OLD | NEW |
1 /* | 1 /* |
2 * Table enumerating all implemented cipher suites | 2 * Table enumerating all implemented cipher suites |
3 * Part of public API. | 3 * Part of public API. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 /* $Id$ */ | 8 /* $Id$ */ |
9 | 9 |
10 #include "ssl.h" | 10 #include "ssl.h" |
11 #include "sslproto.h" | 11 #include "sslproto.h" |
12 | 12 |
13 /* | 13 /* |
14 * The ciphers are listed in the following order: | 14 * The ciphers are listed in the following order: |
15 * - stronger ciphers before weaker ciphers | 15 * - stronger ciphers before weaker ciphers |
16 * - national ciphers before international ciphers | 16 * - national ciphers before international ciphers |
17 * - faster ciphers before slower ciphers | 17 * - faster ciphers before slower ciphers |
18 * | 18 * |
19 * National ciphers such as Camellia are listed before international ciphers | 19 * National ciphers such as Camellia are listed before international ciphers |
20 * such as AES and RC4 to allow servers that prefer Camellia to negotiate | 20 * such as AES and RC4 to allow servers that prefer Camellia to negotiate |
21 * Camellia without having to disable AES and RC4, which are needed for | 21 * Camellia without having to disable AES and RC4, which are needed for |
22 * interoperability with clients that don't yet implement Camellia. | 22 * interoperability with clients that don't yet implement Camellia. |
23 * | 23 * |
24 * The ordering of cipher suites in this table must match the ordering in | 24 * The ordering of cipher suites in this table must match the ordering in |
25 * the cipherSuites table in ssl3con.c. | 25 * the cipherSuites table in ssl3con.c. |
26 * | 26 * |
27 * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays | 27 * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays |
28 * in ssl3ecc.c. | 28 * in ssl3ecc.c. |
| 29 * |
| 30 * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. |
29 */ | 31 */ |
30 const PRUint16 SSL_ImplementedCiphers[] = { | 32 const PRUint16 SSL_ImplementedCiphers[] = { |
31 /* 256-bit */ | 33 /* 256-bit */ |
32 #ifdef NSS_ENABLE_ECC | 34 #ifdef NSS_ENABLE_ECC |
33 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | 35 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
34 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, | 36 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
35 #endif /* NSS_ENABLE_ECC */ | 37 #endif /* NSS_ENABLE_ECC */ |
36 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | 38 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
37 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | 39 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
38 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, | 40 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
| 41 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
39 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, | 42 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, |
40 #ifdef NSS_ENABLE_ECC | 43 #ifdef NSS_ENABLE_ECC |
41 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, | 44 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, |
42 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, | 45 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
43 #endif /* NSS_ENABLE_ECC */ | 46 #endif /* NSS_ENABLE_ECC */ |
44 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, | 47 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, |
45 TLS_RSA_WITH_AES_256_CBC_SHA, | 48 TLS_RSA_WITH_AES_256_CBC_SHA, |
| 49 TLS_RSA_WITH_AES_256_CBC_SHA256, |
46 | 50 |
47 /* 128-bit */ | 51 /* 128-bit */ |
48 #ifdef NSS_ENABLE_ECC | 52 #ifdef NSS_ENABLE_ECC |
49 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, | 53 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
50 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | 54 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 55 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
51 TLS_ECDHE_RSA_WITH_RC4_128_SHA, | 56 TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
52 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, | 57 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| 58 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
53 #endif /* NSS_ENABLE_ECC */ | 59 #endif /* NSS_ENABLE_ECC */ |
54 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 60 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
55 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 61 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
56 TLS_DHE_DSS_WITH_RC4_128_SHA, | 62 TLS_DHE_DSS_WITH_RC4_128_SHA, |
57 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, | 63 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
| 64 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
58 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, | 65 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, |
59 #ifdef NSS_ENABLE_ECC | 66 #ifdef NSS_ENABLE_ECC |
60 TLS_ECDH_RSA_WITH_RC4_128_SHA, | 67 TLS_ECDH_RSA_WITH_RC4_128_SHA, |
61 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, | 68 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, |
62 TLS_ECDH_ECDSA_WITH_RC4_128_SHA, | 69 TLS_ECDH_ECDSA_WITH_RC4_128_SHA, |
63 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, | 70 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
64 #endif /* NSS_ENABLE_ECC */ | 71 #endif /* NSS_ENABLE_ECC */ |
65 TLS_RSA_WITH_SEED_CBC_SHA, | 72 TLS_RSA_WITH_SEED_CBC_SHA, |
66 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, | 73 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, |
67 SSL_RSA_WITH_RC4_128_SHA, | 74 SSL_RSA_WITH_RC4_128_SHA, |
68 SSL_RSA_WITH_RC4_128_MD5, | 75 SSL_RSA_WITH_RC4_128_MD5, |
69 TLS_RSA_WITH_AES_128_CBC_SHA, | 76 TLS_RSA_WITH_AES_128_CBC_SHA, |
| 77 TLS_RSA_WITH_AES_128_CBC_SHA256, |
70 | 78 |
71 /* 112-bit 3DES */ | 79 /* 112-bit 3DES */ |
72 #ifdef NSS_ENABLE_ECC | 80 #ifdef NSS_ENABLE_ECC |
73 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, | 81 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, |
74 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, | 82 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
75 #endif /* NSS_ENABLE_ECC */ | 83 #endif /* NSS_ENABLE_ECC */ |
76 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, | 84 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, |
77 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, | 85 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, |
78 #ifdef NSS_ENABLE_ECC | 86 #ifdef NSS_ENABLE_ECC |
79 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, | 87 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, |
(...skipping 17 matching lines...) Expand all Loading... |
97 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, | 105 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, |
98 | 106 |
99 /* ciphersuites with no encryption */ | 107 /* ciphersuites with no encryption */ |
100 #ifdef NSS_ENABLE_ECC | 108 #ifdef NSS_ENABLE_ECC |
101 TLS_ECDHE_ECDSA_WITH_NULL_SHA, | 109 TLS_ECDHE_ECDSA_WITH_NULL_SHA, |
102 TLS_ECDHE_RSA_WITH_NULL_SHA, | 110 TLS_ECDHE_RSA_WITH_NULL_SHA, |
103 TLS_ECDH_RSA_WITH_NULL_SHA, | 111 TLS_ECDH_RSA_WITH_NULL_SHA, |
104 TLS_ECDH_ECDSA_WITH_NULL_SHA, | 112 TLS_ECDH_ECDSA_WITH_NULL_SHA, |
105 #endif /* NSS_ENABLE_ECC */ | 113 #endif /* NSS_ENABLE_ECC */ |
106 SSL_RSA_WITH_NULL_SHA, | 114 SSL_RSA_WITH_NULL_SHA, |
| 115 TLS_RSA_WITH_NULL_SHA256, |
107 SSL_RSA_WITH_NULL_MD5, | 116 SSL_RSA_WITH_NULL_MD5, |
108 | 117 |
109 /* SSL2 cipher suites. */ | 118 /* SSL2 cipher suites. */ |
110 SSL_EN_RC4_128_WITH_MD5, | 119 SSL_EN_RC4_128_WITH_MD5, |
111 SSL_EN_RC2_128_CBC_WITH_MD5, | 120 SSL_EN_RC2_128_CBC_WITH_MD5, |
112 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ | 121 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ |
113 SSL_EN_DES_64_CBC_WITH_MD5, | 122 SSL_EN_DES_64_CBC_WITH_MD5, |
114 SSL_EN_RC4_128_EXPORT40_WITH_MD5, | 123 SSL_EN_RC4_128_EXPORT40_WITH_MD5, |
115 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, | 124 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, |
116 | 125 |
117 0 | 126 0 |
118 | 127 |
119 }; | 128 }; |
120 | 129 |
121 const PRUint16 SSL_NumImplementedCiphers = | 130 const PRUint16 SSL_NumImplementedCiphers = |
122 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; | 131 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; |
123 | 132 |
124 const PRUint16 * | 133 const PRUint16 * |
125 SSL_GetImplementedCiphers(void) | 134 SSL_GetImplementedCiphers(void) |
126 { | 135 { |
127 return SSL_ImplementedCiphers; | 136 return SSL_ImplementedCiphers; |
128 } | 137 } |
129 | 138 |
130 PRUint16 | 139 PRUint16 |
131 SSL_GetNumImplementedCiphers(void) | 140 SSL_GetNumImplementedCiphers(void) |
132 { | 141 { |
133 return SSL_NumImplementedCiphers; | 142 return SSL_NumImplementedCiphers; |
134 } | 143 } |
OLD | NEW |