485 final boolean F = false; |
507 final boolean F = false; |
486 final boolean T = true; |
508 final boolean T = true; |
487 // N: ciphersuites only allowed if we are not in FIPS mode |
509 // N: ciphersuites only allowed if we are not in FIPS mode |
488 final boolean N = (SunJSSE.isFIPS() == false); |
510 final boolean N = (SunJSSE.isFIPS() == false); |
489 |
511 |
490 add("SSL_NULL_WITH_NULL_NULL", 0x0000, 1, K_NULL, B_NULL, F); |
512 add("SSL_NULL_WITH_NULL_NULL", |
|
513 0x0000, 1, K_NULL, B_NULL, F); |
491 |
514 |
492 // Definition of the CipherSuites that are enabled by default. |
515 // Definition of the CipherSuites that are enabled by default. |
493 // They are listed in preference order, most preferred first. |
516 // They are listed in preference order, most preferred first. |
494 int p = DEFAULT_SUITES_PRIORITY * 2; |
517 int p = DEFAULT_SUITES_PRIORITY * 2; |
495 |
518 |
496 add("SSL_RSA_WITH_RC4_128_MD5", 0x0004, --p, K_RSA, B_RC4_128, N); |
519 add("SSL_RSA_WITH_RC4_128_MD5", |
497 add("SSL_RSA_WITH_RC4_128_SHA", 0x0005, --p, K_RSA, B_RC4_128, N); |
520 0x0004, --p, K_RSA, B_RC4_128, N); |
498 add("TLS_RSA_WITH_AES_128_CBC_SHA", 0x002f, --p, K_RSA, B_AES_128, T); |
521 add("SSL_RSA_WITH_RC4_128_SHA", |
499 add("TLS_RSA_WITH_AES_256_CBC_SHA", 0x0035, --p, K_RSA, B_AES_256, T); |
522 0x0005, --p, K_RSA, B_RC4_128, N); |
500 |
523 add("TLS_RSA_WITH_AES_128_CBC_SHA", |
501 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N); |
524 0x002f, --p, K_RSA, B_AES_128, T); |
502 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 0xC004, --p, K_ECDH_ECDSA, B_AES_128, T); |
525 add("TLS_RSA_WITH_AES_256_CBC_SHA", |
503 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 0xC005, --p, K_ECDH_ECDSA, B_AES_256, T); |
526 0x0035, --p, K_RSA, B_AES_256, T); |
504 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N); |
527 |
505 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 0xC00E, --p, K_ECDH_RSA, B_AES_128, T); |
528 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", |
506 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 0xC00F, --p, K_ECDH_RSA, B_AES_256, T); |
529 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N); |
507 |
530 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", |
508 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 0xC007, --p, K_ECDHE_ECDSA,B_RC4_128, N); |
531 0xC004, --p, K_ECDH_ECDSA, B_AES_128, T); |
509 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 0xC009, --p, K_ECDHE_ECDSA,B_AES_128, T); |
532 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", |
510 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 0xC00A, --p, K_ECDHE_ECDSA,B_AES_256, T); |
533 0xC005, --p, K_ECDH_ECDSA, B_AES_256, T); |
511 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", 0xC011, --p, K_ECDHE_RSA, B_RC4_128, N); |
534 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", |
512 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 0xC013, --p, K_ECDHE_RSA, B_AES_128, T); |
535 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N); |
513 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 0xC014, --p, K_ECDHE_RSA, B_AES_256, T); |
536 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", |
514 |
537 0xC00E, --p, K_ECDH_RSA, B_AES_128, T); |
515 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 0x0033, --p, K_DHE_RSA, B_AES_128, T); |
538 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", |
516 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 0x0039, --p, K_DHE_RSA, B_AES_256, T); |
539 0xC00F, --p, K_ECDH_RSA, B_AES_256, T); |
517 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 0x0032, --p, K_DHE_DSS, B_AES_128, T); |
540 |
518 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 0x0038, --p, K_DHE_DSS, B_AES_256, T); |
541 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", |
519 |
542 0xC007, --p, K_ECDHE_ECDSA,B_RC4_128, N); |
520 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", 0x000a, --p, K_RSA, B_3DES, T); |
543 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", |
521 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC003, --p, K_ECDH_ECDSA, B_3DES, T); |
544 0xC009, --p, K_ECDHE_ECDSA,B_AES_128, T); |
522 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 0xC00D, --p, K_ECDH_RSA, B_3DES, T); |
545 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", |
523 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC008, --p, K_ECDHE_ECDSA,B_3DES, T); |
546 0xC00A, --p, K_ECDHE_ECDSA,B_AES_256, T); |
524 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 0xC012, --p, K_ECDHE_RSA, B_3DES, T); |
547 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", |
525 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 0x0016, --p, K_DHE_RSA, B_3DES, T); |
548 0xC011, --p, K_ECDHE_RSA, B_RC4_128, N); |
526 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 0x0013, --p, K_DHE_DSS, B_3DES, N); |
549 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", |
527 |
550 0xC013, --p, K_ECDHE_RSA, B_AES_128, T); |
528 add("SSL_RSA_WITH_DES_CBC_SHA", 0x0009, --p, K_RSA, B_DES, N); |
551 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", |
529 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0015, --p, K_DHE_RSA, B_DES, N); |
552 0xC014, --p, K_ECDHE_RSA, B_AES_256, T); |
530 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0012, --p, K_DHE_DSS, B_DES, N); |
553 |
531 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0003, --p, K_RSA_EXPORT, B_RC4_40, N); |
554 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", |
532 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0008, --p, K_RSA_EXPORT, B_DES_40, N); |
555 0x0033, --p, K_DHE_RSA, B_AES_128, T); |
533 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0014, --p, K_DHE_RSA, B_DES_40, N); |
556 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", |
534 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0011, --p, K_DHE_DSS, B_DES_40, N); |
557 0x0039, --p, K_DHE_RSA, B_AES_256, T); |
|
558 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", |
|
559 0x0032, --p, K_DHE_DSS, B_AES_128, T); |
|
560 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", |
|
561 0x0038, --p, K_DHE_DSS, B_AES_256, T); |
|
562 |
|
563 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", |
|
564 0x000a, --p, K_RSA, B_3DES, T); |
|
565 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", |
|
566 0xC003, --p, K_ECDH_ECDSA, B_3DES, T); |
|
567 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", |
|
568 0xC00D, --p, K_ECDH_RSA, B_3DES, T); |
|
569 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", |
|
570 0xC008, --p, K_ECDHE_ECDSA,B_3DES, T); |
|
571 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", |
|
572 0xC012, --p, K_ECDHE_RSA, B_3DES, T); |
|
573 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", |
|
574 0x0016, --p, K_DHE_RSA, B_3DES, T); |
|
575 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", |
|
576 0x0013, --p, K_DHE_DSS, B_3DES, N); |
|
577 |
|
578 add("SSL_RSA_WITH_DES_CBC_SHA", |
|
579 0x0009, --p, K_RSA, B_DES, N); |
|
580 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", |
|
581 0x0015, --p, K_DHE_RSA, B_DES, N); |
|
582 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", |
|
583 0x0012, --p, K_DHE_DSS, B_DES, N); |
|
584 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", |
|
585 0x0003, --p, K_RSA_EXPORT, B_RC4_40, N); |
|
586 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", |
|
587 0x0008, --p, K_RSA_EXPORT, B_DES_40, N); |
|
588 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", |
|
589 0x0014, --p, K_DHE_RSA, B_DES_40, N); |
|
590 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", |
|
591 0x0011, --p, K_DHE_DSS, B_DES_40, N); |
|
592 |
|
593 // Renegotiation protection request Signalling Cipher Suite Value (SCSV) |
|
594 add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", |
|
595 0x00ff, --p, K_SCSV, B_NULL, T); |
535 |
596 |
536 // Definition of the CipherSuites that are supported but not enabled |
597 // Definition of the CipherSuites that are supported but not enabled |
537 // by default. |
598 // by default. |
538 // They are listed in preference order, preferred first. |
599 // They are listed in preference order, preferred first. |
539 p = DEFAULT_SUITES_PRIORITY; |
600 p = DEFAULT_SUITES_PRIORITY; |
540 |
601 |
541 // Anonymous key exchange and the NULL ciphers |
602 // Anonymous key exchange and the NULL ciphers |
542 add("SSL_RSA_WITH_NULL_MD5", 0x0001, --p, K_RSA, B_NULL, N); |
603 add("SSL_RSA_WITH_NULL_MD5", |
543 add("SSL_RSA_WITH_NULL_SHA", 0x0002, --p, K_RSA, B_NULL, N); |
604 0x0001, --p, K_RSA, B_NULL, N); |
544 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", 0xC001, --p, K_ECDH_ECDSA, B_NULL, N); |
605 add("SSL_RSA_WITH_NULL_SHA", |
545 add("TLS_ECDH_RSA_WITH_NULL_SHA", 0xC00B, --p, K_ECDH_RSA, B_NULL, N); |
606 0x0002, --p, K_RSA, B_NULL, N); |
546 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", 0xC006, --p, K_ECDHE_ECDSA,B_NULL, N); |
607 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", |
547 add("TLS_ECDHE_RSA_WITH_NULL_SHA", 0xC010, --p, K_ECDHE_RSA, B_NULL, N); |
608 0xC001, --p, K_ECDH_ECDSA, B_NULL, N); |
548 |
609 add("TLS_ECDH_RSA_WITH_NULL_SHA", |
549 add("SSL_DH_anon_WITH_RC4_128_MD5", 0x0018, --p, K_DH_ANON, B_RC4_128, N); |
610 0xC00B, --p, K_ECDH_RSA, B_NULL, N); |
550 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", 0x0034, --p, K_DH_ANON, B_AES_128, N); |
611 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", |
551 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", 0x003a, --p, K_DH_ANON, B_AES_256, N); |
612 0xC006, --p, K_ECDHE_ECDSA,B_NULL, N); |
552 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 0x001b, --p, K_DH_ANON, B_3DES, N); |
613 add("TLS_ECDHE_RSA_WITH_NULL_SHA", |
553 add("SSL_DH_anon_WITH_DES_CBC_SHA", 0x001a, --p, K_DH_ANON, B_DES, N); |
614 0xC010, --p, K_ECDHE_RSA, B_NULL, N); |
554 |
615 |
555 add("TLS_ECDH_anon_WITH_RC4_128_SHA", 0xC016, --p, K_ECDH_ANON, B_RC4_128, N); |
616 add("SSL_DH_anon_WITH_RC4_128_MD5", |
556 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 0xC018, --p, K_ECDH_ANON, B_AES_128, T); |
617 0x0018, --p, K_DH_ANON, B_RC4_128, N); |
557 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 0xC019, --p, K_ECDH_ANON, B_AES_256, T); |
618 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", |
558 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 0xC017, --p, K_ECDH_ANON, B_3DES, T); |
619 0x0034, --p, K_DH_ANON, B_AES_128, N); |
559 |
620 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", |
560 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0017, --p, K_DH_ANON, B_RC4_40, N); |
621 0x003a, --p, K_DH_ANON, B_AES_256, N); |
561 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0019, --p, K_DH_ANON, B_DES_40, N); |
622 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", |
562 |
623 0x001b, --p, K_DH_ANON, B_3DES, N); |
563 add("TLS_ECDH_anon_WITH_NULL_SHA", 0xC015, --p, K_ECDH_ANON, B_NULL, N); |
624 add("SSL_DH_anon_WITH_DES_CBC_SHA", |
564 |
625 0x001a, --p, K_DH_ANON, B_DES, N); |
565 // Supported Kerberos ciphersuites from RFC2712 |
626 |
566 add("TLS_KRB5_WITH_RC4_128_SHA", 0x0020, --p, K_KRB5, B_RC4_128, N); |
627 add("TLS_ECDH_anon_WITH_RC4_128_SHA", |
567 add("TLS_KRB5_WITH_RC4_128_MD5", 0x0024, --p, K_KRB5, B_RC4_128, N); |
628 0xC016, --p, K_ECDH_ANON, B_RC4_128, N); |
568 add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001f, --p, K_KRB5, B_3DES, N); |
629 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", |
569 add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023, --p, K_KRB5, B_3DES, N); |
630 0xC018, --p, K_ECDH_ANON, B_AES_128, T); |
570 add("TLS_KRB5_WITH_DES_CBC_SHA", 0x001e, --p, K_KRB5, B_DES, N); |
631 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", |
571 add("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022, --p, K_KRB5, B_DES, N); |
632 0xC019, --p, K_ECDH_ANON, B_AES_256, T); |
572 add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028, --p, K_KRB5_EXPORT, B_RC4_40, N); |
633 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", |
573 add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002b, --p, K_KRB5_EXPORT, B_RC4_40, N); |
634 0xC017, --p, K_ECDH_ANON, B_3DES, T); |
574 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026, --p, K_KRB5_EXPORT, B_DES_40, N); |
635 |
575 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029, --p, K_KRB5_EXPORT, B_DES_40, N); |
636 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", |
576 |
637 0x0017, --p, K_DH_ANON, B_RC4_40, N); |
|
638 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", |
|
639 0x0019, --p, K_DH_ANON, B_DES_40, N); |
|
640 |
|
641 add("TLS_ECDH_anon_WITH_NULL_SHA", |
|
642 0xC015, --p, K_ECDH_ANON, B_NULL, N); |
|
643 |
|
644 // Supported Kerberos ciphersuites from RFC2712 |
|
645 add("TLS_KRB5_WITH_RC4_128_SHA", |
|
646 0x0020, --p, K_KRB5, B_RC4_128, N); |
|
647 add("TLS_KRB5_WITH_RC4_128_MD5", |
|
648 0x0024, --p, K_KRB5, B_RC4_128, N); |
|
649 add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", |
|
650 0x001f, --p, K_KRB5, B_3DES, N); |
|
651 add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", |
|
652 0x0023, --p, K_KRB5, B_3DES, N); |
|
653 add("TLS_KRB5_WITH_DES_CBC_SHA", |
|
654 0x001e, --p, K_KRB5, B_DES, N); |
|
655 add("TLS_KRB5_WITH_DES_CBC_MD5", |
|
656 0x0022, --p, K_KRB5, B_DES, N); |
|
657 add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", |
|
658 0x0028, --p, K_KRB5_EXPORT, B_RC4_40, N); |
|
659 add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", |
|
660 0x002b, --p, K_KRB5_EXPORT, B_RC4_40, N); |
|
661 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", |
|
662 0x0026, --p, K_KRB5_EXPORT, B_DES_40, N); |
|
663 add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", |
|
664 0x0029, --p, K_KRB5_EXPORT, B_DES_40, N); |
577 |
665 |
578 // Register the names of a few additional CipherSuites. |
666 // Register the names of a few additional CipherSuites. |
579 // Makes them show up as names instead of numbers in |
667 // Makes them show up as names instead of numbers in |
580 // the debug output. |
668 // the debug output. |
581 |
669 |