mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
bff3cba129
- origin_bound_certificates is a current draft http://tools.ietf.org/html/draft-balfanz-tls-obc-01 - encrypted client certificates is a draft that expired yesterday. http://tools.ietf.org/html/draft-agl-tls-encryptedclientcerts-00
582 lines
32 KiB
Text
582 lines
32 KiB
Text
module SSL;
|
|
|
|
export {
|
|
const SSLv2 = 0x0002;
|
|
const SSLv3 = 0x0300;
|
|
const TLSv10 = 0x0301;
|
|
const TLSv11 = 0x0302;
|
|
const TLSv12 = 0x0303;
|
|
## Mapping between the constants and string values for SSL/TLS versions.
|
|
const version_strings: table[count] of string = {
|
|
[SSLv2] = "SSLv2",
|
|
[SSLv3] = "SSLv3",
|
|
[TLSv10] = "TLSv10",
|
|
[TLSv11] = "TLSv11",
|
|
[TLSv12] = "TLSv12",
|
|
} &default=function(i: count):string { return fmt("unknown-%d", i); };
|
|
|
|
## Mapping between numeric codes and human readable strings for alert
|
|
## levels.
|
|
const alert_levels: table[count] of string = {
|
|
[1] = "warning",
|
|
[2] = "fatal",
|
|
} &default=function(i: count):string { return fmt("unknown-%d", i); };
|
|
|
|
## Mapping between numeric codes and human readable strings for alert
|
|
## descriptions..
|
|
const alert_descriptions: table[count] of string = {
|
|
[0] = "close_notify",
|
|
[10] = "unexpected_message",
|
|
[20] = "bad_record_mac",
|
|
[21] = "decryption_failed",
|
|
[22] = "record_overflow",
|
|
[30] = "decompression_failure",
|
|
[40] = "handshake_failure",
|
|
[41] = "no_certificate",
|
|
[42] = "bad_certificate",
|
|
[43] = "unsupported_certificate",
|
|
[44] = "certificate_revoked",
|
|
[45] = "certificate_expired",
|
|
[46] = "certificate_unknown",
|
|
[47] = "illegal_parameter",
|
|
[48] = "unknown_ca",
|
|
[49] = "access_denied",
|
|
[50] = "decode_error",
|
|
[51] = "decrypt_error",
|
|
[60] = "export_restriction",
|
|
[70] = "protocol_version",
|
|
[71] = "insufficient_security",
|
|
[80] = "internal_error",
|
|
[90] = "user_canceled",
|
|
[100] = "no_renegotiation",
|
|
[110] = "unsupported_extension",
|
|
[111] = "certificate_unobtainable",
|
|
[112] = "unrecognized_name",
|
|
[113] = "bad_certificate_status_response",
|
|
[114] = "bad_certificate_hash_value",
|
|
[115] = "unknown_psk_identity",
|
|
} &default=function(i: count):string { return fmt("unknown-%d", i); };
|
|
|
|
## Mapping between numeric codes and human readable strings for SSL/TLS
|
|
## extensions.
|
|
# More information can be found here:
|
|
# http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
|
|
const extensions: table[count] of string = {
|
|
[0] = "server_name",
|
|
[1] = "max_fragment_length",
|
|
[2] = "client_certificate_url",
|
|
[3] = "trusted_ca_keys",
|
|
[4] = "truncated_hmac",
|
|
[5] = "status_request",
|
|
[6] = "user_mapping",
|
|
[7] = "client_authz",
|
|
[8] = "server_authz",
|
|
[9] = "cert_type",
|
|
[10] = "elliptic_curves",
|
|
[11] = "ec_point_formats",
|
|
[12] = "srp",
|
|
[13] = "signature_algorithms",
|
|
[14] = "use_srtp",
|
|
[15] = "heartbeat",
|
|
[35] = "SessionTicket TLS",
|
|
[40] = "extended_random",
|
|
[13172] = "next_protocol_negotiation",
|
|
[13175] = "origin_bound_certificates",
|
|
[13180] = "encrypted_client_certificates",
|
|
[65281] = "renegotiation_info"
|
|
} &default=function(i: count):string { return fmt("unknown-%d", i); };
|
|
|
|
# SSLv2
|
|
const SSLv20_CK_RC4_128_WITH_MD5 = 0x010080;
|
|
const SSLv20_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080;
|
|
const SSLv20_CK_RC2_128_CBC_WITH_MD5 = 0x030080;
|
|
const SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080;
|
|
const SSLv20_CK_IDEA_128_CBC_WITH_MD5 = 0x050080;
|
|
const SSLv20_CK_DES_64_CBC_WITH_MD5 = 0x060040;
|
|
const SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0;
|
|
|
|
# TLS
|
|
const TLS_NULL_WITH_NULL_NULL = 0x0000;
|
|
const TLS_RSA_WITH_NULL_MD5 = 0x0001;
|
|
const TLS_RSA_WITH_NULL_SHA = 0x0002;
|
|
const TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003;
|
|
const TLS_RSA_WITH_RC4_128_MD5 = 0x0004;
|
|
const TLS_RSA_WITH_RC4_128_SHA = 0x0005;
|
|
const TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006;
|
|
const TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007;
|
|
const TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008;
|
|
const TLS_RSA_WITH_DES_CBC_SHA = 0x0009;
|
|
const TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A;
|
|
const TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B;
|
|
const TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C;
|
|
const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D;
|
|
const TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E;
|
|
const TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F;
|
|
const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010;
|
|
const TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011;
|
|
const TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012;
|
|
const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013;
|
|
const TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014;
|
|
const TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015;
|
|
const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016;
|
|
const TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017;
|
|
const TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018;
|
|
const TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019;
|
|
const TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A;
|
|
const TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B;
|
|
const SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C;
|
|
const SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D;
|
|
const TLS_KRB5_WITH_DES_CBC_SHA = 0x001E;
|
|
const TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F;
|
|
const TLS_KRB5_WITH_RC4_128_SHA = 0x0020;
|
|
const TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021;
|
|
const TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022;
|
|
const TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023;
|
|
const TLS_KRB5_WITH_RC4_128_MD5 = 0x0024;
|
|
const TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025;
|
|
const TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026;
|
|
const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027;
|
|
const TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028;
|
|
const TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029;
|
|
const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A;
|
|
const TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B;
|
|
const TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F;
|
|
const TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030;
|
|
const TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031;
|
|
const TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032;
|
|
const TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033;
|
|
const TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034;
|
|
const TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035;
|
|
const TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036;
|
|
const TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037;
|
|
const TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038;
|
|
const TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039;
|
|
const TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A;
|
|
const TLS_RSA_WITH_NULL_SHA256 = 0x003B;
|
|
const TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C;
|
|
const TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D;
|
|
const TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E;
|
|
const TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F;
|
|
const TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040;
|
|
const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041;
|
|
const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042;
|
|
const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043;
|
|
const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044;
|
|
const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045;
|
|
const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046;
|
|
const TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060;
|
|
const TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061;
|
|
const TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062;
|
|
const TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063;
|
|
const TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064;
|
|
const TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065;
|
|
const TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066;
|
|
const TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067;
|
|
const TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068;
|
|
const TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069;
|
|
const TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A;
|
|
const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B;
|
|
const TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C;
|
|
const TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D;
|
|
const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084;
|
|
const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085;
|
|
const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086;
|
|
const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087;
|
|
const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088;
|
|
const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089;
|
|
const TLS_PSK_WITH_RC4_128_SHA = 0x008A;
|
|
const TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B;
|
|
const TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C;
|
|
const TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D;
|
|
const TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E;
|
|
const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F;
|
|
const TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090;
|
|
const TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091;
|
|
const TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092;
|
|
const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093;
|
|
const TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094;
|
|
const TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095;
|
|
const TLS_RSA_WITH_SEED_CBC_SHA = 0x0096;
|
|
const TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097;
|
|
const TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098;
|
|
const TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099;
|
|
const TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A;
|
|
const TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B;
|
|
const TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C;
|
|
const TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D;
|
|
const TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E;
|
|
const TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F;
|
|
const TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0;
|
|
const TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1;
|
|
const TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2;
|
|
const TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3;
|
|
const TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4;
|
|
const TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5;
|
|
const TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6;
|
|
const TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7;
|
|
const TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8;
|
|
const TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9;
|
|
const TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA;
|
|
const TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB;
|
|
const TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC;
|
|
const TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD;
|
|
const TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE;
|
|
const TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF;
|
|
const TLS_PSK_WITH_NULL_SHA256 = 0x00B0;
|
|
const TLS_PSK_WITH_NULL_SHA384 = 0x00B1;
|
|
const TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2;
|
|
const TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3;
|
|
const TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4;
|
|
const TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5;
|
|
const TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6;
|
|
const TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7;
|
|
const TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8;
|
|
const TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9;
|
|
const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA;
|
|
const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB;
|
|
const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC;
|
|
const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD;
|
|
const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE;
|
|
const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF;
|
|
const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0;
|
|
const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1;
|
|
const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2;
|
|
const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3;
|
|
const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4;
|
|
const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5;
|
|
const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001;
|
|
const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002;
|
|
const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003;
|
|
const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004;
|
|
const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005;
|
|
const TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006;
|
|
const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007;
|
|
const TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008;
|
|
const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009;
|
|
const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A;
|
|
const TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B;
|
|
const TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C;
|
|
const TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D;
|
|
const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E;
|
|
const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F;
|
|
const TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010;
|
|
const TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011;
|
|
const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012;
|
|
const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013;
|
|
const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014;
|
|
const TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015;
|
|
const TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016;
|
|
const TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017;
|
|
const TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018;
|
|
const TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019;
|
|
const TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A;
|
|
const TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B;
|
|
const TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C;
|
|
const TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D;
|
|
const TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E;
|
|
const TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F;
|
|
const TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020;
|
|
const TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021;
|
|
const TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022;
|
|
const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023;
|
|
const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024;
|
|
const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025;
|
|
const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026;
|
|
const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027;
|
|
const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028;
|
|
const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029;
|
|
const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A;
|
|
const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B;
|
|
const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C;
|
|
const TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D;
|
|
const TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E;
|
|
const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F;
|
|
const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030;
|
|
const TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031;
|
|
const TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032;
|
|
const TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033;
|
|
const TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034;
|
|
const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035;
|
|
const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036;
|
|
const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037;
|
|
const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038;
|
|
const TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039;
|
|
const TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A;
|
|
const TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B;
|
|
const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE;
|
|
const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF;
|
|
const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1;
|
|
const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0;
|
|
const SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80;
|
|
const SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81;
|
|
const SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82;
|
|
const SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83;
|
|
const TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF;
|
|
|
|
## This is a table of all known cipher specs. It can be used for
|
|
## detecting unknown ciphers and for converting the cipher spec constants
|
|
## into a human readable format.
|
|
const cipher_desc: table[count] of string = {
|
|
[SSLv20_CK_RC4_128_EXPORT40_WITH_MD5] =
|
|
"SSLv20_CK_RC4_128_EXPORT40_WITH_MD5",
|
|
[SSLv20_CK_RC4_128_WITH_MD5] = "SSLv20_CK_RC4_128_WITH_MD5",
|
|
[SSLv20_CK_RC2_128_CBC_WITH_MD5] = "SSLv20_CK_RC2_128_CBC_WITH_MD5",
|
|
[SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5] =
|
|
"SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5",
|
|
[SSLv20_CK_IDEA_128_CBC_WITH_MD5] = "SSLv20_CK_IDEA_128_CBC_WITH_MD5",
|
|
[SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5] =
|
|
"SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5",
|
|
[SSLv20_CK_DES_64_CBC_WITH_MD5] = "SSLv20_CK_DES_64_CBC_WITH_MD5",
|
|
|
|
[TLS_NULL_WITH_NULL_NULL] = "TLS_NULL_WITH_NULL_NULL",
|
|
[TLS_RSA_WITH_NULL_MD5] = "TLS_RSA_WITH_NULL_MD5",
|
|
[TLS_RSA_WITH_NULL_SHA] = "TLS_RSA_WITH_NULL_SHA",
|
|
[TLS_RSA_EXPORT_WITH_RC4_40_MD5] = "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
|
|
[TLS_RSA_WITH_RC4_128_MD5] = "TLS_RSA_WITH_RC4_128_MD5",
|
|
[TLS_RSA_WITH_RC4_128_SHA] = "TLS_RSA_WITH_RC4_128_SHA",
|
|
[TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
|
|
[TLS_RSA_WITH_IDEA_CBC_SHA] = "TLS_RSA_WITH_IDEA_CBC_SHA",
|
|
[TLS_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
|
[TLS_RSA_WITH_DES_CBC_SHA] = "TLS_RSA_WITH_DES_CBC_SHA",
|
|
[TLS_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_DES_CBC_SHA] = "TLS_DH_DSS_WITH_DES_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_DES_CBC_SHA] = "TLS_DH_RSA_WITH_DES_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_WITH_DES_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_DES_CBC_SHA] = "TLS_DHE_RSA_WITH_DES_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5] = "TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5",
|
|
[TLS_DH_ANON_WITH_RC4_128_MD5] = "TLS_DH_ANON_WITH_RC4_128_MD5",
|
|
[TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
|
|
[TLS_DH_ANON_WITH_DES_CBC_SHA] = "TLS_DH_ANON_WITH_DES_CBC_SHA",
|
|
[TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA",
|
|
[SSL_FORTEZZA_KEA_WITH_NULL_SHA] = "SSL_FORTEZZA_KEA_WITH_NULL_SHA",
|
|
[SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA] = "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA",
|
|
[TLS_KRB5_WITH_DES_CBC_SHA] = "TLS_KRB5_WITH_DES_CBC_SHA",
|
|
[TLS_KRB5_WITH_3DES_EDE_CBC_SHA] = "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_KRB5_WITH_RC4_128_SHA] = "TLS_KRB5_WITH_RC4_128_SHA",
|
|
[TLS_KRB5_WITH_IDEA_CBC_SHA] = "TLS_KRB5_WITH_IDEA_CBC_SHA",
|
|
[TLS_KRB5_WITH_DES_CBC_MD5] = "TLS_KRB5_WITH_DES_CBC_MD5",
|
|
[TLS_KRB5_WITH_3DES_EDE_CBC_MD5] = "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
|
|
[TLS_KRB5_WITH_RC4_128_MD5] = "TLS_KRB5_WITH_RC4_128_MD5",
|
|
[TLS_KRB5_WITH_IDEA_CBC_MD5] = "TLS_KRB5_WITH_IDEA_CBC_MD5",
|
|
[TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
|
|
[TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
|
|
[TLS_KRB5_EXPORT_WITH_RC4_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
|
|
[TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
|
|
[TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
|
|
[TLS_KRB5_EXPORT_WITH_RC4_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
|
|
[TLS_RSA_WITH_AES_128_CBC_SHA] = "TLS_RSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_AES_128_CBC_SHA] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_AES_128_CBC_SHA] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_AES_128_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_DH_ANON_WITH_AES_128_CBC_SHA] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA",
|
|
[TLS_RSA_WITH_AES_256_CBC_SHA] = "TLS_RSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_AES_256_CBC_SHA] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_AES_256_CBC_SHA] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_AES_256_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_DH_ANON_WITH_AES_256_CBC_SHA] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA",
|
|
[TLS_RSA_WITH_NULL_SHA256] = "TLS_RSA_WITH_NULL_SHA256",
|
|
[TLS_RSA_WITH_AES_128_CBC_SHA256] = "TLS_RSA_WITH_AES_128_CBC_SHA256",
|
|
[TLS_RSA_WITH_AES_256_CBC_SHA256] = "TLS_RSA_WITH_AES_256_CBC_SHA256",
|
|
[TLS_DH_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
|
|
[TLS_DH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
|
|
[TLS_DHE_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
|
|
[TLS_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA",
|
|
[TLS_RSA_EXPORT1024_WITH_RC4_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
|
|
[TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5",
|
|
[TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
|
|
[TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
|
|
[TLS_RSA_EXPORT1024_WITH_RC4_56_SHA] = "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
|
|
[TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
|
|
[TLS_DHE_DSS_WITH_RC4_128_SHA] = "TLS_DHE_DSS_WITH_RC4_128_SHA",
|
|
[TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
|
|
[TLS_DH_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
|
|
[TLS_DH_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
|
|
[TLS_DHE_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
|
|
[TLS_DHE_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
|
|
[TLS_DH_ANON_WITH_AES_128_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA256",
|
|
[TLS_DH_ANON_WITH_AES_256_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA256",
|
|
[TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA",
|
|
[TLS_PSK_WITH_RC4_128_SHA] = "TLS_PSK_WITH_RC4_128_SHA",
|
|
[TLS_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_PSK_WITH_AES_128_CBC_SHA] = "TLS_PSK_WITH_AES_128_CBC_SHA",
|
|
[TLS_PSK_WITH_AES_256_CBC_SHA] = "TLS_PSK_WITH_AES_256_CBC_SHA",
|
|
[TLS_DHE_PSK_WITH_RC4_128_SHA] = "TLS_DHE_PSK_WITH_RC4_128_SHA",
|
|
[TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_DHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
|
|
[TLS_DHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
|
|
[TLS_RSA_PSK_WITH_RC4_128_SHA] = "TLS_RSA_PSK_WITH_RC4_128_SHA",
|
|
[TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_RSA_PSK_WITH_AES_128_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
|
|
[TLS_RSA_PSK_WITH_AES_256_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
|
|
[TLS_RSA_WITH_SEED_CBC_SHA] = "TLS_RSA_WITH_SEED_CBC_SHA",
|
|
[TLS_DH_DSS_WITH_SEED_CBC_SHA] = "TLS_DH_DSS_WITH_SEED_CBC_SHA",
|
|
[TLS_DH_RSA_WITH_SEED_CBC_SHA] = "TLS_DH_RSA_WITH_SEED_CBC_SHA",
|
|
[TLS_DHE_DSS_WITH_SEED_CBC_SHA] = "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
|
|
[TLS_DHE_RSA_WITH_SEED_CBC_SHA] = "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
|
|
[TLS_DH_ANON_WITH_SEED_CBC_SHA] = "TLS_DH_ANON_WITH_SEED_CBC_SHA",
|
|
[TLS_RSA_WITH_AES_128_GCM_SHA256] = "TLS_RSA_WITH_AES_128_GCM_SHA256",
|
|
[TLS_RSA_WITH_AES_256_GCM_SHA384] = "TLS_RSA_WITH_AES_256_GCM_SHA384",
|
|
[TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
[TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
[TLS_DH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
|
|
[TLS_DH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
|
|
[TLS_DHE_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
|
|
[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
|
|
[TLS_DH_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
|
|
[TLS_DH_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
|
|
[TLS_DH_ANON_WITH_AES_128_GCM_SHA256] = "TLS_DH_ANON_WITH_AES_128_GCM_SHA256",
|
|
[TLS_DH_ANON_WITH_AES_256_GCM_SHA384] = "TLS_DH_ANON_WITH_AES_256_GCM_SHA384",
|
|
[TLS_PSK_WITH_AES_128_GCM_SHA256] = "TLS_PSK_WITH_AES_128_GCM_SHA256",
|
|
[TLS_PSK_WITH_AES_256_GCM_SHA384] = "TLS_PSK_WITH_AES_256_GCM_SHA384",
|
|
[TLS_DHE_PSK_WITH_AES_128_GCM_SHA256] = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
|
|
[TLS_DHE_PSK_WITH_AES_256_GCM_SHA384] = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
|
|
[TLS_RSA_PSK_WITH_AES_128_GCM_SHA256] = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
|
|
[TLS_RSA_PSK_WITH_AES_256_GCM_SHA384] = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
|
|
[TLS_PSK_WITH_AES_128_CBC_SHA256] = "TLS_PSK_WITH_AES_128_CBC_SHA256",
|
|
[TLS_PSK_WITH_AES_256_CBC_SHA384] = "TLS_PSK_WITH_AES_256_CBC_SHA384",
|
|
[TLS_PSK_WITH_NULL_SHA256] = "TLS_PSK_WITH_NULL_SHA256",
|
|
[TLS_PSK_WITH_NULL_SHA384] = "TLS_PSK_WITH_NULL_SHA384",
|
|
[TLS_DHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
|
|
[TLS_DHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
|
|
[TLS_DHE_PSK_WITH_NULL_SHA256] = "TLS_DHE_PSK_WITH_NULL_SHA256",
|
|
[TLS_DHE_PSK_WITH_NULL_SHA384] = "TLS_DHE_PSK_WITH_NULL_SHA384",
|
|
[TLS_RSA_PSK_WITH_AES_128_CBC_SHA256] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
|
|
[TLS_RSA_PSK_WITH_AES_256_CBC_SHA384] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
|
|
[TLS_RSA_PSK_WITH_NULL_SHA256] = "TLS_RSA_PSK_WITH_NULL_SHA256",
|
|
[TLS_RSA_PSK_WITH_NULL_SHA384] = "TLS_RSA_PSK_WITH_NULL_SHA384",
|
|
[TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
|
[TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
|
|
[TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
|
[TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
|
|
[TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
|
[TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256",
|
|
[TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
|
[TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
|
|
[TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
|
[TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
|
|
[TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
|
[TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256",
|
|
[TLS_ECDH_ECDSA_WITH_NULL_SHA] = "TLS_ECDH_ECDSA_WITH_NULL_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_ECDHE_ECDSA_WITH_NULL_SHA] = "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
|
|
[TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
|
|
[TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_ECDH_RSA_WITH_NULL_SHA] = "TLS_ECDH_RSA_WITH_NULL_SHA",
|
|
[TLS_ECDH_RSA_WITH_RC4_128_SHA] = "TLS_ECDH_RSA_WITH_RC4_128_SHA",
|
|
[TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_ECDH_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_ECDH_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_ECDHE_RSA_WITH_NULL_SHA] = "TLS_ECDHE_RSA_WITH_NULL_SHA",
|
|
[TLS_ECDHE_RSA_WITH_RC4_128_SHA] = "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
|
|
[TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_ECDH_ANON_WITH_NULL_SHA] = "TLS_ECDH_ANON_WITH_NULL_SHA",
|
|
[TLS_ECDH_ANON_WITH_RC4_128_SHA] = "TLS_ECDH_ANON_WITH_RC4_128_SHA",
|
|
[TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_ECDH_ANON_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_128_CBC_SHA",
|
|
[TLS_ECDH_ANON_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA",
|
|
[TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_SRP_SHA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
|
|
[TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
|
|
[TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
|
|
[TLS_SRP_SHA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
|
|
[TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
|
|
[TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
|
|
[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
|
|
[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
|
|
[TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
|
|
[TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
|
|
[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
|
|
[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
|
|
[TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
|
|
[TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
|
|
[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
|
[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
|
|
[TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
|
|
[TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
|
|
[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
[TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
[TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
|
|
[TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
|
|
[TLS_ECDHE_PSK_WITH_RC4_128_SHA] = "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
|
|
[TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
|
|
[TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
|
|
[TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
|
|
[TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
|
|
[TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
|
|
[TLS_ECDHE_PSK_WITH_NULL_SHA] = "TLS_ECDHE_PSK_WITH_NULL_SHA",
|
|
[TLS_ECDHE_PSK_WITH_NULL_SHA256] = "TLS_ECDHE_PSK_WITH_NULL_SHA256",
|
|
[TLS_ECDHE_PSK_WITH_NULL_SHA384] = "TLS_ECDHE_PSK_WITH_NULL_SHA384",
|
|
[SSL_RSA_FIPS_WITH_DES_CBC_SHA] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA",
|
|
[SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
|
|
[SSL_RSA_FIPS_WITH_DES_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA_2",
|
|
[SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2",
|
|
} &default=function(i: count):string { return fmt("unknown-%d", i); };
|
|
|
|
## Mapping between the constants and string values for SSL/TLS errors.
|
|
const x509_errors: table[count] of string = {
|
|
[0] = "ok",
|
|
[1] = "unable to get issuer cert",
|
|
[2] = "unable to get crl",
|
|
[3] = "unable to decrypt cert signature",
|
|
[4] = "unable to decrypt crl signature",
|
|
[5] = "unable to decode issuer public key",
|
|
[6] = "cert signature failure",
|
|
[7] = "crl signature failure",
|
|
[8] = "cert not yet valid",
|
|
[9] = "cert has expired",
|
|
[10] = "crl not yet valid",
|
|
[11] = "crl has expired",
|
|
[12] = "error in cert not before field",
|
|
[13] = "error in cert not after field",
|
|
[14] = "error in crl last update field",
|
|
[15] = "error in crl next update field",
|
|
[16] = "out of mem",
|
|
[17] = "depth zero self signed cert",
|
|
[18] = "self signed cert in chain",
|
|
[19] = "unable to get issuer cert locally",
|
|
[20] = "unable to verify leaf signature",
|
|
[21] = "cert chain too long",
|
|
[22] = "cert revoked",
|
|
[23] = "invalid ca",
|
|
[24] = "path length exceeded",
|
|
[25] = "invalid purpose",
|
|
[26] = "cert untrusted",
|
|
[27] = "cert rejected",
|
|
[28] = "subject issuer mismatch",
|
|
[29] = "akid skid mismatch",
|
|
[30] = "akid issuer serial mismatch",
|
|
[31] = "keyusage no certsign",
|
|
[32] = "unable to get crl issuer",
|
|
[33] = "unhandled critical extension",
|
|
} &default=function(i: count):string { return fmt("unknown-%d", i); };
|
|
|
|
}
|