Path: blob/master/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
41159 views
/*1* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.ssl;2627import java.util.ArrayList;28import java.util.Arrays;29import java.util.Collection;30import java.util.Collections;31import java.util.LinkedList;32import java.util.List;33import static sun.security.ssl.CipherSuite.HashAlg.*;34import static sun.security.ssl.CipherSuite.KeyExchange.*;35import static sun.security.ssl.CipherSuite.MacAlg.*;36import static sun.security.ssl.SSLCipher.*;37import sun.security.ssl.NamedGroup.NamedGroupSpec;38import static sun.security.ssl.NamedGroup.NamedGroupSpec.*;3940/**41* Enum for SSL/(D)TLS cipher suites.42*43* Please refer to the "TLS Cipher Suite Registry" section for more details44* about each cipher suite:45* https://www.iana.org/assignments/tls-parameters/tls-parameters.xml46*/47enum CipherSuite {48//49// in preference order50//5152// Definition of the CipherSuites that are enabled by default.53//54// They are listed in preference order, most preferred first, using55// the following criteria:56// 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be57// changed later, see below).58// 2. Prefer forward secrecy cipher suites.59// 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM),60// AES_128(GCM), AES_256, AES_128, 3DES-EDE.61// 4. Prefer the stronger MAC algorithm, in the order of SHA384,62// SHA256, SHA, MD5.63// 5. Prefer the better performance of key exchange and digital64// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,65// DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA.6667// TLS 1.3 cipher suites.68TLS_AES_256_GCM_SHA384(690x1302, true, "TLS_AES_256_GCM_SHA384",70ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384),71TLS_AES_128_GCM_SHA256(720x1301, true, "TLS_AES_128_GCM_SHA256",73ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256),74TLS_CHACHA20_POLY1305_SHA256(750x1303, true, "TLS_CHACHA20_POLY1305_SHA256",76ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256),7778// Suite B compliant cipher suites, see RFC 6460.79//80// Note that, at present this provider is not Suite B compliant. The81// preference order of the GCM cipher suites does not follow the spec82// of RFC 6460. In this section, only two cipher suites are listed83// so that applications can make use of Suite-B compliant cipher84// suite firstly.85TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(860xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "",87ProtocolVersion.PROTOCOLS_OF_12,88K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),89TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(900xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "",91ProtocolVersion.PROTOCOLS_OF_12,92K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),9394// Not suite B, but we want it to position the suite early in the list95// of 1.2 suites.96TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(970xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "",98ProtocolVersion.PROTOCOLS_OF_12,99K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256),100101//102// Forward secrecy cipher suites.103//104105// AES_256(GCM) - ECDHE106TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(1070xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "",108ProtocolVersion.PROTOCOLS_OF_12,109K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),110TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(1110xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",112ProtocolVersion.PROTOCOLS_OF_12,113K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),114115// AES_128(GCM) - ECDHE116TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(1170xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "",118ProtocolVersion.PROTOCOLS_OF_12,119K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),120121// AES_256(GCM) - DHE122TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(1230x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "",124ProtocolVersion.PROTOCOLS_OF_12,125K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),126TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(1270xCCAA, true, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",128ProtocolVersion.PROTOCOLS_OF_12,129K_DHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),130TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(1310x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "",132ProtocolVersion.PROTOCOLS_OF_12,133K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384),134135// AES_128(GCM) - DHE136TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(1370x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "",138ProtocolVersion.PROTOCOLS_OF_12,139K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),140TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(1410x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "",142ProtocolVersion.PROTOCOLS_OF_12,143K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256),144145// AES_256(CBC) - ECDHE146TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(1470xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "",148ProtocolVersion.PROTOCOLS_OF_12,149K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384),150TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(1510xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "",152ProtocolVersion.PROTOCOLS_OF_12,153K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384),154155// AES_128(CBC) - ECDHE156TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(1570xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "",158ProtocolVersion.PROTOCOLS_OF_12,159K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256),160TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(1610xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "",162ProtocolVersion.PROTOCOLS_OF_12,163K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256),164165// AES_256(CBC) - DHE166TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(1670x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "",168ProtocolVersion.PROTOCOLS_OF_12,169K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256),170TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(1710x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "",172ProtocolVersion.PROTOCOLS_OF_12,173K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256),174175// AES_128(CBC) - DHE176TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(1770x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "",178ProtocolVersion.PROTOCOLS_OF_12,179K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256),180TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(1810x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "",182ProtocolVersion.PROTOCOLS_OF_12,183K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256),184185//186// not forward secret cipher suites.187//188189// AES_256(GCM)190TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(1910xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",192ProtocolVersion.PROTOCOLS_OF_12,193K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),194TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(1950xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "",196ProtocolVersion.PROTOCOLS_OF_12,197K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384),198199// AES_128(GCM)200TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(2010xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "",202ProtocolVersion.PROTOCOLS_OF_12,203K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),204TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(2050xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "",206ProtocolVersion.PROTOCOLS_OF_12,207K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256),208209// AES_256(CBC)210TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(2110xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "",212ProtocolVersion.PROTOCOLS_OF_12,213K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384),214TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(2150xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "",216ProtocolVersion.PROTOCOLS_OF_12,217K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384),218219// AES_128(CBC)220TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(2210xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "",222ProtocolVersion.PROTOCOLS_OF_12,223K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256),224TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(2250xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "",226ProtocolVersion.PROTOCOLS_OF_12,227K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256),228229//230// Legacy, used for compatibility231//232233// AES_256(CBC) - ECDHE - Using SHA234TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(2350xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "",236ProtocolVersion.PROTOCOLS_TO_12,237K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256),238TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(2390xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "",240ProtocolVersion.PROTOCOLS_TO_12,241K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256),242243// AES_128(CBC) - ECDHE - using SHA244TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(2450xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "",246ProtocolVersion.PROTOCOLS_TO_12,247K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256),248TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(2490xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "",250ProtocolVersion.PROTOCOLS_TO_12,251K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256),252253// AES_256(CBC) - DHE - Using SHA254TLS_DHE_RSA_WITH_AES_256_CBC_SHA(2550x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "",256ProtocolVersion.PROTOCOLS_TO_12,257K_DHE_RSA, B_AES_256, M_SHA, H_SHA256),258TLS_DHE_DSS_WITH_AES_256_CBC_SHA(2590x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "",260ProtocolVersion.PROTOCOLS_TO_12,261K_DHE_DSS, B_AES_256, M_SHA, H_SHA256),262263// AES_128(CBC) - DHE - using SHA264TLS_DHE_RSA_WITH_AES_128_CBC_SHA(2650x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "",266ProtocolVersion.PROTOCOLS_TO_12,267K_DHE_RSA, B_AES_128, M_SHA, H_SHA256),268TLS_DHE_DSS_WITH_AES_128_CBC_SHA(2690x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "",270ProtocolVersion.PROTOCOLS_TO_12,271K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),272273// AES_256(CBC) - using SHA, not forward secrecy274TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(2750xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",276ProtocolVersion.PROTOCOLS_TO_12,277K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256),278TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(2790xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "",280ProtocolVersion.PROTOCOLS_TO_12,281K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),282283// AES_128(CBC) - using SHA, not forward secrecy284TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(2850xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",286ProtocolVersion.PROTOCOLS_TO_12,287K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256),288TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(2890xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "",290ProtocolVersion.PROTOCOLS_TO_12,291K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256),292293//294// deprecated, used for compatibility295//296297// RSA, AES_256(GCM)298TLS_RSA_WITH_AES_256_GCM_SHA384(2990x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "",300ProtocolVersion.PROTOCOLS_OF_12,301K_RSA, B_AES_256_GCM, M_NULL, H_SHA384),302303// RSA, AES_128(GCM)304TLS_RSA_WITH_AES_128_GCM_SHA256(3050x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "",306ProtocolVersion.PROTOCOLS_OF_12,307K_RSA, B_AES_128_GCM, M_NULL, H_SHA256),308309// RSA, AES_256(CBC)310TLS_RSA_WITH_AES_256_CBC_SHA256(3110x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "",312ProtocolVersion.PROTOCOLS_OF_12,313K_RSA, B_AES_256, M_SHA256, H_SHA256),314315// RSA, AES_128(CBC)316TLS_RSA_WITH_AES_128_CBC_SHA256(3170x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "",318ProtocolVersion.PROTOCOLS_OF_12,319K_RSA, B_AES_128, M_SHA256, H_SHA256),320321// RSA, AES_256(CBC) - using SHA, not forward secrecy322TLS_RSA_WITH_AES_256_CBC_SHA(3230x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",324ProtocolVersion.PROTOCOLS_TO_12,325K_RSA, B_AES_256, M_SHA, H_SHA256),326327// RSA, AES_128(CBC) - using SHA, not forward secrecy328TLS_RSA_WITH_AES_128_CBC_SHA(3290x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",330ProtocolVersion.PROTOCOLS_TO_12,331K_RSA, B_AES_128, M_SHA, H_SHA256),332333// 3DES_EDE, forward secrecy.334TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(3350xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",336ProtocolVersion.PROTOCOLS_TO_12,337K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),338TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(3390xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",340ProtocolVersion.PROTOCOLS_TO_12,341K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),342SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(3430x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",344"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",345ProtocolVersion.PROTOCOLS_TO_12,346K_DHE_RSA, B_3DES, M_SHA, H_SHA256),347SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(3480x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",349"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",350ProtocolVersion.PROTOCOLS_TO_12,351K_DHE_DSS, B_3DES, M_SHA, H_SHA256),352353// 3DES_EDE, not forward secrecy.354TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(3550xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",356ProtocolVersion.PROTOCOLS_TO_12,357K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),358TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(3590xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",360ProtocolVersion.PROTOCOLS_TO_12,361K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),362SSL_RSA_WITH_3DES_EDE_CBC_SHA(3630x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA",364"TLS_RSA_WITH_3DES_EDE_CBC_SHA",365ProtocolVersion.PROTOCOLS_TO_12,366K_RSA, B_3DES, M_SHA, H_SHA256),367368// Renegotiation protection request Signalling Cipher Suite Value (SCSV).369TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior3700x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "",371ProtocolVersion.PROTOCOLS_TO_12,372K_SCSV, B_NULL, M_NULL, H_NONE),373374// Definition of the CipherSuites that are supported but not enabled375// by default.376// They are listed in preference order, preferred first, using the377// following criteria:378// 1. If a cipher suite has been obsoleted, we put it at the end of379// the list.380// 2. Prefer the stronger bulk cipher, in the order of AES_256,381// AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.382// 3. Prefer the stronger MAC algorithm, in the order of SHA384,383// SHA256, SHA, MD5.384// 4. Prefer the better performance of key exchange and digital385// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,386// RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.387TLS_DH_anon_WITH_AES_256_GCM_SHA384(3880x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "",389ProtocolVersion.PROTOCOLS_OF_12,390K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384),391TLS_DH_anon_WITH_AES_128_GCM_SHA256(3920x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "",393ProtocolVersion.PROTOCOLS_OF_12,394K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256),395TLS_DH_anon_WITH_AES_256_CBC_SHA256(3960x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "",397ProtocolVersion.PROTOCOLS_OF_12,398K_DH_ANON, B_AES_256, M_SHA256, H_SHA256),399TLS_ECDH_anon_WITH_AES_256_CBC_SHA(4000xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "",401ProtocolVersion.PROTOCOLS_TO_12,402K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256),403TLS_DH_anon_WITH_AES_256_CBC_SHA(4040x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "",405ProtocolVersion.PROTOCOLS_TO_12,406K_DH_ANON, B_AES_256, M_SHA, H_SHA256),407TLS_DH_anon_WITH_AES_128_CBC_SHA256(4080x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "",409ProtocolVersion.PROTOCOLS_OF_12,410K_DH_ANON, B_AES_128, M_SHA256, H_SHA256),411TLS_ECDH_anon_WITH_AES_128_CBC_SHA(4120xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "",413ProtocolVersion.PROTOCOLS_TO_12,414K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256),415TLS_DH_anon_WITH_AES_128_CBC_SHA(4160x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "",417ProtocolVersion.PROTOCOLS_TO_12,418K_DH_ANON, B_AES_128, M_SHA, H_SHA256),419TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(4200xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "",421ProtocolVersion.PROTOCOLS_TO_12,422K_ECDH_ANON, B_3DES, M_SHA, H_SHA256),423SSL_DH_anon_WITH_3DES_EDE_CBC_SHA(4240x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",425"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",426ProtocolVersion.PROTOCOLS_TO_12,427K_DH_ANON, B_3DES, M_SHA, H_SHA256),428429// RC4430TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(4310xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",432ProtocolVersion.PROTOCOLS_TO_TLS12,433K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),434TLS_ECDHE_RSA_WITH_RC4_128_SHA(4350xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",436ProtocolVersion.PROTOCOLS_TO_TLS12,437K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),438SSL_RSA_WITH_RC4_128_SHA(4390x0005, false, "SSL_RSA_WITH_RC4_128_SHA",440"TLS_RSA_WITH_RC4_128_SHA",441ProtocolVersion.PROTOCOLS_TO_TLS12,442K_RSA, B_RC4_128, M_SHA, H_SHA256),443TLS_ECDH_ECDSA_WITH_RC4_128_SHA(4440xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",445ProtocolVersion.PROTOCOLS_TO_TLS12,446K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),447TLS_ECDH_RSA_WITH_RC4_128_SHA(4480xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",449ProtocolVersion.PROTOCOLS_TO_TLS12,450K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),451SSL_RSA_WITH_RC4_128_MD5(4520x0004, false, "SSL_RSA_WITH_RC4_128_MD5",453"TLS_RSA_WITH_RC4_128_MD5",454ProtocolVersion.PROTOCOLS_TO_TLS12,455K_RSA, B_RC4_128, M_MD5, H_SHA256),456TLS_ECDH_anon_WITH_RC4_128_SHA(4570xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",458ProtocolVersion.PROTOCOLS_TO_TLS12,459K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),460SSL_DH_anon_WITH_RC4_128_MD5(4610x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5",462"TLS_DH_anon_WITH_RC4_128_MD5",463ProtocolVersion.PROTOCOLS_TO_TLS12,464K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),465466// Weak cipher suites obsoleted in TLS 1.2 [RFC 5246]467SSL_RSA_WITH_DES_CBC_SHA(4680x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",469"TLS_RSA_WITH_DES_CBC_SHA",470ProtocolVersion.PROTOCOLS_TO_11,471K_RSA, B_DES, M_SHA, H_NONE),472SSL_DHE_RSA_WITH_DES_CBC_SHA(4730x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA",474"TLS_DHE_RSA_WITH_DES_CBC_SHA",475ProtocolVersion.PROTOCOLS_TO_11,476K_DHE_RSA, B_DES, M_SHA, H_NONE),477SSL_DHE_DSS_WITH_DES_CBC_SHA(4780x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA",479"TLS_DHE_DSS_WITH_DES_CBC_SHA",480ProtocolVersion.PROTOCOLS_TO_11,481K_DHE_DSS, B_DES, M_SHA, H_NONE),482SSL_DH_anon_WITH_DES_CBC_SHA(4830x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA",484"TLS_DH_anon_WITH_DES_CBC_SHA",485ProtocolVersion.PROTOCOLS_TO_11,486K_DH_ANON, B_DES, M_SHA, H_NONE),487488// Weak cipher suites obsoleted in TLS 1.1 [RFC 4346]489SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(4900x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",491"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",492ProtocolVersion.PROTOCOLS_TO_10,493K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),494SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(4950x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",496"TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",497ProtocolVersion.PROTOCOLS_TO_10,498K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),499SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(5000x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",501"TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",502ProtocolVersion.PROTOCOLS_TO_10,503K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE),504SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA(5050x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",506"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",507ProtocolVersion.PROTOCOLS_TO_10,508K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE),509SSL_RSA_EXPORT_WITH_RC4_40_MD5(5100x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5",511"TLS_RSA_EXPORT_WITH_RC4_40_MD5",512ProtocolVersion.PROTOCOLS_TO_10,513K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE),514SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(5150x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",516"TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",517ProtocolVersion.PROTOCOLS_TO_10,518K_DH_ANON, B_RC4_40, M_MD5, H_NONE),519520// No traffic encryption cipher suites521TLS_RSA_WITH_NULL_SHA256(5220x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",523ProtocolVersion.PROTOCOLS_OF_12,524K_RSA, B_NULL, M_SHA256, H_SHA256),525TLS_ECDHE_ECDSA_WITH_NULL_SHA(5260xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "",527ProtocolVersion.PROTOCOLS_TO_12,528K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256),529TLS_ECDHE_RSA_WITH_NULL_SHA(5300xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "",531ProtocolVersion.PROTOCOLS_TO_12,532K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256),533SSL_RSA_WITH_NULL_SHA(5340x0002, false, "SSL_RSA_WITH_NULL_SHA",535"TLS_RSA_WITH_NULL_SHA",536ProtocolVersion.PROTOCOLS_TO_12,537K_RSA, B_NULL, M_SHA, H_SHA256),538TLS_ECDH_ECDSA_WITH_NULL_SHA(5390xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "",540ProtocolVersion.PROTOCOLS_TO_12,541K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256),542TLS_ECDH_RSA_WITH_NULL_SHA(5430xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "",544ProtocolVersion.PROTOCOLS_TO_12,545K_ECDH_RSA, B_NULL, M_SHA, H_SHA256),546TLS_ECDH_anon_WITH_NULL_SHA(5470xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "",548ProtocolVersion.PROTOCOLS_TO_12,549K_ECDH_ANON, B_NULL, M_SHA, H_SHA256),550SSL_RSA_WITH_NULL_MD5(5510x0001, false, "SSL_RSA_WITH_NULL_MD5",552"TLS_RSA_WITH_NULL_MD5",553ProtocolVersion.PROTOCOLS_TO_12,554K_RSA, B_NULL, M_MD5, H_SHA256),555556// Definition of the cipher suites that are not supported but the names557// are known.558TLS_AES_128_CCM_SHA256( // TLS 1.3559"TLS_AES_128_CCM_SHA256", 0x1304),560TLS_AES_128_CCM_8_SHA256( // TLS 1.3561"TLS_AES_128_CCM_8_SHA256", 0x1305),562563// Remaining unsupported cipher suites defined in RFC2246.564CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006),565CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007),566CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b),567CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c),568CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d),569CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e),570CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f),571CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010),572573// SSL 3.0 Fortezza cipher suites574CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c),575CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d),576577// 1024/56 bit exportable cipher suites from expired internet draft578CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062),579CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063),580CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064),581CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065),582CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066),583584// Netscape old and new SSL 3.0 FIPS cipher suites585// see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html586CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0),587CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),588CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe),589CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff),590591// Unsupported Kerberos cipher suites from RFC 2712592CS_001E("TLS_KRB5_WITH_DES_CBC_SHA", 0x001E),593CS_001F("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001F),594CS_0020("TLS_KRB5_WITH_RC4_128_SHA", 0x0020),595CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021),596CS_0022("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022),597CS_0023("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023),598CS_0024("TLS_KRB5_WITH_RC4_128_MD5", 0x0024),599CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025),600CS_0026("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026),601CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027),602CS_0028("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028),603CS_0029("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029),604CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a),605CS_002B("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002B),606607// Unsupported cipher suites from RFC 4162608CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096),609CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097),610CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098),611CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099),612CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a),613CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b),614615// Unsupported cipher suites from RFC 4279616CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a),617CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b),618CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c),619CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d),620CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e),621CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f),622CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090),623CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091),624CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092),625CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093),626CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094),627CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095),628629// Unsupported cipher suites from RFC 4785630CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c),631CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d),632CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e),633634// Unsupported cipher suites from RFC 5246635CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030),636CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031),637CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036),638CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037),639CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e),640CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f),641CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068),642CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069),643644// Unsupported cipher suites from RFC 5288645CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0),646CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1),647CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4),648CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5),649650// Unsupported cipher suites from RFC 5487651CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8),652CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9),653CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa),654CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab),655CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac),656CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad),657CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae),658CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af),659CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0),660CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1),661CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2),662CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3),663CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4),664CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5),665CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6),666CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7),667CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8),668CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9),669670// Unsupported cipher suites from RFC 5932671CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041),672CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042),673CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043),674CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044),675CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045),676CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046),677CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084),678CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085),679CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086),680CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087),681CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088),682CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089),683CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba),684CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb),685CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc),686CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd),687CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be),688CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf),689CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0),690CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1),691CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2),692CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3),693CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4),694CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5),695696// TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507697CS_5600("TLS_FALLBACK_SCSV", 0x5600),698699// Unsupported cipher suites from RFC 5054700CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a),701CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b),702CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c),703CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d),704CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e),705CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f),706CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020),707CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021),708CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022),709710// Unsupported cipher suites from RFC 5489711CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033),712CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034),713CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035),714CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036),715CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037),716CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038),717CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039),718CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a),719CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b),720721// Unsupported cipher suites from RFC 6209722CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c),723CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d),724CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e),725CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f),726CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040),727CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041),728CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042),729CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043),730CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044),731CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045),732CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046),733CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047),734CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048),735CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049),736CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a),737CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b),738CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c),739CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d),740CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e),741CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f),742CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050),743CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051),744CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052),745CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053),746CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054),747CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055),748CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056),749CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057),750CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058),751CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059),752CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a),753CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b),754CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c),755CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d),756CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e),757CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f),758CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060),759CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061),760CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062),761CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063),762CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064),763CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065),764CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066),765CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067),766CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068),767CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069),768CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a),769CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b),770CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c),771CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d),772CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e),773CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f),774CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070),775CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071),776777// Unsupported cipher suites from RFC 6367778CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072),779CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073),780CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074),781CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075),782CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076),783CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077),784CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078),785CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079),786CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a),787CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b),788CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c),789CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d),790CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e),791CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f),792CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080),793CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081),794CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082),795CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083),796CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084),797CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085),798CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086),799CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087),800CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088),801CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089),802CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a),803CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b),804CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c),805CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d),806CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e),807CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f),808CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090),809CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091),810CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092),811CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093),812CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094),813CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095),814CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096),815CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097),816CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098),817CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099),818CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a),819CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b),820821// Unsupported cipher suites from RFC 6655822CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c),823CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d),824CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e),825CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f),826CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0),827CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1),828CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2),829CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3),830CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4),831CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5),832CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6),833CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7),834CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8),835CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9),836CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa),837CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab),838839// Unsupported cipher suites from RFC 7251840CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac),841CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad),842CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae),843CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af),844845C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000);846847final int id;848final boolean isDefaultEnabled;849final String name;850final List<String> aliases;851final List<ProtocolVersion> supportedProtocols;852final KeyExchange keyExchange;853final SSLCipher bulkCipher;854final MacAlg macAlg;855final HashAlg hashAlg;856857final boolean exportable;858859// known but unsupported cipher suite860private CipherSuite(String name, int id) {861this(id, false, name, "",862ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null);863}864865// TLS 1.3 cipher suite866private CipherSuite(int id, boolean isDefaultEnabled,867String name, ProtocolVersion[] supportedProtocols,868SSLCipher bulkCipher, HashAlg hashAlg) {869this(id, isDefaultEnabled, name, "",870supportedProtocols, null, bulkCipher, M_NULL, hashAlg);871}872873private CipherSuite(int id, boolean isDefaultEnabled,874String name, String aliases,875ProtocolVersion[] supportedProtocols,876KeyExchange keyExchange, SSLCipher cipher,877MacAlg macAlg, HashAlg hashAlg) {878this.id = id;879this.isDefaultEnabled = isDefaultEnabled;880this.name = name;881if (!aliases.isEmpty()) {882this.aliases = Arrays.asList(aliases.split(","));883} else {884this.aliases = Collections.emptyList();885}886this.supportedProtocols = Arrays.asList(supportedProtocols);887this.keyExchange = keyExchange;888this.bulkCipher = cipher;889this.macAlg = macAlg;890this.hashAlg = hashAlg;891892this.exportable = (cipher != null && cipher.exportable);893}894895static CipherSuite nameOf(String ciperSuiteName) {896for (CipherSuite cs : CipherSuite.values()) {897if (cs.name.equals(ciperSuiteName) ||898cs.aliases.contains(ciperSuiteName)) {899return cs;900}901}902903return null;904}905906static CipherSuite valueOf(int id) {907for (CipherSuite cs : CipherSuite.values()) {908if (cs.id == id) {909return cs;910}911}912913return null;914}915916static String nameOf(int id) {917for (CipherSuite cs : CipherSuite.values()) {918if (cs.id == id) {919return cs.name;920}921}922923return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")";924}925926static Collection<CipherSuite> allowedCipherSuites() {927Collection<CipherSuite> cipherSuites = new LinkedList<>();928for (CipherSuite cs : CipherSuite.values()) {929if (!cs.supportedProtocols.isEmpty()) {930cipherSuites.add(cs);931} else {932// values() is ordered, remaining cipher suites are933// not supported.934break;935}936}937return cipherSuites;938}939940static Collection<CipherSuite> defaultCipherSuites() {941Collection<CipherSuite> cipherSuites = new LinkedList<>();942for (CipherSuite cs : CipherSuite.values()) {943if (cs.isDefaultEnabled) {944cipherSuites.add(cs);945} else {946// values() is ordered, remaining cipher suites are947// not enabled.948break;949}950}951return cipherSuites;952}953954/**955* Validates and converts an array of cipher suite names.956*957* @throws IllegalArgumentException when one or more of the ciphers named958* by the parameter is not supported, or when the parameter is null.959*/960static List<CipherSuite> validValuesOf(String[] names) {961if (names == null) {962throw new IllegalArgumentException("CipherSuites cannot be null");963}964965List<CipherSuite> cipherSuites = new ArrayList<>(names.length);966for (String name : names) {967if (name == null || name.isEmpty()) {968throw new IllegalArgumentException(969"The specified CipherSuites array contains " +970"invalid null or empty string elements");971}972973boolean found = false;974for (CipherSuite cs : CipherSuite.values()) {975if (!cs.supportedProtocols.isEmpty()) {976if (cs.name.equals(name) ||977cs.aliases.contains(name)) {978cipherSuites.add(cs);979found = true;980break;981}982} else {983// values() is ordered, remaining cipher suites are984// not supported.985break;986}987}988if (!found) {989throw new IllegalArgumentException(990"Unsupported CipherSuite: " + name);991}992}993994return Collections.unmodifiableList(cipherSuites);995}996997static String[] namesOf(List<CipherSuite> cipherSuites) {998String[] names = new String[cipherSuites.size()];999int i = 0;1000for (CipherSuite cipherSuite : cipherSuites) {1001names[i++] = cipherSuite.name;1002}10031004return names;1005}10061007boolean isAvailable() {1008// Note: keyExchange is null for TLS 1.3 CipherSuites.1009return !supportedProtocols.isEmpty() &&1010(keyExchange == null || keyExchange.isAvailable()) &&1011bulkCipher != null && bulkCipher.isAvailable();1012}10131014public boolean supports(ProtocolVersion protocolVersion) {1015return supportedProtocols.contains(protocolVersion);1016}10171018boolean isNegotiable() {1019return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable();1020}10211022boolean isAnonymous() {1023return (keyExchange != null && keyExchange.isAnonymous);1024}10251026// See also SSLWriteCipher.calculatePacketSize().1027int calculatePacketSize(int fragmentSize,1028ProtocolVersion protocolVersion, boolean isDTLS) {1029int packetSize = fragmentSize;1030if (bulkCipher != null && bulkCipher != B_NULL) {1031int blockSize = bulkCipher.ivSize;1032switch (bulkCipher.cipherType) {1033case BLOCK_CIPHER:1034packetSize += macAlg.size;1035packetSize += 1; // 1 byte padding length field1036packetSize += // use the minimal padding1037(blockSize - (packetSize % blockSize)) % blockSize;1038if (protocolVersion.useTLS11PlusSpec()) {1039packetSize += blockSize; // explicit IV1040}10411042break;1043case AEAD_CIPHER:1044if (protocolVersion == ProtocolVersion.TLS12 ||1045protocolVersion == ProtocolVersion.DTLS12) {1046packetSize +=1047bulkCipher.ivSize - bulkCipher.fixedIvSize;1048}1049packetSize += bulkCipher.tagSize;10501051break;1052default: // NULL_CIPHER or STREAM_CIPHER1053packetSize += macAlg.size;1054}1055}10561057return packetSize +1058(isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);1059}10601061// See also CipherBox.calculateFragmentSize().1062int calculateFragSize(int packetLimit,1063ProtocolVersion protocolVersion, boolean isDTLS) {1064int fragSize = packetLimit -1065(isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);1066if (bulkCipher != null && bulkCipher != B_NULL) {1067int blockSize = bulkCipher.ivSize;1068switch (bulkCipher.cipherType) {1069case BLOCK_CIPHER:1070if (protocolVersion.useTLS11PlusSpec()) {1071fragSize -= blockSize; // explicit IV1072}1073fragSize -= (fragSize % blockSize); // cannot hold a block1074// No padding for a maximum fragment.1075fragSize -= 1; // 1 byte padding length field: 0x001076fragSize -= macAlg.size;10771078break;1079case AEAD_CIPHER:1080fragSize -= bulkCipher.tagSize;1081fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize;10821083break;1084default: // NULL_CIPHER or STREAM_CIPHER1085fragSize -= macAlg.size;1086}1087}10881089return fragSize;1090}10911092/**1093* An SSL/TLS key exchange algorithm.1094*/1095static enum KeyExchange {1096K_NULL ("NULL", false, true, NAMED_GROUP_NONE),1097K_RSA ("RSA", true, false, NAMED_GROUP_NONE),1098K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE),1099K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE),1100K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE),1101K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE),1102K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE),1103K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE),1104K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE),1105K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE),1106K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE),11071108// These KeyExchanges can use either ECDHE/XDH, so we'll use a1109// varargs here.1110K_ECDH_ECDSA ("ECDH_ECDSA", JsseJce.ALLOW_ECC, false,1111NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),1112K_ECDH_RSA ("ECDH_RSA", JsseJce.ALLOW_ECC, false,1113NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),1114K_ECDHE_ECDSA ("ECDHE_ECDSA", JsseJce.ALLOW_ECC, false,1115NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),1116K_ECDHE_RSA ("ECDHE_RSA", JsseJce.ALLOW_ECC, false,1117NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),1118K_ECDH_ANON ("ECDH_anon", JsseJce.ALLOW_ECC, true,1119NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),11201121// renegotiation protection request signaling cipher suite1122K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE);11231124// name of the key exchange algorithm, e.g. DHE_DSS1125final String name;1126final boolean allowed;1127final NamedGroupSpec[] groupTypes;1128private final boolean alwaysAvailable;1129private final boolean isAnonymous;11301131KeyExchange(String name, boolean allowed,1132boolean isAnonymous, NamedGroupSpec... groupTypes) {1133this.name = name;1134this.groupTypes = groupTypes;1135this.allowed = allowed;11361137this.alwaysAvailable = allowed && (!name.startsWith("EC"));1138this.isAnonymous = isAnonymous;1139}11401141boolean isAvailable() {1142if (alwaysAvailable) {1143return true;1144}11451146if (NamedGroupSpec.arrayContains(groupTypes,1147NamedGroupSpec.NAMED_GROUP_ECDHE)) {1148return (allowed && JsseJce.isEcAvailable());1149} else {1150return allowed;1151}1152}11531154@Override1155public String toString() {1156return name;1157}1158}11591160/**1161* An SSL/TLS key MAC algorithm.1162*1163* Also contains a factory method to obtain an initialized MAC1164* for this algorithm.1165*/1166static enum MacAlg {1167M_NULL ("NULL", 0, 0, 0),1168M_MD5 ("MD5", 16, 64, 9),1169M_SHA ("SHA", 20, 64, 9),1170M_SHA256 ("SHA256", 32, 64, 9),1171M_SHA384 ("SHA384", 48, 128, 17);11721173// descriptive name, e.g. MD51174final String name;11751176// size of the MAC value (and MAC key) in bytes1177final int size;11781179// block size of the underlying hash algorithm1180final int hashBlockSize;11811182// minimal padding size of the underlying hash algorithm1183final int minimalPaddingSize;11841185MacAlg(String name, int size,1186int hashBlockSize, int minimalPaddingSize) {1187this.name = name;1188this.size = size;1189this.hashBlockSize = hashBlockSize;1190this.minimalPaddingSize = minimalPaddingSize;1191}11921193@Override1194public String toString() {1195return name;1196}1197}11981199/**1200* The hash algorithms used for PRF (PseudoRandom Function) or HKDF.1201*1202* Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for1203* generating the necessary material.1204*/1205static enum HashAlg {1206H_NONE ("NONE", 0, 0),1207H_SHA256 ("SHA-256", 32, 64),1208H_SHA384 ("SHA-384", 48, 128);12091210final String name;1211final int hashLength;1212final int blockSize;12131214HashAlg(String hashAlg, int hashLength, int blockSize) {1215this.name = hashAlg;1216this.hashLength = hashLength;1217this.blockSize = blockSize;1218}12191220@Override1221public String toString() {1222return name;1223}1224}1225}122612271228