Author: markt
Date: Tue Jul 29 13:15:07 2014
New Revision: 1614336
URL: http://svn.apache.org/r1614336
Log:
Preparation for supporting more than one JSSE name for a cipher (different
implementations may use different names) and for renaming enumeration entries
to use the names from the TLS cipher registry to make it clear which cipher is
being referred to.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1614336&r1=1614335&r2=1614336&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Tue
Jul 29 13:15:07 2014
@@ -17,6 +17,10 @@
package org.apache.tomcat.util.net.jsse.openssl;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
/**
* All the standard cipher suites for SSL/TSL.
*
@@ -37,6 +41,7 @@ enum Cipher {
/* The RSA ciphers */
// Cipher 01
SSL_RSA_WITH_NULL_MD5("NULL-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.eNULL,
@@ -49,6 +54,7 @@ enum Cipher {
0),
// Cipher 02
SSL_RSA_WITH_NULL_SHA("NULL-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.eNULL,
@@ -61,6 +67,7 @@ enum Cipher {
0),
// Cipher 03
SSL_RSA_EXPORT_WITH_RC4_40_MD5("EXP-RC4-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
@@ -73,6 +80,7 @@ enum Cipher {
128),
// Cipher 04
SSL_RSA_WITH_RC4_128_MD5("RC4-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
@@ -85,6 +93,7 @@ enum Cipher {
128),
// Cipher 05
SSL_RSA_WITH_RC4_128_SHA("RC4-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
@@ -97,6 +106,7 @@ enum Cipher {
128),
// Cipher 06
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5("EXP-RC2-CBC-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
@@ -109,6 +119,7 @@ enum Cipher {
128),
// Cipher 07
SSL_RSA_WITH_IDEA_CBC_SHA("IDEA-CBC-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.IDEA,
@@ -121,6 +132,7 @@ enum Cipher {
128),
// Cipher 08
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-DES-CBC-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.DES,
@@ -133,6 +145,7 @@ enum Cipher {
56),
// Cipher 09
SSL_RSA_WITH_DES_CBC_SHA("DES-CBC-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.DES,
@@ -145,6 +158,7 @@ enum Cipher {
56),
// Cipher 0A
SSL_RSA_WITH_3DES_EDE_CBC_SHA("DES-CBC3-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.TRIPLE_DES,
@@ -158,6 +172,7 @@ enum Cipher {
/* The DH ciphers */
// Cipher 0B
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA("EXP-DH-DSS-DES-CBC-SHA",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.DES,
@@ -170,6 +185,7 @@ enum Cipher {
56),
// Cipher 0C
SSL_DH_DSS_WITH_DES_CBC_SHA("DH-DSS-DES-CBC-SHA",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.DES,
@@ -182,6 +198,7 @@ enum Cipher {
56),
// Cipher 0D
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA("DH-DSS-DES-CBC3-SHA",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.TRIPLE_DES,
@@ -194,6 +211,7 @@ enum Cipher {
168),
// Cipher 0E
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-DH-RSA-DES-CBC-SHA",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.DES,
@@ -206,6 +224,7 @@ enum Cipher {
56),
// Cipher 0F
SSL_DH_RSA_WITH_DES_CBC_SHA("DH-RSA-DES-CBC-SHA",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.DES,
@@ -218,6 +237,7 @@ enum Cipher {
56),
// Cipher 10
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA("DH-RSA-DES-CBC3-SHA",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.TRIPLE_DES,
@@ -231,6 +251,7 @@ enum Cipher {
/* The Ephemeral DH ciphers */
// Cipher 11
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA("EXP-EDH-DSS-DES-CBC-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.DES,
@@ -243,6 +264,7 @@ enum Cipher {
56),
// Cipher 12
SSL_DHE_DSS_WITH_DES_CBC_SHA("EDH-DSS-DES-CBC-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.DES,
@@ -255,6 +277,7 @@ enum Cipher {
56),
// Cipher 13
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA("EDH-DSS-DES-CBC3-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.TRIPLE_DES,
@@ -267,6 +290,7 @@ enum Cipher {
168),
// Cipher 14
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-EDH-RSA-DES-CBC-SHA",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.DES,
@@ -279,6 +303,7 @@ enum Cipher {
56),
// Cipher 15
TLS_DHE_RSA_WITH_DES_CBC_SHA("EDH-RSA-DES-CBC-SHA",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.DES,
@@ -291,6 +316,7 @@ enum Cipher {
56),
// Cipher 16
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA("EDH-RSA-DES-CBC3-SHA",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.TRIPLE_DES,
@@ -303,6 +329,7 @@ enum Cipher {
168),
// Cipher 17
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5("EXP-ADH-RC4-MD5",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.RC4,
@@ -315,6 +342,7 @@ enum Cipher {
128),
// Cipher 18
TLS_DH_anon_WITH_RC4_128_MD5("ADH-RC4-MD5",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.RC4,
@@ -327,6 +355,7 @@ enum Cipher {
128),
// Cipher 19
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA("EXP-ADH-DES-CBC-SHA",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.DES,
@@ -339,6 +368,7 @@ enum Cipher {
128),
// Cipher 1A
TLS_DH_anon_WITH_DES_CBC_SHA("ADH-DES-CBC-SHA",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.DES,
@@ -351,6 +381,7 @@ enum Cipher {
56),
// Cipher 1B
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA("ADH-DES-CBC3-SHA",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.TRIPLE_DES,
@@ -364,6 +395,7 @@ enum Cipher {
/* Fortezza ciphersuite from SSL 3.0 spec */
// Cipher 1C
SSL_FORTEZZA_DMS_WITH_NULL_SHA("FZA-NULL-SHA",
+ null,
KeyExchange.FZA,
Authentication.FZA,
Encryption.eNULL,
@@ -376,6 +408,7 @@ enum Cipher {
0),
// Cipher 1D
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA("FZA-FZA-CBC-SHA",
+ null,
KeyExchange.FZA,
Authentication.FZA,
Encryption.FZA,
@@ -388,6 +421,7 @@ enum Cipher {
0),
// Cipher 1E
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA("FZA-RC4-SHA",
+ null,
KeyExchange.FZA,
Authentication.FZA,
Encryption.RC4,
@@ -401,6 +435,7 @@ enum Cipher {
/* The Kerberos ciphers*/
// Cipher 1E
/*TLS_KRB5_WITH_DES_CBC_SHA("KRB5-DES-CBC-SHA",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.DES,
@@ -413,6 +448,7 @@ enum Cipher {
56),
// Cipher 1F
TLS_KRB5_WITH_3DES_EDE_CBC_SHA("KRB5-DES-CBC3-SHA",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.TRIPLE_DES,
@@ -425,6 +461,7 @@ enum Cipher {
168),
// Cipher 20
TLS_KRB5_WITH_RC4_128_SHA("KRB5-RC4-SHA",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC4,
@@ -437,6 +474,7 @@ enum Cipher {
128),
// Cipher 21
TLS_KRB5_WITH_IDEA_CBC_SHA("KRB5-IDEA-CBC-SHA",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.IDEA,
@@ -449,6 +487,7 @@ enum Cipher {
128),
// Cipher 22
TLS_KRB5_WITH_DES_CBC_MD5("KRB5-DES-CBC-MD5",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.DES,
@@ -461,6 +500,7 @@ enum Cipher {
56),
// Cipher 23
TLS_KRB5_WITH_3DES_EDE_CBC_MD5("KRB5-DES-CBC3-MD5",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.TRIPLE_DES,
@@ -473,6 +513,7 @@ enum Cipher {
168),
// Cipher 24
TLS_KRB5_WITH_RC4_128_MD5("KRB5-RC4-MD5",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC4,
@@ -485,6 +526,7 @@ enum Cipher {
128),
// Cipher 25
TLS_KRB5_WITH_IDEA_CBC_MD5("KRB5-IDEA-CBC-MD5",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.IDEA,
@@ -497,6 +539,7 @@ enum Cipher {
128),
// Cipher 26
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA("EXP-KRB5-DES-CBC-SHA",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.DES,
@@ -509,6 +552,7 @@ enum Cipher {
56),
// Cipher 27
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA("EXP-KRB5-RC2-CBC-SHA",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC2,
@@ -521,6 +565,7 @@ enum Cipher {
128),
// Cipher 28
TLS_KRB5_EXPORT_WITH_RC4_40_SHA("EXP-KRB5-RC4-SHA",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC4,
@@ -533,6 +578,7 @@ enum Cipher {
128),
// Cipher 29
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5("EXP-KRB5-DES-CBC-MD5",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.DES,
@@ -545,6 +591,7 @@ enum Cipher {
56),
// Cipher 2A
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5("EXP-KRB5-RC2-CBC-MD5",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC2,
@@ -557,6 +604,7 @@ enum Cipher {
128),
// Cipher 2B
TLS_KRB5_EXPORT_WITH_RC4_40_MD5("EXP-KRB5-RC4-MD5",
+ null,
KeyExchange.KRB5,
Authentication.KRB5,
Encryption.RC4,
@@ -570,6 +618,7 @@ enum Cipher {
/* New AES ciphersuites */
// Cipher 2F
TLS_RSA_WITH_AES_128_CBC_SHA("AES128-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES128,
@@ -582,6 +631,7 @@ enum Cipher {
128),
// Cipher 30
TLS_DH_DSS_WITH_AES_128_CBC_SHA("DH-DSS-AES128-SHA",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.AES128,
@@ -594,6 +644,7 @@ enum Cipher {
128),
// Cipher 31
TLS_DH_RSA_WITH_AES_128_CBC_SHA("DH-RSA-AES128-SHA",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.AES128,
@@ -606,6 +657,7 @@ enum Cipher {
128),
// Cipher 32
TLS_DHE_DSS_WITH_AES_128_CBC_SHA("DHE-DSS-AES128-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES128,
@@ -618,6 +670,7 @@ enum Cipher {
128),
// Cipher 33
TLS_DHE_RSA_WITH_AES_128_CBC_SHA("DHE-RSA-AES128-SHA",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES128,
@@ -630,6 +683,7 @@ enum Cipher {
128),
// Cipher 34
TLS_DH_anon_WITH_AES_128_CBC_SHA("ADH-AES128-SHA",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES128,
@@ -642,6 +696,7 @@ enum Cipher {
128),
// Cipher 35
TLS_RSA_WITH_AES_256_CBC_SHA("AES256-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES256,
@@ -654,6 +709,7 @@ enum Cipher {
256),
// Cipher 36
TLS_DH_DSS_WITH_AES_256_CBC_SHA("DH-DSS-AES256-SHA",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.AES256,
@@ -666,6 +722,7 @@ enum Cipher {
256),
// Cipher 37
TLS_DH_RSA_WITH_AES_256_CBC_SHA("DH-RSA-AES256-SHA",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.AES256,
@@ -678,6 +735,7 @@ enum Cipher {
256),
// Cipher 38
TLS_DHE_DSS_WITH_AES_256_CBC_SHA("DHE-DSS-AES256-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES256,
@@ -690,6 +748,7 @@ enum Cipher {
256),
// Cipher 39
TLS_DHE_RSA_WITH_AES_256_CBC_SHA("DHE-RSA-AES256-SHA",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES256,
@@ -701,6 +760,7 @@ enum Cipher {
256,
256), // Cipher 3A
TLS_DH_anon_WITH_AES_256_CBC_SHA("ADH-AES256-SHA",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES256,
@@ -714,6 +774,7 @@ enum Cipher {
/* TLS v1.2 ciphersuites */
// Cipher 3B
TLS_RSA_WITH_NULL_SHA256("NULL-SHA256",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.eNULL,
@@ -726,6 +787,7 @@ enum Cipher {
0),
// Cipher 3C
TLS_RSA_WITH_AES_128_CBC_SHA256("AES128-SHA256",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES128,
@@ -738,6 +800,7 @@ enum Cipher {
128),
// Cipher 3D
TLS_RSA_WITH_AES_256_CBC_SHA256("AES256-SHA256",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES256,
@@ -750,6 +813,7 @@ enum Cipher {
256),
// Cipher 3E
TLS_DH_DSS_WITH_AES_128_CBC_SHA256("DH-DSS-AES128-SHA256",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.AES128,
@@ -762,6 +826,7 @@ enum Cipher {
128),
// Cipher 3F
TLS_DH_RSA_WITH_AES_128_CBC_SHA256("DH-RSA-AES128-SHA256",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.AES128,
@@ -774,6 +839,7 @@ enum Cipher {
128),
// Cipher 40
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256("DHE-DSS-AES128-SHA256",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES128,
@@ -787,6 +853,7 @@ enum Cipher {
/* Camellia ciphersuites from RFC4132 (128-bit portion) */
// Cipher 41
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA("CAMELLIA128-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.CAMELLIA128,
@@ -799,6 +866,7 @@ enum Cipher {
128),
// Cipher 42
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA("DH-DSS-CAMELLIA128-SHA",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.CAMELLIA128,
@@ -811,6 +879,7 @@ enum Cipher {
128),
// Cipher 43
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA("DH-RSA-CAMELLIA128-SHA",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.CAMELLIA128,
@@ -823,6 +892,7 @@ enum Cipher {
128),
// Cipher 44
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA("DHE-DSS-CAMELLIA128-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.CAMELLIA128,
@@ -835,6 +905,7 @@ enum Cipher {
128),
// Cipher 45
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA("DHE-RSA-CAMELLIA128-SHA",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.CAMELLIA128,
@@ -847,6 +918,7 @@ enum Cipher {
128),
// Cipher 46
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA("ADH-CAMELLIA128-SHA",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.CAMELLIA128,
@@ -860,6 +932,7 @@ enum Cipher {
/* New TLS Export CipherSuites from expired ID */
// Cipher 60
SSL_RSA_EXPORT1024_WITH_RC4_56_MD5("EXP1024-RC4-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
@@ -872,6 +945,7 @@ enum Cipher {
128),
// Cipher 61
SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD("EXP1024-RC2-CBC-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
@@ -884,6 +958,7 @@ enum Cipher {
128),
// Cipher 62
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA("EXP1024-DES-CBC-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.DES,
@@ -896,6 +971,7 @@ enum Cipher {
56),
// Cipher 63
SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA("EXP1024-DHE-DSS-DES-CBC-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.DES,
@@ -908,6 +984,7 @@ enum Cipher {
56),
// Cipher 64
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA("EXP1024-RC4-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
@@ -920,6 +997,7 @@ enum Cipher {
128),
// Cipher 65
SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA("EXP1024-DHE-DSS-RC4-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.RC4,
@@ -932,6 +1010,7 @@ enum Cipher {
128),
// Cipher 66
SSL_DHE_DSS_WITH_RC4_128_SHA("DHE-DSS-RC4-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.RC4,
@@ -945,6 +1024,7 @@ enum Cipher {
/* TLS v1.2 ciphersuites */
// Cipher 67
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256("DHE-RSA-AES128-SHA256",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES128,
@@ -957,6 +1037,7 @@ enum Cipher {
128),
// Cipher 68
TLS_DH_DSS_WITH_AES_256_CBC_SHA256("DH-DSS-AES256-SHA256",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.AES256,
@@ -969,6 +1050,7 @@ enum Cipher {
256),
// Cipher 69
TLS_DH_RSA_WITH_AES_256_CBC_SHA256("DH-RSA-AES256-SHA256",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.AES256,
@@ -981,6 +1063,7 @@ enum Cipher {
256),
// Cipher 6A
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256("DHE-DSS-AES256-SHA256",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES256,
@@ -993,6 +1076,7 @@ enum Cipher {
256),
// Cipher 6B
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256("DHE-RSA-AES256-SHA256",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES256,
@@ -1005,6 +1089,7 @@ enum Cipher {
256),
// Cipher 6C
TLS_DH_anon_WITH_AES_128_CBC_SHA256("ADH-AES128-SHA256",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES128,
@@ -1018,6 +1103,7 @@ enum Cipher {
),
// Cipher 6D
TLS_DH_anon_WITH_AES_256_CBC_SHA256("ADH-AES256-SHA256",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES256,
@@ -1030,6 +1116,7 @@ enum Cipher {
256),
/* GOST Ciphersuites */
TLS_GOSTR341094_WITH_28147_CNT_IMIT("GOST94-GOST89-GOST89",
+ null,
KeyExchange.GOST,
Authentication.GOST94,
Encryption.eGOST2814789CNT,
@@ -1041,6 +1128,7 @@ enum Cipher {
256,
256),
TLS_GOSTR341001_WITH_28147_CNT_IMIT("GOST2001-GOST89-GOST89",
+ null,
KeyExchange.GOST,
Authentication.GOST01,
Encryption.eGOST2814789CNT,
@@ -1052,6 +1140,7 @@ enum Cipher {
256,
256),
TLS_GOSTR341094_WITH_NULL_GOSTR3411("GOST94-NULL-GOST94",
+ null,
KeyExchange.GOST,
Authentication.GOST94,
Encryption.eNULL,
@@ -1063,6 +1152,7 @@ enum Cipher {
0,
0),
TLS_GOSTR341001_WITH_NULL_GOSTR3411("GOST2001-NULL-GOST94",
+ null,
KeyExchange.GOST,
Authentication.GOST01,
Encryption.eNULL,
@@ -1076,6 +1166,7 @@ enum Cipher {
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
// Cipher 84
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA("CAMELLIA256-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.CAMELLIA256,
@@ -1088,6 +1179,7 @@ enum Cipher {
256),
// Cipher 85
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA("DH-DSS-CAMELLIA256-SHA",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.CAMELLIA256,
@@ -1100,6 +1192,7 @@ enum Cipher {
256),
// Cipher 86
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SH("DH-RSA-CAMELLIA256-SHA",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.CAMELLIA256,
@@ -1112,6 +1205,7 @@ enum Cipher {
256),
// Cipher 87
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA("DHE-DSS-CAMELLIA256-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.CAMELLIA256,
@@ -1124,6 +1218,7 @@ enum Cipher {
256),
// Cipher 88
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA("DHE-RSA-CAMELLIA256-SHA",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.CAMELLIA256,
@@ -1135,6 +1230,7 @@ enum Cipher {
256,
256), // Cipher 89
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA("ADH-CAMELLIA256-SHA",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.CAMELLIA256,
@@ -1147,6 +1243,7 @@ enum Cipher {
256),
// Cipher 8A
TLS_PSK_WITH_RC4_128_SHA("PSK-RC4-SHA",
+ null,
KeyExchange.PSK,
Authentication.PSK,
Encryption.RC4,
@@ -1159,6 +1256,7 @@ enum Cipher {
128),
// Cipher 8B
TLS_PSK_WITH_3DES_EDE_CBC_SHA("PSK-3DES-EDE-CBC-SHA",
+ null,
KeyExchange.PSK,
Authentication.PSK,
Encryption.TRIPLE_DES,
@@ -1172,6 +1270,7 @@ enum Cipher {
),
// Cipher 8C
TLS_PSK_WITH_AES_128_CBC_SHA("PSK-AES128-CBC-SHA",
+ null,
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES128,
@@ -1185,6 +1284,7 @@ enum Cipher {
),
// Cipher 8D
TLS_PSK_WITH_AES_256_CBC_SHA("PSK-AES256-CBC-SHA",
+ null,
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES256,
@@ -1199,6 +1299,7 @@ enum Cipher {
/* SEED ciphersuites from RFC4162 */
// Cipher 96
TLS_RSA_WITH_SEED_CBC_SHA("SEED-SHA",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.SEED,
@@ -1212,6 +1313,7 @@ enum Cipher {
),
// Cipher 97
TLS_DH_DSS_WITH_SEED_CBC_SHA("DH-DSS-SEED-SHA",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.SEED,
@@ -1225,6 +1327,7 @@ enum Cipher {
),
// Cipher 98
TLS_DH_RSA_WITH_SEED_CBC_SHA("DH-RSA-SEED-SHA",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.SEED,
@@ -1238,6 +1341,7 @@ enum Cipher {
),
// Cipher 99
TLS_DHE_DSS_WITH_SEED_CBC_SHA("DHE-DSS-SEED-SHA",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.SEED,
@@ -1251,6 +1355,7 @@ enum Cipher {
),
// Cipher 9A
TLS_DHE_RSA_WITH_SEED_CBC_SHA("DHE-RSA-SEED-SHA",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.SEED,
@@ -1264,6 +1369,7 @@ enum Cipher {
),
// Cipher 9B
TLS_DH_anon_WITH_SEED_CBC_SHA("ADH-SEED-SHA",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.SEED,
@@ -1278,6 +1384,7 @@ enum Cipher {
/* GCM ciphersuites from RFC5288 */
// Cipher 9C
TLS_RSA_WITH_AES_128_GCM_SHA256("AES128-GCM-SHA256",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES128GCM,
@@ -1291,6 +1398,7 @@ enum Cipher {
),
// Cipher 9D
TLS_RSA_WITH_AES_256_GCM_SHA384("AES256-GCM-SHA384",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.AES256GCM,
@@ -1304,6 +1412,7 @@ enum Cipher {
),
// Cipher 9E
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256("DHE-RSA-AES128-GCM-SHA256",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES128GCM,
@@ -1317,6 +1426,7 @@ enum Cipher {
),
// Cipher 9F
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384("DHE-RSA-AES256-GCM-SHA384",
+ null,
KeyExchange.EDH,
Authentication.RSA,
Encryption.AES256GCM,
@@ -1330,6 +1440,7 @@ enum Cipher {
),
// Cipher A0
TLS_DH_RSA_WITH_AES_128_GCM_SHA256("DH-RSA-AES128-GCM-SHA256",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.AES128GCM,
@@ -1343,6 +1454,7 @@ enum Cipher {
),
// Cipher A1
TLS_DH_RSA_WITH_AES_256_GCM_SHA384("DH-RSA-AES256-GCM-SHA384",
+ null,
KeyExchange.DHr,
Authentication.DH,
Encryption.AES256GCM,
@@ -1356,6 +1468,7 @@ enum Cipher {
),
// Cipher A2
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256("DHE-DSS-AES128-GCM-SHA256",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES128GCM,
@@ -1369,6 +1482,7 @@ enum Cipher {
),
// Cipher A3
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384("DHE-DSS-AES256-GCM-SHA384",
+ null,
KeyExchange.EDH,
Authentication.DSS,
Encryption.AES256GCM,
@@ -1382,6 +1496,7 @@ enum Cipher {
),
// Cipher A4
TLS_DH_DSS_WITH_AES_128_GCM_SHA256("DH-DSS-AES128-GCM-SHA256",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.AES128GCM,
@@ -1395,6 +1510,7 @@ enum Cipher {
),
// Cipher A5
TLS_DH_DSS_WITH_AES_256_GCM_SHA384("DH-DSS-AES256-GCM-SHA384",
+ null,
KeyExchange.DHd,
Authentication.DH,
Encryption.AES256GCM,
@@ -1408,6 +1524,7 @@ enum Cipher {
),
// Cipher A6
TLS_DH_anon_WITH_AES_128_GCM_SHA256("ADH-AES128-GCM-SHA256",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES128GCM,
@@ -1421,6 +1538,7 @@ enum Cipher {
),
// Cipher A7
TLS_DH_anon_WITH_AES_256_GCM_SHA384("ADH-AES256-GCM-SHA384",
+ null,
KeyExchange.EDH,
Authentication.aNULL,
Encryption.AES256GCM,
@@ -1435,6 +1553,7 @@ enum Cipher {
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
// Cipher C001
TLS_ECDH_ECDSA_WITH_NULL_SHA("ECDH-ECDSA-NULL-SHA",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.eNULL,
@@ -1448,6 +1567,7 @@ enum Cipher {
),
// Cipher C002
TLS_ECDH_ECDSA_WITH_RC4_128_SHA("ECDH-ECDSA-RC4-SHA",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.RC4,
@@ -1461,6 +1581,7 @@ enum Cipher {
),
// Cipher C003
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA("ECDH-ECDSA-DES-CBC3-SHA",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.TRIPLE_DES,
@@ -1474,6 +1595,7 @@ enum Cipher {
),
// Cipher C004
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA("ECDH-ECDSA-AES128-SHA",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES128,
@@ -1487,6 +1609,7 @@ enum Cipher {
),
// Cipher C005
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA("ECDH-ECDSA-AES256-SHA",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES256,
@@ -1500,6 +1623,7 @@ enum Cipher {
),
// Cipher C006
TLS_ECDHE_ECDSA_WITH_NULL_SHA("ECDHE-ECDSA-NULL-SHA",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.eNULL,
@@ -1513,6 +1637,7 @@ enum Cipher {
),
// Cipher C007
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA("ECDHE-ECDSA-RC4-SHA",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.RC4,
@@ -1526,6 +1651,7 @@ enum Cipher {
),
// Cipher C008
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA("ECDHE-ECDSA-DES-CBC3-SHA",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.TRIPLE_DES,
@@ -1539,6 +1665,7 @@ enum Cipher {
),
// Cipher C009
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA("ECDHE-ECDSA-AES128-SHA",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES128,
@@ -1552,6 +1679,7 @@ enum Cipher {
),
// Cipher C00A
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA("ECDHE-ECDSA-AES256-SHA",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES256,
@@ -1565,6 +1693,7 @@ enum Cipher {
),
// Cipher C00B
TLS_ECDH_RSA_WITH_NULL_SHA("ECDH-RSA-NULL-SHA",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.eNULL,
@@ -1578,6 +1707,7 @@ enum Cipher {
),
// Cipher C00C
TLS_ECDH_RSA_WITH_RC4_128_SHA("ECDH-RSA-RC4-SHA",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.RC4,
@@ -1591,6 +1721,7 @@ enum Cipher {
),
// Cipher C00D
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA("ECDH-RSA-DES-CBC3-SHA",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.TRIPLE_DES,
@@ -1604,6 +1735,7 @@ enum Cipher {
),
// Cipher C00E
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA("ECDH-RSA-AES128-SHA",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES128,
@@ -1617,6 +1749,7 @@ enum Cipher {
),
// Cipher C00F
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA("ECDH-RSA-AES256-SHA",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES256,
@@ -1629,6 +1762,7 @@ enum Cipher {
256
),
TLS_ECDHE_RSA_WITH_NULL_SHA("ECDHE-RSA-NULL-SHA",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.eNULL,
@@ -1642,6 +1776,7 @@ enum Cipher {
),
// Cipher C011
TLS_ECDHE_RSA_WITH_RC4_128_SHA("ECDHE-RSA-RC4-SHA",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.RC4,
@@ -1655,6 +1790,7 @@ enum Cipher {
),
// Cipher C012
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA("ECDHE-RSA-DES-CBC3-SHA",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.TRIPLE_DES,
@@ -1668,6 +1804,7 @@ enum Cipher {
),
// Cipher C013
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA("ECDHE-RSA-AES128-SHA",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES128,
@@ -1681,6 +1818,7 @@ enum Cipher {
),
// Cipher C014
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA("ECDHE-RSA-AES256-SHA",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES256,
@@ -1694,6 +1832,7 @@ enum Cipher {
),
// Cipher C015
TLS_ECDH_anon_WITH_NULL_SHA("AECDH-NULL-SHA",
+ null,
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.eNULL,
@@ -1707,6 +1846,7 @@ enum Cipher {
),
// Cipher C016
TLS_ECDH_anon_WITH_RC4_128_SHA("AECDH-RC4-SHA",
+ null,
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.RC4,
@@ -1720,6 +1860,7 @@ enum Cipher {
),
// Cipher C017
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA("AECDH-DES-CBC3-SHA",
+ null,
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.TRIPLE_DES,
@@ -1733,6 +1874,7 @@ enum Cipher {
),
// Cipher C018
TLS_ECDH_anon_WITH_AES_128_CBC_SHA("AECDH-AES128-SHA",
+ null,
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.AES128,
@@ -1746,6 +1888,7 @@ enum Cipher {
),
// Cipher C019
TLS_ECDH_anon_WITH_AES_256_CBC_SHA("AECDH-AES256-SHA",
+ null,
KeyExchange.EECDH,
Authentication.aNULL,
Encryption.AES256,
@@ -1760,6 +1903,7 @@ enum Cipher {
/* SRP ciphersuite from RFC 5054 */
// Cipher C01A
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA("SRP-3DES-EDE-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.aNULL,
Encryption.TRIPLE_DES,
@@ -1773,6 +1917,7 @@ enum Cipher {
),
// Cipher C01B
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA("SRP-RSA-3DES-EDE-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.RSA,
Encryption.TRIPLE_DES,
@@ -1786,6 +1931,7 @@ enum Cipher {
),
// Cipher C01C
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA("SRP-DSS-3DES-EDE-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.DSS,
Encryption.TRIPLE_DES,
@@ -1799,6 +1945,7 @@ enum Cipher {
),
// Cipher C01D
TLS_SRP_SHA_WITH_AES_128_CBC_SHA("SRP-AES-128-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.aNULL,
Encryption.AES128,
@@ -1812,6 +1959,7 @@ enum Cipher {
),
// Cipher C01E
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA("SRP-RSA-AES-128-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.RSA,
Encryption.AES128,
@@ -1825,6 +1973,7 @@ enum Cipher {
),
// Cipher C01F
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA("SRP-DSS-AES-128-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.DSS,
Encryption.AES128,
@@ -1838,6 +1987,7 @@ enum Cipher {
),
// Cipher C020
TLS_SRP_SHA_WITH_AES_256_CBC_SHA("SRP-AES-256-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.aNULL,
Encryption.AES256,
@@ -1851,6 +2001,7 @@ enum Cipher {
),
// Cipher C021
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA("SRP-RSA-AES-256-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.RSA,
Encryption.AES256,
@@ -1864,6 +2015,7 @@ enum Cipher {
),
// Cipher C022
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA("SRP-DSS-AES-256-CBC-SHA",
+ null,
KeyExchange.SRP,
Authentication.DSS,
Encryption.AES256,
@@ -1878,6 +2030,7 @@ enum Cipher {
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
// Cipher C023
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256("ECDHE-ECDSA-AES128-SHA256",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES128,
@@ -1891,6 +2044,7 @@ enum Cipher {
),
// Cipher C024
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384("ECDHE-ECDSA-AES256-SHA384",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES256,
@@ -1904,6 +2058,7 @@ enum Cipher {
),
// Cipher C025
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256("ECDH-ECDSA-AES128-SHA256",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES128,
@@ -1917,6 +2072,7 @@ enum Cipher {
),
// Cipher C026
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384("ECDH-ECDSA-AES256-SHA384",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES256,
@@ -1930,6 +2086,7 @@ enum Cipher {
),
// Cipher C027
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256("ECDHE-RSA-AES128-SHA256",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES128,
@@ -1943,6 +2100,7 @@ enum Cipher {
),
// Cipher C028
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384("ECDHE-RSA-AES256-SHA384",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES256,
@@ -1956,6 +2114,7 @@ enum Cipher {
),
// Cipher C029
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256("ECDH-RSA-AES128-SHA256",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES128,
@@ -1969,6 +2128,7 @@ enum Cipher {
),
// Cipher C02A
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384("ECDH-RSA-AES256-SHA384",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES256,
@@ -1983,6 +2143,7 @@ enum Cipher {
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
// Cipher C02B
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256("ECDHE-ECDSA-AES128-GCM-SHA256",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES128GCM,
@@ -1996,6 +2157,7 @@ enum Cipher {
),
// Cipher C02C
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384("ECDHE-ECDSA-AES256-GCM-SHA384",
+ null,
KeyExchange.EECDH,
Authentication.ECDSA,
Encryption.AES256GCM,
@@ -2009,6 +2171,7 @@ enum Cipher {
),
// Cipher C02D
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256("ECDH-ECDSA-AES128-GCM-SHA256",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES128GCM,
@@ -2022,6 +2185,7 @@ enum Cipher {
),
// Cipher C02E
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384("ECDH-ECDSA-AES256-GCM-SHA384",
+ null,
KeyExchange.ECDHe,
Authentication.ECDH,
Encryption.AES256GCM,
@@ -2035,6 +2199,7 @@ enum Cipher {
),
// Cipher C02F
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256("ECDHE-RSA-AES128-GCM-SHA256",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES128GCM,
@@ -2048,6 +2213,7 @@ enum Cipher {
),
// Cipher C030
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("ECDHE-RSA-AES256-GCM-SHA384",
+ null,
KeyExchange.EECDH,
Authentication.RSA,
Encryption.AES256GCM,
@@ -2061,6 +2227,7 @@ enum Cipher {
),
// Cipher C031
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("ECDH-RSA-AES128-GCM-SHA256",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES128GCM,
@@ -2074,6 +2241,7 @@ enum Cipher {
),
// Cipher C032
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("ECDH-RSA-AES256-GCM-SHA384",
+ null,
KeyExchange.ECDHr,
Authentication.ECDH,
Encryption.AES256GCM,
@@ -2087,6 +2255,7 @@ enum Cipher {
),
// RC4_128_WITH_MD5
SSL_CK_RC4_128_WITH_MD5("RC4-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
@@ -2100,6 +2269,7 @@ enum Cipher {
),
// RC4_128_EXPORT40_WITH_MD5
SSL_CK_RC4_128_EXPORT40_WITH_MD5("EXP-RC4-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC4,
@@ -2113,6 +2283,7 @@ enum Cipher {
),
// RC2_128_CBC_WITH_MD5
SSL_CK_RC2_128_CBC_WITH_MD5("RC2-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
@@ -2126,6 +2297,7 @@ enum Cipher {
),
// RC2_128_CBC_EXPORT40_WITH_MD5
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5("EXP-RC2-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
@@ -2139,6 +2311,7 @@ enum Cipher {
),
// IDEA_128_CBC_WITH_MD5
SSL_CK_IDEA_128_CBC_WITH_MD5("IDEA-CBC-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.IDEA,
@@ -2151,6 +2324,7 @@ enum Cipher {
),
// DES_64_CBC_WITH_MD5
SSL_CK_DES_64_CBC_WITH_MD5("DES-CBC-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.DES,
@@ -2164,6 +2338,7 @@ enum Cipher {
),
// DES_192_EDE3_CBC_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5("DES-CBC3-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.TRIPLE_DES,
@@ -2180,6 +2355,7 @@ enum Cipher {
/*
// Cipher FF00
TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5("GOST-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.eGOST2814789CNT,
@@ -2192,6 +2368,7 @@ enum Cipher {
),
TLS_RSA_WITH_28147_CNT_GOST94(
"GOST-GOST94",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.eGOST2814789CNT,
@@ -2205,6 +2382,7 @@ enum Cipher {
{
1,
"GOST-GOST89MAC",
+ null,
0x0300ff02,
KeyExchange.RSA,
Authentication.RSA,
@@ -2219,6 +2397,7 @@ enum Cipher {
{
1,
"GOST-GOST89STREAM",
+ null,
0x0300ff03,
KeyExchange.RSA,
Authentication.RSA,
@@ -2234,6 +2413,7 @@ enum Cipher {
// Cipher 0x030080 / 0x040080
SSL2_RC2_CBC_128_CBC_WITH_MD5(
"RC2-CBC-MD5",
+ null,
KeyExchange.RSA,
Authentication.RSA,
Encryption.RC2,
@@ -2248,6 +2428,7 @@ enum Cipher {
private final String openSSLAlias;
+ private final Set<String> jsseNames;
private final KeyExchange kx;
private final Authentication au;
private final Encryption enc;
@@ -2265,11 +2446,17 @@ enum Cipher {
*/
private final int alg_bits;
- Cipher(String openSSLAlias, KeyExchange kx, Authentication au,
+ Cipher(String openSSLAlias, Set<String> jsseAltNames, KeyExchange kx,
Authentication au,
Encryption enc, MessageDigest mac, Protocol protocol, boolean
export,
EncryptionLevel level, boolean fipsCompatible, int strength_bits,
int alg_bits) {
this.openSSLAlias = openSSLAlias;
+ Set<String> names = new HashSet<>();
+ if (jsseAltNames != null) {
+ names.addAll(jsseAltNames);
+ }
+ names.add(name());
+ this.jsseNames = Collections.unmodifiableSet(names);
this.kx = kx;
this.au = au;
this.enc = enc;
@@ -2286,6 +2473,10 @@ enum Cipher {
return openSSLAlias;
}
+ public Set<String> getJsseNames() {
+ return jsseNames;
+ }
+
public KeyExchange getKx() {
return kx;
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1614336&r1=1614335&r2=1614336&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Tue Jul 29 13:15:07 2014
@@ -648,7 +648,7 @@ public class OpenSSLCipherConfigurationP
static List<String> convertForJSSE(Collection<Cipher> ciphers) {
List<String> result = new ArrayList<>(ciphers.size());
for (Cipher cipher : ciphers) {
- result.add(cipher.name());
+ result.addAll(cipher.getJsseNames());
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("jsse.openssl.effectiveCiphers",
displayResult(ciphers, true, ",")));
@@ -673,7 +673,10 @@ public class OpenSSLCipherConfigurationP
StringBuilder builder = new StringBuilder(ciphers.size() * 16);
for (Cipher cipher : ciphers) {
if (useJSSEFormat) {
- builder.append(cipher.name());
+ for (String name : cipher.getJsseNames()) {
+ builder.append(name);
+ builder.append(separator);
+ }
} else {
builder.append(cipher.getOpenSSLAlias());
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
