michael@0: /* michael@0: * Table enumerating all implemented cipher suites michael@0: * Part of public API. michael@0: * michael@0: * This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "ssl.h" michael@0: #include "sslproto.h" michael@0: michael@0: /* michael@0: * The ordering of cipher suites in this table must match the ordering in michael@0: * the cipherSuites table in ssl3con.c. michael@0: * michael@0: * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays michael@0: * in ssl3ecc.c. michael@0: * michael@0: * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. michael@0: * michael@0: * The ordering is as follows: michael@0: * * No-encryption cipher suites last michael@0: * * Export/weak/obsolete cipher suites before no-encryption cipher suites michael@0: * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA. michael@0: * * Within key agreement sections, order by symmetric encryption algorithm: michael@0: * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED, michael@0: * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a michael@0: * strong cipher internationally, and is often hardware-accelerated. michael@0: * Camellia also has wide international support across standards michael@0: * organizations. SEED is only recommended by the Korean government. 3DES michael@0: * only provides 112 bits of security. RC4 is now deprecated or forbidden michael@0: * by many standards organizations. michael@0: * * Within symmetric algorithm sections, order by message authentication michael@0: * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. michael@0: * * Within message authentication algorithm sections, order by asymmetric michael@0: * signature algorithm: ECDSA, then RSA, then DSS. michael@0: * michael@0: * Exception: Because some servers ignore the high-order byte of the cipher michael@0: * suite ID, we must be careful about adding cipher suites with IDs larger michael@0: * than 0x00ff; see bug 946147. For these broken servers, the first four cipher michael@0: * suites, with the MSB zeroed, look like: michael@0: * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } michael@0: * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } michael@0: * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } michael@0: * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } michael@0: * The broken server only supports the third and fourth ones and will select michael@0: * the third one. michael@0: */ michael@0: const PRUint16 SSL_ImplementedCiphers[] = { michael@0: #ifndef NSS_DISABLE_ECC michael@0: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, michael@0: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, michael@0: /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before michael@0: * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. michael@0: */ michael@0: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, michael@0: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, michael@0: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, michael@0: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, michael@0: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, michael@0: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, michael@0: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, michael@0: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, michael@0: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, michael@0: TLS_ECDHE_RSA_WITH_RC4_128_SHA, michael@0: #endif /* NSS_DISABLE_ECC */ michael@0: michael@0: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, michael@0: TLS_DHE_RSA_WITH_AES_128_CBC_SHA, michael@0: TLS_DHE_DSS_WITH_AES_128_CBC_SHA, michael@0: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, michael@0: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, michael@0: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, michael@0: TLS_DHE_RSA_WITH_AES_256_CBC_SHA, michael@0: TLS_DHE_DSS_WITH_AES_256_CBC_SHA, michael@0: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, michael@0: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, michael@0: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, michael@0: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, michael@0: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, michael@0: TLS_DHE_DSS_WITH_RC4_128_SHA, michael@0: michael@0: #ifndef NSS_DISABLE_ECC michael@0: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, michael@0: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, michael@0: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, michael@0: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, michael@0: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, michael@0: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, michael@0: TLS_ECDH_ECDSA_WITH_RC4_128_SHA, michael@0: TLS_ECDH_RSA_WITH_RC4_128_SHA, michael@0: #endif /* NSS_DISABLE_ECC */ michael@0: michael@0: TLS_RSA_WITH_AES_128_GCM_SHA256, michael@0: TLS_RSA_WITH_AES_128_CBC_SHA, michael@0: TLS_RSA_WITH_AES_128_CBC_SHA256, michael@0: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, michael@0: TLS_RSA_WITH_AES_256_CBC_SHA, michael@0: TLS_RSA_WITH_AES_256_CBC_SHA256, michael@0: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, michael@0: TLS_RSA_WITH_SEED_CBC_SHA, michael@0: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, michael@0: TLS_RSA_WITH_3DES_EDE_CBC_SHA, michael@0: TLS_RSA_WITH_RC4_128_SHA, michael@0: TLS_RSA_WITH_RC4_128_MD5, michael@0: michael@0: /* 56-bit DES "domestic" cipher suites */ michael@0: TLS_DHE_RSA_WITH_DES_CBC_SHA, michael@0: TLS_DHE_DSS_WITH_DES_CBC_SHA, michael@0: SSL_RSA_FIPS_WITH_DES_CBC_SHA, michael@0: TLS_RSA_WITH_DES_CBC_SHA, michael@0: michael@0: /* export ciphersuites with 1024-bit public key exchange keys */ michael@0: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, michael@0: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, michael@0: michael@0: /* export ciphersuites with 512-bit public key exchange keys */ michael@0: TLS_RSA_EXPORT_WITH_RC4_40_MD5, michael@0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, michael@0: michael@0: /* ciphersuites with no encryption */ michael@0: #ifndef NSS_DISABLE_ECC michael@0: TLS_ECDHE_ECDSA_WITH_NULL_SHA, michael@0: TLS_ECDHE_RSA_WITH_NULL_SHA, michael@0: TLS_ECDH_RSA_WITH_NULL_SHA, michael@0: TLS_ECDH_ECDSA_WITH_NULL_SHA, michael@0: #endif /* NSS_DISABLE_ECC */ michael@0: TLS_RSA_WITH_NULL_SHA, michael@0: TLS_RSA_WITH_NULL_SHA256, michael@0: TLS_RSA_WITH_NULL_MD5, michael@0: michael@0: /* SSL2 cipher suites. */ michael@0: SSL_EN_RC4_128_WITH_MD5, michael@0: SSL_EN_RC2_128_CBC_WITH_MD5, michael@0: SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ michael@0: SSL_EN_DES_64_CBC_WITH_MD5, michael@0: SSL_EN_RC4_128_EXPORT40_WITH_MD5, michael@0: SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, michael@0: michael@0: 0 michael@0: michael@0: }; michael@0: michael@0: const PRUint16 SSL_NumImplementedCiphers = michael@0: (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; michael@0: michael@0: const PRUint16 * michael@0: SSL_GetImplementedCiphers(void) michael@0: { michael@0: return SSL_ImplementedCiphers; michael@0: } michael@0: michael@0: PRUint16 michael@0: SSL_GetNumImplementedCiphers(void) michael@0: { michael@0: return SSL_NumImplementedCiphers; michael@0: }