11/*
2- * Copyright (c) 2002, 2018 , Oracle and/or its affiliates. All rights reserved.
2+ * Copyright (c) 2002, 2019 , Oracle and/or its affiliates. All rights reserved.
33 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44 *
55 * This code is free software; you can redistribute it and/or modify it
@@ -56,20 +56,22 @@ enum CipherSuite {
5656// the following criteria:
5757// 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
5858// changed later, see below).
59- // 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
59+ // 2. Prefer forward secrecy cipher suites.
60+ // 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
6061// AES_128(GCM), AES_256, AES_128, 3DES-EDE.
61- // 3 . Prefer the stronger MAC algorithm, in the order of SHA384,
62+ // 4 . Prefer the stronger MAC algorithm, in the order of SHA384,
6263// SHA256, SHA, MD5.
63- // 4 . Prefer the better performance of key exchange and digital
64+ // 5 . Prefer the better performance of key exchange and digital
6465// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
65- // RSA, ECDH-ECDSA , ECDH-RSA, DHE -RSA, DHE-DSS .
66+ // DHE- RSA, DHE-DSS , ECDH-ECDSA, ECDH -RSA, RSA .
6667
67- TLS_AES_128_GCM_SHA256 (
68- 0x1301 , true , "TLS_AES_128_GCM_SHA256" ,
69- ProtocolVersion .PROTOCOLS_OF_13 , B_AES_128_GCM_IV , H_SHA256 ),
68+ // TLS 1.3 cipher suites.
7069TLS_AES_256_GCM_SHA384 (
71700x1302 , true , "TLS_AES_256_GCM_SHA384" ,
7271ProtocolVersion .PROTOCOLS_OF_13 , B_AES_256_GCM_IV , H_SHA384 ),
72+ TLS_AES_128_GCM_SHA256 (
73+ 0x1301 , true , "TLS_AES_128_GCM_SHA256" ,
74+ ProtocolVersion .PROTOCOLS_OF_13 , B_AES_128_GCM_IV , H_SHA256 ),
7375TLS_CHACHA20_POLY1305_SHA256 (
74760x1303 , true , "TLS_CHACHA20_POLY1305_SHA256" ,
7577ProtocolVersion .PROTOCOLS_OF_13 , B_CC20_P1305 , H_SHA256 ),
@@ -101,7 +103,11 @@ enum CipherSuite {
101103ProtocolVersion .PROTOCOLS_OF_12 ,
102104K_ECDHE_ECDSA , B_CC20_P1305 , M_NULL , H_SHA256 ),
103105
104- // AES_256(GCM)
106+ //
107+ // Forward screcy cipher suites.
108+ //
109+
110+ // AES_256(GCM) - ECDHE
105111TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (
1061120xC030 , true , "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" , "" ,
107113ProtocolVersion .PROTOCOLS_OF_12 ,
@@ -110,18 +116,14 @@ enum CipherSuite {
1101160xCCA8 , true , "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" , "" ,
111117ProtocolVersion .PROTOCOLS_OF_12 ,
112118K_ECDHE_RSA , B_CC20_P1305 , M_NULL , H_SHA256 ),
113- TLS_RSA_WITH_AES_256_GCM_SHA384 (
114- 0x009D , true , "TLS_RSA_WITH_AES_256_GCM_SHA384" , "" ,
115- ProtocolVersion .PROTOCOLS_OF_12 ,
116- K_RSA , B_AES_256_GCM , M_NULL , H_SHA384 ),
117- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (
118- 0xC02E , true , "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" , "" ,
119- ProtocolVersion .PROTOCOLS_OF_12 ,
120- K_ECDH_ECDSA , B_AES_256_GCM , M_NULL , H_SHA384 ),
121- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (
122- 0xC032 , true , "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" , "" ,
119+
120+ // AES_128(GCM) - ECDHE
121+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (
122+ 0xC02F , true , "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" , "" ,
123123ProtocolVersion .PROTOCOLS_OF_12 ,
124- K_ECDH_RSA , B_AES_256_GCM , M_NULL , H_SHA384 ),
124+ K_ECDHE_RSA , B_AES_128_GCM , M_NULL , H_SHA256 ),
125+
126+ // AES_256(GCM) - DHE
125127TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (
1261280x009F , true , "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" , "" ,
127129ProtocolVersion .PROTOCOLS_OF_12 ,
@@ -135,23 +137,7 @@ enum CipherSuite {
135137ProtocolVersion .PROTOCOLS_OF_12 ,
136138K_DHE_DSS , B_AES_256_GCM , M_NULL , H_SHA384 ),
137139
138- // AES_128(GCM)
139- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (
140- 0xC02F , true , "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" , "" ,
141- ProtocolVersion .PROTOCOLS_OF_12 ,
142- K_ECDHE_RSA , B_AES_128_GCM , M_NULL , H_SHA256 ),
143- TLS_RSA_WITH_AES_128_GCM_SHA256 (
144- 0x009C , true , "TLS_RSA_WITH_AES_128_GCM_SHA256" , "" ,
145- ProtocolVersion .PROTOCOLS_OF_12 ,
146- K_RSA , B_AES_128_GCM , M_NULL , H_SHA256 ),
147- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (
148- 0xC02D , true , "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" , "" ,
149- ProtocolVersion .PROTOCOLS_OF_12 ,
150- K_ECDH_ECDSA , B_AES_128_GCM , M_NULL , H_SHA256 ),
151- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (
152- 0xC031 , true , "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" , "" ,
153- ProtocolVersion .PROTOCOLS_OF_12 ,
154- K_ECDH_RSA , B_AES_128_GCM , M_NULL , H_SHA256 ),
140+ // AES_128(GCM) - DHE
155141TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (
1561420x009E , true , "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" , "" ,
157143ProtocolVersion .PROTOCOLS_OF_12 ,
@@ -161,7 +147,7 @@ enum CipherSuite {
161147ProtocolVersion .PROTOCOLS_OF_12 ,
162148K_DHE_DSS , B_AES_128_GCM , M_NULL , H_SHA256 ),
163149
164- // AES_256(CBC)
150+ // AES_256(CBC) - ECDHE
165151TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (
1661520xC024 , true , "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" , "" ,
167153ProtocolVersion .PROTOCOLS_OF_12 ,
@@ -170,10 +156,62 @@ enum CipherSuite {
1701560xC028 , true , "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" , "" ,
171157ProtocolVersion .PROTOCOLS_OF_12 ,
172158K_ECDHE_RSA , B_AES_256 , M_SHA384 , H_SHA384 ),
173- TLS_RSA_WITH_AES_256_CBC_SHA256 (
174- 0x003D , true , "TLS_RSA_WITH_AES_256_CBC_SHA256" , "" ,
159+
160+ // AES_128(CBC) - ECDHE
161+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (
162+ 0xC023 , true , "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" , "" ,
175163ProtocolVersion .PROTOCOLS_OF_12 ,
176- K_RSA , B_AES_256 , M_SHA256 , H_SHA256 ),
164+ K_ECDHE_ECDSA , B_AES_128 , M_SHA256 , H_SHA256 ),
165+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (
166+ 0xC027 , true , "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" , "" ,
167+ ProtocolVersion .PROTOCOLS_OF_12 ,
168+ K_ECDHE_RSA , B_AES_128 , M_SHA256 , H_SHA256 ),
169+
170+ // AES_256(CBC) - DHE
171+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (
172+ 0x006B , true , "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" , "" ,
173+ ProtocolVersion .PROTOCOLS_OF_12 ,
174+ K_DHE_RSA , B_AES_256 , M_SHA256 , H_SHA256 ),
175+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (
176+ 0x006A , true , "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" , "" ,
177+ ProtocolVersion .PROTOCOLS_OF_12 ,
178+ K_DHE_DSS , B_AES_256 , M_SHA256 , H_SHA256 ),
179+
180+ // AES_128(CBC) - DHE
181+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (
182+ 0x0067 , true , "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" , "" ,
183+ ProtocolVersion .PROTOCOLS_OF_12 ,
184+ K_DHE_RSA , B_AES_128 , M_SHA256 , H_SHA256 ),
185+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (
186+ 0x0040 , true , "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" , "" ,
187+ ProtocolVersion .PROTOCOLS_OF_12 ,
188+ K_DHE_DSS , B_AES_128 , M_SHA256 , H_SHA256 ),
189+
190+ //
191+ // not forward screcy cipher suites.
192+ //
193+
194+ // AES_256(GCM)
195+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (
196+ 0xC02E , true , "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" , "" ,
197+ ProtocolVersion .PROTOCOLS_OF_12 ,
198+ K_ECDH_ECDSA , B_AES_256_GCM , M_NULL , H_SHA384 ),
199+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (
200+ 0xC032 , true , "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" , "" ,
201+ ProtocolVersion .PROTOCOLS_OF_12 ,
202+ K_ECDH_RSA , B_AES_256_GCM , M_NULL , H_SHA384 ),
203+
204+ // AES_128(GCM)
205+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (
206+ 0xC02D , true , "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" , "" ,
207+ ProtocolVersion .PROTOCOLS_OF_12 ,
208+ K_ECDH_ECDSA , B_AES_128_GCM , M_NULL , H_SHA256 ),
209+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (
210+ 0xC031 , true , "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" , "" ,
211+ ProtocolVersion .PROTOCOLS_OF_12 ,
212+ K_ECDH_RSA , B_AES_128_GCM , M_NULL , H_SHA256 ),
213+
214+ // AES_256(CBC)
177215TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (
1782160xC026 , true , "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" , "" ,
179217ProtocolVersion .PROTOCOLS_OF_12 ,
@@ -182,15 +220,22 @@ enum CipherSuite {
1822200xC02A , true , "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" , "" ,
183221ProtocolVersion .PROTOCOLS_OF_12 ,
184222K_ECDH_RSA , B_AES_256 , M_SHA384 , H_SHA384 ),
185- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (
186- 0x006B , true , "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" , "" ,
223+
224+ // AES_128(CBC)
225+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (
226+ 0xC025 , true , "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" , "" ,
187227ProtocolVersion .PROTOCOLS_OF_12 ,
188- K_DHE_RSA , B_AES_256 , M_SHA256 , H_SHA256 ),
189- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (
190- 0x006A , true , "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 " , "" ,
228+ K_ECDH_ECDSA , B_AES_128 , M_SHA256 , H_SHA256 ),
229+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (
230+ 0xC029 , true , "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 " , "" ,
191231ProtocolVersion .PROTOCOLS_OF_12 ,
192- K_DHE_DSS , B_AES_256 , M_SHA256 , H_SHA256 ),
232+ K_ECDH_RSA , B_AES_128 , M_SHA256 , H_SHA256 ),
233+
234+ //
235+ // Legacy, used for compatibility
236+ //
193237
238+ // AES_256(CBC) - ECDHE - Using SHA
194239TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (
1952400xC00A , true , "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" , "" ,
196241ProtocolVersion .PROTOCOLS_TO_12 ,
@@ -199,18 +244,18 @@ enum CipherSuite {
1992440xC014 , true , "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" , "" ,
200245ProtocolVersion .PROTOCOLS_TO_12 ,
201246K_ECDHE_RSA , B_AES_256 , M_SHA , H_SHA256 ),
202- TLS_RSA_WITH_AES_256_CBC_SHA (
203- 0x0035 , true , "TLS_RSA_WITH_AES_256_CBC_SHA" , "" ,
204- ProtocolVersion .PROTOCOLS_TO_12 ,
205- K_RSA , B_AES_256 , M_SHA , H_SHA256 ),
206- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (
207- 0xC005 , true , "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" , "" ,
247+
248+ // AES_128(CBC) - ECDHE - using SHA
249+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (
250+ 0xC009 , true , "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" , "" ,
208251ProtocolVersion .PROTOCOLS_TO_12 ,
209- K_ECDH_ECDSA , B_AES_256 , M_SHA , H_SHA256 ),
210- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (
211- 0xC00F , true , "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA " , "" ,
252+ K_ECDHE_ECDSA , B_AES_128 , M_SHA , H_SHA256 ),
253+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (
254+ 0xC013 , true , "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " , "" ,
212255ProtocolVersion .PROTOCOLS_TO_12 ,
213- K_ECDH_RSA , B_AES_256 , M_SHA , H_SHA256 ),
256+ K_ECDHE_RSA , B_AES_128 , M_SHA , H_SHA256 ),
257+
258+ // AES_256(CBC) - DHE - Using SHA
214259TLS_DHE_RSA_WITH_AES_256_CBC_SHA (
2152600x0039 , true , "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" , "" ,
216261ProtocolVersion .PROTOCOLS_TO_12 ,
@@ -220,48 +265,27 @@ enum CipherSuite {
220265ProtocolVersion .PROTOCOLS_TO_12 ,
221266K_DHE_DSS , B_AES_256 , M_SHA , H_SHA256 ),
222267
223- // AES_128(CBC)
224- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (
225- 0xC023 , true , "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" , "" ,
226- ProtocolVersion .PROTOCOLS_OF_12 ,
227- K_ECDHE_ECDSA , B_AES_128 , M_SHA256 , H_SHA256 ),
228- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (
229- 0xC027 , true , "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" , "" ,
230- ProtocolVersion .PROTOCOLS_OF_12 ,
231- K_ECDHE_RSA , B_AES_128 , M_SHA256 , H_SHA256 ),
232- TLS_RSA_WITH_AES_128_CBC_SHA256 (
233- 0x003C , true , "TLS_RSA_WITH_AES_128_CBC_SHA256" , "" ,
234- ProtocolVersion .PROTOCOLS_OF_12 ,
235- K_RSA , B_AES_128 , M_SHA256 , H_SHA256 ),
236- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (
237- 0xC025 , true , "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" , "" ,
238- ProtocolVersion .PROTOCOLS_OF_12 ,
239- K_ECDH_ECDSA , B_AES_128 , M_SHA256 , H_SHA256 ),
240- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (
241- 0xC029 , true , "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" , "" ,
242- ProtocolVersion .PROTOCOLS_OF_12 ,
243- K_ECDH_RSA , B_AES_128 , M_SHA256 , H_SHA256 ),
244- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (
245- 0x0067 , true , "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" , "" ,
246- ProtocolVersion .PROTOCOLS_OF_12 ,
247- K_DHE_RSA , B_AES_128 , M_SHA256 , H_SHA256 ),
248- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (
249- 0x0040 , true , "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" , "" ,
250- ProtocolVersion .PROTOCOLS_OF_12 ,
251- K_DHE_DSS , B_AES_128 , M_SHA256 , H_SHA256 ),
252-
253- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (
254- 0xC009 , true , "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" , "" ,
268+ // AES_128(CBC) - DHE - using SHA
269+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA (
270+ 0x0033 , true , "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" , "" ,
255271ProtocolVersion .PROTOCOLS_TO_12 ,
256- K_ECDHE_ECDSA , B_AES_128 , M_SHA , H_SHA256 ),
257- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (
258- 0xC013 , true , "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " , "" ,
272+ K_DHE_RSA , B_AES_128 , M_SHA , H_SHA256 ),
273+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA (
274+ 0x0032 , true , "TLS_DHE_DSS_WITH_AES_128_CBC_SHA " , "" ,
259275ProtocolVersion .PROTOCOLS_TO_12 ,
260- K_ECDHE_RSA , B_AES_128 , M_SHA , H_SHA256 ),
261- TLS_RSA_WITH_AES_128_CBC_SHA (
262- 0x002F , true , "TLS_RSA_WITH_AES_128_CBC_SHA" , "" ,
276+ K_DHE_DSS , B_AES_128 , M_SHA , H_SHA256 ),
277+
278+ // AES_256(CBC) - using SHA, not forward screcy
279+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (
280+ 0xC005 , true , "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" , "" ,
263281ProtocolVersion .PROTOCOLS_TO_12 ,
264- K_RSA , B_AES_128 , M_SHA , H_SHA256 ),
282+ K_ECDH_ECDSA , B_AES_256 , M_SHA , H_SHA256 ),
283+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (
284+ 0xC00F , true , "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" , "" ,
285+ ProtocolVersion .PROTOCOLS_TO_12 ,
286+ K_ECDH_RSA , B_AES_256 , M_SHA , H_SHA256 ),
287+
288+ // AES_128(CBC) - using SHA, not forward screcy
265289TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (
2662900xC004 , true , "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" , "" ,
267291ProtocolVersion .PROTOCOLS_TO_12 ,
@@ -270,16 +294,48 @@ enum CipherSuite {
2702940xC00E , true , "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" , "" ,
271295ProtocolVersion .PROTOCOLS_TO_12 ,
272296K_ECDH_RSA , B_AES_128 , M_SHA , H_SHA256 ),
273- TLS_DHE_RSA_WITH_AES_128_CBC_SHA (
274- 0x0033 , true , "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" , "" ,
297+
298+ //
299+ // deprecated, used for compatibility
300+ //
301+
302+ // RSA, AES_256(GCM)
303+ TLS_RSA_WITH_AES_256_GCM_SHA384 (
304+ 0x009D , true , "TLS_RSA_WITH_AES_256_GCM_SHA384" , "" ,
305+ ProtocolVersion .PROTOCOLS_OF_12 ,
306+ K_RSA , B_AES_256_GCM , M_NULL , H_SHA384 ),
307+
308+ // RSA, AES_128(GCM)
309+ TLS_RSA_WITH_AES_128_GCM_SHA256 (
310+ 0x009C , true , "TLS_RSA_WITH_AES_128_GCM_SHA256" , "" ,
311+ ProtocolVersion .PROTOCOLS_OF_12 ,
312+ K_RSA , B_AES_128_GCM , M_NULL , H_SHA256 ),
313+
314+ // RSA, AES_256(CBC)
315+ TLS_RSA_WITH_AES_256_CBC_SHA256 (
316+ 0x003D , true , "TLS_RSA_WITH_AES_256_CBC_SHA256" , "" ,
317+ ProtocolVersion .PROTOCOLS_OF_12 ,
318+ K_RSA , B_AES_256 , M_SHA256 , H_SHA256 ),
319+
320+ // RSA, AES_128(CBC)
321+ TLS_RSA_WITH_AES_128_CBC_SHA256 (
322+ 0x003C , true , "TLS_RSA_WITH_AES_128_CBC_SHA256" , "" ,
323+ ProtocolVersion .PROTOCOLS_OF_12 ,
324+ K_RSA , B_AES_128 , M_SHA256 , H_SHA256 ),
325+
326+ // RSA, AES_256(CBC) - using SHA, not forward screcy
327+ TLS_RSA_WITH_AES_256_CBC_SHA (
328+ 0x0035 , true , "TLS_RSA_WITH_AES_256_CBC_SHA" , "" ,
275329ProtocolVersion .PROTOCOLS_TO_12 ,
276- K_DHE_RSA , B_AES_128 , M_SHA , H_SHA256 ),
277- TLS_DHE_DSS_WITH_AES_128_CBC_SHA (
278- 0x0032 , true , "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" , "" ,
330+ K_RSA , B_AES_256 , M_SHA , H_SHA256 ),
331+
332+ // RSA, AES_128(CBC) - using SHA, not forward screcy
333+ TLS_RSA_WITH_AES_128_CBC_SHA (
334+ 0x002F , true , "TLS_RSA_WITH_AES_128_CBC_SHA" , "" ,
279335ProtocolVersion .PROTOCOLS_TO_12 ,
280- K_DHE_DSS , B_AES_128 , M_SHA , H_SHA256 ),
336+ K_RSA , B_AES_128 , M_SHA , H_SHA256 ),
281337
282- // 3DES_EDE
338+ // 3DES_EDE, forward secrecy.
283339TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (
2843400xC008 , true , "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" , "" ,
285341ProtocolVersion .PROTOCOLS_TO_12 ,
@@ -288,19 +344,6 @@ enum CipherSuite {
2883440xC012 , true , "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" , "" ,
289345ProtocolVersion .PROTOCOLS_TO_12 ,
290346K_ECDHE_RSA , B_3DES , M_SHA , H_SHA256 ),
291- SSL_RSA_WITH_3DES_EDE_CBC_SHA (
292- 0x000A , true , "SSL_RSA_WITH_3DES_EDE_CBC_SHA" ,
293- "TLS_RSA_WITH_3DES_EDE_CBC_SHA" ,
294- ProtocolVersion .PROTOCOLS_TO_12 ,
295- K_RSA , B_3DES , M_SHA , H_SHA256 ),
296- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (
297- 0xC003 , true , "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" , "" ,
298- ProtocolVersion .PROTOCOLS_TO_12 ,
299- K_ECDH_ECDSA , B_3DES , M_SHA , H_SHA256 ),
300- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (
301- 0xC00D , true , "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" , "" ,
302- ProtocolVersion .PROTOCOLS_TO_12 ,
303- K_ECDH_RSA , B_3DES , M_SHA , H_SHA256 ),
304347SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA (
3053480x0016 , true , "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" ,
306349"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" ,
@@ -312,6 +355,21 @@ enum CipherSuite {
312355ProtocolVersion .PROTOCOLS_TO_12 ,
313356K_DHE_DSS , B_3DES , M_SHA , H_SHA256 ),
314357
358+ // 3DES_EDE, not forward secrecy.
359+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (
360+ 0xC003 , true , "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" , "" ,
361+ ProtocolVersion .PROTOCOLS_TO_12 ,
362+ K_ECDH_ECDSA , B_3DES , M_SHA , H_SHA256 ),
363+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (
364+ 0xC00D , true , "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" , "" ,
365+ ProtocolVersion .PROTOCOLS_TO_12 ,
366+ K_ECDH_RSA , B_3DES , M_SHA , H_SHA256 ),
367+ SSL_RSA_WITH_3DES_EDE_CBC_SHA (
368+ 0x000A , true , "SSL_RSA_WITH_3DES_EDE_CBC_SHA" ,
369+ "TLS_RSA_WITH_3DES_EDE_CBC_SHA" ,
370+ ProtocolVersion .PROTOCOLS_TO_12 ,
371+ K_RSA , B_3DES , M_SHA , H_SHA256 ),
372+
315373// Renegotiation protection request Signalling Cipher Suite Value (SCSV).
316374TLS_EMPTY_RENEGOTIATION_INFO_SCSV ( // RFC 5746, TLS 1.2 and prior
3173750x00FF , true , "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" , "" ,
0 commit comments