OLD | NEW |
1 /* | 1 /* |
2 * Table enumerating all implemented cipher suites | 2 * Table enumerating all implemented cipher suites |
3 * Part of public API. | 3 * Part of public API. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 #include "ssl.h" | 9 #include "ssl.h" |
10 #include "sslproto.h" | 10 #include "sslproto.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 * organizations. SEED is only recommended by the Korean government. 3DES | 30 * organizations. SEED is only recommended by the Korean government. 3DES |
31 * only provides 112 bits of security. RC4 is now deprecated or forbidden | 31 * only provides 112 bits of security. RC4 is now deprecated or forbidden |
32 * by many standards organizations. | 32 * by many standards organizations. |
33 * * Within symmetric algorithm sections, order by message authentication | 33 * * Within symmetric algorithm sections, order by message authentication |
34 * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. | 34 * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. |
35 * * Within message authentication algorithm sections, order by asymmetric | 35 * * Within message authentication algorithm sections, order by asymmetric |
36 * signature algorithm: ECDSA, then RSA, then DSS. | 36 * signature algorithm: ECDSA, then RSA, then DSS. |
37 * | 37 * |
38 * Exception: Because some servers ignore the high-order byte of the cipher | 38 * Exception: Because some servers ignore the high-order byte of the cipher |
39 * suite ID, we must be careful about adding cipher suites with IDs larger | 39 * suite ID, we must be careful about adding cipher suites with IDs larger |
40 * than 0x00ff; see bug 946147. For these broken servers, the first six cipher | 40 * than 0x00ff; see bug 946147. For these broken servers, the first four cipher |
41 * suites, with the MSB zeroed, look like: | 41 * suites, with the MSB zeroed, look like: |
42 * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA { 0x00,0x14 } | |
43 * TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA { 0x00,0x13 } | |
44 * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } | 42 * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } |
45 * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } | 43 * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } |
46 * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } | 44 * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } |
47 * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } | 45 * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } |
48 * The broken server only supports the fifth and sixth ones and will select | 46 * The broken server only supports the third and fourth ones and will select |
49 * the fifth one. | 47 * the third one. |
50 */ | 48 */ |
51 const PRUint16 SSL_ImplementedCiphers[] = { | 49 const PRUint16 SSL_ImplementedCiphers[] = { |
52 #ifndef NSS_DISABLE_ECC | 50 #ifndef NSS_DISABLE_ECC |
53 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, | |
54 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, | |
55 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | 51 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
56 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | 52 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| 53 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, |
| 54 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
57 /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before | 55 /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before |
58 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. | 56 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. |
59 */ | 57 */ |
60 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | 58 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
61 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | 59 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
62 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, | 60 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
63 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, | 61 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
64 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, | 62 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
65 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, | 63 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
66 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, | 64 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, |
67 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, | 65 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
68 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, | 66 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
69 TLS_ECDHE_RSA_WITH_RC4_128_SHA, | 67 TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
70 #endif /* NSS_DISABLE_ECC */ | 68 #endif /* NSS_DISABLE_ECC */ |
71 | 69 |
72 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, | 70 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| 71 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
73 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, | 72 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, |
74 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, | 73 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
75 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, | 74 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, |
76 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, | 75 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
77 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, | 76 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, |
78 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 77 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
79 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 78 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
80 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, | 79 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
81 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, | 80 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, |
82 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, | 81 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
118 TLS_RSA_WITH_DES_CBC_SHA, | 117 TLS_RSA_WITH_DES_CBC_SHA, |
119 | 118 |
120 /* export ciphersuites with 1024-bit public key exchange keys */ | 119 /* export ciphersuites with 1024-bit public key exchange keys */ |
121 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, | 120 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, |
122 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, | 121 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
123 | 122 |
124 /* export ciphersuites with 512-bit public key exchange keys */ | 123 /* export ciphersuites with 512-bit public key exchange keys */ |
125 TLS_RSA_EXPORT_WITH_RC4_40_MD5, | 124 TLS_RSA_EXPORT_WITH_RC4_40_MD5, |
126 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, | 125 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, |
127 | 126 |
128 /* ciphersuites with no encryption */ | 127 /* ciphersuites with no encryption */ |
129 #ifndef NSS_DISABLE_ECC | 128 #ifndef NSS_DISABLE_ECC |
130 TLS_ECDHE_ECDSA_WITH_NULL_SHA, | 129 TLS_ECDHE_ECDSA_WITH_NULL_SHA, |
131 TLS_ECDHE_RSA_WITH_NULL_SHA, | 130 TLS_ECDHE_RSA_WITH_NULL_SHA, |
132 TLS_ECDH_RSA_WITH_NULL_SHA, | 131 TLS_ECDH_RSA_WITH_NULL_SHA, |
133 TLS_ECDH_ECDSA_WITH_NULL_SHA, | 132 TLS_ECDH_ECDSA_WITH_NULL_SHA, |
134 #endif /* NSS_DISABLE_ECC */ | 133 #endif /* NSS_DISABLE_ECC */ |
135 TLS_RSA_WITH_NULL_SHA, | 134 TLS_RSA_WITH_NULL_SHA, |
136 TLS_RSA_WITH_NULL_SHA256, | 135 TLS_RSA_WITH_NULL_SHA256, |
137 TLS_RSA_WITH_NULL_MD5, | 136 TLS_RSA_WITH_NULL_MD5, |
138 | 137 |
139 /* SSL2 cipher suites. */ | 138 /* SSL2 cipher suites. */ |
140 SSL_EN_RC4_128_WITH_MD5, | 139 SSL_EN_RC4_128_WITH_MD5, |
141 SSL_EN_RC2_128_CBC_WITH_MD5, | 140 SSL_EN_RC2_128_CBC_WITH_MD5, |
142 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ | 141 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ |
143 SSL_EN_DES_64_CBC_WITH_MD5, | 142 SSL_EN_DES_64_CBC_WITH_MD5, |
144 SSL_EN_RC4_128_EXPORT40_WITH_MD5, | 143 SSL_EN_RC4_128_EXPORT40_WITH_MD5, |
145 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, | 144 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, |
146 | 145 |
147 0 | 146 0 |
148 | 147 |
149 }; | 148 }; |
150 | 149 |
151 const PRUint16 SSL_NumImplementedCiphers = | 150 const PRUint16 SSL_NumImplementedCiphers = |
152 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; | 151 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; |
153 | 152 |
154 const PRUint16 * | 153 const PRUint16* |
155 SSL_GetImplementedCiphers(void) | 154 SSL_GetImplementedCiphers(void) |
156 { | 155 { |
157 return SSL_ImplementedCiphers; | 156 return SSL_ImplementedCiphers; |
158 } | 157 } |
159 | 158 |
160 PRUint16 | 159 PRUint16 |
161 SSL_GetNumImplementedCiphers(void) | 160 SSL_GetNumImplementedCiphers(void) |
162 { | 161 { |
163 return SSL_NumImplementedCiphers; | 162 return SSL_NumImplementedCiphers; |
164 } | 163 } |
OLD | NEW |