1#!/usr/bin/env python3 2# -*- coding: utf-8 -*- 3 4# This script read cipher suite list csv file [1] and prints out id 5# and name of black listed cipher suites. The output is used by 6# src/ssl.cc. 7# 8# [1] http://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv 9# [2] http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml 10 11import re 12import sys 13import csv 14 15# From RFC 7540 16blacklist = [ 17 'TLS_NULL_WITH_NULL_NULL', 18 'TLS_RSA_WITH_NULL_MD5', 19 'TLS_RSA_WITH_NULL_SHA', 20 'TLS_RSA_EXPORT_WITH_RC4_40_MD5', 21 'TLS_RSA_WITH_RC4_128_MD5', 22 'TLS_RSA_WITH_RC4_128_SHA', 23 'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5', 24 'TLS_RSA_WITH_IDEA_CBC_SHA', 25 'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA', 26 'TLS_RSA_WITH_DES_CBC_SHA', 27 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 28 'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA', 29 'TLS_DH_DSS_WITH_DES_CBC_SHA', 30 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA', 31 'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA', 32 'TLS_DH_RSA_WITH_DES_CBC_SHA', 33 'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA', 34 'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA', 35 'TLS_DHE_DSS_WITH_DES_CBC_SHA', 36 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA', 37 'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA', 38 'TLS_DHE_RSA_WITH_DES_CBC_SHA', 39 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 40 'TLS_DH_anon_EXPORT_WITH_RC4_40_MD5', 41 'TLS_DH_anon_WITH_RC4_128_MD5', 42 'TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA', 43 'TLS_DH_anon_WITH_DES_CBC_SHA', 44 'TLS_DH_anon_WITH_3DES_EDE_CBC_SHA', 45 'TLS_KRB5_WITH_DES_CBC_SHA', 46 'TLS_KRB5_WITH_3DES_EDE_CBC_SHA', 47 'TLS_KRB5_WITH_RC4_128_SHA', 48 'TLS_KRB5_WITH_IDEA_CBC_SHA', 49 'TLS_KRB5_WITH_DES_CBC_MD5', 50 'TLS_KRB5_WITH_3DES_EDE_CBC_MD5', 51 'TLS_KRB5_WITH_RC4_128_MD5', 52 'TLS_KRB5_WITH_IDEA_CBC_MD5', 53 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA', 54 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA', 55 'TLS_KRB5_EXPORT_WITH_RC4_40_SHA', 56 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5', 57 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5', 58 'TLS_KRB5_EXPORT_WITH_RC4_40_MD5', 59 'TLS_PSK_WITH_NULL_SHA', 60 'TLS_DHE_PSK_WITH_NULL_SHA', 61 'TLS_RSA_PSK_WITH_NULL_SHA', 62 'TLS_RSA_WITH_AES_128_CBC_SHA', 63 'TLS_DH_DSS_WITH_AES_128_CBC_SHA', 64 'TLS_DH_RSA_WITH_AES_128_CBC_SHA', 65 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA', 66 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 67 'TLS_DH_anon_WITH_AES_128_CBC_SHA', 68 'TLS_RSA_WITH_AES_256_CBC_SHA', 69 'TLS_DH_DSS_WITH_AES_256_CBC_SHA', 70 'TLS_DH_RSA_WITH_AES_256_CBC_SHA', 71 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA', 72 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 73 'TLS_DH_anon_WITH_AES_256_CBC_SHA', 74 'TLS_RSA_WITH_NULL_SHA256', 75 'TLS_RSA_WITH_AES_128_CBC_SHA256', 76 'TLS_RSA_WITH_AES_256_CBC_SHA256', 77 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256', 78 'TLS_DH_RSA_WITH_AES_128_CBC_SHA256', 79 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256', 80 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA', 81 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA', 82 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA', 83 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA', 84 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA', 85 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA', 86 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 87 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256', 88 'TLS_DH_RSA_WITH_AES_256_CBC_SHA256', 89 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256', 90 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 91 'TLS_DH_anon_WITH_AES_128_CBC_SHA256', 92 'TLS_DH_anon_WITH_AES_256_CBC_SHA256', 93 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA', 94 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA', 95 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA', 96 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA', 97 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA', 98 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA', 99 'TLS_PSK_WITH_RC4_128_SHA', 100 'TLS_PSK_WITH_3DES_EDE_CBC_SHA', 101 'TLS_PSK_WITH_AES_128_CBC_SHA', 102 'TLS_PSK_WITH_AES_256_CBC_SHA', 103 'TLS_DHE_PSK_WITH_RC4_128_SHA', 104 'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA', 105 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA', 106 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA', 107 'TLS_RSA_PSK_WITH_RC4_128_SHA', 108 'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA', 109 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA', 110 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA', 111 'TLS_RSA_WITH_SEED_CBC_SHA', 112 'TLS_DH_DSS_WITH_SEED_CBC_SHA', 113 'TLS_DH_RSA_WITH_SEED_CBC_SHA', 114 'TLS_DHE_DSS_WITH_SEED_CBC_SHA', 115 'TLS_DHE_RSA_WITH_SEED_CBC_SHA', 116 'TLS_DH_anon_WITH_SEED_CBC_SHA', 117 'TLS_RSA_WITH_AES_128_GCM_SHA256', 118 'TLS_RSA_WITH_AES_256_GCM_SHA384', 119 'TLS_DH_RSA_WITH_AES_128_GCM_SHA256', 120 'TLS_DH_RSA_WITH_AES_256_GCM_SHA384', 121 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256', 122 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384', 123 'TLS_DH_anon_WITH_AES_128_GCM_SHA256', 124 'TLS_DH_anon_WITH_AES_256_GCM_SHA384', 125 'TLS_PSK_WITH_AES_128_GCM_SHA256', 126 'TLS_PSK_WITH_AES_256_GCM_SHA384', 127 'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256', 128 'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384', 129 'TLS_PSK_WITH_AES_128_CBC_SHA256', 130 'TLS_PSK_WITH_AES_256_CBC_SHA384', 131 'TLS_PSK_WITH_NULL_SHA256', 132 'TLS_PSK_WITH_NULL_SHA384', 133 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256', 134 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384', 135 'TLS_DHE_PSK_WITH_NULL_SHA256', 136 'TLS_DHE_PSK_WITH_NULL_SHA384', 137 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256', 138 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384', 139 'TLS_RSA_PSK_WITH_NULL_SHA256', 140 'TLS_RSA_PSK_WITH_NULL_SHA384', 141 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256', 142 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256', 143 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256', 144 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256', 145 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256', 146 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256', 147 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256', 148 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256', 149 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256', 150 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256', 151 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256', 152 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256', 153 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV', 154 'TLS_ECDH_ECDSA_WITH_NULL_SHA', 155 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', 156 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', 157 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', 158 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', 159 'TLS_ECDHE_ECDSA_WITH_NULL_SHA', 160 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 161 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 162 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 163 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 164 'TLS_ECDH_RSA_WITH_NULL_SHA', 165 'TLS_ECDH_RSA_WITH_RC4_128_SHA', 166 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', 167 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', 168 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', 169 'TLS_ECDHE_RSA_WITH_NULL_SHA', 170 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', 171 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 172 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 173 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 174 'TLS_ECDH_anon_WITH_NULL_SHA', 175 'TLS_ECDH_anon_WITH_RC4_128_SHA', 176 'TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA', 177 'TLS_ECDH_anon_WITH_AES_128_CBC_SHA', 178 'TLS_ECDH_anon_WITH_AES_256_CBC_SHA', 179 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', 180 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', 181 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA', 182 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', 183 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', 184 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA', 185 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', 186 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', 187 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA', 188 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 189 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 190 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 191 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', 192 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 193 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 194 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', 195 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', 196 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 197 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 198 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', 199 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', 200 'TLS_ECDHE_PSK_WITH_RC4_128_SHA', 201 'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA', 202 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA', 203 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA', 204 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256', 205 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384', 206 'TLS_ECDHE_PSK_WITH_NULL_SHA', 207 'TLS_ECDHE_PSK_WITH_NULL_SHA256', 208 'TLS_ECDHE_PSK_WITH_NULL_SHA384', 209 'TLS_RSA_WITH_ARIA_128_CBC_SHA256', 210 'TLS_RSA_WITH_ARIA_256_CBC_SHA384', 211 'TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256', 212 'TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384', 213 'TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256', 214 'TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384', 215 'TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256', 216 'TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384', 217 'TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256', 218 'TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384', 219 'TLS_DH_anon_WITH_ARIA_128_CBC_SHA256', 220 'TLS_DH_anon_WITH_ARIA_256_CBC_SHA384', 221 'TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256', 222 'TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384', 223 'TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256', 224 'TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384', 225 'TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256', 226 'TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384', 227 'TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256', 228 'TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384', 229 'TLS_RSA_WITH_ARIA_128_GCM_SHA256', 230 'TLS_RSA_WITH_ARIA_256_GCM_SHA384', 231 'TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256', 232 'TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384', 233 'TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256', 234 'TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384', 235 'TLS_DH_anon_WITH_ARIA_128_GCM_SHA256', 236 'TLS_DH_anon_WITH_ARIA_256_GCM_SHA384', 237 'TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256', 238 'TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384', 239 'TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256', 240 'TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384', 241 'TLS_PSK_WITH_ARIA_128_CBC_SHA256', 242 'TLS_PSK_WITH_ARIA_256_CBC_SHA384', 243 'TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256', 244 'TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384', 245 'TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256', 246 'TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384', 247 'TLS_PSK_WITH_ARIA_128_GCM_SHA256', 248 'TLS_PSK_WITH_ARIA_256_GCM_SHA384', 249 'TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256', 250 'TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384', 251 'TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256', 252 'TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384', 253 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256', 254 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384', 255 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256', 256 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384', 257 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256', 258 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384', 259 'TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256', 260 'TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384', 261 'TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256', 262 'TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384', 263 'TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256', 264 'TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384', 265 'TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256', 266 'TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384', 267 'TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256', 268 'TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384', 269 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256', 270 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384', 271 'TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256', 272 'TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384', 273 'TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256', 274 'TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384', 275 'TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256', 276 'TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384', 277 'TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256', 278 'TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384', 279 'TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256', 280 'TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384', 281 'TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256', 282 'TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384', 283 'TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256', 284 'TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384', 285 'TLS_RSA_WITH_AES_128_CCM', 286 'TLS_RSA_WITH_AES_256_CCM', 287 'TLS_RSA_WITH_AES_128_CCM_8', 288 'TLS_RSA_WITH_AES_256_CCM_8', 289 'TLS_PSK_WITH_AES_128_CCM', 290 'TLS_PSK_WITH_AES_256_CCM', 291 'TLS_PSK_WITH_AES_128_CCM_8', 292 'TLS_PSK_WITH_AES_256_CCM_8', 293] 294 295ciphers = [] 296found = set() 297for hl, name, _, _, _ in csv.reader(sys.stdin): 298 if name not in blacklist: 299 continue 300 301 found.add(name) 302 303 high, low = hl.split(',') 304 305 id = high + low[2:] + 'u' 306 ciphers.append((id, name)) 307 308print('''\ 309enum {''') 310 311for id, name in ciphers: 312 print('{} = {},'.format(name, id)) 313 314print('''\ 315}; 316''') 317 318for id, name in ciphers: 319 print('''\ 320case {}:'''.format(name)) 321 322if len(found) != len(blacklist): 323 print('{} found out of {}; not all cipher was found: {}'.format( 324 len(found), len(blacklist), 325 found.symmetric_difference(blacklist))) 326