| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * Table enumerating all implemented cipher suites | |
| 3 * Part of public API. | |
| 4 * | |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 8 | |
| 9 #include "ssl.h" | |
| 10 #include "sslproto.h" | |
| 11 | |
| 12 /* | |
| 13 * The ordering of cipher suites in this table must match the ordering in | |
| 14 * the cipherSuites table in ssl3con.c. | |
| 15 * | |
| 16 * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays | |
| 17 * in ssl3ecc.c. | |
| 18 * | |
| 19 * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. | |
| 20 * | |
| 21 * The ordering is as follows: | |
| 22 * * No-encryption cipher suites last | |
| 23 * * Export/weak/obsolete cipher suites before no-encryption cipher suites | |
| 24 * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA. | |
| 25 * * Within key agreement sections, order by symmetric encryption algorithm: | |
| 26 * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED, | |
| 27 * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a | |
| 28 * strong cipher internationally, and is often hardware-accelerated. | |
| 29 * Camellia also has wide international support across standards | |
| 30 * organizations. SEED is only recommended by the Korean government. 3DES | |
| 31 * only provides 112 bits of security. RC4 is now deprecated or forbidden | |
| 32 * by many standards organizations. | |
| 33 * * Within symmetric algorithm sections, order by message authentication | |
| 34 * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. | |
| 35 * * Within message authentication algorithm sections, order by asymmetric | |
| 36 * signature algorithm: ECDSA, then RSA, then DSS. | |
| 37 * | |
| 38 * Exception: Because some servers ignore the high-order byte of the cipher | |
| 39 * suite ID, we must be careful about adding cipher suites with IDs larger | |
| 40 * than 0x00ff; see bug 946147. For these broken servers, the first four cipher | |
| 41 * suites, with the MSB zeroed, look like: | |
| 42 * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } | |
| 43 * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } | |
| 44 * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } | |
| 45 * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } | |
| 46 * The broken server only supports the third and fourth ones and will select | |
| 47 * the third one. | |
| 48 */ | |
| 49 const PRUint16 SSL_ImplementedCiphers[] = { | |
| 50 #ifndef NSS_DISABLE_ECC | |
| 51 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | |
| 52 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | |
| 53 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, | |
| 54 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, | |
| 55 /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before | |
| 56 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. | |
| 57 */ | |
| 58 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | |
| 59 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | |
| 60 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, | |
| 61 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, | |
| 62 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, | |
| 63 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, | |
| 64 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, | |
| 65 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, | |
| 66 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, | |
| 67 TLS_ECDHE_RSA_WITH_RC4_128_SHA, | |
| 68 #endif /* NSS_DISABLE_ECC */ | |
| 69 | |
| 70 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, | |
| 71 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, | |
| 72 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, | |
| 73 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, | |
| 74 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, | |
| 75 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, | |
| 76 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, | |
| 77 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | |
| 78 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | |
| 79 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, | |
| 80 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, | |
| 81 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, | |
| 82 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, | |
| 83 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | |
| 84 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | |
| 85 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, | |
| 86 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, | |
| 87 TLS_DHE_DSS_WITH_RC4_128_SHA, | |
| 88 | |
| 89 #ifndef NSS_DISABLE_ECC | |
| 90 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, | |
| 91 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, | |
| 92 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, | |
| 93 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, | |
| 94 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, | |
| 95 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, | |
| 96 TLS_ECDH_ECDSA_WITH_RC4_128_SHA, | |
| 97 TLS_ECDH_RSA_WITH_RC4_128_SHA, | |
| 98 #endif /* NSS_DISABLE_ECC */ | |
| 99 | |
| 100 TLS_RSA_WITH_AES_128_GCM_SHA256, | |
| 101 TLS_RSA_WITH_AES_128_CBC_SHA, | |
| 102 TLS_RSA_WITH_AES_128_CBC_SHA256, | |
| 103 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, | |
| 104 TLS_RSA_WITH_AES_256_CBC_SHA, | |
| 105 TLS_RSA_WITH_AES_256_CBC_SHA256, | |
| 106 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, | |
| 107 TLS_RSA_WITH_SEED_CBC_SHA, | |
| 108 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, | |
| 109 TLS_RSA_WITH_3DES_EDE_CBC_SHA, | |
| 110 TLS_RSA_WITH_RC4_128_SHA, | |
| 111 TLS_RSA_WITH_RC4_128_MD5, | |
| 112 | |
| 113 /* 56-bit DES "domestic" cipher suites */ | |
| 114 TLS_DHE_RSA_WITH_DES_CBC_SHA, | |
| 115 TLS_DHE_DSS_WITH_DES_CBC_SHA, | |
| 116 SSL_RSA_FIPS_WITH_DES_CBC_SHA, | |
| 117 TLS_RSA_WITH_DES_CBC_SHA, | |
| 118 | |
| 119 /* export ciphersuites with 1024-bit public key exchange keys */ | |
| 120 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, | |
| 121 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, | |
| 122 | |
| 123 /* export ciphersuites with 512-bit public key exchange keys */ | |
| 124 TLS_RSA_EXPORT_WITH_RC4_40_MD5, | |
| 125 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, | |
| 126 | |
| 127 /* ciphersuites with no encryption */ | |
| 128 #ifndef NSS_DISABLE_ECC | |
| 129 TLS_ECDHE_ECDSA_WITH_NULL_SHA, | |
| 130 TLS_ECDHE_RSA_WITH_NULL_SHA, | |
| 131 TLS_ECDH_RSA_WITH_NULL_SHA, | |
| 132 TLS_ECDH_ECDSA_WITH_NULL_SHA, | |
| 133 #endif /* NSS_DISABLE_ECC */ | |
| 134 TLS_RSA_WITH_NULL_SHA, | |
| 135 TLS_RSA_WITH_NULL_SHA256, | |
| 136 TLS_RSA_WITH_NULL_MD5, | |
| 137 | |
| 138 /* SSL2 cipher suites. */ | |
| 139 SSL_EN_RC4_128_WITH_MD5, | |
| 140 SSL_EN_RC2_128_CBC_WITH_MD5, | |
| 141 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ | |
| 142 SSL_EN_DES_64_CBC_WITH_MD5, | |
| 143 SSL_EN_RC4_128_EXPORT40_WITH_MD5, | |
| 144 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, | |
| 145 | |
| 146 0 | |
| 147 | |
| 148 }; | |
| 149 | |
| 150 const PRUint16 SSL_NumImplementedCiphers = | |
| 151 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; | |
| 152 | |
| 153 const PRUint16* | |
| 154 SSL_GetImplementedCiphers(void) | |
| 155 { | |
| 156 return SSL_ImplementedCiphers; | |
| 157 } | |
| 158 | |
| 159 PRUint16 | |
| 160 SSL_GetNumImplementedCiphers(void) | |
| 161 { | |
| 162 return SSL_NumImplementedCiphers; | |
| 163 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master