCipher(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	571	ProtocolVersion.DEFAULT,
11904 f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom xuelei parents: 10917 diff changeset	572	key, iv, secureRandom, true);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	573	b = temporary.isAvailable();
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	574	} catch (NoSuchAlgorithmException e) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	575	// not available
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	576	} finally {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	577	if (temporary != null) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	578	temporary.dispose();
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	579	}
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	580	}
2 90ce3da70b43 Initial load duke parents: diff changeset	581	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	582
2 90ce3da70b43 Initial load duke parents: diff changeset	583	availableCache.put(cipher, b);
90ce3da70b43 Initial load duke parents: diff changeset	584	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	585
2 90ce3da70b43 Initial load duke parents: diff changeset	586	return b.booleanValue();
90ce3da70b43 Initial load duke parents: diff changeset	587	}
90ce3da70b43 Initial load duke parents: diff changeset	588
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 11904 diff changeset	589	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	590	public String toString() {
90ce3da70b43 Initial load duke parents: diff changeset	591	return description;
90ce3da70b43 Initial load duke parents: diff changeset	592	}
90ce3da70b43 Initial load duke parents: diff changeset	593	}
90ce3da70b43 Initial load duke parents: diff changeset	594
90ce3da70b43 Initial load duke parents: diff changeset	595	/**
90ce3da70b43 Initial load duke parents: diff changeset	596	* An SSL/TLS key MAC algorithm.
90ce3da70b43 Initial load duke parents: diff changeset	597	*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	598	* Also contains a factory method to obtain an initialized MAC
2 90ce3da70b43 Initial load duke parents: diff changeset	599	* for this algorithm.
90ce3da70b43 Initial load duke parents: diff changeset	600	*/
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	601	static enum MacAlg {
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	602	// MACs
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	603	M_NULL ("NULL", 0, 0, 0),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	604	M_MD5 ("MD5", 16, 64, 9),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	605	M_SHA ("SHA", 20, 64, 9),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	606	M_SHA256 ("SHA256", 32, 64, 9),
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	607	M_SHA384 ("SHA384", 48, 128, 17);
2 90ce3da70b43 Initial load duke parents: diff changeset	608
90ce3da70b43 Initial load duke parents: diff changeset	609	// descriptive name, e.g. MD5
90ce3da70b43 Initial load duke parents: diff changeset	610	final String name;
90ce3da70b43 Initial load duke parents: diff changeset	611
90ce3da70b43 Initial load duke parents: diff changeset	612	// size of the MAC value (and MAC key) in bytes
90ce3da70b43 Initial load duke parents: diff changeset	613	final int size;
90ce3da70b43 Initial load duke parents: diff changeset	614
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	615	// block size of the underlying hash algorithm
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	616	final int hashBlockSize;
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	617
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	618	// minimal padding size of the underlying hash algorithm
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	619	final int minimalPaddingSize;
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	620
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	621	MacAlg(String name, int size,
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	622	int hashBlockSize, int minimalPaddingSize) {
2 90ce3da70b43 Initial load duke parents: diff changeset	623	this.name = name;
90ce3da70b43 Initial load duke parents: diff changeset	624	this.size = size;
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	625	this.hashBlockSize = hashBlockSize;
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	626	this.minimalPaddingSize = minimalPaddingSize;
2 90ce3da70b43 Initial load duke parents: diff changeset	627	}
90ce3da70b43 Initial load duke parents: diff changeset	628
90ce3da70b43 Initial load duke parents: diff changeset	629	/**
90ce3da70b43 Initial load duke parents: diff changeset	630	* Return an initialized MAC for this MacAlg. ProtocolVersion
90ce3da70b43 Initial load duke parents: diff changeset	631	* must either be SSL30 (SSLv3 custom MAC) or TLS10 (std. HMAC).
90ce3da70b43 Initial load duke parents: diff changeset	632	*
90ce3da70b43 Initial load duke parents: diff changeset	633	* @exception NoSuchAlgorithmException if anything goes wrong
90ce3da70b43 Initial load duke parents: diff changeset	634	*/
90ce3da70b43 Initial load duke parents: diff changeset	635	MAC newMac(ProtocolVersion protocolVersion, SecretKey secret)
90ce3da70b43 Initial load duke parents: diff changeset	636	throws NoSuchAlgorithmException, InvalidKeyException {
90ce3da70b43 Initial load duke parents: diff changeset	637	return new MAC(this, protocolVersion, secret);
90ce3da70b43 Initial load duke parents: diff changeset	638	}
90ce3da70b43 Initial load duke parents: diff changeset	639
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 11904 diff changeset	640	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	641	public String toString() {
90ce3da70b43 Initial load duke parents: diff changeset	642	return name;
90ce3da70b43 Initial load duke parents: diff changeset	643	}
90ce3da70b43 Initial load duke parents: diff changeset	644	}
90ce3da70b43 Initial load duke parents: diff changeset	645
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	646	/**
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	647	* PRFs (PseudoRandom Function) from TLS specifications.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	648	*
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	649	* TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for generating
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	650	* the necessary material.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	651	*
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	652	* In TLS 1.2+, all existing/known CipherSuites use SHA256, however
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	653	* new Ciphersuites (e.g. RFC 5288) can define specific PRF hash
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	654	* algorithms.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	655	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	656	static enum PRF {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	657
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	658	// PRF algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	659	P_NONE( "NONE", 0, 0),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	660	P_SHA256("SHA-256", 32, 64),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	661	P_SHA384("SHA-384", 48, 128),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	662	P_SHA512("SHA-512", 64, 128); // not currently used.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	663
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	664	// PRF characteristics
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	665	private final String prfHashAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	666	private final int prfHashLength;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	667	private final int prfBlockSize;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	668
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	669	PRF(String prfHashAlg, int prfHashLength, int prfBlockSize) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	670	this.prfHashAlg = prfHashAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	671	this.prfHashLength = prfHashLength;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	672	this.prfBlockSize = prfBlockSize;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	673	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	674
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	675	String getPRFHashAlg() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	676	return prfHashAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	677	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	678
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	679	int getPRFHashLength() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	680	return prfHashLength;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	681	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	682
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	683	int getPRFBlockSize() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	684	return prfBlockSize;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	685	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	686	}
2 90ce3da70b43 Initial load duke parents: diff changeset	687
90ce3da70b43 Initial load duke parents: diff changeset	688	static {
90ce3da70b43 Initial load duke parents: diff changeset	689	idMap = new HashMap<Integer,CipherSuite>();
90ce3da70b43 Initial load duke parents: diff changeset	690	nameMap = new HashMap<String,CipherSuite>();
90ce3da70b43 Initial load duke parents: diff changeset	691
90ce3da70b43 Initial load duke parents: diff changeset	692	final boolean F = false;
90ce3da70b43 Initial load duke parents: diff changeset	693	final boolean T = true;
90ce3da70b43 Initial load duke parents: diff changeset	694	// N: ciphersuites only allowed if we are not in FIPS mode
90ce3da70b43 Initial load duke parents: diff changeset	695	final boolean N = (SunJSSE.isFIPS() == false);
90ce3da70b43 Initial load duke parents: diff changeset	696
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	697	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	698	* TLS Cipher Suite Registry, as of August 2010.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	699	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	700	* http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	701	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	702	* Range Registration Procedures Notes
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	703	* 000-191 Standards Action Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	704	* 192-254 Specification Required Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	705	* 255 Reserved for Private Use Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	706	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	707	* Value Description Reference
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	708	* 0x00,0x00 TLS_NULL_WITH_NULL_NULL [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	709	* 0x00,0x01 TLS_RSA_WITH_NULL_MD5 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	710	* 0x00,0x02 TLS_RSA_WITH_NULL_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	711	* 0x00,0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	712	* 0x00,0x04 TLS_RSA_WITH_RC4_128_MD5 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	713	* 0x00,0x05 TLS_RSA_WITH_RC4_128_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	714	* 0x00,0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	715	* 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	716	* 0x00,0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	717	* 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	718	* 0x00,0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	719	* 0x00,0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	720	* 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	721	* 0x00,0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	722	* 0x00,0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	723	* 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	724	* 0x00,0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	725	* 0x00,0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	726	* 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	727	* 0x00,0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	728	* 0x00,0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	729	* 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	730	* 0x00,0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	731	* 0x00,0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	732	* 0x00,0x18 TLS_DH_anon_WITH_RC4_128_MD5 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	733	* 0x00,0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	734	* 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	735	* 0x00,0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	736	* 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	737	* 0x00,0x1E TLS_KRB5_WITH_DES_CBC_SHA [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	738	* 0x00,0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	739	* 0x00,0x20 TLS_KRB5_WITH_RC4_128_SHA [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	740	* 0x00,0x21 TLS_KRB5_WITH_IDEA_CBC_SHA [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	741	* 0x00,0x22 TLS_KRB5_WITH_DES_CBC_MD5 [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	742	* 0x00,0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	743	* 0x00,0x24 TLS_KRB5_WITH_RC4_128_MD5 [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	744	* 0x00,0x25 TLS_KRB5_WITH_IDEA_CBC_MD5 [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	745	* 0x00,0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	746	* 0x00,0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	747	* 0x00,0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	748	* 0x00,0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	749	* 0x00,0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	750	* 0x00,0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 [RFC2712]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	751	* 0x00,0x2C TLS_PSK_WITH_NULL_SHA [RFC4785]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	752	* 0x00,0x2D TLS_DHE_PSK_WITH_NULL_SHA [RFC4785]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	753	* 0x00,0x2E TLS_RSA_PSK_WITH_NULL_SHA [RFC4785]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	754	* 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	755	* 0x00,0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	756	* 0x00,0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	757	* 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	758	* 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	759	* 0x00,0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	760	* 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	761	* 0x00,0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	762	* 0x00,0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	763	* 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	764	* 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	765	* 0x00,0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	766	* 0x00,0x3B TLS_RSA_WITH_NULL_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	767	* 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	768	* 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	769	* 0x00,0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	770	* 0x00,0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	771	* 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	772	* 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	773	* 0x00,0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	774	* 0x00,0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	775	* 0x00,0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	776	* 0x00,0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	777	* 0x00,0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	778	* 0x00,0x47-4F Reserved to avoid conflicts with
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	779	* deployed implementations [Pasi_Eronen]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	780	* 0x00,0x50-58 Reserved to avoid conflicts [Pasi Eronen]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	781	* 0x00,0x59-5C Reserved to avoid conflicts with
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	782	* deployed implementations [Pasi_Eronen]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	783	* 0x00,0x5D-5F Unassigned
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	784	* 0x00,0x60-66 Reserved to avoid conflicts with widely
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	785	* deployed implementations [Pasi_Eronen]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	786	* 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	787	* 0x00,0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	788	* 0x00,0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	789	* 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	790	* 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	791	* 0x00,0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	792	* 0x00,0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	793	* 0x00,0x6E-83 Unassigned
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	794	* 0x00,0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	795	* 0x00,0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	796	* 0x00,0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	797	* 0x00,0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	798	* 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	799	* 0x00,0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	800	* 0x00,0x8A TLS_PSK_WITH_RC4_128_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	801	* 0x00,0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	802	* 0x00,0x8C TLS_PSK_WITH_AES_128_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	803	* 0x00,0x8D TLS_PSK_WITH_AES_256_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	804	* 0x00,0x8E TLS_DHE_PSK_WITH_RC4_128_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	805	* 0x00,0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	806	* 0x00,0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	807	* 0x00,0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	808	* 0x00,0x92 TLS_RSA_PSK_WITH_RC4_128_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	809	* 0x00,0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	810	* 0x00,0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	811	* 0x00,0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA [RFC4279]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	812	* 0x00,0x96 TLS_RSA_WITH_SEED_CBC_SHA [RFC4162]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	813	* 0x00,0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA [RFC4162]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	814	* 0x00,0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA [RFC4162]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	815	* 0x00,0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA [RFC4162]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	816	* 0x00,0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA [RFC4162]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	817	* 0x00,0x9B TLS_DH_anon_WITH_SEED_CBC_SHA [RFC4162]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	818	* 0x00,0x9C TLS_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	819	* 0x00,0x9D TLS_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	820	* 0x00,0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	821	* 0x00,0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	822	* 0x00,0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	823	* 0x00,0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	824	* 0x00,0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	825	* 0x00,0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	826	* 0x00,0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	827	* 0x00,0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	828	* 0x00,0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	829	* 0x00,0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 [RFC5288]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	830	* 0x00,0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	831	* 0x00,0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	832	* 0x00,0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	833	* 0x00,0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	834	* 0x00,0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	835	* 0x00,0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	836	* 0x00,0xAE TLS_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	837	* 0x00,0xAF TLS_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	838	* 0x00,0xB0 TLS_PSK_WITH_NULL_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	839	* 0x00,0xB1 TLS_PSK_WITH_NULL_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	840	* 0x00,0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	841	* 0x00,0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	842	* 0x00,0xB4 TLS_DHE_PSK_WITH_NULL_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	843	* 0x00,0xB5 TLS_DHE_PSK_WITH_NULL_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	844	* 0x00,0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	845	* 0x00,0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	846	* 0x00,0xB8 TLS_RSA_PSK_WITH_NULL_SHA256 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	847	* 0x00,0xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [RFC5487]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	848	* 0x00,0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	849	* 0x00,0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	850	* 0x00,0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	851	* 0x00,0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	852	* 0x00,0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	853	* 0x00,0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	854	* 0x00,0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	855	* 0x00,0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	856	* 0x00,0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	857	* 0x00,0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	858	* 0x00,0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	859	* 0x00,0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	860	* 0x00,0xC6-FE Unassigned
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	861	* 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [RFC5746]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	862	* 0x01-BF,* Unassigned
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	863	* 0xC0,0x01 TLS_ECDH_ECDSA_WITH_NULL_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	864	* 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	865	* 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	866	* 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	867	* 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	868	* 0xC0,0x06 TLS_ECDHE_ECDSA_WITH_NULL_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	869	* 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	870	* 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	871	* 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	872	* 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	873	* 0xC0,0x0B TLS_ECDH_RSA_WITH_NULL_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	874	* 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	875	* 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	876	* 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	877	* 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	878	* 0xC0,0x10 TLS_ECDHE_RSA_WITH_NULL_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	879	* 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	880	* 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	881	* 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	882	* 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	883	* 0xC0,0x15 TLS_ECDH_anon_WITH_NULL_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	884	* 0xC0,0x16 TLS_ECDH_anon_WITH_RC4_128_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	885	* 0xC0,0x17 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	886	* 0xC0,0x18 TLS_ECDH_anon_WITH_AES_128_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	887	* 0xC0,0x19 TLS_ECDH_anon_WITH_AES_256_CBC_SHA [RFC4492]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	888	* 0xC0,0x1A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	889	* 0xC0,0x1B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	890	* 0xC0,0x1C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	891	* 0xC0,0x1D TLS_SRP_SHA_WITH_AES_128_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	892	* 0xC0,0x1E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	893	* 0xC0,0x1F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	894	* 0xC0,0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	895	* 0xC0,0x21 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	896	* 0xC0,0x22 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA [RFC5054]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	897	* 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	898	* 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	899	* 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	900	* 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	901	* 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	902	* 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	903	* 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	904	* 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	905	* 0xC0,0x2B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	906	* 0xC0,0x2C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	907	* 0xC0,0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	908	* 0xC0,0x2E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	909	* 0xC0,0x2F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	910	* 0xC0,0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	911	* 0xC0,0x31 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	912	* 0xC0,0x32 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 [RFC5289]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	913	* 0xC0,0x33 TLS_ECDHE_PSK_WITH_RC4_128_SHA [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	914	* 0xC0,0x34 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	915	* 0xC0,0x35 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	916	* 0xC0,0x36 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	917	* 0xC0,0x37 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	918	* 0xC0,0x38 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	919	* 0xC0,0x39 TLS_ECDHE_PSK_WITH_NULL_SHA [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	920	* 0xC0,0x3A TLS_ECDHE_PSK_WITH_NULL_SHA256 [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	921	* 0xC0,0x3B TLS_ECDHE_PSK_WITH_NULL_SHA384 [RFC5489]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	922	* 0xC0,0x3C-FF Unassigned
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	923	* 0xC1-FD,* Unassigned
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	924	* 0xFE,0x00-FD Unassigned
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	925	* 0xFE,0xFE-FF Reserved to avoid conflicts with widely
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	926	* deployed implementations [Pasi_Eronen]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	927	* 0xFF,0x00-FF Reserved for Private Use [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	928	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	929
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	930	add("SSL_NULL_WITH_NULL_NULL", 0x0000,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	931	1, K_NULL, B_NULL, M_NULL, F);
2 90ce3da70b43 Initial load duke parents: diff changeset	932
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	933	/*
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	934	* Definition of the CipherSuites that are enabled by default.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	935	* They are listed in preference order, most preferred first, using
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	936	* the following criteria:
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	937	* 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	938	* changed later, see below).
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	939	* 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
27722 0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list xuelei parents: 25859 diff changeset	940	* AES_128(GCM), AES_256, AES_128, 3DES-EDE, RC-4.
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	941	* 3. Prefer the stronger MAC algorithm, in the order of SHA384,
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	942	* SHA256, SHA, MD5.
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	943	* 4. Prefer the better performance of key exchange and digital
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	944	* signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	945	* RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	946	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	947	int p = DEFAULT_SUITES_PRIORITY * 2;
90ce3da70b43 Initial load duke parents: diff changeset	948
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	949	// shorten names to fit the following table cleanly.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	950	int max = ProtocolVersion.LIMIT_MAX_VALUE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	951	int tls11 = ProtocolVersion.TLS11.v;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	952	int tls12 = ProtocolVersion.TLS12.v;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	953
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	954	// ID Key Exchange Cipher A obs suprt PRF
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	955	// ====== ============ ========= = === ===== ========
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	956
22267 13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	957	// Suite B compliant cipher suites, see RFC 6460.
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	958	//
22267 13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	959	// Note that, at present this provider is not Suite B compliant. The
13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	960	// preference order of the GCM cipher suites does not follow the spec
13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	961	// of RFC 6460. In this section, only two cipher suites are listed
13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	962	// so that applications can make use of Suite-B compliant cipher
13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	963	// suite firstly.
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	964	add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02c, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	965	K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	966	add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	967	K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
22267 13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	968
13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	969	// AES_256(GCM)
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	970	add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	971	K_ECDHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	972	add("TLS_RSA_WITH_AES_256_GCM_SHA384", 0x009d, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	973	K_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	974	add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02e, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	975	K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	976	add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	977	K_ECDH_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	978	add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 0x009f, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	979	K_DHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	980	add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x00a3, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	981	K_DHE_DSS, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384);
22267 13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	982
13f418b13938 8028518: Increase the priorities of GCM cipher suites xuelei parents: 16913 diff changeset	983	// AES_128(GCM)
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	984	add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 0xc02f, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	985	K_ECDHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	986	add("TLS_RSA_WITH_AES_128_GCM_SHA256", 0x009c, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	987	K_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	988	add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02d, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	989	K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	990	add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	991	K_ECDH_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	992	add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 0x009e, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	993	K_DHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	994	add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x00a2, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	995	K_DHE_DSS, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	996
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	997	// AES_256(CBC)
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	998	add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0xc024, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	999	K_ECDHE_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1000	add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0xc028, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1001	K_ECDHE_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1002	add("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x003d, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1003	K_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1004	add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0xc026, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1005	K_ECDH_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1006	add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0xc02a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1007	K_ECDH_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1008	add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x006b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1009	K_DHE_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1010	add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x006a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1011	K_DHE_DSS, B_AES_256, M_SHA256, T, max, tls12, P_SHA256);
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1012
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1013	add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 0xC00A, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1014	K_ECDHE_ECDSA, B_AES_256, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1015	add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 0xC014, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1016	K_ECDHE_RSA, B_AES_256, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1017	add("TLS_RSA_WITH_AES_256_CBC_SHA", 0x0035, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1018	K_RSA, B_AES_256, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1019	add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 0xC005, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1020	K_ECDH_ECDSA, B_AES_256, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1021	add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 0xC00F, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1022	K_ECDH_RSA, B_AES_256, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1023	add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 0x0039, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1024	K_DHE_RSA, B_AES_256, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1025	add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 0x0038, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1026	K_DHE_DSS, B_AES_256, M_SHA, T);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1027
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1028	// AES_128(CBC)
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1029	add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0xc023, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1030	K_ECDHE_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1031	add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0xc027, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1032	K_ECDHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1033	add("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x003c, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1034	K_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1035	add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0xc025, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1036	K_ECDH_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1037	add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0xc029, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1038	K_ECDH_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1039	add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0067, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1040	K_DHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1041	add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0040, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1042	K_DHE_DSS, B_AES_128, M_SHA256, T, max, tls12, P_SHA256);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1043
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1044	add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 0xC009, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1045	K_ECDHE_ECDSA, B_AES_128, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1046	add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 0xC013, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1047	K_ECDHE_RSA, B_AES_128, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1048	add("TLS_RSA_WITH_AES_128_CBC_SHA", 0x002f, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1049	K_RSA, B_AES_128, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1050	add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 0xC004, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1051	K_ECDH_ECDSA, B_AES_128, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1052	add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 0xC00E, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1053	K_ECDH_RSA, B_AES_128, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1054	add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 0x0033, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1055	K_DHE_RSA, B_AES_128, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1056	add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 0x0032, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1057	K_DHE_DSS, B_AES_128, M_SHA, T);
2 90ce3da70b43 Initial load duke parents: diff changeset	1058
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1059	// 3DES_EDE
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1060	add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC008, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1061	K_ECDHE_ECDSA, B_3DES, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1062	add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 0xC012, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1063	K_ECDHE_RSA, B_3DES, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1064	add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", 0x000a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1065	K_RSA, B_3DES, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1066	add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC003, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1067	K_ECDH_ECDSA, B_3DES, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1068	add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 0xC00D, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1069	K_ECDH_RSA, B_3DES, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1070	add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 0x0016, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1071	K_DHE_RSA, B_3DES, M_SHA, T);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1072	add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 0x0013, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1073	K_DHE_DSS, B_3DES, M_SHA, N);
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1074
27722 0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list xuelei parents: 25859 diff changeset	1075	// RC-4
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1076	add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 0xC007, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1077	K_ECDHE_ECDSA, B_RC4_128, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1078	add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", 0xC011, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1079	K_ECDHE_RSA, B_RC4_128, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1080	add("SSL_RSA_WITH_RC4_128_SHA", 0x0005, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1081	K_RSA, B_RC4_128, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1082	add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 0xC002, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1083	K_ECDH_ECDSA, B_RC4_128, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1084	add("TLS_ECDH_RSA_WITH_RC4_128_SHA", 0xC00C, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1085	K_ECDH_RSA, B_RC4_128, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1086	add("SSL_RSA_WITH_RC4_128_MD5", 0x0004, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1087	K_RSA, B_RC4_128, M_MD5, N);
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1088
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1089	// Renegotiation protection request Signalling Cipher Suite Value (SCSV)
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1090	add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0x00ff, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1091	K_SCSV, B_NULL, M_NULL, T);
2 90ce3da70b43 Initial load duke parents: diff changeset	1092
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1093	/*
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1094	* Definition of the CipherSuites that are supported but not enabled
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1095	* by default.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1096	* They are listed in preference order, preferred first, using the
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1097	* following criteria:
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1098	* 1. CipherSuites for KRB5 need additional KRB5 service
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1099	* configuration, and these suites are not common in practice,
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1100	* so we put KRB5 based cipher suites at the end of the supported
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1101	* list.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1102	* 2. If a cipher suite has been obsoleted, we put it at the end of
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1103	* the list.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1104	* 3. Prefer the stronger bulk cipher, in the order of AES_256,
27722 0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list xuelei parents: 25859 diff changeset	1105	* AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1106	* 4. Prefer the stronger MAC algorithm, in the order of SHA384,
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1107	* SHA256, SHA, MD5.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1108	* 5. Prefer the better performance of key exchange and digital
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1109	* signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1110	* RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1111	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	1112	p = DEFAULT_SUITES_PRIORITY;
90ce3da70b43 Initial load duke parents: diff changeset	1113
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1114	add("TLS_DH_anon_WITH_AES_256_GCM_SHA384", 0x00a7, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1115	K_DH_ANON, B_AES_256_GCM, M_NULL, N, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1116	add("TLS_DH_anon_WITH_AES_128_GCM_SHA256", 0x00a6, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1117	K_DH_ANON, B_AES_128_GCM, M_NULL, N, max, tls12, P_SHA256);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1118
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1119	add("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x006d, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1120	K_DH_ANON, B_AES_256, M_SHA256, N, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1121	add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 0xC019, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1122	K_ECDH_ANON, B_AES_256, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1123	add("TLS_DH_anon_WITH_AES_256_CBC_SHA", 0x003a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1124	K_DH_ANON, B_AES_256, M_SHA, N);
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1125
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1126	add("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x006c, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1127	K_DH_ANON, B_AES_128, M_SHA256, N, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1128	add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 0xC018, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1129	K_ECDH_ANON, B_AES_128, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1130	add("TLS_DH_anon_WITH_AES_128_CBC_SHA", 0x0034, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1131	K_DH_ANON, B_AES_128, M_SHA, N);
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1132
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1133	add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 0xC017, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1134	K_ECDH_ANON, B_3DES, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1135	add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 0x001b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1136	K_DH_ANON, B_3DES, M_SHA, N);
27722 0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list xuelei parents: 25859 diff changeset	1137
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1138	add("TLS_ECDH_anon_WITH_RC4_128_SHA", 0xC016, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1139	K_ECDH_ANON, B_RC4_128, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1140	add("SSL_DH_anon_WITH_RC4_128_MD5", 0x0018, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1141	K_DH_ANON, B_RC4_128, M_MD5, N);
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1142
27722 0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list xuelei parents: 25859 diff changeset	1143	// weak cipher suites obsoleted in TLS 1.2
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1144	add("SSL_RSA_WITH_DES_CBC_SHA", 0x0009, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1145	K_RSA, B_DES, M_SHA, N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1146	add("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0015, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1147	K_DHE_RSA, B_DES, M_SHA, N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1148	add("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0012, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1149	K_DHE_DSS, B_DES, M_SHA, N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1150	add("SSL_DH_anon_WITH_DES_CBC_SHA", 0x001a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1151	K_DH_ANON, B_DES, M_SHA, N, tls12);
27722 0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list xuelei parents: 25859 diff changeset	1152
0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list xuelei parents: 25859 diff changeset	1153	// weak cipher suites obsoleted in TLS 1.1
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1154	add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0008, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1155	K_RSA_EXPORT, B_DES_40, M_SHA, N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1156	add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0014, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1157	K_DHE_RSA, B_DES_40, M_SHA, N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1158	add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0011, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1159	K_DHE_DSS, B_DES_40, M_SHA, N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1160	add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0019, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1161	K_DH_ANON, B_DES_40, M_SHA, N, tls11);
27722 0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list xuelei parents: 25859 diff changeset	1162
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1163	add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0003, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1164	K_RSA_EXPORT, B_RC4_40, M_MD5, N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1165	add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0017, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1166	K_DH_ANON, B_RC4_40, M_MD5, N, tls11);
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1167
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1168	add("TLS_RSA_WITH_NULL_SHA256", 0x003b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1169	K_RSA, B_NULL, M_SHA256, N, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1170	add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", 0xC006, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1171	K_ECDHE_ECDSA, B_NULL, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1172	add("TLS_ECDHE_RSA_WITH_NULL_SHA", 0xC010, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1173	K_ECDHE_RSA, B_NULL, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1174	add("SSL_RSA_WITH_NULL_SHA", 0x0002, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1175	K_RSA, B_NULL, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1176	add("TLS_ECDH_ECDSA_WITH_NULL_SHA", 0xC001, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1177	K_ECDH_ECDSA, B_NULL, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1178	add("TLS_ECDH_RSA_WITH_NULL_SHA", 0xC00B, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1179	K_ECDH_RSA, B_NULL, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1180	add("TLS_ECDH_anon_WITH_NULL_SHA", 0xC015, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1181	K_ECDH_ANON, B_NULL, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1182	add("SSL_RSA_WITH_NULL_MD5", 0x0001, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1183	K_RSA, B_NULL, M_MD5, N);
7807 d026f4f9c119 6996365: Evaluate the priorities of cipher suites xuelei parents: 7043 diff changeset	1184
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1185	// Supported Kerberos ciphersuites from RFC2712
29488 1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1186	add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001f, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1187	K_KRB5, B_3DES, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1188	add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1189	K_KRB5, B_3DES, M_MD5, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1190	add("TLS_KRB5_WITH_RC4_128_SHA", 0x0020, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1191	K_KRB5, B_RC4_128, M_SHA, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1192	add("TLS_KRB5_WITH_RC4_128_MD5", 0x0024, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1193	K_KRB5, B_RC4_128, M_MD5, N);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1194	add("TLS_KRB5_WITH_DES_CBC_SHA", 0x001e, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1195	K_KRB5, B_DES, M_SHA, N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1196	add("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1197	K_KRB5, B_DES, M_MD5, N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1198	add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1199	K_KRB5_EXPORT, B_DES_40, M_SHA, N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1200	add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1201	K_KRB5_EXPORT, B_DES_40, M_MD5, N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1202	add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1203	K_KRB5_EXPORT, B_RC4_40, M_SHA, N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1204	add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum jnimeh parents: 27722 diff changeset	1205	K_KRB5_EXPORT, B_RC4_40, M_MD5, N, tls11);
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1206
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1207	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1208	* Other values from the TLS Cipher Suite Registry, as of August 2010.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1209	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1210	* http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1211	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1212	* Range Registration Procedures Notes
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1213	* 000-191 Standards Action Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1214	* 192-254 Specification Required Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1215	* 255 Reserved for Private Use Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1216	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	1217
90ce3da70b43 Initial load duke parents: diff changeset	1218	// Register the names of a few additional CipherSuites.
90ce3da70b43 Initial load duke parents: diff changeset	1219	// Makes them show up as names instead of numbers in
90ce3da70b43 Initial load duke parents: diff changeset	1220	// the debug output.
90ce3da70b43 Initial load duke parents: diff changeset	1221
90ce3da70b43 Initial load duke parents: diff changeset	1222	// remaining unsupported ciphersuites defined in RFC2246.
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1223	add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1224	add("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1225	add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1226	add("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1227	add("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1228	add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1229	add("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1230	add("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010);
2 90ce3da70b43 Initial load duke parents: diff changeset	1231
90ce3da70b43 Initial load duke parents: diff changeset	1232	// SSL 3.0 Fortezza ciphersuites
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1233	add("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1234	add("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d);
2 90ce3da70b43 Initial load duke parents: diff changeset	1235
90ce3da70b43 Initial load duke parents: diff changeset	1236	// 1024/56 bit exportable ciphersuites from expired internet draft
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1237	add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1238	add("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1239	add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1240	add("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1241	add("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066);
2 90ce3da70b43 Initial load duke parents: diff changeset	1242
90ce3da70b43 Initial load duke parents: diff changeset	1243	// Netscape old and new SSL 3.0 FIPS ciphersuites
90ce3da70b43 Initial load duke parents: diff changeset	1244	// see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1245	add("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1246	add("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1247	add("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1248	add("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff);
2 90ce3da70b43 Initial load duke parents: diff changeset	1249
90ce3da70b43 Initial load duke parents: diff changeset	1250	// Unsupported Kerberos cipher suites from RFC 2712
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1251	add("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1252	add("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1253	add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1254	add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1255
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1256	// Unsupported cipher suites from RFC 4162
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1257	add("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1258	add("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1259	add("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1260	add("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1261	add("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1262	add("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1263
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1264	// Unsupported cipher suites from RFC 4279
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1265	add("TLS_PSK_WITH_RC4_128_SHA", 0x008a);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1266	add("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1267	add("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1268	add("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1269	add("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1270	add("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1271	add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1272	add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1273	add("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1274	add("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1275	add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1276	add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1277
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1278	// Unsupported cipher suites from RFC 4785
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1279	add("TLS_PSK_WITH_NULL_SHA", 0x002c);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1280	add("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1281	add("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1282
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1283	// Unsupported cipher suites from RFC 5246
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1284	add("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1285	add("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1286	add("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1287	add("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1288	add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1289	add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1290	add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1291	add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1292
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1293	// Unsupported cipher suites from RFC 5288
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1294	add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1295	add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1296	add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1297	add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5);
2 90ce3da70b43 Initial load duke parents: diff changeset	1298
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1299	// Unsupported cipher suites from RFC 5487
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1300	add("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1301	add("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1302	add("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1303	add("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1304	add("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1305	add("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1306	add("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1307	add("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1308	add("TLS_PSK_WITH_NULL_SHA256", 0x00b0);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1309	add("TLS_PSK_WITH_NULL_SHA384", 0x00b1);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1310	add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1311	add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1312	add("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1313	add("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1314	add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1315	add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1316	add("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1317	add("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1318
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1319	// Unsupported cipher suites from RFC 5932
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1320	add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1321	add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1322	add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1323	add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1324	add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1325	add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1326	add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1327	add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1328	add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1329	add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1330	add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1331	add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1332	add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1333	add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1334	add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1335	add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1336	add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1337	add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1338	add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1339	add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1340	add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1341	add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1342	add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1343	add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1344
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1345	// Unsupported cipher suites from RFC 5054
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1346	add("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1347	add("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1348	add("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1349	add("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1350	add("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1351	add("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1352	add("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1353	add("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1354	add("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1355
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1356	// Unsupported cipher suites from RFC 5489
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1357	add("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1358	add("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1359	add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1360	add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1361	add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1362	add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1363	add("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1364	add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1365	add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b);
2 90ce3da70b43 Initial load duke parents: diff changeset	1366	}
90ce3da70b43 Initial load duke parents: diff changeset	1367
90ce3da70b43 Initial load duke parents: diff changeset	1368	// ciphersuite SSL_NULL_WITH_NULL_NULL
90ce3da70b43 Initial load duke parents: diff changeset	1369	final static CipherSuite C_NULL = CipherSuite.valueOf(0, 0);
90ce3da70b43 Initial load duke parents: diff changeset	1370
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1371	// ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1372	final static CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff);
2 90ce3da70b43 Initial load duke parents: diff changeset	1373	}

author	jnimeh
	Sat, 14 Mar 2015 09:38:52 -0700
changeset 29488	1f25b971e59a
parent 27722	0fb5bf040fd0
child 30904	ec0224270f90
permissions	-rw-r--r--