mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
485 lines
20 KiB
Text
485 lines
20 KiB
Text
# $Id: ssl-ciphers.bro 5857 2008-06-26 23:00:03Z vern $
|
|
|
|
# --- constant definitions of the cipher specs ---
|
|
|
|
# --- sslv2 ---
|
|
const SSLv20_CK_RC4_128_WITH_MD5 = 0x010080;
|
|
const SSLv20_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080;
|
|
const SSLv20_CK_RC2_128_CBC_WITH_MD5 = 0x030080;
|
|
const SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080;
|
|
const SSLv20_CK_IDEA_128_CBC_WITH_MD5 = 0x050080;
|
|
const SSLv20_CK_DES_64_CBC_WITH_MD5 = 0x060040;
|
|
const SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0;
|
|
|
|
# --- sslv3x ---
|
|
|
|
const SSLv3x_NULL_WITH_NULL_NULL = 0x0000;
|
|
|
|
# The following CipherSuite definitions require that the server
|
|
# provide an RSA certificate that can be used for key exchange. The
|
|
# server may request either an RSA or a DSS signature-capable
|
|
# certificate in the certificate request message.
|
|
|
|
const SSLv3x_RSA_WITH_NULL_MD5 = 0x0001;
|
|
const SSLv3x_RSA_WITH_NULL_SHA = 0x0002;
|
|
const SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003;
|
|
const SSLv3x_RSA_WITH_RC4_128_MD5 = 0x0004;
|
|
const SSLv3x_RSA_WITH_RC4_128_SHA = 0x0005;
|
|
const SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006;
|
|
const SSLv3x_RSA_WITH_IDEA_CBC_SHA = 0x0007;
|
|
const SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008;
|
|
const SSLv3x_RSA_WITH_DES_CBC_SHA = 0x0009;
|
|
const SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A;
|
|
|
|
# The following CipherSuite definitions are used for
|
|
# server-authenticated (and optionally client-authenticated)
|
|
# Diffie-Hellman. DH denotes cipher suites in which the server's
|
|
# certificate contains the Diffie-Hellman parameters signed by the
|
|
# certificate authority (CA). DHE denotes ephemeral Diffie-Hellman,
|
|
# where the Diffie-Hellman parameters are signed by a DSS or RSA
|
|
# certificate, which has been signed by the CA. The signing
|
|
# algorithm used is specified after the DH or DHE parameter. In all
|
|
# cases, the client must have the same type of certificate, and must
|
|
# use the Diffie-Hellman parameters chosen by the server.
|
|
|
|
const SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B;
|
|
const SSLv3x_DH_DSS_WITH_DES_CBC_SHA = 0x000C;
|
|
const SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D;
|
|
const SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E;
|
|
const SSLv3x_DH_RSA_WITH_DES_CBC_SHA = 0x000F;
|
|
const SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010;
|
|
const SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011;
|
|
const SSLv3x_DHE_DSS_WITH_DES_CBC_SHA = 0x0012;
|
|
const SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013;
|
|
const SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014;
|
|
const SSLv3x_DHE_RSA_WITH_DES_CBC_SHA = 0x0015;
|
|
const SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016;
|
|
|
|
# The following cipher suites are used for completely anonymous
|
|
# Diffie-Hellman communications in which neither party is
|
|
# authenticated. Note that this mode is vulnerable to
|
|
# man-in-the-middle attacks and is therefore strongly discouraged.
|
|
|
|
const SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017;
|
|
const SSLv3x_DH_anon_WITH_RC4_128_MD5 = 0x0018;
|
|
const SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019;
|
|
const SSLv3x_DH_anon_WITH_DES_CBC_SHA = 0x001A;
|
|
const SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B;
|
|
|
|
# The final cipher suites are for the FORTEZZA token.
|
|
|
|
const SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C;
|
|
const SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D;
|
|
# This seems to be assigned to a Kerberos cipher in TLS 1.1
|
|
#const SSLv3x_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E;
|
|
|
|
|
|
# Following are some newer ciphers defined in RFC 4346 (TLS 1.1)
|
|
|
|
# Kerberos ciphers
|
|
|
|
const SSLv3x_KRB5_WITH_DES_CBC_SHA = 0x001E;
|
|
const SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F;
|
|
const SSLv3x_KRB5_WITH_RC4_128_SHA = 0x0020;
|
|
const SSLv3x_KRB5_WITH_IDEA_CBC_SHA = 0x0021;
|
|
const SSLv3x_KRB5_WITH_DES_CBC_MD5 = 0x0022;
|
|
const SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023;
|
|
const SSLv3x_KRB5_WITH_RC4_128_MD5 = 0x0024;
|
|
const SSLv3x_KRB5_WITH_IDEA_CBC_MD5 = 0x0025;
|
|
|
|
# Kerberos export ciphers
|
|
|
|
const SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026;
|
|
const SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027;
|
|
const SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028;
|
|
const SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029;
|
|
const SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A;
|
|
const SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B;
|
|
|
|
|
|
# AES ciphers
|
|
|
|
const SSLv3x_RSA_WITH_AES_128_CBC_SHA = 0x002F;
|
|
const SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030;
|
|
const SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031;
|
|
const SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032;
|
|
const SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033;
|
|
const SSLv3x_DH_anon_WITH_AES_128_CBC_SHA = 0x0034;
|
|
const SSLv3x_RSA_WITH_AES_256_CBC_SHA = 0x0035;
|
|
const SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036;
|
|
const SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037;
|
|
const SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038;
|
|
const SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039;
|
|
const SSLv3x_DH_anon_WITH_AES_256_CBC_SHA = 0x003A;
|
|
|
|
# Mostly more RFC defined suites
|
|
const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041; # [RFC4132]
|
|
const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042; # [RFC4132]
|
|
const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043; # [RFC4132]
|
|
const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044; # [RFC4132]
|
|
const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045; # [RFC4132]
|
|
const TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046; # [RFC4132]
|
|
|
|
# The following are tagged as "Widely Deployed implementation":
|
|
const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0x0047;
|
|
const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x0048;
|
|
const TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = 0x0049;
|
|
const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x004A;
|
|
const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x004B;
|
|
const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x004C;
|
|
const TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060;
|
|
const TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061;
|
|
const TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062;
|
|
const TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063;
|
|
const TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064;
|
|
const TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065;
|
|
const TLS_CK_DHE_DSS_WITH_RC4_128_SHA = 0x0066;
|
|
|
|
const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084; # [RFC4132]
|
|
const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085; # [RFC4132]
|
|
const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086; # [RFC4132]
|
|
const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087; # [RFC4132]
|
|
const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088; # [RFC4132]
|
|
const TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089; # [RFC4132]
|
|
const TLS_PSK_WITH_RC4_128_SHA = 0x008A; # [RFC4279]
|
|
const TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B; # [RFC4279]
|
|
const TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C; # [RFC4279]
|
|
const TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D; # [RFC4279]
|
|
const TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E; # [RFC4279]
|
|
const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F; # [RFC4279]
|
|
const TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090; # [RFC4279]
|
|
const TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091; # [RFC4279]
|
|
const TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092; # [RFC4279]
|
|
const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093; # [RFC4279]
|
|
const TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094; # [RFC4279]
|
|
const TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095; # [RFC4279]
|
|
const TLS_RSA_WITH_SEED_CBC_SHA = 0x0096; # [RFC4162]
|
|
const TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097; # [RFC4162]
|
|
const TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098; # [RFC4162]
|
|
const TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099; # [RFC4162]
|
|
const TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A; # [RFC4162]
|
|
const TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B; # [RFC4162]
|
|
|
|
|
|
# Cipher specifications native to TLS can be included in Version 2.0 client
|
|
# hello messages using the syntax below. Any V2CipherSpec element with its
|
|
# first byte equal to zero will be ignored by Version 2.0 servers. Clients
|
|
# sending any of the above V2CipherSpecs should also include the TLS equivalent
|
|
# (see Appendix A.5):
|
|
# V2CipherSpec (see TLS name) = { 0x00, CipherSuite };
|
|
|
|
|
|
# --- This is a table of all known cipher specs.
|
|
# --- It can be used for detecting unknown ciphers and for
|
|
# --- converting the cipher spec constants into a human readable format.
|
|
|
|
const ssl_cipher_desc: table[count] of string = {
|
|
# --- sslv20 ---
|
|
[SSLv20_CK_RC4_128_EXPORT40_WITH_MD5] =
|
|
"SSLv20_CK_RC4_128_EXPORT40_WITH_MD5",
|
|
[SSLv20_CK_RC4_128_WITH_MD5] = "SSLv20_CK_RC4_128_WITH_MD5",
|
|
[SSLv20_CK_RC2_128_CBC_WITH_MD5] = "SSLv20_CK_RC2_128_CBC_WITH_MD5",
|
|
[SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5] =
|
|
"SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5",
|
|
[SSLv20_CK_IDEA_128_CBC_WITH_MD5] = "SSLv20_CK_IDEA_128_CBC_WITH_MD5",
|
|
[SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5] =
|
|
"SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5",
|
|
[SSLv20_CK_DES_64_CBC_WITH_MD5] = "SSLv20_CK_DES_64_CBC_WITH_MD5",
|
|
|
|
# --- sslv3x ---
|
|
[SSLv3x_NULL_WITH_NULL_NULL] = "SSLv3x_NULL_WITH_NULL_NULL",
|
|
|
|
[SSLv3x_RSA_WITH_NULL_MD5] = "SSLv3x_RSA_WITH_NULL_MD5",
|
|
[SSLv3x_RSA_WITH_NULL_SHA] = "SSLv3x_RSA_WITH_NULL_SHA",
|
|
[SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5] =
|
|
"SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5",
|
|
[SSLv3x_RSA_WITH_RC4_128_MD5] = "SSLv3x_RSA_WITH_RC4_128_MD5",
|
|
[SSLv3x_RSA_WITH_RC4_128_SHA] = "SSLv3x_RSA_WITH_RC4_128_SHA",
|
|
[SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5] =
|
|
"SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
|
|
[SSLv3x_RSA_WITH_IDEA_CBC_SHA] = "SSLv3x_RSA_WITH_IDEA_CBC_SHA",
|
|
[SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA] =
|
|
"SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
|
[SSLv3x_RSA_WITH_DES_CBC_SHA] = "SSLv3x_RSA_WITH_DES_CBC_SHA",
|
|
[SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA] = "SSLv3x_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
|
|
[SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] =
|
|
"SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
|
[SSLv3x_DH_DSS_WITH_DES_CBC_SHA] = "SSLv3x_DH_DSS_WITH_DES_CBC_SHA",
|
|
[SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA] =
|
|
"SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA",
|
|
[SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] =
|
|
"SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
|
[SSLv3x_DH_RSA_WITH_DES_CBC_SHA] = "SSLv3x_DH_RSA_WITH_DES_CBC_SHA",
|
|
[SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA] =
|
|
"SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
[SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] =
|
|
"SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
|
[SSLv3x_DHE_DSS_WITH_DES_CBC_SHA] = "SSLv3x_DHE_DSS_WITH_DES_CBC_SHA",
|
|
[SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA] =
|
|
"SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
|
[SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] =
|
|
"SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
|
[SSLv3x_DHE_RSA_WITH_DES_CBC_SHA] = "SSLv3x_DHE_RSA_WITH_DES_CBC_SHA",
|
|
[SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA] =
|
|
"SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
|
|
[SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5] =
|
|
"SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5",
|
|
[SSLv3x_DH_anon_WITH_RC4_128_MD5] = "SSLv3x_DH_anon_WITH_RC4_128_MD5",
|
|
[SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA] =
|
|
"SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
|
|
[SSLv3x_DH_anon_WITH_DES_CBC_SHA] = "SSLv3x_DH_anon_WITH_DES_CBC_SHA",
|
|
[SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA] =
|
|
"SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA",
|
|
|
|
[SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA] =
|
|
"SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA",
|
|
[SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA] =
|
|
"SSLv3x_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA",
|
|
[SSLv3x_KRB5_WITH_DES_CBC_SHA] =
|
|
"SSLv3x_KRB5_WITH_DES_CBC_SHA",
|
|
[SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA] =
|
|
"SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA",
|
|
[SSLv3x_KRB5_WITH_RC4_128_SHA] =
|
|
"SSLv3x_KRB5_WITH_RC4_128_SHA",
|
|
[SSLv3x_KRB5_WITH_IDEA_CBC_SHA] =
|
|
"SSLv3x_KRB5_WITH_IDEA_CBC_SHA",
|
|
[SSLv3x_KRB5_WITH_DES_CBC_MD5] =
|
|
"SSLv3x_KRB5_WITH_DES_CBC_MD5",
|
|
[SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5] =
|
|
"SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5",
|
|
[SSLv3x_KRB5_WITH_RC4_128_MD5] =
|
|
"SSLv3x_KRB5_WITH_RC4_128_MD5",
|
|
[SSLv3x_KRB5_WITH_IDEA_CBC_MD5] =
|
|
"SSLv3x_KRB5_WITH_IDEA_CBC_MD5",
|
|
[SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA] =
|
|
"SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
|
|
[SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA] =
|
|
"SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
|
|
[SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA] =
|
|
"SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA",
|
|
[SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5] =
|
|
"SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
|
|
[SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5] =
|
|
"SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
|
|
[SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5] =
|
|
"SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5",
|
|
[SSLv3x_RSA_WITH_AES_128_CBC_SHA] =
|
|
"SSLv3x_RSA_WITH_AES_128_CBC_SHA",
|
|
[SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA] =
|
|
"SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA",
|
|
[SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA] =
|
|
"SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA",
|
|
[SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA] =
|
|
"SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA",
|
|
[SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA] =
|
|
"SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA",
|
|
[SSLv3x_DH_anon_WITH_AES_128_CBC_SHA] =
|
|
"SSLv3x_DH_anon_WITH_AES_128_CBC_SHA",
|
|
[SSLv3x_RSA_WITH_AES_256_CBC_SHA] =
|
|
"SSLv3x_RSA_WITH_AES_256_CBC_SHA",
|
|
[SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA] =
|
|
"SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA",
|
|
[SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA] =
|
|
"SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA",
|
|
[SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA] =
|
|
"SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA",
|
|
[SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA] =
|
|
"SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA",
|
|
[SSLv3x_DH_anon_WITH_AES_256_CBC_SHA] =
|
|
"SSLv3x_DH_anon_WITH_AES_256_CBC_SHA",
|
|
|
|
[TLS_RSA_WITH_CAMELLIA_128_CBC_SHA] =
|
|
"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA] =
|
|
"TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA] =
|
|
"TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA] =
|
|
"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA] =
|
|
"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA] =
|
|
"TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_NULL_SHA] =
|
|
"TLS_ECDH_ECDSA_WITH_NULL_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_RC4_128_SHA] =
|
|
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_DES_CBC_SHA] =
|
|
"TLS_ECDH_ECDSA_WITH_DES_CBC_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] =
|
|
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA] =
|
|
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA] =
|
|
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5] =
|
|
"TLS_CK_RSA_EXPORT1024_WITH_RC4_56_MD5",
|
|
[TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5] =
|
|
"TLS_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5",
|
|
[TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA] =
|
|
"TLS_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA",
|
|
[TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] =
|
|
"TLS_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
|
|
[TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA] =
|
|
"TLS_CK_RSA_EXPORT1024_WITH_RC4_56_SHA",
|
|
[TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA] =
|
|
"TLS_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
|
|
[TLS_CK_DHE_DSS_WITH_RC4_128_SHA] =
|
|
"TLS_CK_DHE_DSS_WITH_RC4_128_SHA",
|
|
[TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] =
|
|
"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] =
|
|
"TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] =
|
|
"TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA] =
|
|
"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA] =
|
|
"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA] =
|
|
"TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_PSK_WITH_RC4_128_SHA] =
|
|
"TLS_PSK_WITH_RC4_128_SHA",
|
|
[TLS_PSK_WITH_3DES_EDE_CBC_SHA] =
|
|
"TLS_PSK_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_PSK_WITH_AES_128_CBC_SHA] =
|
|
"TLS_PSK_WITH_AES_128_CBC_SHA",
|
|
[TLS_PSK_WITH_AES_256_CBC_SHA] =
|
|
"TLS_PSK_WITH_AES_256_CBC_SHA",
|
|
[TLS_DHE_PSK_WITH_RC4_128_SHA] =
|
|
"TLS_DHE_PSK_WITH_RC4_128_SHA",
|
|
[TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA] =
|
|
"TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_DHE_PSK_WITH_AES_128_CBC_SHA] =
|
|
"TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
|
|
[TLS_DHE_PSK_WITH_AES_256_CBC_SHA] =
|
|
"TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
|
|
[TLS_RSA_PSK_WITH_RC4_128_SHA] =
|
|
"TLS_RSA_PSK_WITH_RC4_128_SHA",
|
|
[TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA] =
|
|
"TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_RSA_PSK_WITH_AES_128_CBC_SHA] =
|
|
"TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
|
|
[TLS_RSA_PSK_WITH_AES_256_CBC_SHA] =
|
|
"TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
|
|
[TLS_RSA_WITH_SEED_CBC_SHA] =
|
|
"TLS_RSA_WITH_SEED_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_SEED_CBC_SHA] =
|
|
"TLS_DH_DSS_WITH_SEED_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_SEED_CBC_SHA] =
|
|
"TLS_DH_RSA_WITH_SEED_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_SEED_CBC_SHA] =
|
|
"TLS_DHE_DSS_WITH_SEED_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_SEED_CBC_SHA] =
|
|
"TLS_DHE_RSA_WITH_SEED_CBC_SHA",
|
|
[TLS_DH_anon_WITH_SEED_CBC_SHA] =
|
|
"TLS_DH_anon_WITH_SEED_CBC_SHA"
|
|
};
|
|
|
|
|
|
# --- the following sets are provided for convenience
|
|
|
|
# --- this set holds all EXPORT ciphers
|
|
const ssl_cipherset_EXPORT: set[count] = {
|
|
SSLv20_CK_RC4_128_EXPORT40_WITH_MD5,
|
|
SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
|
|
SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5,
|
|
SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
|
SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5,
|
|
SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
|
|
SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
|
|
SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA,
|
|
SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
|
|
SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,
|
|
SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5
|
|
};
|
|
|
|
# --- this set holds all DES ciphers
|
|
const ssl_cipherset_DES: set[count] = {
|
|
SSLv20_CK_DES_64_CBC_WITH_MD5,
|
|
SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_RSA_WITH_DES_CBC_SHA,
|
|
SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DH_DSS_WITH_DES_CBC_SHA,
|
|
SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DH_RSA_WITH_DES_CBC_SHA,
|
|
SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DHE_DSS_WITH_DES_CBC_SHA,
|
|
SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DHE_RSA_WITH_DES_CBC_SHA,
|
|
SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
|
|
SSLv3x_DH_anon_WITH_DES_CBC_SHA,
|
|
SSLv3x_KRB5_WITH_DES_CBC_SHA,
|
|
SSLv3x_KRB5_WITH_DES_CBC_MD5,
|
|
SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
|
|
SSLv3x_KRB5_EXPORT_WITH_DES_CBC_40_MD5
|
|
};
|
|
|
|
|
|
# --- this set holds all 3DES ciphers
|
|
const ssl_cipherset_3DES: set[count] = {
|
|
SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5,
|
|
SSLv3x_DH_DSS_WITH_3DES_EDE_CBC_SHA,
|
|
SSLv3x_DH_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
SSLv3x_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
|
SSLv3x_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA,
|
|
SSLv3x_KRB5_WITH_3DES_EDE_CBC_SHA,
|
|
SSLv3x_KRB5_WITH_3DES_EDE_CBC_MD5
|
|
};
|
|
|
|
# --- this set holds all RC2 ciphers
|
|
const ssl_cipherset_RC2: set[count] = {
|
|
SSLv20_CK_RC2_128_CBC_WITH_MD5,
|
|
SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
|
|
SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
|
SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
|
|
SSLv3x_KRB5_EXPORT_WITH_RC2_CBC_40_MD5
|
|
};
|
|
|
|
# --- this set holds all RC4 ciphers
|
|
const ssl_cipherset_RC4: set[count] = {
|
|
SSLv20_CK_RC4_128_WITH_MD5,
|
|
SSLv20_CK_RC4_128_EXPORT40_WITH_MD5,
|
|
SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5,
|
|
SSLv3x_RSA_WITH_RC4_128_MD5,
|
|
SSLv3x_RSA_WITH_RC4_128_SHA,
|
|
SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5,
|
|
SSLv3x_DH_anon_WITH_RC4_128_MD5,
|
|
SSLv3x_KRB5_WITH_RC4_128_SHA,
|
|
SSLv3x_KRB5_WITH_RC4_128_MD5,
|
|
SSLv3x_KRB5_EXPORT_WITH_RC4_40_SHA,
|
|
SSLv3x_KRB5_EXPORT_WITH_RC4_40_MD5
|
|
};
|
|
|
|
# --- this set holds all IDEA ciphers
|
|
const ssl_cipherset_IDEA: set[count] = {
|
|
SSLv20_CK_IDEA_128_CBC_WITH_MD5,
|
|
SSLv3x_RSA_WITH_IDEA_CBC_SHA,
|
|
SSLv3x_KRB5_WITH_IDEA_CBC_SHA,
|
|
SSLv3x_KRB5_WITH_IDEA_CBC_MD5
|
|
};
|
|
|
|
# --- this set holds all AES ciphers
|
|
const ssl_cipherset_AES: set[count] = {
|
|
SSLv3x_RSA_WITH_AES_128_CBC_SHA,
|
|
SSLv3x_DH_DSS_WITH_AES_128_CBC_SHA,
|
|
SSLv3x_DH_RSA_WITH_AES_128_CBC_SHA,
|
|
SSLv3x_DHE_DSS_WITH_AES_128_CBC_SHA,
|
|
SSLv3x_DHE_RSA_WITH_AES_128_CBC_SHA,
|
|
SSLv3x_DH_anon_WITH_AES_128_CBC_SHA,
|
|
SSLv3x_RSA_WITH_AES_256_CBC_SHA,
|
|
SSLv3x_DH_DSS_WITH_AES_256_CBC_SHA,
|
|
SSLv3x_DH_RSA_WITH_AES_256_CBC_SHA,
|
|
SSLv3x_DHE_DSS_WITH_AES_256_CBC_SHA,
|
|
SSLv3x_DHE_RSA_WITH_AES_256_CBC_SHA,
|
|
SSLv3x_DH_anon_WITH_AES_256_CBC_SHA
|
|
};
|