security/nss/lib/ssl/sslenum.c@6474c204b198 (annotated)
security/nss/lib/ssl/sslenum.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* |
| michael@0 | 2 | * Table enumerating all implemented cipher suites |
| michael@0 | 3 | * Part of public API. |
| michael@0 | 4 | * |
| michael@0 | 5 | * This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 6 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 7 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 8 | |
| michael@0 | 9 | #include "ssl.h" |
| michael@0 | 10 | #include "sslproto.h" |
| michael@0 | 11 | |
| michael@0 | 12 | /* |
| michael@0 | 13 | * The ordering of cipher suites in this table must match the ordering in |
| michael@0 | 14 | * the cipherSuites table in ssl3con.c. |
| michael@0 | 15 | * |
| michael@0 | 16 | * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays |
| michael@0 | 17 | * in ssl3ecc.c. |
| michael@0 | 18 | * |
| michael@0 | 19 | * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. |
| michael@0 | 20 | * |
| michael@0 | 21 | * The ordering is as follows: |
| michael@0 | 22 | * * No-encryption cipher suites last |
| michael@0 | 23 | * * Export/weak/obsolete cipher suites before no-encryption cipher suites |
| michael@0 | 24 | * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA. |
| michael@0 | 25 | * * Within key agreement sections, order by symmetric encryption algorithm: |
| michael@0 | 26 | * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED, |
| michael@0 | 27 | * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a |
| michael@0 | 28 | * strong cipher internationally, and is often hardware-accelerated. |
| michael@0 | 29 | * Camellia also has wide international support across standards |
| michael@0 | 30 | * organizations. SEED is only recommended by the Korean government. 3DES |
| michael@0 | 31 | * only provides 112 bits of security. RC4 is now deprecated or forbidden |
| michael@0 | 32 | * by many standards organizations. |
| michael@0 | 33 | * * Within symmetric algorithm sections, order by message authentication |
| michael@0 | 34 | * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. |
| michael@0 | 35 | * * Within message authentication algorithm sections, order by asymmetric |
| michael@0 | 36 | * signature algorithm: ECDSA, then RSA, then DSS. |
| michael@0 | 37 | * |
| michael@0 | 38 | * Exception: Because some servers ignore the high-order byte of the cipher |
| michael@0 | 39 | * suite ID, we must be careful about adding cipher suites with IDs larger |
| michael@0 | 40 | * than 0x00ff; see bug 946147. For these broken servers, the first four cipher |
| michael@0 | 41 | * suites, with the MSB zeroed, look like: |
| michael@0 | 42 | * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } |
| michael@0 | 43 | * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } |
| michael@0 | 44 | * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } |
| michael@0 | 45 | * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } |
| michael@0 | 46 | * The broken server only supports the third and fourth ones and will select |
| michael@0 | 47 | * the third one. |
| michael@0 | 48 | */ |
| michael@0 | 49 | const PRUint16 SSL_ImplementedCiphers[] = { |
| michael@0 | 50 | #ifndef NSS_DISABLE_ECC |
| michael@0 | 51 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| michael@0 | 52 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| michael@0 | 53 | /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before |
| michael@0 | 54 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. |
| michael@0 | 55 | */ |
| michael@0 | 56 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| michael@0 | 57 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| michael@0 | 58 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| michael@0 | 59 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
| michael@0 | 60 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
| michael@0 | 61 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| michael@0 | 62 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, |
| michael@0 | 63 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
| michael@0 | 64 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| michael@0 | 65 | TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
| michael@0 | 66 | #endif /* NSS_DISABLE_ECC */ |
| michael@0 | 67 | |
| michael@0 | 68 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| michael@0 | 69 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
| michael@0 | 70 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA, |
| michael@0 | 71 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
| michael@0 | 72 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| michael@0 | 73 | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
| michael@0 | 74 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
| michael@0 | 75 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA, |
| michael@0 | 76 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
| michael@0 | 77 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| michael@0 | 78 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
| michael@0 | 79 | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, |
| michael@0 | 80 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, |
| michael@0 | 81 | TLS_DHE_DSS_WITH_RC4_128_SHA, |
| michael@0 | 82 | |
| michael@0 | 83 | #ifndef NSS_DISABLE_ECC |
| michael@0 | 84 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
| michael@0 | 85 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, |
| michael@0 | 86 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
| michael@0 | 87 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, |
| michael@0 | 88 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, |
| michael@0 | 89 | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, |
| michael@0 | 90 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA, |
| michael@0 | 91 | TLS_ECDH_RSA_WITH_RC4_128_SHA, |
| michael@0 | 92 | #endif /* NSS_DISABLE_ECC */ |
| michael@0 | 93 | |
| michael@0 | 94 | TLS_RSA_WITH_AES_128_GCM_SHA256, |
| michael@0 | 95 | TLS_RSA_WITH_AES_128_CBC_SHA, |
| michael@0 | 96 | TLS_RSA_WITH_AES_128_CBC_SHA256, |
| michael@0 | 97 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| michael@0 | 98 | TLS_RSA_WITH_AES_256_CBC_SHA, |
| michael@0 | 99 | TLS_RSA_WITH_AES_256_CBC_SHA256, |
| michael@0 | 100 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| michael@0 | 101 | TLS_RSA_WITH_SEED_CBC_SHA, |
| michael@0 | 102 | SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, |
| michael@0 | 103 | TLS_RSA_WITH_3DES_EDE_CBC_SHA, |
| michael@0 | 104 | TLS_RSA_WITH_RC4_128_SHA, |
| michael@0 | 105 | TLS_RSA_WITH_RC4_128_MD5, |
| michael@0 | 106 | |
| michael@0 | 107 | /* 56-bit DES "domestic" cipher suites */ |
| michael@0 | 108 | TLS_DHE_RSA_WITH_DES_CBC_SHA, |
| michael@0 | 109 | TLS_DHE_DSS_WITH_DES_CBC_SHA, |
| michael@0 | 110 | SSL_RSA_FIPS_WITH_DES_CBC_SHA, |
| michael@0 | 111 | TLS_RSA_WITH_DES_CBC_SHA, |
| michael@0 | 112 | |
| michael@0 | 113 | /* export ciphersuites with 1024-bit public key exchange keys */ |
| michael@0 | 114 | TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, |
| michael@0 | 115 | TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
| michael@0 | 116 | |
| michael@0 | 117 | /* export ciphersuites with 512-bit public key exchange keys */ |
| michael@0 | 118 | TLS_RSA_EXPORT_WITH_RC4_40_MD5, |
| michael@0 | 119 | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, |
| michael@0 | 120 | |
| michael@0 | 121 | /* ciphersuites with no encryption */ |
| michael@0 | 122 | #ifndef NSS_DISABLE_ECC |
| michael@0 | 123 | TLS_ECDHE_ECDSA_WITH_NULL_SHA, |
| michael@0 | 124 | TLS_ECDHE_RSA_WITH_NULL_SHA, |
| michael@0 | 125 | TLS_ECDH_RSA_WITH_NULL_SHA, |
| michael@0 | 126 | TLS_ECDH_ECDSA_WITH_NULL_SHA, |
| michael@0 | 127 | #endif /* NSS_DISABLE_ECC */ |
| michael@0 | 128 | TLS_RSA_WITH_NULL_SHA, |
| michael@0 | 129 | TLS_RSA_WITH_NULL_SHA256, |
| michael@0 | 130 | TLS_RSA_WITH_NULL_MD5, |
| michael@0 | 131 | |
| michael@0 | 132 | /* SSL2 cipher suites. */ |
| michael@0 | 133 | SSL_EN_RC4_128_WITH_MD5, |
| michael@0 | 134 | SSL_EN_RC2_128_CBC_WITH_MD5, |
| michael@0 | 135 | SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ |
| michael@0 | 136 | SSL_EN_DES_64_CBC_WITH_MD5, |
| michael@0 | 137 | SSL_EN_RC4_128_EXPORT40_WITH_MD5, |
| michael@0 | 138 | SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, |
| michael@0 | 139 | |
| michael@0 | 140 | 0 |
| michael@0 | 141 | |
| michael@0 | 142 | }; |
| michael@0 | 143 | |
| michael@0 | 144 | const PRUint16 SSL_NumImplementedCiphers = |
| michael@0 | 145 | (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; |
| michael@0 | 146 | |
| michael@0 | 147 | const PRUint16 * |
| michael@0 | 148 | SSL_GetImplementedCiphers(void) |
| michael@0 | 149 | { |
| michael@0 | 150 | return SSL_ImplementedCiphers; |
| michael@0 | 151 | } |
| michael@0 | 152 | |
| michael@0 | 153 | PRUint16 |
| michael@0 | 154 | SSL_GetNumImplementedCiphers(void) |
| michael@0 | 155 | { |
| michael@0 | 156 | return SSL_NumImplementedCiphers; |
| michael@0 | 157 | } |
