1/* 2 * Table enumerating all implemented cipher suites 3 * Part of public API. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9#include "ssl.h" 10#include "sslproto.h" 11 12/* 13 * The ordering of cipher suites in this table must match the ordering in 14 * the cipherSuites table in ssl3con.c. 15 * 16 * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays 17 * in ssl3ecc.c. 18 * 19 * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. 20 * 21 * The ordering is as follows: 22 * * No-encryption cipher suites last 23 * * Export/weak/obsolete cipher suites before no-encryption cipher suites 24 * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA. 25 * * Within key agreement sections, order by symmetric encryption algorithm: 26 * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED, 27 * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a 28 * strong cipher internationally, and is often hardware-accelerated. 29 * Camellia also has wide international support across standards 30 * organizations. SEED is only recommended by the Korean government. 3DES 31 * only provides 112 bits of security. RC4 is now deprecated or forbidden 32 * by many standards organizations. 33 * * Within symmetric algorithm sections, order by message authentication 34 * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. 35 * * Within message authentication algorithm sections, order by asymmetric 36 * signature algorithm: ECDSA, then RSA, then DSS. 37 * 38 * Exception: Because some servers ignore the high-order byte of the cipher 39 * suite ID, we must be careful about adding cipher suites with IDs larger 40 * than 0x00ff; see bug 946147. For these broken servers, the first six cipher 41 * suites, with the MSB zeroed, look like: 42 * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA { 0x00,0x14 } 43 * TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA { 0x00,0x13 } 44 * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } 45 * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } 46 * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } 47 * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } 48 * The broken server only supports the fifth and sixth ones and will select 49 * the fifth one. 50 */ 51const PRUint16 SSL_ImplementedCiphers[] = { 52#ifdef NSS_ENABLE_ECC 53 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 54 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 55 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 56 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 57 /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before 58 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. 59 */ 60 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 61 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 62 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 63 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 64 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 65 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 66 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 67 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 68 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 69 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 70#endif /* NSS_ENABLE_ECC */ 71 72 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 73 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 74 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 75 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 76 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 77 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 78 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 79 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 80 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 81 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 82 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 83 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 84 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 85 TLS_DHE_DSS_WITH_RC4_128_SHA, 86 87#ifdef NSS_ENABLE_ECC 88 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 89 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 90 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 91 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 92 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 93 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 94 TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 95 TLS_ECDH_RSA_WITH_RC4_128_SHA, 96#endif /* NSS_ENABLE_ECC */ 97 98 TLS_RSA_WITH_AES_128_GCM_SHA256, 99 TLS_RSA_WITH_AES_128_CBC_SHA, 100 TLS_RSA_WITH_AES_128_CBC_SHA256, 101 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 102 TLS_RSA_WITH_AES_256_CBC_SHA, 103 TLS_RSA_WITH_AES_256_CBC_SHA256, 104 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 105 TLS_RSA_WITH_SEED_CBC_SHA, 106 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, 107 SSL_RSA_WITH_3DES_EDE_CBC_SHA, 108 SSL_RSA_WITH_RC4_128_SHA, 109 SSL_RSA_WITH_RC4_128_MD5, 110 111 /* 56-bit DES "domestic" cipher suites */ 112 SSL_DHE_RSA_WITH_DES_CBC_SHA, 113 SSL_DHE_DSS_WITH_DES_CBC_SHA, 114 SSL_RSA_FIPS_WITH_DES_CBC_SHA, 115 SSL_RSA_WITH_DES_CBC_SHA, 116 117 /* export ciphersuites with 1024-bit public key exchange keys */ 118 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 119 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 120 121 /* export ciphersuites with 512-bit public key exchange keys */ 122 SSL_RSA_EXPORT_WITH_RC4_40_MD5, 123 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 124 125 /* ciphersuites with no encryption */ 126#ifdef NSS_ENABLE_ECC 127 TLS_ECDHE_ECDSA_WITH_NULL_SHA, 128 TLS_ECDHE_RSA_WITH_NULL_SHA, 129 TLS_ECDH_RSA_WITH_NULL_SHA, 130 TLS_ECDH_ECDSA_WITH_NULL_SHA, 131#endif /* NSS_ENABLE_ECC */ 132 SSL_RSA_WITH_NULL_SHA, 133 TLS_RSA_WITH_NULL_SHA256, 134 SSL_RSA_WITH_NULL_MD5, 135 136 /* SSL2 cipher suites. */ 137 SSL_EN_RC4_128_WITH_MD5, 138 SSL_EN_RC2_128_CBC_WITH_MD5, 139 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ 140 SSL_EN_DES_64_CBC_WITH_MD5, 141 SSL_EN_RC4_128_EXPORT40_WITH_MD5, 142 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, 143 144 0 145 146}; 147 148const PRUint16 SSL_NumImplementedCiphers = 149 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; 150 151const PRUint16 * 152SSL_GetImplementedCiphers(void) 153{ 154 return SSL_ImplementedCiphers; 155} 156 157PRUint16 158SSL_GetNumImplementedCiphers(void) 159{ 160 return SSL_NumImplementedCiphers; 161} 162