983 int tls12 = ProtocolVersion.TLS12.v; |
983 int tls12 = ProtocolVersion.TLS12.v; |
984 |
984 |
985 // ID Key Exchange Cipher A obs suprt PRF |
985 // ID Key Exchange Cipher A obs suprt PRF |
986 // ====== ============ ========= = === ===== ======== |
986 // ====== ============ ========= = === ===== ======== |
987 |
987 |
988 |
988 // Suite B compliant cipher suites, see RFC 6460. |
989 // Placeholder for cipher suites in GCM mode. |
|
990 // |
989 // |
991 // For better compatibility and interoperability, we decrease the |
990 // Note that, at present this provider is not Suite B compliant. The |
992 // priority of cipher suites in GCM mode for a while as GCM |
991 // preference order of the GCM cipher suites does not follow the spec |
993 // technologies mature in the industry. Eventually we'll move |
992 // of RFC 6460. In this section, only two cipher suites are listed |
994 // the GCM suites here. |
993 // so that applications can make use of Suite-B compliant cipher |
|
994 // suite firstly. |
|
995 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", |
|
996 0xc02c, --p, K_ECDHE_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
997 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", |
|
998 0xc02b, --p, K_ECDHE_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
999 |
|
1000 // AES_256(GCM) |
|
1001 add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", |
|
1002 0xc030, --p, K_ECDHE_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1003 add("TLS_RSA_WITH_AES_256_GCM_SHA384", |
|
1004 0x009d, --p, K_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1005 add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", |
|
1006 0xc02e, --p, K_ECDH_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1007 add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", |
|
1008 0xc032, --p, K_ECDH_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1009 add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", |
|
1010 0x009f, --p, K_DHE_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1011 add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", |
|
1012 0x00a3, --p, K_DHE_DSS, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1013 |
|
1014 // AES_128(GCM) |
|
1015 add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", |
|
1016 0xc02f, --p, K_ECDHE_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1017 add("TLS_RSA_WITH_AES_128_GCM_SHA256", |
|
1018 0x009c, --p, K_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1019 add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", |
|
1020 0xc02d, --p, K_ECDH_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1021 add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", |
|
1022 0xc031, --p, K_ECDH_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1023 add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", |
|
1024 0x009e, --p, K_DHE_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1025 add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", |
|
1026 0x00a2, --p, K_DHE_DSS, B_AES_128_GCM, T, max, tls12, P_SHA256); |
995 |
1027 |
996 // AES_256(CBC) |
1028 // AES_256(CBC) |
997 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", |
1029 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", |
998 0xc024, --p, K_ECDHE_ECDSA, B_AES_256, T, max, tls12, P_SHA384); |
1030 0xc024, --p, K_ECDHE_ECDSA, B_AES_256, T, max, tls12, P_SHA384); |
999 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", |
1031 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", |
1064 0x0005, --p, K_RSA, B_RC4_128, N); |
1096 0x0005, --p, K_RSA, B_RC4_128, N); |
1065 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", |
1097 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", |
1066 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N); |
1098 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N); |
1067 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", |
1099 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", |
1068 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N); |
1100 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N); |
1069 |
|
1070 // Cipher suites in GCM mode, see RFC 5288/5289. |
|
1071 // |
|
1072 // We may increase the priority of cipher suites in GCM mode when |
|
1073 // GCM technologies become mature in the industry. |
|
1074 |
|
1075 // Suite B compliant cipher suites, see RFC 6460. |
|
1076 // |
|
1077 // Note that, at present this provider is not Suite B compliant. The |
|
1078 // preference order of the GCM cipher suites does not follow the spec |
|
1079 // of RFC 6460. |
|
1080 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", |
|
1081 0xc02c, --p, K_ECDHE_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1082 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", |
|
1083 0xc02b, --p, K_ECDHE_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1084 |
|
1085 // AES_256(GCM) |
|
1086 add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", |
|
1087 0xc030, --p, K_ECDHE_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1088 add("TLS_RSA_WITH_AES_256_GCM_SHA384", |
|
1089 0x009d, --p, K_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1090 add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", |
|
1091 0xc02e, --p, K_ECDH_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1092 add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", |
|
1093 0xc032, --p, K_ECDH_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1094 add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", |
|
1095 0x009f, --p, K_DHE_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1096 add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", |
|
1097 0x00a3, --p, K_DHE_DSS, B_AES_256_GCM, T, max, tls12, P_SHA384); |
|
1098 |
|
1099 // AES_128(GCM) |
|
1100 add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", |
|
1101 0xc02f, --p, K_ECDHE_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1102 add("TLS_RSA_WITH_AES_128_GCM_SHA256", |
|
1103 0x009c, --p, K_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1104 add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", |
|
1105 0xc02d, --p, K_ECDH_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1106 add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", |
|
1107 0xc031, --p, K_ECDH_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1108 add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", |
|
1109 0x009e, --p, K_DHE_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1110 add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", |
|
1111 0x00a2, --p, K_DHE_DSS, B_AES_128_GCM, T, max, tls12, P_SHA256); |
|
1112 // End of cipher suites in GCM mode. |
|
1113 |
1101 |
1114 // 3DES_EDE |
1102 // 3DES_EDE |
1115 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", |
1103 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", |
1116 0xC008, --p, K_ECDHE_ECDSA, B_3DES, T); |
1104 0xC008, --p, K_ECDHE_ECDSA, B_3DES, T); |
1117 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", |
1105 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", |