jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
author vinnie
Wed, 02 Dec 2015 03:37:29 +0000
changeset 34380 2b2609379881
parent 33236 e4c383318c28
child 34826 4bbdce2630f8
permissions -rw-r--r--
8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension Reviewed-by: wetmore, xuelei, mullan, coffeys
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     1
/*
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
     2
 * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     4
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load
duke
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4236
diff changeset
     7
 * published by the Free Software Foundation.  Oracle designates this
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     8
 * particular file as subject to the "Classpath" exception as provided
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4236
diff changeset
     9
 * by Oracle in the LICENSE file that accompanied this code.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    10
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    11
 * This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load
duke
parents:
diff changeset
    12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
90ce3da70b43 Initial load
duke
parents:
diff changeset
    14
 * version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    15
 * accompanied this code).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    16
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    17
 * You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load
duke
parents:
diff changeset
    18
 * 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    20
 *
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4236
diff changeset
    21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4236
diff changeset
    22
 * or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4236
diff changeset
    23
 * questions.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    24
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    25
90ce3da70b43 Initial load
duke
parents:
diff changeset
    26
90ce3da70b43 Initial load
duke
parents:
diff changeset
    27
package sun.security.ssl;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    28
90ce3da70b43 Initial load
duke
parents:
diff changeset
    29
import java.util.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    30
90ce3da70b43 Initial load
duke
parents:
diff changeset
    31
import java.security.NoSuchAlgorithmException;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    32
import java.security.InvalidKeyException;
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
    33
import java.security.SecureRandom;
11904
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
    34
import java.security.KeyManagementException;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    35
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
    36
import javax.crypto.Cipher;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    37
import javax.crypto.SecretKey;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    38
import javax.crypto.spec.IvParameterSpec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    39
import javax.crypto.spec.SecretKeySpec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    40
90ce3da70b43 Initial load
duke
parents:
diff changeset
    41
import static sun.security.ssl.CipherSuite.KeyExchange.*;
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
    42
import static sun.security.ssl.CipherSuite.PRF.*;
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
    43
import static sun.security.ssl.CipherSuite.CipherType.*;
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
    44
import static sun.security.ssl.CipherSuite.MacAlg.*;
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
    45
import static sun.security.ssl.CipherSuite.BulkCipher.*;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    46
import static sun.security.ssl.JsseJce.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    47
90ce3da70b43 Initial load
duke
parents:
diff changeset
    48
/**
90ce3da70b43 Initial load
duke
parents:
diff changeset
    49
 * An SSL/TLS CipherSuite. Constants for the standard key exchange, cipher,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    50
 * and mac algorithms are also defined in this class.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    51
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    52
 * The CipherSuite class and the inner classes defined in this file roughly
90ce3da70b43 Initial load
duke
parents:
diff changeset
    53
 * follow the type safe enum pattern described in Effective Java. This means:
90ce3da70b43 Initial load
duke
parents:
diff changeset
    54
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    55
 *  . instances are immutable, classes are final
90ce3da70b43 Initial load
duke
parents:
diff changeset
    56
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    57
 *  . there is a unique instance of every value, i.e. there are never two
90ce3da70b43 Initial load
duke
parents:
diff changeset
    58
 *    instances representing the same CipherSuite, etc. This means equality
90ce3da70b43 Initial load
duke
parents:
diff changeset
    59
 *    tests can be performed using == instead of equals() (although that works
90ce3da70b43 Initial load
duke
parents:
diff changeset
    60
 *    as well). [A minor exception are *unsupported* CipherSuites read from a
90ce3da70b43 Initial load
duke
parents:
diff changeset
    61
 *    handshake message, but this is usually irrelevant]
90ce3da70b43 Initial load
duke
parents:
diff changeset
    62
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    63
 *  . instances are obtained using the static valueOf() factory methods.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    64
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    65
 *  . properties are defined as final variables and made available as
90ce3da70b43 Initial load
duke
parents:
diff changeset
    66
 *    package private variables without method accessors
90ce3da70b43 Initial load
duke
parents:
diff changeset
    67
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    68
 *  . if the member variable allowed is false, the given algorithm is either
90ce3da70b43 Initial load
duke
parents:
diff changeset
    69
 *    unavailable or disabled at compile time
90ce3da70b43 Initial load
duke
parents:
diff changeset
    70
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    71
 */
10336
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents: 9035
diff changeset
    72
final class CipherSuite implements Comparable<CipherSuite> {
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    73
90ce3da70b43 Initial load
duke
parents:
diff changeset
    74
    // minimum priority for supported CipherSuites
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
    75
    static final int SUPPORTED_SUITES_PRIORITY = 1;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    76
90ce3da70b43 Initial load
duke
parents:
diff changeset
    77
    // minimum priority for default enabled CipherSuites
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
    78
    static final int DEFAULT_SUITES_PRIORITY = 300;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    79
90ce3da70b43 Initial load
duke
parents:
diff changeset
    80
    // Flag indicating if CipherSuite availability can change dynamically.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    81
    // This is the case when we rely on a JCE cipher implementation that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    82
    // may not be available in the installed JCE providers.
4236
02f52c723b79 6894643: Separate out dependency on Kerberos
vinnie
parents: 3957
diff changeset
    83
    // It is true because we might not have an ECC implementation.
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
    84
    static final boolean DYNAMIC_AVAILABILITY = true;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    85
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
    86
    private static final boolean ALLOW_ECC = Debug.getBooleanProperty
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    87
        ("com.sun.net.ssl.enableECC", true);
90ce3da70b43 Initial load
duke
parents:
diff changeset
    88
90ce3da70b43 Initial load
duke
parents:
diff changeset
    89
    // Map Integer(id) -> CipherSuite
90ce3da70b43 Initial load
duke
parents:
diff changeset
    90
    // contains all known CipherSuites
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
    91
    private static final Map<Integer,CipherSuite> idMap;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    92
90ce3da70b43 Initial load
duke
parents:
diff changeset
    93
    // Map String(name) -> CipherSuite
90ce3da70b43 Initial load
duke
parents:
diff changeset
    94
    // contains only supported CipherSuites (i.e. allowed == true)
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
    95
    private static final Map<String,CipherSuite> nameMap;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    96
90ce3da70b43 Initial load
duke
parents:
diff changeset
    97
    // Protocol defined CipherSuite name, e.g. SSL_RSA_WITH_RC4_128_MD5
90ce3da70b43 Initial load
duke
parents:
diff changeset
    98
    // we use TLS_* only for new CipherSuites, still SSL_* for old ones
90ce3da70b43 Initial load
duke
parents:
diff changeset
    99
    final String name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   100
90ce3da70b43 Initial load
duke
parents:
diff changeset
   101
    // id in 16 bit MSB format, i.e. 0x0004 for SSL_RSA_WITH_RC4_128_MD5
90ce3da70b43 Initial load
duke
parents:
diff changeset
   102
    final int id;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   103
90ce3da70b43 Initial load
duke
parents:
diff changeset
   104
    // priority for the internal default preference order. the higher the
90ce3da70b43 Initial load
duke
parents:
diff changeset
   105
    // better. Each supported CipherSuite *must* have a unique priority.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   106
    // Ciphersuites with priority >= DEFAULT_SUITES_PRIORITY are enabled
90ce3da70b43 Initial load
duke
parents:
diff changeset
   107
    // by default
90ce3da70b43 Initial load
duke
parents:
diff changeset
   108
    final int priority;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   109
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   110
    // key exchange, bulk cipher, mac and prf algorithms. See those
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   111
    // classes below.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   112
    final KeyExchange keyExchange;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   113
    final BulkCipher cipher;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   114
    final MacAlg macAlg;
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   115
    final PRF prfAlg;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   116
90ce3da70b43 Initial load
duke
parents:
diff changeset
   117
    // whether a CipherSuite qualifies as exportable under 512/40 bit rules.
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   118
    // TLS 1.1+ (RFC 4346) must not negotiate to these suites.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   119
    final boolean exportable;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   120
90ce3da70b43 Initial load
duke
parents:
diff changeset
   121
    // true iff implemented and enabled at compile time
90ce3da70b43 Initial load
duke
parents:
diff changeset
   122
    final boolean allowed;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   123
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   124
    // obsoleted since protocol version
30904
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   125
    //
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   126
    // TLS version is used.  If checking DTLS versions, please map to
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   127
    // TLS version firstly.  See ProtocolVersion.mapToTLSProtocol().
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   128
    final int obsoleted;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   129
30904
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   130
    // supported since protocol version (TLS version is used)
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   131
    //
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   132
    // TLS version is used.  If checking DTLS versions, please map to
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   133
    // TLS version firstly.  See ProtocolVersion.mapToTLSProtocol().
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   134
    final int supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   135
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   136
    /**
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   137
     * Constructor for implemented CipherSuites.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   138
     */
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   139
    private CipherSuite(String name, int id, int priority,
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   140
            KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   141
            boolean allowed, int obsoleted, int supported, PRF prfAlg) {
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   142
        this.name = name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   143
        this.id = id;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   144
        this.priority = priority;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   145
        this.keyExchange = keyExchange;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   146
        this.cipher = cipher;
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   147
        this.macAlg = mac;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   148
        this.exportable = cipher.exportable;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   149
        allowed &= keyExchange.allowed;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   150
        allowed &= cipher.allowed;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   151
        this.allowed = allowed;
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   152
        this.obsoleted = obsoleted;
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   153
        this.supported = supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   154
        this.prfAlg = prfAlg;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   155
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   156
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   157
    /**
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   158
     * Constructor for unimplemented CipherSuites.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   159
     */
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   160
    private CipherSuite(String name, int id) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   161
        this.name = name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   162
        this.id = id;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   163
        this.allowed = false;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   164
90ce3da70b43 Initial load
duke
parents:
diff changeset
   165
        this.priority = 0;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   166
        this.keyExchange = null;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   167
        this.cipher = null;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   168
        this.macAlg = null;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   169
        this.exportable = false;
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   170
        this.obsoleted = ProtocolVersion.LIMIT_MAX_VALUE;
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   171
        this.supported = ProtocolVersion.LIMIT_MIN_VALUE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   172
        this.prfAlg = P_NONE;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   173
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   174
90ce3da70b43 Initial load
duke
parents:
diff changeset
   175
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   176
     * Return whether this CipherSuite is available for use. A
90ce3da70b43 Initial load
duke
parents:
diff changeset
   177
     * CipherSuite may be unavailable even if it is supported
90ce3da70b43 Initial load
duke
parents:
diff changeset
   178
     * (i.e. allowed == true) if the required JCE cipher is not installed.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   179
     * In some configuration, this situation may change over time, call
90ce3da70b43 Initial load
duke
parents:
diff changeset
   180
     * CipherSuiteList.clearAvailableCache() before this method to obtain
90ce3da70b43 Initial load
duke
parents:
diff changeset
   181
     * the most current status.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   182
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   183
    boolean isAvailable() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   184
        return allowed && keyExchange.isAvailable() && cipher.isAvailable();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   185
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   186
6856
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
   187
    boolean isNegotiable() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
   188
        return this != C_SCSV && isAvailable();
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
   189
    }
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
   190
30904
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   191
    // See also CipherBox.calculatePacketSize().
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   192
    int calculatePacketSize(int fragmentSize,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   193
            ProtocolVersion protocolVersion, boolean isDTLS) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   194
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   195
        int packetSize = fragmentSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   196
        if (cipher != B_NULL) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   197
            int blockSize = cipher.ivSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   198
            switch (cipher.cipherType) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   199
                case BLOCK_CIPHER:
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   200
                    packetSize += macAlg.size;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   201
                    packetSize += 1;        // 1 byte padding length field
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   202
                    packetSize +=           // use the minimal padding
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   203
                            (blockSize - (packetSize % blockSize)) % blockSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   204
                    if (protocolVersion.useTLS11PlusSpec()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   205
                        packetSize += blockSize;        // explicit IV
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   206
                    }
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   207
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   208
                    break;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   209
            case AEAD_CIPHER:
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   210
                packetSize += cipher.ivSize - cipher.fixedIvSize;   // record IV
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   211
                packetSize += cipher.tagSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   212
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   213
                break;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   214
            default:    // NULL_CIPHER or STREAM_CIPHER
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   215
                packetSize += macAlg.size;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   216
            }
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   217
        }
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   218
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   219
        return packetSize +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   220
            (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   221
    }
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   222
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   223
    // See also CipherBox.calculateFragmentSize().
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   224
    int calculateFragSize(int packetLimit,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   225
            ProtocolVersion protocolVersion, boolean isDTLS) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   226
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   227
        int fragSize = packetLimit -
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   228
                (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   229
        if (cipher != B_NULL) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   230
            int blockSize = cipher.ivSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   231
            switch (cipher.cipherType) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   232
            case BLOCK_CIPHER:
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   233
                if (protocolVersion.useTLS11PlusSpec()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   234
                    fragSize -= blockSize;              // explicit IV
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   235
                }
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   236
                fragSize -= (fragSize % blockSize);     // cannot hold a block
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   237
                // No padding for a maximum fragment.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   238
                fragSize -= 1;        // 1 byte padding length field: 0x00
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   239
                fragSize -= macAlg.size;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   240
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   241
                break;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   242
            case AEAD_CIPHER:
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   243
                fragSize -= cipher.tagSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   244
                fragSize -= cipher.ivSize - cipher.fixedIvSize;     // record IV
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   245
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   246
                break;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   247
            default:    // NULL_CIPHER or STREAM_CIPHER
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   248
                fragSize -= macAlg.size;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   249
            }
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   250
        }
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   251
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   252
        return fragSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   253
    }
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   254
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   255
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   256
     * Compares CipherSuites based on their priority. Has the effect of
90ce3da70b43 Initial load
duke
parents:
diff changeset
   257
     * sorting CipherSuites when put in a sorted collection, which is
90ce3da70b43 Initial load
duke
parents:
diff changeset
   258
     * used by CipherSuiteList. Follows standard Comparable contract.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   259
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   260
     * Note that for unsupported CipherSuites parsed from a handshake
90ce3da70b43 Initial load
duke
parents:
diff changeset
   261
     * message we violate the equals() contract.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   262
     */
14664
e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents: 11904
diff changeset
   263
    @Override
10336
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents: 9035
diff changeset
   264
    public int compareTo(CipherSuite o) {
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents: 9035
diff changeset
   265
        return o.priority - priority;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   266
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   267
90ce3da70b43 Initial load
duke
parents:
diff changeset
   268
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   269
     * Returns this.name.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   270
     */
14664
e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents: 11904
diff changeset
   271
    @Override
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   272
    public String toString() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   273
        return name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   274
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   275
90ce3da70b43 Initial load
duke
parents:
diff changeset
   276
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   277
     * Return a CipherSuite for the given name. The returned CipherSuite
90ce3da70b43 Initial load
duke
parents:
diff changeset
   278
     * is supported by this implementation but may not actually be
90ce3da70b43 Initial load
duke
parents:
diff changeset
   279
     * currently useable. See isAvailable().
90ce3da70b43 Initial load
duke
parents:
diff changeset
   280
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   281
     * @exception IllegalArgumentException if the CipherSuite is unknown or
90ce3da70b43 Initial load
duke
parents:
diff changeset
   282
     * unsupported.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   283
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   284
    static CipherSuite valueOf(String s) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   285
        if (s == null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   286
            throw new IllegalArgumentException("Name must not be null");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   287
        }
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   288
51
6fe31bc95bbc 6600143: Remove another 450 unnecessary casts
martin
parents: 2
diff changeset
   289
        CipherSuite c = nameMap.get(s);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   290
        if ((c == null) || (c.allowed == false)) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   291
            throw new IllegalArgumentException("Unsupported ciphersuite " + s);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   292
        }
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   293
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   294
        return c;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   295
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   296
90ce3da70b43 Initial load
duke
parents:
diff changeset
   297
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   298
     * Return a CipherSuite with the given ID. A temporary object is
90ce3da70b43 Initial load
duke
parents:
diff changeset
   299
     * constructed if the ID is unknown. Use isAvailable() to verify that
90ce3da70b43 Initial load
duke
parents:
diff changeset
   300
     * the CipherSuite can actually be used.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   301
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   302
    static CipherSuite valueOf(int id1, int id2) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   303
        id1 &= 0xff;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   304
        id2 &= 0xff;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   305
        int id = (id1 << 8) | id2;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   306
        CipherSuite c = idMap.get(id);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   307
        if (c == null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   308
            String h1 = Integer.toString(id1, 16);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   309
            String h2 = Integer.toString(id2, 16);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   310
            c = new CipherSuite("Unknown 0x" + h1 + ":0x" + h2, id);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   311
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   312
        return c;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   313
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   314
30904
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   315
    // for use by SSLContextImpl only
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   316
    static Collection<CipherSuite> allowedCipherSuites() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   317
        return nameMap.values();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   318
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   319
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   320
    /*
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   321
     * Use this method when all of the values need to be specified.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   322
     * This is primarily used when defining a new ciphersuite for
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   323
     * TLS 1.2+ that doesn't use the "default" PRF.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   324
     */
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   325
    private static void add(String name, int id, int priority,
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   326
            KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   327
            boolean allowed, int obsoleted, int supported, PRF prf) {
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   328
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   329
        CipherSuite c = new CipherSuite(name, id, priority, keyExchange,
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   330
            cipher, mac, allowed, obsoleted, supported, prf);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   331
        if (idMap.put(id, c) != null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   332
            throw new RuntimeException("Duplicate ciphersuite definition: "
90ce3da70b43 Initial load
duke
parents:
diff changeset
   333
                                        + id + ", " + name);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   334
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   335
        if (c.allowed) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   336
            if (nameMap.put(name, c) != null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   337
                throw new RuntimeException("Duplicate ciphersuite definition: "
90ce3da70b43 Initial load
duke
parents:
diff changeset
   338
                                            + id + ", " + name);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   339
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   340
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   341
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   342
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   343
    /*
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   344
     * Use this method when there is no lower protocol limit where this
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   345
     * suite can be used, and the PRF is P_SHA256.  That is, the
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   346
     * existing ciphersuites.  From RFC 5246:
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   347
     *
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   348
     *     All cipher suites in this document use P_SHA256.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   349
     */
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   350
    private static void add(String name, int id, int priority,
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   351
            KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   352
            boolean allowed, int obsoleted) {
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   353
        PRF prf = obsoleted < ProtocolVersion.TLS12.v ? P_NONE : P_SHA256;
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   354
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   355
        add(name, id, priority, keyExchange, cipher, mac, allowed, obsoleted,
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   356
            ProtocolVersion.LIMIT_MIN_VALUE, prf);
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   357
    }
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   358
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   359
    /*
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   360
     * Use this method when there is no upper protocol limit.  That is,
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   361
     * suites which have not been obsoleted.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   362
     */
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   363
    private static void add(String name, int id, int priority,
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   364
            KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   365
            boolean allowed) {
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   366
        add(name, id, priority, keyExchange, cipher, mac, allowed,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   367
                ProtocolVersion.LIMIT_MAX_VALUE);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   368
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   369
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   370
    /*
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   371
     * Use this method to define an unimplemented suite.  This provides
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   372
     * a number<->name mapping that can be used for debugging.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   373
     */
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   374
    private static void add(String name, int id) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   375
        CipherSuite c = new CipherSuite(name, id);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   376
        if (idMap.put(id, c) != null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   377
            throw new RuntimeException("Duplicate ciphersuite definition: "
90ce3da70b43 Initial load
duke
parents:
diff changeset
   378
                                        + id + ", " + name);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   379
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   380
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   381
90ce3da70b43 Initial load
duke
parents:
diff changeset
   382
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   383
     * An SSL/TLS key exchange algorithm.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   384
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   385
    static enum KeyExchange {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   386
90ce3da70b43 Initial load
duke
parents:
diff changeset
   387
        // key exchange algorithms
90ce3da70b43 Initial load
duke
parents:
diff changeset
   388
        K_NULL       ("NULL",       false),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   389
        K_RSA        ("RSA",        true),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   390
        K_RSA_EXPORT ("RSA_EXPORT", true),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   391
        K_DH_RSA     ("DH_RSA",     false),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   392
        K_DH_DSS     ("DH_DSS",     false),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   393
        K_DHE_DSS    ("DHE_DSS",    true),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   394
        K_DHE_RSA    ("DHE_RSA",    true),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   395
        K_DH_ANON    ("DH_anon",    true),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   396
90ce3da70b43 Initial load
duke
parents:
diff changeset
   397
        K_ECDH_ECDSA ("ECDH_ECDSA",  ALLOW_ECC),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   398
        K_ECDH_RSA   ("ECDH_RSA",    ALLOW_ECC),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   399
        K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   400
        K_ECDHE_RSA  ("ECDHE_RSA",   ALLOW_ECC),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   401
        K_ECDH_ANON  ("ECDH_anon",   ALLOW_ECC),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   402
90ce3da70b43 Initial load
duke
parents:
diff changeset
   403
        // Kerberos cipher suites
90ce3da70b43 Initial load
duke
parents:
diff changeset
   404
        K_KRB5       ("KRB5", true),
6856
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
   405
        K_KRB5_EXPORT("KRB5_EXPORT", true),
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
   406
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
   407
        // renegotiation protection request signaling cipher suite
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
   408
        K_SCSV       ("SCSV",        true);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   409
90ce3da70b43 Initial load
duke
parents:
diff changeset
   410
        // name of the key exchange algorithm, e.g. DHE_DSS
90ce3da70b43 Initial load
duke
parents:
diff changeset
   411
        final String name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   412
        final boolean allowed;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   413
        private final boolean alwaysAvailable;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   414
90ce3da70b43 Initial load
duke
parents:
diff changeset
   415
        KeyExchange(String name, boolean allowed) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   416
            this.name = name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   417
            this.allowed = allowed;
3957
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   418
            this.alwaysAvailable = allowed &&
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   419
                (!name.startsWith("EC")) && (!name.startsWith("KRB"));
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   420
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   421
90ce3da70b43 Initial load
duke
parents:
diff changeset
   422
        boolean isAvailable() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   423
            if (alwaysAvailable) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   424
                return true;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   425
            }
3957
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   426
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   427
            if (name.startsWith("EC")) {
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   428
                return (allowed && JsseJce.isEcAvailable());
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   429
            } else if (name.startsWith("KRB")) {
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   430
                return (allowed && JsseJce.isKerberosAvailable());
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   431
            } else {
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   432
                return allowed;
c8fdb8fad795 6885204: JSSE should not require Kerberos to be present
vinnie
parents: 715
diff changeset
   433
            }
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   434
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   435
14664
e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents: 11904
diff changeset
   436
        @Override
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   437
        public String toString() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   438
            return name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   439
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   440
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   441
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   442
    static enum CipherType {
30904
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   443
        NULL_CIPHER,           // null cipher
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   444
        STREAM_CIPHER,         // stream cipher
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   445
        BLOCK_CIPHER,          // block cipher in CBC mode
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   446
        AEAD_CIPHER            // AEAD cipher
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   447
    }
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   448
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   449
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   450
     * An SSL/TLS bulk cipher algorithm. One instance per combination of
90ce3da70b43 Initial load
duke
parents:
diff changeset
   451
     * cipher and key length.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   452
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   453
     * Also contains a factory method to obtain in initialized CipherBox
90ce3da70b43 Initial load
duke
parents:
diff changeset
   454
     * for this algorithm.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   455
     */
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   456
    static enum BulkCipher {
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   457
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   458
        // export strength ciphers
30904
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   459
        B_NULL("NULL", NULL_CIPHER, 0, 0, 0, 0, true),
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   460
        B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   461
        B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   462
        B_DES_40(CIPHER_DES,  BLOCK_CIPHER, 5, 8, 8, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   463
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   464
        // domestic strength ciphers
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   465
        B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   466
        B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   467
        B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   468
        B_IDEA("IDEA", BLOCK_CIPHER, 16, 8, 0, false),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   469
        B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   470
        B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   471
        B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   472
        B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   473
90ce3da70b43 Initial load
duke
parents:
diff changeset
   474
        // Map BulkCipher -> Boolean(available)
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
   475
        private static final Map<BulkCipher,Boolean> availableCache =
7990
57019dc81b66 7012003: diamond conversion for ssl
smarks
parents: 7807
diff changeset
   476
                                            new HashMap<>(8);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   477
90ce3da70b43 Initial load
duke
parents:
diff changeset
   478
        // descriptive name including key size, e.g. AES/128
90ce3da70b43 Initial load
duke
parents:
diff changeset
   479
        final String description;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   480
90ce3da70b43 Initial load
duke
parents:
diff changeset
   481
        // JCE cipher transformation string, e.g. AES/CBC/NoPadding
90ce3da70b43 Initial load
duke
parents:
diff changeset
   482
        final String transformation;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   483
90ce3da70b43 Initial load
duke
parents:
diff changeset
   484
        // algorithm name, e.g. AES
90ce3da70b43 Initial load
duke
parents:
diff changeset
   485
        final String algorithm;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   486
90ce3da70b43 Initial load
duke
parents:
diff changeset
   487
        // supported and compile time enabled. Also see isAvailable()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   488
        final boolean allowed;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   489
90ce3da70b43 Initial load
duke
parents:
diff changeset
   490
        // number of bytes of entropy in the key
90ce3da70b43 Initial load
duke
parents:
diff changeset
   491
        final int keySize;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   492
90ce3da70b43 Initial load
duke
parents:
diff changeset
   493
        // length of the actual cipher key in bytes.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   494
        // for non-exportable ciphers, this is the same as keySize
90ce3da70b43 Initial load
duke
parents:
diff changeset
   495
        final int expandedKeySize;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   496
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   497
        // size of the IV
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   498
        final int ivSize;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   499
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   500
        // size of fixed IV
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   501
        //
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   502
        // record_iv_length = ivSize - fixedIvSize
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   503
        final int fixedIvSize;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   504
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   505
        // exportable under 512/40 bit rules
90ce3da70b43 Initial load
duke
parents:
diff changeset
   506
        final boolean exportable;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   507
10915
1e20964cebf3 7064341: jsse/runtime security problem
xuelei
parents: 9035
diff changeset
   508
        // Is the cipher algorithm of Cipher Block Chaining (CBC) mode?
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   509
        final CipherType cipherType;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   510
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   511
        // size of the authentication tag, only applicable to cipher suites in
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   512
        // Galois Counter Mode (GCM)
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   513
        //
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   514
        // As far as we know, all supported GCM cipher suites use 128-bits
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   515
        // authentication tags.
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   516
        final int tagSize = 16;
10915
1e20964cebf3 7064341: jsse/runtime security problem
xuelei
parents: 9035
diff changeset
   517
11904
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   518
        // The secure random used to detect the cipher availability.
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
   519
        private static final SecureRandom secureRandom;
11904
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   520
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   521
        static {
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   522
            try {
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   523
                secureRandom = JsseJce.getSecureRandom();
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   524
            } catch (KeyManagementException kme) {
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   525
                throw new RuntimeException(kme);
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   526
            }
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   527
        }
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   528
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   529
        BulkCipher(String transformation, CipherType cipherType, int keySize,
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   530
                int expandedKeySize, int ivSize,
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   531
                int fixedIvSize, boolean allowed) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   532
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   533
            this.transformation = transformation;
10915
1e20964cebf3 7064341: jsse/runtime security problem
xuelei
parents: 9035
diff changeset
   534
            String[] splits = transformation.split("/");
1e20964cebf3 7064341: jsse/runtime security problem
xuelei
parents: 9035
diff changeset
   535
            this.algorithm = splits[0];
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   536
            this.cipherType = cipherType;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   537
            this.description = this.algorithm + "/" + (keySize << 3);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   538
            this.keySize = keySize;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   539
            this.ivSize = ivSize;
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   540
            this.fixedIvSize = fixedIvSize;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   541
            this.allowed = allowed;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   542
90ce3da70b43 Initial load
duke
parents:
diff changeset
   543
            this.expandedKeySize = expandedKeySize;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   544
            this.exportable = true;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   545
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   546
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   547
        BulkCipher(String transformation, CipherType cipherType, int keySize,
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   548
                int ivSize, int fixedIvSize, boolean allowed) {
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   549
            this.transformation = transformation;
10915
1e20964cebf3 7064341: jsse/runtime security problem
xuelei
parents: 9035
diff changeset
   550
            String[] splits = transformation.split("/");
1e20964cebf3 7064341: jsse/runtime security problem
xuelei
parents: 9035
diff changeset
   551
            this.algorithm = splits[0];
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   552
            this.cipherType = cipherType;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   553
            this.description = this.algorithm + "/" + (keySize << 3);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   554
            this.keySize = keySize;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   555
            this.ivSize = ivSize;
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   556
            this.fixedIvSize = fixedIvSize;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   557
            this.allowed = allowed;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   558
90ce3da70b43 Initial load
duke
parents:
diff changeset
   559
            this.expandedKeySize = keySize;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   560
            this.exportable = false;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   561
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   562
90ce3da70b43 Initial load
duke
parents:
diff changeset
   563
        /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   564
         * Return an initialized CipherBox for this BulkCipher.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   565
         * IV must be null for stream ciphers.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   566
         *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   567
         * @exception NoSuchAlgorithmException if anything goes wrong
90ce3da70b43 Initial load
duke
parents:
diff changeset
   568
         */
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   569
        CipherBox newCipher(ProtocolVersion version, SecretKey key,
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   570
                IvParameterSpec iv, SecureRandom random,
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   571
                boolean encrypt) throws NoSuchAlgorithmException {
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   572
            return CipherBox.newCipherBox(version, this,
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   573
                                            key, iv, random, encrypt);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   574
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   575
90ce3da70b43 Initial load
duke
parents:
diff changeset
   576
        /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   577
         * Test if this bulk cipher is available. For use by CipherSuite.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   578
         *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   579
         * Currently all supported ciphers except AES are always available
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   580
         * via the JSSE internal implementations. We also assume AES/128 of
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   581
         * CBC mode is always available since it is shipped with the SunJCE
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   582
         * provider.  However, AES/256 is unavailable when the default JCE
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   583
         * policy jurisdiction files are installed because of key length
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   584
         * restrictions, and AEAD is unavailable when the underlying providers
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   585
         * do not support AEAD/GCM mode.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   586
         */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   587
        boolean isAvailable() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   588
            if (allowed == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   589
                return false;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   590
            }
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   591
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   592
            if ((this == B_AES_256) ||
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   593
                    (this.cipherType == CipherType.AEAD_CIPHER)) {
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   594
                return isAvailable(this);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   595
            }
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   596
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   597
            // always available
90ce3da70b43 Initial load
duke
parents:
diff changeset
   598
            return true;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   599
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   600
90ce3da70b43 Initial load
duke
parents:
diff changeset
   601
        // for use by CipherSuiteList.clearAvailableCache();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   602
        static synchronized void clearAvailableCache() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   603
            if (DYNAMIC_AVAILABILITY) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   604
                availableCache.clear();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   605
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   606
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   607
90ce3da70b43 Initial load
duke
parents:
diff changeset
   608
        private static synchronized boolean isAvailable(BulkCipher cipher) {
51
6fe31bc95bbc 6600143: Remove another 450 unnecessary casts
martin
parents: 2
diff changeset
   609
            Boolean b = availableCache.get(cipher);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   610
            if (b == null) {
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   611
                int keySizeInBits = cipher.keySize * 8;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   612
                if (keySizeInBits > 128) {    // need the JCE unlimited
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   613
                                               // strength jurisdiction policy
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   614
                    try {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   615
                        if (Cipher.getMaxAllowedKeyLength(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   616
                                cipher.transformation) < keySizeInBits) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   617
                            b = Boolean.FALSE;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   618
                        }
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   619
                    } catch (Exception e) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   620
                        b = Boolean.FALSE;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   621
                    }
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   622
                }
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   623
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   624
                if (b == null) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   625
                    b = Boolean.FALSE;          // may be reset to TRUE if
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   626
                                                // the cipher is available
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   627
                    CipherBox temporary = null;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   628
                    try {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   629
                        SecretKey key = new SecretKeySpec(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   630
                                            new byte[cipher.expandedKeySize],
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   631
                                            cipher.algorithm);
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   632
                        IvParameterSpec iv;
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   633
                        if (cipher.cipherType == CipherType.AEAD_CIPHER) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   634
                            iv = new IvParameterSpec(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   635
                                            new byte[cipher.fixedIvSize]);
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   636
                        } else {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   637
                            iv = new IvParameterSpec(new byte[cipher.ivSize]);
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   638
                        }
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   639
                        temporary = cipher.newCipher(
30904
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS)
xuelei
parents: 29488
diff changeset
   640
                                            ProtocolVersion.DEFAULT_TLS,
11904
f0eca4f34170 7145837: a little performance improvement on the usage of SecureRandom
xuelei
parents: 10917
diff changeset
   641
                                            key, iv, secureRandom, true);
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   642
                        b = temporary.isAvailable();
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   643
                    } catch (NoSuchAlgorithmException e) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   644
                        // not available
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   645
                    } finally {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   646
                        if (temporary != null) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   647
                            temporary.dispose();
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   648
                        }
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   649
                    }
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   650
                }
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   651
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   652
                availableCache.put(cipher, b);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   653
            }
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
   654
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   655
            return b.booleanValue();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   656
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   657
14664
e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents: 11904
diff changeset
   658
        @Override
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   659
        public String toString() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   660
            return description;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   661
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   662
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   663
90ce3da70b43 Initial load
duke
parents:
diff changeset
   664
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   665
     * An SSL/TLS key MAC algorithm.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   666
     *
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   667
     * Also contains a factory method to obtain an initialized MAC
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   668
     * for this algorithm.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   669
     */
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   670
    static enum MacAlg {
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   671
        // MACs
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   672
        M_NULL      ("NULL",     0,   0,   0),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   673
        M_MD5       ("MD5",     16,  64,   9),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   674
        M_SHA       ("SHA",     20,  64,   9),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   675
        M_SHA256    ("SHA256",  32,  64,   9),
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
   676
        M_SHA384    ("SHA384",  48, 128,  17);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   677
90ce3da70b43 Initial load
duke
parents:
diff changeset
   678
        // descriptive name, e.g. MD5
90ce3da70b43 Initial load
duke
parents:
diff changeset
   679
        final String name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   680
90ce3da70b43 Initial load
duke
parents:
diff changeset
   681
        // size of the MAC value (and MAC key) in bytes
90ce3da70b43 Initial load
duke
parents:
diff changeset
   682
        final int size;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   683
16113
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   684
        // block size of the underlying hash algorithm
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   685
        final int hashBlockSize;
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   686
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   687
        // minimal padding size of the underlying hash algorithm
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   688
        final int minimalPaddingSize;
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   689
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   690
        MacAlg(String name, int size,
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   691
                int hashBlockSize, int minimalPaddingSize) {
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   692
            this.name = name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   693
            this.size = size;
16113
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   694
            this.hashBlockSize = hashBlockSize;
946ec9b22004 8006777: Improve TLS handling of invalid messages
xuelei
parents: 14664
diff changeset
   695
            this.minimalPaddingSize = minimalPaddingSize;
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   696
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   697
90ce3da70b43 Initial load
duke
parents:
diff changeset
   698
        /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
   699
         * Return an initialized MAC for this MacAlg. ProtocolVersion
90ce3da70b43 Initial load
duke
parents:
diff changeset
   700
         * must either be SSL30 (SSLv3 custom MAC) or TLS10 (std. HMAC).
90ce3da70b43 Initial load
duke
parents:
diff changeset
   701
         *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   702
         * @exception NoSuchAlgorithmException if anything goes wrong
90ce3da70b43 Initial load
duke
parents:
diff changeset
   703
         */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   704
        MAC newMac(ProtocolVersion protocolVersion, SecretKey secret)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   705
                throws NoSuchAlgorithmException, InvalidKeyException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   706
            return new MAC(this, protocolVersion, secret);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   707
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   708
14664
e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents: 11904
diff changeset
   709
        @Override
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   710
        public String toString() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   711
            return name;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   712
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   713
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   714
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   715
    /**
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   716
     * PRFs (PseudoRandom Function) from TLS specifications.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   717
     *
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   718
     * TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for generating
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   719
     * the necessary material.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   720
     *
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   721
     * In TLS 1.2+, all existing/known CipherSuites use SHA256, however
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   722
     * new Ciphersuites (e.g. RFC 5288) can define specific PRF hash
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   723
     * algorithms.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
   724
     */
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   725
    static enum PRF {
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   726
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   727
        // PRF algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   728
        P_NONE(     "NONE",  0,   0),
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   729
        P_SHA256("SHA-256", 32,  64),
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   730
        P_SHA384("SHA-384", 48, 128),
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   731
        P_SHA512("SHA-512", 64, 128);  // not currently used.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   732
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   733
        // PRF characteristics
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   734
        private final String prfHashAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   735
        private final int prfHashLength;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   736
        private final int prfBlockSize;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   737
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   738
        PRF(String prfHashAlg, int prfHashLength, int prfBlockSize) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   739
            this.prfHashAlg = prfHashAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   740
            this.prfHashLength = prfHashLength;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   741
            this.prfBlockSize = prfBlockSize;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   742
        }
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   743
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   744
        String getPRFHashAlg() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   745
            return prfHashAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   746
        }
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   747
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   748
        int getPRFHashLength() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   749
            return prfHashLength;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   750
        }
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   751
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   752
        int getPRFBlockSize() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   753
            return prfBlockSize;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   754
        }
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   755
    }
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   756
90ce3da70b43 Initial load
duke
parents:
diff changeset
   757
    static {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   758
        idMap = new HashMap<Integer,CipherSuite>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   759
        nameMap = new HashMap<String,CipherSuite>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   760
90ce3da70b43 Initial load
duke
parents:
diff changeset
   761
        final boolean F = false;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   762
        final boolean T = true;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   763
        // N: ciphersuites only allowed if we are not in FIPS mode
90ce3da70b43 Initial load
duke
parents:
diff changeset
   764
        final boolean N = (SunJSSE.isFIPS() == false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   765
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   766
        /*
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   767
         * TLS Cipher Suite Registry, as of November 2015.
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   768
         *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   769
         * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   770
         *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   771
         * Range      Registration Procedures   Notes
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   772
         * 000-191    Standards Action          Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   773
         * 192-254    Specification Required    Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   774
         * 255        Reserved for Private Use  Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   775
         *
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   776
         * Value      Description                                   Reference
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   777
         * 0x00,0x00  TLS_NULL_WITH_NULL_NULL                       [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   778
         * 0x00,0x01  TLS_RSA_WITH_NULL_MD5                         [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   779
         * 0x00,0x02  TLS_RSA_WITH_NULL_SHA                         [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   780
         * 0x00,0x03  TLS_RSA_EXPORT_WITH_RC4_40_MD5                [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   781
         * 0x00,0x04  TLS_RSA_WITH_RC4_128_MD5                      [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   782
         * 0x00,0x05  TLS_RSA_WITH_RC4_128_SHA                      [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   783
         * 0x00,0x06  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5            [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   784
         * 0x00,0x07  TLS_RSA_WITH_IDEA_CBC_SHA                     [RFC5469]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   785
         * 0x00,0x08  TLS_RSA_EXPORT_WITH_DES40_CBC_SHA             [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   786
         * 0x00,0x09  TLS_RSA_WITH_DES_CBC_SHA                      [RFC5469]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   787
         * 0x00,0x0A  TLS_RSA_WITH_3DES_EDE_CBC_SHA                 [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   788
         * 0x00,0x0B  TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA          [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   789
         * 0x00,0x0C  TLS_DH_DSS_WITH_DES_CBC_SHA                   [RFC5469]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   790
         * 0x00,0x0D  TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA              [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   791
         * 0x00,0x0E  TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA          [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   792
         * 0x00,0x0F  TLS_DH_RSA_WITH_DES_CBC_SHA                   [RFC5469]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   793
         * 0x00,0x10  TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA              [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   794
         * 0x00,0x11  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA         [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   795
         * 0x00,0x12  TLS_DHE_DSS_WITH_DES_CBC_SHA                  [RFC5469]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   796
         * 0x00,0x13  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA             [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   797
         * 0x00,0x14  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA         [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   798
         * 0x00,0x15  TLS_DHE_RSA_WITH_DES_CBC_SHA                  [RFC5469]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   799
         * 0x00,0x16  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA             [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   800
         * 0x00,0x17  TLS_DH_anon_EXPORT_WITH_RC4_40_MD5            [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   801
         * 0x00,0x18  TLS_DH_anon_WITH_RC4_128_MD5                  [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   802
         * 0x00,0x19  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA         [RFC4346]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   803
         * 0x00,0x1A  TLS_DH_anon_WITH_DES_CBC_SHA                  [RFC5469]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   804
         * 0x00,0x1B  TLS_DH_anon_WITH_3DES_EDE_CBC_SHA             [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   805
         * 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3      [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   806
         * 0x00,0x1E  TLS_KRB5_WITH_DES_CBC_SHA                     [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   807
         * 0x00,0x1F  TLS_KRB5_WITH_3DES_EDE_CBC_SHA                [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   808
         * 0x00,0x20  TLS_KRB5_WITH_RC4_128_SHA                     [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   809
         * 0x00,0x21  TLS_KRB5_WITH_IDEA_CBC_SHA                    [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   810
         * 0x00,0x22  TLS_KRB5_WITH_DES_CBC_MD5                     [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   811
         * 0x00,0x23  TLS_KRB5_WITH_3DES_EDE_CBC_MD5                [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   812
         * 0x00,0x24  TLS_KRB5_WITH_RC4_128_MD5                     [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   813
         * 0x00,0x25  TLS_KRB5_WITH_IDEA_CBC_MD5                    [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   814
         * 0x00,0x26  TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA           [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   815
         * 0x00,0x27  TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA           [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   816
         * 0x00,0x28  TLS_KRB5_EXPORT_WITH_RC4_40_SHA               [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   817
         * 0x00,0x29  TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5           [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   818
         * 0x00,0x2A  TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5           [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   819
         * 0x00,0x2B  TLS_KRB5_EXPORT_WITH_RC4_40_MD5               [RFC2712]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   820
         * 0x00,0x2C  TLS_PSK_WITH_NULL_SHA                         [RFC4785]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   821
         * 0x00,0x2D  TLS_DHE_PSK_WITH_NULL_SHA                     [RFC4785]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   822
         * 0x00,0x2E  TLS_RSA_PSK_WITH_NULL_SHA                     [RFC4785]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   823
         * 0x00,0x2F  TLS_RSA_WITH_AES_128_CBC_SHA                  [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   824
         * 0x00,0x30  TLS_DH_DSS_WITH_AES_128_CBC_SHA               [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   825
         * 0x00,0x31  TLS_DH_RSA_WITH_AES_128_CBC_SHA               [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   826
         * 0x00,0x32  TLS_DHE_DSS_WITH_AES_128_CBC_SHA              [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   827
         * 0x00,0x33  TLS_DHE_RSA_WITH_AES_128_CBC_SHA              [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   828
         * 0x00,0x34  TLS_DH_anon_WITH_AES_128_CBC_SHA              [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   829
         * 0x00,0x35  TLS_RSA_WITH_AES_256_CBC_SHA                  [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   830
         * 0x00,0x36  TLS_DH_DSS_WITH_AES_256_CBC_SHA               [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   831
         * 0x00,0x37  TLS_DH_RSA_WITH_AES_256_CBC_SHA               [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   832
         * 0x00,0x38  TLS_DHE_DSS_WITH_AES_256_CBC_SHA              [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   833
         * 0x00,0x39  TLS_DHE_RSA_WITH_AES_256_CBC_SHA              [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   834
         * 0x00,0x3A  TLS_DH_anon_WITH_AES_256_CBC_SHA              [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   835
         * 0x00,0x3B  TLS_RSA_WITH_NULL_SHA256                      [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   836
         * 0x00,0x3C  TLS_RSA_WITH_AES_128_CBC_SHA256               [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   837
         * 0x00,0x3D  TLS_RSA_WITH_AES_256_CBC_SHA256               [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   838
         * 0x00,0x3E  TLS_DH_DSS_WITH_AES_128_CBC_SHA256            [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   839
         * 0x00,0x3F  TLS_DH_RSA_WITH_AES_128_CBC_SHA256            [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   840
         * 0x00,0x40  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256           [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   841
         * 0x00,0x41  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA             [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   842
         * 0x00,0x42  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA          [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   843
         * 0x00,0x43  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA          [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   844
         * 0x00,0x44  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA         [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   845
         * 0x00,0x45  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA         [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   846
         * 0x00,0x46  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA         [RFC5932]
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   847
         * 0x00,0x47-4F Reserved to avoid conflicts with
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   848
         *            deployed implementations                  [Pasi_Eronen]
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   849
         * 0x00,0x50-58 Reserved to avoid conflicts             [Pasi Eronen]
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   850
         * 0x00,0x59-5C Reserved to avoid conflicts with
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   851
         *            deployed implementations                  [Pasi_Eronen]
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   852
         * 0x00,0x5D-5F Unassigned
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   853
         * 0x00,0x60-66 Reserved to avoid conflicts with widely
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   854
         *            deployed implementations                  [Pasi_Eronen]
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   855
         * 0x00,0x67  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256           [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   856
         * 0x00,0x68  TLS_DH_DSS_WITH_AES_256_CBC_SHA256            [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   857
         * 0x00,0x69  TLS_DH_RSA_WITH_AES_256_CBC_SHA256            [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   858
         * 0x00,0x6A  TLS_DHE_DSS_WITH_AES_256_CBC_SHA256           [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   859
         * 0x00,0x6B  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256           [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   860
         * 0x00,0x6C  TLS_DH_anon_WITH_AES_128_CBC_SHA256           [RFC5246]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   861
         * 0x00,0x6D  TLS_DH_anon_WITH_AES_256_CBC_SHA256           [RFC5246]
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   862
         * 0x00,0x6E-83 Unassigned
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   863
         * 0x00,0x84  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA             [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   864
         * 0x00,0x85  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA          [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   865
         * 0x00,0x86  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA          [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   866
         * 0x00,0x87  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA         [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   867
         * 0x00,0x88  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA         [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   868
         * 0x00,0x89  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA         [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   869
         * 0x00,0x8A  TLS_PSK_WITH_RC4_128_SHA                      [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   870
         * 0x00,0x8B  TLS_PSK_WITH_3DES_EDE_CBC_SHA                 [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   871
         * 0x00,0x8C  TLS_PSK_WITH_AES_128_CBC_SHA                  [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   872
         * 0x00,0x8D  TLS_PSK_WITH_AES_256_CBC_SHA                  [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   873
         * 0x00,0x8E  TLS_DHE_PSK_WITH_RC4_128_SHA                  [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   874
         * 0x00,0x8F  TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA             [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   875
         * 0x00,0x90  TLS_DHE_PSK_WITH_AES_128_CBC_SHA              [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   876
         * 0x00,0x91  TLS_DHE_PSK_WITH_AES_256_CBC_SHA              [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   877
         * 0x00,0x92  TLS_RSA_PSK_WITH_RC4_128_SHA                  [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   878
         * 0x00,0x93  TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA             [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   879
         * 0x00,0x94  TLS_RSA_PSK_WITH_AES_128_CBC_SHA              [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   880
         * 0x00,0x95  TLS_RSA_PSK_WITH_AES_256_CBC_SHA              [RFC4279]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   881
         * 0x00,0x96  TLS_RSA_WITH_SEED_CBC_SHA                     [RFC4162]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   882
         * 0x00,0x97  TLS_DH_DSS_WITH_SEED_CBC_SHA                  [RFC4162]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   883
         * 0x00,0x98  TLS_DH_RSA_WITH_SEED_CBC_SHA                  [RFC4162]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   884
         * 0x00,0x99  TLS_DHE_DSS_WITH_SEED_CBC_SHA                 [RFC4162]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   885
         * 0x00,0x9A  TLS_DHE_RSA_WITH_SEED_CBC_SHA                 [RFC4162]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   886
         * 0x00,0x9B  TLS_DH_anon_WITH_SEED_CBC_SHA                 [RFC4162]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   887
         * 0x00,0x9C  TLS_RSA_WITH_AES_128_GCM_SHA256               [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   888
         * 0x00,0x9D  TLS_RSA_WITH_AES_256_GCM_SHA384               [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   889
         * 0x00,0x9E  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   890
         * 0x00,0x9F  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384           [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   891
         * 0x00,0xA0  TLS_DH_RSA_WITH_AES_128_GCM_SHA256            [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   892
         * 0x00,0xA1  TLS_DH_RSA_WITH_AES_256_GCM_SHA384            [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   893
         * 0x00,0xA2  TLS_DHE_DSS_WITH_AES_128_GCM_SHA256           [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   894
         * 0x00,0xA3  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384           [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   895
         * 0x00,0xA4  TLS_DH_DSS_WITH_AES_128_GCM_SHA256            [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   896
         * 0x00,0xA5  TLS_DH_DSS_WITH_AES_256_GCM_SHA384            [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   897
         * 0x00,0xA6  TLS_DH_anon_WITH_AES_128_GCM_SHA256           [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   898
         * 0x00,0xA7  TLS_DH_anon_WITH_AES_256_GCM_SHA384           [RFC5288]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   899
         * 0x00,0xA8  TLS_PSK_WITH_AES_128_GCM_SHA256               [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   900
         * 0x00,0xA9  TLS_PSK_WITH_AES_256_GCM_SHA384               [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   901
         * 0x00,0xAA  TLS_DHE_PSK_WITH_AES_128_GCM_SHA256           [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   902
         * 0x00,0xAB  TLS_DHE_PSK_WITH_AES_256_GCM_SHA384           [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   903
         * 0x00,0xAC  TLS_RSA_PSK_WITH_AES_128_GCM_SHA256           [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   904
         * 0x00,0xAD  TLS_RSA_PSK_WITH_AES_256_GCM_SHA384           [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   905
         * 0x00,0xAE  TLS_PSK_WITH_AES_128_CBC_SHA256               [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   906
         * 0x00,0xAF  TLS_PSK_WITH_AES_256_CBC_SHA384               [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   907
         * 0x00,0xB0  TLS_PSK_WITH_NULL_SHA256                      [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   908
         * 0x00,0xB1  TLS_PSK_WITH_NULL_SHA384                      [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   909
         * 0x00,0xB2  TLS_DHE_PSK_WITH_AES_128_CBC_SHA256           [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   910
         * 0x00,0xB3  TLS_DHE_PSK_WITH_AES_256_CBC_SHA384           [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   911
         * 0x00,0xB4  TLS_DHE_PSK_WITH_NULL_SHA256                  [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   912
         * 0x00,0xB5  TLS_DHE_PSK_WITH_NULL_SHA384                  [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   913
         * 0x00,0xB6  TLS_RSA_PSK_WITH_AES_128_CBC_SHA256           [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   914
         * 0x00,0xB7  TLS_RSA_PSK_WITH_AES_256_CBC_SHA384           [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   915
         * 0x00,0xB8  TLS_RSA_PSK_WITH_NULL_SHA256                  [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   916
         * 0x00,0xB9  TLS_RSA_PSK_WITH_NULL_SHA384                  [RFC5487]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   917
         * 0x00,0xBA  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256          [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   918
         * 0x00,0xBB  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256       [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   919
         * 0x00,0xBC  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256       [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   920
         * 0x00,0xBD  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256      [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   921
         * 0x00,0xBE  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256      [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   922
         * 0x00,0xBF  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256      [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   923
         * 0x00,0xC0  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256          [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   924
         * 0x00,0xC1  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256       [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   925
         * 0x00,0xC2  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256       [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   926
         * 0x00,0xC3  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256      [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   927
         * 0x00,0xC4  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256      [RFC5932]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   928
         * 0x00,0xC5  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256      [RFC5932]
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
   929
         * 0x00,0xC6-FE         Unassigned
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   930
         * 0x00,0xFF  TLS_EMPTY_RENEGOTIATION_INFO_SCSV             [RFC5746]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   931
         * 0x01-55,*  Unassigned
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   932
         * 0x56,0x00  TLS_FALLBACK_SCSV                             [RFC7507]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   933
         * 0x56,0x01-0xC0,0x00  Unassigned
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   934
         * 0xC0,0x01  TLS_ECDH_ECDSA_WITH_NULL_SHA                  [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   935
         * 0xC0,0x02  TLS_ECDH_ECDSA_WITH_RC4_128_SHA               [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   936
         * 0xC0,0x03  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA          [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   937
         * 0xC0,0x04  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA           [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   938
         * 0xC0,0x05  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA           [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   939
         * 0xC0,0x06  TLS_ECDHE_ECDSA_WITH_NULL_SHA                 [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   940
         * 0xC0,0x07  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA              [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   941
         * 0xC0,0x08  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA         [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   942
         * 0xC0,0x09  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA          [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   943
         * 0xC0,0x0A  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA          [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   944
         * 0xC0,0x0B  TLS_ECDH_RSA_WITH_NULL_SHA                    [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   945
         * 0xC0,0x0C  TLS_ECDH_RSA_WITH_RC4_128_SHA                 [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   946
         * 0xC0,0x0D  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA            [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   947
         * 0xC0,0x0E  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA             [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   948
         * 0xC0,0x0F  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA             [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   949
         * 0xC0,0x10  TLS_ECDHE_RSA_WITH_NULL_SHA                   [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   950
         * 0xC0,0x11  TLS_ECDHE_RSA_WITH_RC4_128_SHA                [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   951
         * 0xC0,0x12  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA           [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   952
         * 0xC0,0x13  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA            [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   953
         * 0xC0,0x14  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA            [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   954
         * 0xC0,0x15  TLS_ECDH_anon_WITH_NULL_SHA                   [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   955
         * 0xC0,0x16  TLS_ECDH_anon_WITH_RC4_128_SHA                [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   956
         * 0xC0,0x17  TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA           [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   957
         * 0xC0,0x18  TLS_ECDH_anon_WITH_AES_128_CBC_SHA            [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   958
         * 0xC0,0x19  TLS_ECDH_anon_WITH_AES_256_CBC_SHA            [RFC4492]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   959
         * 0xC0,0x1A  TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA             [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   960
         * 0xC0,0x1B  TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA         [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   961
         * 0xC0,0x1C  TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA         [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   962
         * 0xC0,0x1D  TLS_SRP_SHA_WITH_AES_128_CBC_SHA              [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   963
         * 0xC0,0x1E  TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA          [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   964
         * 0xC0,0x1F  TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA          [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   965
         * 0xC0,0x20  TLS_SRP_SHA_WITH_AES_256_CBC_SHA              [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   966
         * 0xC0,0x21  TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA          [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   967
         * 0xC0,0x22  TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA          [RFC5054]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   968
         * 0xC0,0x23  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   969
         * 0xC0,0x24  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   970
         * 0xC0,0x25  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256        [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   971
         * 0xC0,0x26  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384        [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   972
         * 0xC0,0x27  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   973
         * 0xC0,0x28  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   974
         * 0xC0,0x29  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256          [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   975
         * 0xC0,0x2A  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384          [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   976
         * 0xC0,0x2B  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   977
         * 0xC0,0x2C  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   978
         * 0xC0,0x2D  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256        [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   979
         * 0xC0,0x2E  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384        [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   980
         * 0xC0,0x2F  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   981
         * 0xC0,0x30  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   982
         * 0xC0,0x31  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256          [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   983
         * 0xC0,0x32  TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384          [RFC5289]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   984
         * 0xC0,0x33  TLS_ECDHE_PSK_WITH_RC4_128_SHA                [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   985
         * 0xC0,0x34  TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   986
         * 0xC0,0x35  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA            [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   987
         * 0xC0,0x36  TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA            [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   988
         * 0xC0,0x37  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256         [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   989
         * 0xC0,0x38  TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384         [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   990
         * 0xC0,0x39  TLS_ECDHE_PSK_WITH_NULL_SHA                   [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   991
         * 0xC0,0x3A  TLS_ECDHE_PSK_WITH_NULL_SHA256                [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   992
         * 0xC0,0x3B  TLS_ECDHE_PSK_WITH_NULL_SHA384                [RFC5489]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   993
         * 0xC0,0x3C  TLS_RSA_WITH_ARIA_128_CBC_SHA256              [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   994
         * 0xC0,0x3D  TLS_RSA_WITH_ARIA_256_CBC_SHA384              [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   995
         * 0xC0,0x3E  TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256           [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   996
         * 0xC0,0x3F  TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384           [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   997
         * 0xC0,0x40  TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256           [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   998
         * 0xC0,0x41  TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384           [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
   999
         * 0xC0,0x42  TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1000
         * 0xC0,0x43  TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1001
         * 0xC0,0x44  TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1002
         * 0xC0,0x45  TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1003
         * 0xC0,0x46  TLS_DH_anon_WITH_ARIA_128_CBC_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1004
         * 0xC0,0x47  TLS_DH_anon_WITH_ARIA_256_CBC_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1005
         * 0xC0,0x48  TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256      [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1006
         * 0xC0,0x49  TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384      [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1007
         * 0xC0,0x4A  TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256       [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1008
         * 0xC0,0x4B  TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384       [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1009
         * 0xC0,0x4C  TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256        [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1010
         * 0xC0,0x4D  TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384        [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1011
         * 0xC0,0x4E  TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256         [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1012
         * 0xC0,0x4F  TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384         [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1013
         * 0xC0,0x50  TLS_RSA_WITH_ARIA_128_GCM_SHA256              [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1014
         * 0xC0,0x51  TLS_RSA_WITH_ARIA_256_GCM_SHA384              [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1015
         * 0xC0,0x52  TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1016
         * 0xC0,0x53  TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1017
         * 0xC0,0x54  TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256           [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1018
         * 0xC0,0x55  TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384           [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1019
         * 0xC0,0x56  TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1020
         * 0xC0,0x57  TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1021
         * 0xC0,0x58  TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256           [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1022
         * 0xC0,0x59  TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384           [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1023
         * 0xC0,0x5A  TLS_DH_anon_WITH_ARIA_128_GCM_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1024
         * 0xC0,0x5B  TLS_DH_anon_WITH_ARIA_256_GCM_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1025
         * 0xC0,0x5C  TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256      [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1026
         * 0xC0,0x5D  TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384      [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1027
         * 0xC0,0x5E  TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256       [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1028
         * 0xC0,0x5F  TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384       [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1029
         * 0xC0,0x60  TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256        [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1030
         * 0xC0,0x61  TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384        [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1031
         * 0xC0,0x62  TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256         [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1032
         * 0xC0,0x63  TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384         [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1033
         * 0xC0,0x64  TLS_PSK_WITH_ARIA_128_CBC_SHA256              [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1034
         * 0xC0,0x65  TLS_PSK_WITH_ARIA_256_CBC_SHA384              [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1035
         * 0xC0,0x66  TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1036
         * 0xC0,0x67  TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1037
         * 0xC0,0x68  TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1038
         * 0xC0,0x69  TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1039
         * 0xC0,0x6A  TLS_PSK_WITH_ARIA_128_GCM_SHA256              [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1040
         * 0xC0,0x6B  TLS_PSK_WITH_ARIA_256_GCM_SHA384              [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1041
         * 0xC0,0x6C  TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1042
         * 0xC0,0x6D  TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1043
         * 0xC0,0x6E  TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1044
         * 0xC0,0x6F  TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384          [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1045
         * 0xC0,0x70  TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256        [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1046
         * 0xC0,0x71  TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384        [RFC6209]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1047
         * 0xC0,0x72  TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1048
         * 0xC0,0x73  TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1049
         * 0xC0,0x74  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1050
         * 0xC0,0x75  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1051
         * 0xC0,0x76  TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256    [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1052
         * 0xC0,0x77  TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384    [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1053
         * 0xC0,0x78  TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256     [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1054
         * 0xC0,0x79  TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384     [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1055
         * 0xC0,0x7A  TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256          [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1056
         * 0xC0,0x7B  TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384          [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1057
         * 0xC0,0x7C  TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1058
         * 0xC0,0x7D  TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1059
         * 0xC0,0x7E  TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256       [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1060
         * 0xC0,0x7F  TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384       [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1061
         * 0xC0,0x80  TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1062
         * 0xC0,0x81  TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1063
         * 0xC0,0x82  TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256       [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1064
         * 0xC0,0x83  TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384       [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1065
         * 0xC0,0x84  TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1066
         * 0xC0,0x85  TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1067
         * 0xC0,0x86  TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1068
         * 0xC0,0x87  TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1069
         * 0xC0,0x88  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256   [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1070
         * 0xC0,0x89  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384   [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1071
         * 0xC0,0x8A  TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256    [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1072
         * 0xC0,0x8B  TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384    [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1073
         * 0xC0,0x8C  TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256     [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1074
         * 0xC0,0x8D  TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384     [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1075
         * 0xC0,0x8E  TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256          [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1076
         * 0xC0,0x8F  TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384          [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1077
         * 0xC0,0x90  TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1078
         * 0xC0,0x91  TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1079
         * 0xC0,0x92  TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1080
         * 0xC0,0x93  TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1081
         * 0xC0,0x94  TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256          [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1082
         * 0xC0,0x95  TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384          [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1083
         * 0xC0,0x96  TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1084
         * 0xC0,0x97  TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1085
         * 0xC0,0x98  TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1086
         * 0xC0,0x99  TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1087
         * 0xC0,0x9A  TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1088
         * 0xC0,0x9B  TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    [RFC6367]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1089
         * 0xC0,0x9C  TLS_RSA_WITH_AES_128_CCM                      [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1090
         * 0xC0,0x9D  TLS_RSA_WITH_AES_256_CCM                      [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1091
         * 0xC0,0x9E  TLS_DHE_RSA_WITH_AES_128_CCM                  [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1092
         * 0xC0,0x9F  TLS_DHE_RSA_WITH_AES_256_CCM                  [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1093
         * 0xC0,0xA0  TLS_RSA_WITH_AES_128_CCM_8                    [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1094
         * 0xC0,0xA1  TLS_RSA_WITH_AES_256_CCM_8                    [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1095
         * 0xC0,0xA2  TLS_DHE_RSA_WITH_AES_128_CCM_8                [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1096
         * 0xC0,0xA3  TLS_DHE_RSA_WITH_AES_256_CCM_8                [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1097
         * 0xC0,0xA4  TLS_PSK_WITH_AES_128_CCM                      [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1098
         * 0xC0,0xA5  TLS_PSK_WITH_AES_256_CCM                      [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1099
         * 0xC0,0xA6  TLS_DHE_PSK_WITH_AES_128_CCM                  [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1100
         * 0xC0,0xA7  TLS_DHE_PSK_WITH_AES_256_CCM                  [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1101
         * 0xC0,0xA8  TLS_PSK_WITH_AES_128_CCM_8                    [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1102
         * 0xC0,0xA9  TLS_PSK_WITH_AES_256_CCM_8                    [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1103
         * 0xC0,0xAA  TLS_PSK_DHE_WITH_AES_128_CCM_8                [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1104
         * 0xC0,0xAB  TLS_PSK_DHE_WITH_AES_256_CCM_8                [RFC6655]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1105
         * 0xC0,0xAC  TLS_ECDHE_ECDSA_WITH_AES_128_CCM              [RFC7251]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1106
         * 0xC0,0xAD  TLS_ECDHE_ECDSA_WITH_AES_256_CCM              [RFC7251]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1107
         * 0xC0,0xAE  TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8            [RFC7251]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1108
         * 0xC0,0xAF  TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8            [RFC7251]
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1109
         * 0xC0,0xB0-FF  Unassigned
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1110
         * 0xC1-FD,*  Unassigned
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1111
         * 0xFE,0x00-FD Unassigned
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1112
         * 0xFE,0xFE-FF Reserved to avoid conflicts with widely
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1113
         *            deployed implementations                  [Pasi_Eronen]
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1114
         * 0xFF,0x00-FF Reserved for Private Use                [RFC5246]
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1115
         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1116
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1117
        add("SSL_NULL_WITH_NULL_NULL", 0x0000,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1118
                1,      K_NULL,     B_NULL,     M_NULL,     F);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1119
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1120
        /*
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1121
         * Definition of the CipherSuites that are enabled by default.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1122
         * They are listed in preference order, most preferred first, using
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1123
         * the following criteria:
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1124
         * 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1125
         *    changed later, see below).
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1126
         * 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
31706
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1127
         *    AES_128(GCM), AES_256, AES_128, 3DES-EDE.
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1128
         * 3. Prefer the stronger MAC algorithm, in the order of SHA384,
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1129
         *    SHA256, SHA, MD5.
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1130
         * 4. Prefer the better performance of key exchange and digital
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1131
         *    signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1132
         *    RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1133
         */
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1134
        int p = DEFAULT_SUITES_PRIORITY * 2;
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1135
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1136
        // shorten names to fit the following table cleanly.
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1137
        int max = ProtocolVersion.LIMIT_MAX_VALUE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1138
        int tls11 = ProtocolVersion.TLS11.v;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1139
        int tls12 = ProtocolVersion.TLS12.v;
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1140
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1141
        //  ID           Key Exchange   Cipher     A  obs  suprt  PRF
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1142
        //  ======       ============   =========  =  ===  =====  ========
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1143
22267
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1144
        // Suite B compliant cipher suites, see RFC 6460.
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1145
        //
22267
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1146
        // Note that, at present this provider is not Suite B compliant. The
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1147
        // preference order of the GCM cipher suites does not follow the spec
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1148
        // of RFC 6460.  In this section, only two cipher suites are listed
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1149
        // so that applications can make use of Suite-B compliant cipher
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1150
        // suite firstly.
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1151
        add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",  0xc02c, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1152
            K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1153
        add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",  0xc02b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1154
            K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
22267
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1155
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1156
        // AES_256(GCM)
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1157
        add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",    0xc030, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1158
            K_ECDHE_RSA,   B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1159
        add("TLS_RSA_WITH_AES_256_GCM_SHA384",          0x009d, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1160
            K_RSA,         B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1161
        add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",   0xc02e, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1162
            K_ECDH_ECDSA,  B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1163
        add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",     0xc032, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1164
            K_ECDH_RSA,    B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1165
        add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",      0x009f, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1166
            K_DHE_RSA,     B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1167
        add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",      0x00a3, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1168
            K_DHE_DSS,     B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
22267
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1169
13f418b13938 8028518: Increase the priorities of GCM cipher suites
xuelei
parents: 16913
diff changeset
  1170
        // AES_128(GCM)
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1171
        add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",    0xc02f, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1172
            K_ECDHE_RSA,   B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1173
        add("TLS_RSA_WITH_AES_128_GCM_SHA256",          0x009c, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1174
            K_RSA,         B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1175
        add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",   0xc02d, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1176
            K_ECDH_ECDSA,  B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1177
        add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",     0xc031, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1178
            K_ECDH_RSA,    B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1179
        add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",      0x009e, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1180
            K_DHE_RSA,     B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1181
        add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",      0x00a2, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1182
            K_DHE_DSS,     B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1183
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1184
        // AES_256(CBC)
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1185
        add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",  0xc024, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1186
            K_ECDHE_ECDSA, B_AES_256,     M_SHA384, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1187
        add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",    0xc028, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1188
            K_ECDHE_RSA,   B_AES_256,     M_SHA384, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1189
        add("TLS_RSA_WITH_AES_256_CBC_SHA256",          0x003d, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1190
            K_RSA,         B_AES_256,     M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1191
        add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",   0xc026, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1192
            K_ECDH_ECDSA,  B_AES_256,     M_SHA384, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1193
        add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",     0xc02a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1194
            K_ECDH_RSA,    B_AES_256,     M_SHA384, T, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1195
        add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",      0x006b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1196
            K_DHE_RSA,     B_AES_256,     M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1197
        add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",      0x006a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1198
            K_DHE_DSS,     B_AES_256,     M_SHA256, T, max, tls12, P_SHA256);
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1199
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1200
        add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",     0xC00A, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1201
            K_ECDHE_ECDSA, B_AES_256,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1202
        add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",       0xC014, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1203
            K_ECDHE_RSA,   B_AES_256,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1204
        add("TLS_RSA_WITH_AES_256_CBC_SHA",             0x0035, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1205
            K_RSA,         B_AES_256,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1206
        add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",      0xC005, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1207
            K_ECDH_ECDSA,  B_AES_256,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1208
        add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",        0xC00F, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1209
            K_ECDH_RSA,    B_AES_256,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1210
        add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",         0x0039, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1211
            K_DHE_RSA,     B_AES_256,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1212
        add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",         0x0038, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1213
            K_DHE_DSS,     B_AES_256,     M_SHA,    T);
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1214
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1215
        // AES_128(CBC)
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1216
        add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",  0xc023, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1217
            K_ECDHE_ECDSA, B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1218
        add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",    0xc027, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1219
            K_ECDHE_RSA,   B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1220
        add("TLS_RSA_WITH_AES_128_CBC_SHA256",          0x003c, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1221
            K_RSA,         B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1222
        add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",   0xc025, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1223
            K_ECDH_ECDSA,  B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1224
        add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",     0xc029, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1225
            K_ECDH_RSA,    B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1226
        add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",      0x0067, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1227
            K_DHE_RSA,     B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1228
        add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",      0x0040, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1229
            K_DHE_DSS,     B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
  1230
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1231
        add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",     0xC009, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1232
            K_ECDHE_ECDSA, B_AES_128,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1233
        add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",       0xC013, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1234
            K_ECDHE_RSA,   B_AES_128,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1235
        add("TLS_RSA_WITH_AES_128_CBC_SHA",             0x002f, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1236
            K_RSA,         B_AES_128,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1237
        add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",      0xC004, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1238
            K_ECDH_ECDSA,  B_AES_128,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1239
        add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",        0xC00E, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1240
            K_ECDH_RSA,    B_AES_128,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1241
        add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",         0x0033, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1242
            K_DHE_RSA,     B_AES_128,     M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1243
        add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",         0x0032, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1244
            K_DHE_DSS,     B_AES_128,     M_SHA,    T);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1245
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1246
        // 3DES_EDE
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1247
        add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",    0xC008, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1248
            K_ECDHE_ECDSA, B_3DES,        M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1249
        add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",      0xC012, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1250
            K_ECDHE_RSA,   B_3DES,        M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1251
        add("SSL_RSA_WITH_3DES_EDE_CBC_SHA",            0x000a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1252
            K_RSA,         B_3DES,        M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1253
        add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",     0xC003, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1254
            K_ECDH_ECDSA,  B_3DES,        M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1255
        add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",       0xC00D, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1256
            K_ECDH_RSA,    B_3DES,        M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1257
        add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",        0x0016, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1258
            K_DHE_RSA,     B_3DES,        M_SHA,    T);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1259
        add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",        0x0013, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1260
            K_DHE_DSS,     B_3DES,        M_SHA,    N);
6856
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
  1261
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
  1262
        // Renegotiation protection request Signalling Cipher Suite Value (SCSV)
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1263
        add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",        0x00ff, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1264
            K_SCSV,        B_NULL,        M_NULL,   T);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1265
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1266
        /*
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1267
         * Definition of the CipherSuites that are supported but not enabled
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1268
         * by default.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1269
         * They are listed in preference order, preferred first, using the
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1270
         * following criteria:
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1271
         * 1. CipherSuites for KRB5 need additional KRB5 service
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1272
         *    configuration, and these suites are not common in practice,
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1273
         *    so we put KRB5 based cipher suites at the end of the supported
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1274
         *    list.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1275
         * 2. If a cipher suite has been obsoleted, we put it at the end of
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1276
         *    the list.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1277
         * 3. Prefer the stronger bulk cipher, in the order of AES_256,
27722
0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents: 25859
diff changeset
  1278
         *    AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1279
         * 4. Prefer the stronger MAC algorithm, in the order of SHA384,
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1280
         *    SHA256, SHA, MD5.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1281
         * 5. Prefer the better performance of key exchange and digital
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1282
         *    signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1283
         *    RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1284
         */
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1285
        p = DEFAULT_SUITES_PRIORITY;
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1286
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1287
        add("TLS_DH_anon_WITH_AES_256_GCM_SHA384",      0x00a7, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1288
            K_DH_ANON,     B_AES_256_GCM, M_NULL,   N, max, tls12, P_SHA384);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1289
        add("TLS_DH_anon_WITH_AES_128_GCM_SHA256",      0x00a6, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1290
            K_DH_ANON,     B_AES_128_GCM, M_NULL,   N, max, tls12, P_SHA256);
16913
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE
xuelei
parents: 16126
diff changeset
  1291
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1292
        add("TLS_DH_anon_WITH_AES_256_CBC_SHA256",      0x006d, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1293
            K_DH_ANON,     B_AES_256,     M_SHA256, N, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1294
        add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",       0xC019, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1295
            K_ECDH_ANON,   B_AES_256,     M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1296
        add("TLS_DH_anon_WITH_AES_256_CBC_SHA",         0x003a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1297
            K_DH_ANON,     B_AES_256,     M_SHA,    N);
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1298
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1299
        add("TLS_DH_anon_WITH_AES_128_CBC_SHA256",      0x006c, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1300
            K_DH_ANON,     B_AES_128,     M_SHA256, N, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1301
        add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",       0xC018, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1302
            K_ECDH_ANON,   B_AES_128,     M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1303
        add("TLS_DH_anon_WITH_AES_128_CBC_SHA",         0x0034, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1304
            K_DH_ANON,     B_AES_128,     M_SHA,    N);
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1305
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1306
        add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",      0xC017, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1307
            K_ECDH_ANON,   B_3DES,        M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1308
        add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",        0x001b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1309
            K_DH_ANON,     B_3DES,        M_SHA,    N);
27722
0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents: 25859
diff changeset
  1310
31706
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1311
        // RC-4
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1312
        add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",         0xC007, --p,
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1313
            K_ECDHE_ECDSA, B_RC4_128,     M_SHA,    N);
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1314
        add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",           0xC011, --p,
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1315
            K_ECDHE_RSA,   B_RC4_128,     M_SHA,    N);
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1316
        add("SSL_RSA_WITH_RC4_128_SHA",                 0x0005, --p,
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1317
            K_RSA,         B_RC4_128,     M_SHA,    N);
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1318
        add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",          0xC002, --p,
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1319
            K_ECDH_ECDSA,  B_RC4_128,     M_SHA,    N);
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1320
        add("TLS_ECDH_RSA_WITH_RC4_128_SHA",            0xC00C, --p,
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1321
            K_ECDH_RSA,    B_RC4_128,     M_SHA,    N);
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1322
        add("SSL_RSA_WITH_RC4_128_MD5",                 0x0004, --p,
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1323
            K_RSA,         B_RC4_128,     M_MD5,    N);
895170f33881 8043202: Prohibit RC4 cipher suites
asmotrak
parents: 30904
diff changeset
  1324
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1325
        add("TLS_ECDH_anon_WITH_RC4_128_SHA",           0xC016, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1326
            K_ECDH_ANON,   B_RC4_128,     M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1327
        add("SSL_DH_anon_WITH_RC4_128_MD5",             0x0018, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1328
            K_DH_ANON,     B_RC4_128,     M_MD5,    N);
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1329
27722
0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents: 25859
diff changeset
  1330
        // weak cipher suites obsoleted in TLS 1.2
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1331
        add("SSL_RSA_WITH_DES_CBC_SHA",                 0x0009, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1332
            K_RSA,         B_DES,         M_SHA,    N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1333
        add("SSL_DHE_RSA_WITH_DES_CBC_SHA",             0x0015, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1334
            K_DHE_RSA,     B_DES,         M_SHA,    N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1335
        add("SSL_DHE_DSS_WITH_DES_CBC_SHA",             0x0012, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1336
            K_DHE_DSS,     B_DES,         M_SHA,    N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1337
        add("SSL_DH_anon_WITH_DES_CBC_SHA",             0x001a, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1338
            K_DH_ANON,     B_DES,         M_SHA,    N, tls12);
27722
0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents: 25859
diff changeset
  1339
0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents: 25859
diff changeset
  1340
        // weak cipher suites obsoleted in TLS 1.1
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1341
        add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",        0x0008, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1342
            K_RSA_EXPORT,  B_DES_40,      M_SHA,    N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1343
        add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",    0x0014, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1344
            K_DHE_RSA,     B_DES_40,      M_SHA,    N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1345
        add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",    0x0011, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1346
            K_DHE_DSS,     B_DES_40,      M_SHA,    N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1347
        add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",    0x0019, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1348
            K_DH_ANON,     B_DES_40,      M_SHA,    N, tls11);
27722
0fb5bf040fd0 8043200: Decrease the preference mode of RC4 in the enabled cipher suite list
xuelei
parents: 25859
diff changeset
  1349
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1350
        add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",           0x0003, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1351
            K_RSA_EXPORT,  B_RC4_40,      M_MD5,    N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1352
        add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",       0x0017, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1353
            K_DH_ANON,     B_RC4_40,      M_MD5,    N, tls11);
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1354
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1355
        add("TLS_RSA_WITH_NULL_SHA256",                 0x003b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1356
            K_RSA,         B_NULL,        M_SHA256, N, max, tls12, P_SHA256);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1357
        add("TLS_ECDHE_ECDSA_WITH_NULL_SHA",            0xC006, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1358
            K_ECDHE_ECDSA, B_NULL,        M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1359
        add("TLS_ECDHE_RSA_WITH_NULL_SHA",              0xC010, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1360
            K_ECDHE_RSA,   B_NULL,        M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1361
        add("SSL_RSA_WITH_NULL_SHA",                    0x0002, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1362
            K_RSA,         B_NULL,        M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1363
        add("TLS_ECDH_ECDSA_WITH_NULL_SHA",             0xC001, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1364
            K_ECDH_ECDSA,  B_NULL,        M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1365
        add("TLS_ECDH_RSA_WITH_NULL_SHA",               0xC00B, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1366
            K_ECDH_RSA,    B_NULL,        M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1367
        add("TLS_ECDH_anon_WITH_NULL_SHA",              0xC015, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1368
            K_ECDH_ANON,   B_NULL,        M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1369
        add("SSL_RSA_WITH_NULL_MD5",                    0x0001, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1370
            K_RSA,         B_NULL,        M_MD5,    N);
7807
d026f4f9c119 6996365: Evaluate the priorities of cipher suites
xuelei
parents: 7043
diff changeset
  1371
6856
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
  1372
        // Supported Kerberos ciphersuites from RFC2712
29488
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1373
        add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",           0x001f, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1374
            K_KRB5,        B_3DES,        M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1375
        add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",           0x0023, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1376
            K_KRB5,        B_3DES,        M_MD5,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1377
        add("TLS_KRB5_WITH_RC4_128_SHA",                0x0020, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1378
            K_KRB5,        B_RC4_128,     M_SHA,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1379
        add("TLS_KRB5_WITH_RC4_128_MD5",                0x0024, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1380
            K_KRB5,        B_RC4_128,     M_MD5,    N);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1381
        add("TLS_KRB5_WITH_DES_CBC_SHA",                0x001e, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1382
            K_KRB5,        B_DES,         M_SHA,    N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1383
        add("TLS_KRB5_WITH_DES_CBC_MD5",                0x0022, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1384
            K_KRB5,        B_DES,         M_MD5,    N, tls12);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1385
        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",      0x0026, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1386
            K_KRB5_EXPORT, B_DES_40,      M_SHA,    N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1387
        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",      0x0029, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1388
            K_KRB5_EXPORT, B_DES_40,      M_MD5,    N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1389
        add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",          0x0028, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1390
            K_KRB5_EXPORT, B_RC4_40,      M_SHA,    N, tls11);
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1391
        add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",          0x002b, --p,
1f25b971e59a 6996366: convert MacAlg to an enum
jnimeh
parents: 27722
diff changeset
  1392
            K_KRB5_EXPORT, B_RC4_40,      M_MD5,    N, tls11);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1393
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1394
        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1395
         * Other values from the TLS Cipher Suite Registry, as of August 2010.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1396
         *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1397
         * http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1398
         *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1399
         * Range      Registration Procedures   Notes
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1400
         * 000-191    Standards Action          Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1401
         * 192-254    Specification Required    Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1402
         * 255        Reserved for Private Use  Refers to value of first byte
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1403
         */
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1404
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1405
        // Register the names of a few additional CipherSuites.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1406
        // Makes them show up as names instead of numbers in
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1407
        // the debug output.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1408
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1409
        // remaining unsupported ciphersuites defined in RFC2246.
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1410
        add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",           0x0006);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1411
        add("SSL_RSA_WITH_IDEA_CBC_SHA",                    0x0007);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1412
        add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",         0x000b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1413
        add("SSL_DH_DSS_WITH_DES_CBC_SHA",                  0x000c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1414
        add("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA",             0x000d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1415
        add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",         0x000e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1416
        add("SSL_DH_RSA_WITH_DES_CBC_SHA",                  0x000f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1417
        add("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA",             0x0010);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1418
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1419
        // SSL 3.0 Fortezza ciphersuites
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1420
        add("SSL_FORTEZZA_DMS_WITH_NULL_SHA",               0x001c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1421
        add("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",       0x001d);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1422
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1423
        // 1024/56 bit exportable ciphersuites from expired internet draft
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1424
        add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA",          0x0062);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1425
        add("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",      0x0063);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1426
        add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA",           0x0064);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1427
        add("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",       0x0065);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1428
        add("SSL_DHE_DSS_WITH_RC4_128_SHA",                 0x0066);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1429
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1430
        // Netscape old and new SSL 3.0 FIPS ciphersuites
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1431
        // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1432
        add("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",      0xffe0);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1433
        add("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA",           0xffe1);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1434
        add("SSL_RSA_FIPS_WITH_DES_CBC_SHA",                0xfefe);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1435
        add("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",           0xfeff);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1436
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1437
        // Unsupported Kerberos cipher suites from RFC 2712
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1438
        add("TLS_KRB5_WITH_IDEA_CBC_SHA",                   0x0021);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1439
        add("TLS_KRB5_WITH_IDEA_CBC_MD5",                   0x0025);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1440
        add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",          0x0027);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1441
        add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",          0x002a);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1442
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1443
        // Unsupported cipher suites from RFC 4162
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1444
        add("TLS_RSA_WITH_SEED_CBC_SHA",                    0x0096);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1445
        add("TLS_DH_DSS_WITH_SEED_CBC_SHA",                 0x0097);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1446
        add("TLS_DH_RSA_WITH_SEED_CBC_SHA",                 0x0098);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1447
        add("TLS_DHE_DSS_WITH_SEED_CBC_SHA",                0x0099);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1448
        add("TLS_DHE_RSA_WITH_SEED_CBC_SHA",                0x009a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1449
        add("TLS_DH_anon_WITH_SEED_CBC_SHA",                0x009b);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1450
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1451
        // Unsupported cipher suites from RFC 4279
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1452
        add("TLS_PSK_WITH_RC4_128_SHA",                     0x008a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1453
        add("TLS_PSK_WITH_3DES_EDE_CBC_SHA",                0x008b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1454
        add("TLS_PSK_WITH_AES_128_CBC_SHA",                 0x008c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1455
        add("TLS_PSK_WITH_AES_256_CBC_SHA",                 0x008d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1456
        add("TLS_DHE_PSK_WITH_RC4_128_SHA",                 0x008e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1457
        add("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",            0x008f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1458
        add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA",             0x0090);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1459
        add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA",             0x0091);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1460
        add("TLS_RSA_PSK_WITH_RC4_128_SHA",                 0x0092);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1461
        add("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",            0x0093);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1462
        add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA",             0x0094);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1463
        add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA",             0x0095);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1464
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1465
        // Unsupported cipher suites from RFC 4785
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1466
        add("TLS_PSK_WITH_NULL_SHA",                        0x002c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1467
        add("TLS_DHE_PSK_WITH_NULL_SHA",                    0x002d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1468
        add("TLS_RSA_PSK_WITH_NULL_SHA",                    0x002e);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1469
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1470
        // Unsupported cipher suites from RFC 5246
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1471
        add("TLS_DH_DSS_WITH_AES_128_CBC_SHA",              0x0030);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1472
        add("TLS_DH_RSA_WITH_AES_128_CBC_SHA",              0x0031);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1473
        add("TLS_DH_DSS_WITH_AES_256_CBC_SHA",              0x0036);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1474
        add("TLS_DH_RSA_WITH_AES_256_CBC_SHA",              0x0037);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1475
        add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256",           0x003e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1476
        add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256",           0x003f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1477
        add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256",           0x0068);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1478
        add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256",           0x0069);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1479
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1480
        // Unsupported cipher suites from RFC 5288
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1481
        add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256",           0x00a0);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1482
        add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384",           0x00a1);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1483
        add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256",           0x00a4);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1484
        add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384",           0x00a5);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1485
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1486
        // Unsupported cipher suites from RFC 5487
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1487
        add("TLS_PSK_WITH_AES_128_GCM_SHA256",              0x00a8);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1488
        add("TLS_PSK_WITH_AES_256_GCM_SHA384",              0x00a9);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1489
        add("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",          0x00aa);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1490
        add("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",          0x00ab);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1491
        add("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",          0x00ac);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1492
        add("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",          0x00ad);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1493
        add("TLS_PSK_WITH_AES_128_CBC_SHA256",              0x00ae);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1494
        add("TLS_PSK_WITH_AES_256_CBC_SHA384",              0x00af);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1495
        add("TLS_PSK_WITH_NULL_SHA256",                     0x00b0);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1496
        add("TLS_PSK_WITH_NULL_SHA384",                     0x00b1);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1497
        add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",          0x00b2);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1498
        add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",          0x00b3);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1499
        add("TLS_DHE_PSK_WITH_NULL_SHA256",                 0x00b4);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1500
        add("TLS_DHE_PSK_WITH_NULL_SHA384",                 0x00b5);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1501
        add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",          0x00b6);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1502
        add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",          0x00b7);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1503
        add("TLS_RSA_PSK_WITH_NULL_SHA256",                 0x00b8);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1504
        add("TLS_RSA_PSK_WITH_NULL_SHA384",                 0x00b9);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1505
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1506
        // Unsupported cipher suites from RFC 5932
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1507
        add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",            0x0041);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1508
        add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",         0x0042);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1509
        add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",         0x0043);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1510
        add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",        0x0044);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1511
        add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",        0x0045);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1512
        add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",        0x0046);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1513
        add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",            0x0084);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1514
        add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",         0x0085);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1515
        add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",         0x0086);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1516
        add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",        0x0087);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1517
        add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",        0x0088);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1518
        add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",        0x0089);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1519
        add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",         0x00ba);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1520
        add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",      0x00bb);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1521
        add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",      0x00bc);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1522
        add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",     0x00bd);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1523
        add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",     0x00be);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1524
        add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",     0x00bf);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1525
        add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",         0x00c0);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1526
        add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",      0x00c1);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1527
        add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",      0x00c2);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1528
        add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",     0x00c3);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1529
        add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",     0x00c4);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1530
        add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",     0x00c5);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1531
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1532
        // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1533
        add("TLS_FALLBACK_SCSV", 0x5600);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1534
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1535
        // Unsupported cipher suites from RFC 5054
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1536
        add("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",            0xc01a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1537
        add("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",        0xc01b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1538
        add("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",        0xc01c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1539
        add("TLS_SRP_SHA_WITH_AES_128_CBC_SHA",             0xc01d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1540
        add("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",         0xc01e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1541
        add("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",         0xc01f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1542
        add("TLS_SRP_SHA_WITH_AES_256_CBC_SHA",             0xc020);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1543
        add("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",         0xc021);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1544
        add("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",         0xc022);
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1545
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 6856
diff changeset
  1546
        // Unsupported cipher suites from RFC 5489
34380
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1547
        add("TLS_ECDHE_PSK_WITH_RC4_128_SHA",               0xc033);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1548
        add("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",          0xc034);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1549
        add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",           0xc035);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1550
        add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",           0xc036);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1551
        add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",        0xc037);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1552
        add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",        0xc038);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1553
        add("TLS_ECDHE_PSK_WITH_NULL_SHA",                  0xc039);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1554
        add("TLS_ECDHE_PSK_WITH_NULL_SHA256",               0xc03a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1555
        add("TLS_ECDHE_PSK_WITH_NULL_SHA384",               0xc03b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1556
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1557
        // Unsupported cipher suites from RFC 6209
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1558
        add("TLS_RSA_WITH_ARIA_128_CBC_SHA256",             0xc03c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1559
        add("TLS_RSA_WITH_ARIA_256_CBC_SHA384",             0xc03d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1560
        add("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",          0xc03e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1561
        add("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",          0xc03f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1562
        add("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",          0xc040);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1563
        add("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",          0xc041);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1564
        add("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",         0xc042);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1565
        add("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",         0xc043);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1566
        add("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",         0xc044);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1567
        add("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",         0xc045);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1568
        add("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",         0xc046);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1569
        add("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",         0xc047);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1570
        add("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",     0xc048);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1571
        add("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",     0xc049);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1572
        add("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",      0xc04a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1573
        add("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",      0xc04b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1574
        add("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",       0xc04c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1575
        add("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",       0xc04d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1576
        add("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",        0xc04e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1577
        add("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",        0xc04f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1578
        add("TLS_RSA_WITH_ARIA_128_GCM_SHA256",             0xc050);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1579
        add("TLS_RSA_WITH_ARIA_256_GCM_SHA384",             0xc051);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1580
        add("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",         0xc052);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1581
        add("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",         0xc053);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1582
        add("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",          0xc054);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1583
        add("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",          0xc055);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1584
        add("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",         0xc056);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1585
        add("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",         0xc057);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1586
        add("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",          0xc058);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1587
        add("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",          0xc059);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1588
        add("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",         0xc05a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1589
        add("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",         0xc05b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1590
        add("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",     0xc05c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1591
        add("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",     0xc05d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1592
        add("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",      0xc05e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1593
        add("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",      0xc05f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1594
        add("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",       0xc060);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1595
        add("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",       0xc061);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1596
        add("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",        0xc062);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1597
        add("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",        0xc063);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1598
        add("TLS_PSK_WITH_ARIA_128_CBC_SHA256",             0xc064);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1599
        add("TLS_PSK_WITH_ARIA_256_CBC_SHA384",             0xc065);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1600
        add("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",         0xc066);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1601
        add("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",         0xc067);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1602
        add("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",         0xc068);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1603
        add("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",         0xc069);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1604
        add("TLS_PSK_WITH_ARIA_128_GCM_SHA256",             0xc06a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1605
        add("TLS_PSK_WITH_ARIA_256_GCM_SHA384",             0xc06b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1606
        add("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",         0xc06c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1607
        add("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",         0xc06d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1608
        add("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",         0xc06e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1609
        add("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",         0xc06f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1610
        add("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",       0xc070);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1611
        add("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",       0xc071);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1612
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1613
        // Unsupported cipher suites from RFC 6367
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1614
        add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1615
        add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1616
        add("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",  0xc074);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1617
        add("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",  0xc075);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1618
        add("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",   0xc076);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1619
        add("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",   0xc077);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1620
        add("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",    0xc078);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1621
        add("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",    0xc079);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1622
        add("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",         0xc07a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1623
        add("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",         0xc07b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1624
        add("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",     0xc07c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1625
        add("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",     0xc07d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1626
        add("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",      0xc07e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1627
        add("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",      0xc07f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1628
        add("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",     0xc080);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1629
        add("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",     0xc081);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1630
        add("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",      0xc082);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1631
        add("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",      0xc083);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1632
        add("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",     0xc084);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1633
        add("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",     0xc085);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1634
        add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1635
        add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1636
        add("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",  0xc088);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1637
        add("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",  0xc089);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1638
        add("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",   0xc08a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1639
        add("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",   0xc08b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1640
        add("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",    0xc08c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1641
        add("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",    0xc08d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1642
        add("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",         0xc08e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1643
        add("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",         0xc08f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1644
        add("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",     0xc090);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1645
        add("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",     0xc091);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1646
        add("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",     0xc092);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1647
        add("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",     0xc093);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1648
        add("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",         0xc094);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1649
        add("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",         0xc095);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1650
        add("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",     0xc096);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1651
        add("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",     0xc097);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1652
        add("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",     0xc098);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1653
        add("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",     0xc099);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1654
        add("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",   0xc09a);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1655
        add("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",   0xc09b);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1656
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1657
        // Unsupported cipher suites from RFC 6655
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1658
        add("TLS_RSA_WITH_AES_128_CCM",                     0xc09c);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1659
        add("TLS_RSA_WITH_AES_256_CCM",                     0xc09d);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1660
        add("TLS_DHE_RSA_WITH_AES_128_CCM",                 0xc09e);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1661
        add("TLS_DHE_RSA_WITH_AES_256_CCM",                 0xc09f);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1662
        add("TLS_RSA_WITH_AES_128_CCM_8",                   0xc0A0);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1663
        add("TLS_RSA_WITH_AES_256_CCM_8",                   0xc0A1);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1664
        add("TLS_DHE_RSA_WITH_AES_128_CCM_8",               0xc0A2);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1665
        add("TLS_DHE_RSA_WITH_AES_256_CCM_8",               0xc0A3);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1666
        add("TLS_PSK_WITH_AES_128_CCM",                     0xc0A4);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1667
        add("TLS_PSK_WITH_AES_256_CCM",                     0xc0A5);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1668
        add("TLS_DHE_PSK_WITH_AES_128_CCM",                 0xc0A6);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1669
        add("TLS_DHE_PSK_WITH_AES_256_CCM",                 0xc0A7);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1670
        add("TLS_PSK_WITH_AES_128_CCM_8",                   0xc0A8);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1671
        add("TLS_PSK_WITH_AES_256_CCM_8",                   0xc0A9);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1672
        add("TLS_PSK_DHE_WITH_AES_128_CCM_8",               0xc0Aa);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1673
        add("TLS_PSK_DHE_WITH_AES_256_CCM_8",               0xc0Ab);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1674
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1675
        // Unsupported cipher suites from RFC 7251
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1676
        add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM",             0xc0Ac);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1677
        add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM",             0xc0Ad);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1678
        add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",           0xc0Ae);
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
vinnie
parents: 33236
diff changeset
  1679
        add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",           0xc0Af);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1680
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1681
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1682
    // ciphersuite SSL_NULL_WITH_NULL_NULL
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
  1683
    static final CipherSuite C_NULL = CipherSuite.valueOf(0, 0);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1684
6856
533f4ad71f88 6914943: Implement final TLS renegotiation fix
xuelei
parents: 5506
diff changeset
  1685
    // ciphersuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV
32649
2ee9017c7597 8136583: Core libraries should use blessed modifier order
martin
parents: 31706
diff changeset
  1686
    static final CipherSuite C_SCSV = CipherSuite.valueOf(0x00, 0xff);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1687
}