1 /* 2 * Table enumerating all implemented cipher suites 3 * Part of public API. 4 * 5 * ***** BEGIN LICENSE BLOCK ***** 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 7 * 8 * The contents of this file are subject to the Mozilla Public License Version 9 * 1.1 (the "License"); you may not use this file except in compliance with 10 * the License. You may obtain a copy of the License at 11 * http://www.mozilla.org/MPL/ 12 * 13 * Software distributed under the License is distributed on an "AS IS" basis, 14 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 15 * for the specific language governing rights and limitations under the 16 * License. 17 * 18 * The Original Code is the Netscape security libraries. 19 * 20 * The Initial Developer of the Original Code is 21 * Netscape Communications Corporation. 22 * Portions created by the Initial Developer are Copyright (C) 1994-2000 23 * the Initial Developer. All Rights Reserved. 24 * 25 * Contributor(s): 26 * Dr Stephen Henson <stephen.henson@gemplus.com> 27 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories 28 * 29 * Alternatively, the contents of this file may be used under the terms of 30 * either the GNU General Public License Version 2 or later (the "GPL"), or 31 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 32 * in which case the provisions of the GPL or the LGPL are applicable instead 33 * of those above. If you wish to allow use of your version of this file only 34 * under the terms of either the GPL or the LGPL, and not to allow others to 35 * use your version of this file under the terms of the MPL, indicate your 36 * decision by deleting the provisions above and replace them with the notice 37 * and other provisions required by the GPL or the LGPL. If you do not delete 38 * the provisions above, a recipient may use your version of this file under 39 * the terms of any one of the MPL, the GPL or the LGPL. 40 * 41 * ***** END LICENSE BLOCK ***** */ 42 /* $Id: sslenum.c,v 1.16 2008/12/17 06:09:19 nelson%bolyard.com Exp $ */ 43 44 #include "ssl.h" 45 #include "sslproto.h" 46 47 /* 48 * The ciphers are listed in the following order: 49 * - stronger ciphers before weaker ciphers 50 * - national ciphers before international ciphers 51 * - faster ciphers before slower ciphers 52 * 53 * National ciphers such as Camellia are listed before international ciphers 54 * such as AES and RC4 to allow servers that prefer Camellia to negotiate 55 * Camellia without having to disable AES and RC4, which are needed for 56 * interoperability with clients that don't yet implement Camellia. 57 */ 58 const PRUint16 SSL_ImplementedCiphers[] = { 59 /* 256-bit */ 60 #ifdef NSS_ENABLE_ECC 61 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 62 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 63 #endif /* NSS_ENABLE_ECC */ 64 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 65 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 66 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 67 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 68 #ifdef NSS_ENABLE_ECC 69 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 70 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 71 #endif /* NSS_ENABLE_ECC */ 72 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 73 TLS_RSA_WITH_AES_256_CBC_SHA, 74 75 /* 128-bit */ 76 #ifdef NSS_ENABLE_ECC 77 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 78 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 79 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 80 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 81 #endif /* NSS_ENABLE_ECC */ 82 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 83 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 84 TLS_DHE_DSS_WITH_RC4_128_SHA, 85 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 86 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 87 #ifdef NSS_ENABLE_ECC 88 TLS_ECDH_RSA_WITH_RC4_128_SHA, 89 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 90 TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 91 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 92 #endif /* NSS_ENABLE_ECC */ 93 TLS_RSA_WITH_SEED_CBC_SHA, 94 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 95 SSL_RSA_WITH_RC4_128_MD5, 96 SSL_RSA_WITH_RC4_128_SHA, 97 TLS_RSA_WITH_AES_128_CBC_SHA, 98 99 /* 112-bit 3DES */ 100 #ifdef NSS_ENABLE_ECC 101 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 102 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 103 #endif /* NSS_ENABLE_ECC */ 104 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 105 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 106 #ifdef NSS_ENABLE_ECC 107 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 108 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 109 #endif /* NSS_ENABLE_ECC */ 110 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, 111 SSL_RSA_WITH_3DES_EDE_CBC_SHA, 112 113 /* 56-bit DES "domestic" cipher suites */ 114 SSL_DHE_RSA_WITH_DES_CBC_SHA, 115 SSL_DHE_DSS_WITH_DES_CBC_SHA, 116 SSL_RSA_FIPS_WITH_DES_CBC_SHA, 117 SSL_RSA_WITH_DES_CBC_SHA, 118 119 /* export ciphersuites with 1024-bit public key exchange keys */ 120 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 121 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 122 123 /* export ciphersuites with 512-bit public key exchange keys */ 124 SSL_RSA_EXPORT_WITH_RC4_40_MD5, 125 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 126 127 /* ciphersuites with no encryption */ 128 #ifdef NSS_ENABLE_ECC 129 TLS_ECDHE_ECDSA_WITH_NULL_SHA, 130 TLS_ECDHE_RSA_WITH_NULL_SHA, 131 TLS_ECDH_RSA_WITH_NULL_SHA, 132 TLS_ECDH_ECDSA_WITH_NULL_SHA, 133 #endif /* NSS_ENABLE_ECC */ 134 SSL_RSA_WITH_NULL_SHA, 135 SSL_RSA_WITH_NULL_MD5, 136 137 /* SSL2 cipher suites. */ 138 SSL_EN_RC4_128_WITH_MD5, 139 SSL_EN_RC2_128_CBC_WITH_MD5, 140 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ 141 SSL_EN_DES_64_CBC_WITH_MD5, 142 SSL_EN_RC4_128_EXPORT40_WITH_MD5, 143 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, 144 145 0 146 147 }; 148 149 const PRUint16 SSL_NumImplementedCiphers = 150 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; 151 152