1 /*
2 * Table enumerating all implemented cipher suites
3 * Part of public API.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8
9 #include "ssl.h"
10 #include "sslproto.h"
11
12 /*
13 * The ordering of cipher suites in this table must match the ordering in
14 * the cipherSuites table in ssl3con.c.
15 *
16 * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
17 * in ssl3ecc.c.
18 *
19 * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h.
20 *
21 * The ordering is as follows:
22 * * No-encryption cipher suites last
23 * * Export/weak/obsolete cipher suites before no-encryption cipher suites
24 * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA.
25 * * Within key agreement sections, order by symmetric encryption algorithm:
26 * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED,
27 * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a
28 * strong cipher internationally, and is often hardware-accelerated.
29 * Camellia also has wide international support across standards
30 * organizations. SEED is only recommended by the Korean government. 3DES
31 * only provides 112 bits of security. RC4 is now deprecated or forbidden
32 * by many standards organizations.
33 * * Within symmetric algorithm sections, order by message authentication
34 * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5.
35 * * Within message authentication algorithm sections, order by asymmetric
36 * signature algorithm: ECDSA, then RSA, then DSS.
37 *
38 * Exception: Because some servers ignore the high-order byte of the cipher
39 * suite ID, we must be careful about adding cipher suites with IDs larger
40 * than 0x00ff; see bug 946147. For these broken servers, the first six cipher
41 * suites, with the MSB zeroed, look like:
42 * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA { 0x00,0x14 }
43 * TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA { 0x00,0x13 }
44 * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B }
45 * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F }
46 * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A }
47 * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 }
48 * The broken server only supports the fifth and sixth ones and will select
49 * the fifth one.
50 */
51 const PRUint16 SSL_ImplementedCiphers[] = {
52 #ifdef NSS_ENABLE_ECC
53 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
54 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
55 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
56 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
57 /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
58 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
59 */
60 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
61 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
62 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
63 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
64 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
65 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
66 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
67 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
68 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
69 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
70 #endif /* NSS_ENABLE_ECC */
71
72 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
73 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
74 TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
75 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
76 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
77 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
78 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
79 TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
80 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
81 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
82 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
83 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
84 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
85 TLS_DHE_DSS_WITH_RC4_128_SHA,
86
87 #ifdef NSS_ENABLE_ECC
88 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
89 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
90 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
91 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
92 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
93 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
94 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
95 TLS_ECDH_RSA_WITH_RC4_128_SHA,
96 #endif /* NSS_ENABLE_ECC */
97
98 TLS_RSA_WITH_AES_128_GCM_SHA256,
99 TLS_RSA_WITH_AES_128_CBC_SHA,
100 TLS_RSA_WITH_AES_128_CBC_SHA256,
101 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
102 TLS_RSA_WITH_AES_256_CBC_SHA,
103 TLS_RSA_WITH_AES_256_CBC_SHA256,
104 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
105 TLS_RSA_WITH_SEED_CBC_SHA,
106 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
107 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
108 SSL_RSA_WITH_RC4_128_SHA,
109 SSL_RSA_WITH_RC4_128_MD5,
110
111 /* 56-bit DES "domestic" cipher suites */
112 SSL_DHE_RSA_WITH_DES_CBC_SHA,
113 SSL_DHE_DSS_WITH_DES_CBC_SHA,
114 SSL_RSA_FIPS_WITH_DES_CBC_SHA,
115 SSL_RSA_WITH_DES_CBC_SHA,
116
117 /* export ciphersuites with 1024-bit public key exchange keys */
118 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
119 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
120
121 /* export ciphersuites with 512-bit public key exchange keys */
122 SSL_RSA_EXPORT_WITH_RC4_40_MD5,
123 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
124
125 /* ciphersuites with no encryption */
126 #ifdef NSS_ENABLE_ECC
127 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
128 TLS_ECDHE_RSA_WITH_NULL_SHA,
129 TLS_ECDH_RSA_WITH_NULL_SHA,
130 TLS_ECDH_ECDSA_WITH_NULL_SHA,
131 #endif /* NSS_ENABLE_ECC */
132 SSL_RSA_WITH_NULL_SHA,
133 TLS_RSA_WITH_NULL_SHA256,
134 SSL_RSA_WITH_NULL_MD5,
135
136 /* SSL2 cipher suites. */
137 SSL_EN_RC4_128_WITH_MD5,
138 SSL_EN_RC2_128_CBC_WITH_MD5,
139 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */
140 SSL_EN_DES_64_CBC_WITH_MD5,
141 SSL_EN_RC4_128_EXPORT40_WITH_MD5,
142 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,
143
144 0
145
146 };
147
148 const PRUint16 SSL_NumImplementedCiphers =
149 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
150
151 const PRUint16 *
SSL_GetImplementedCiphers(void)152 SSL_GetImplementedCiphers(void)
153 {
154 return SSL_ImplementedCiphers;
155 }
156
157 PRUint16
SSL_GetNumImplementedCiphers(void)158 SSL_GetNumImplementedCiphers(void)
159 {
160 return SSL_NumImplementedCiphers;
161 }
162