diff options
Diffstat (limited to 'security/nss/lib/ssl/sslenum.c')
-rw-r--r-- | security/nss/lib/ssl/sslenum.c | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c new file mode 100644 index 0000000000..b5272d4a85 --- /dev/null +++ b/security/nss/lib/ssl/sslenum.c @@ -0,0 +1,157 @@ +/* + * Table enumerating all implemented cipher suites + * Part of public API. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "ssl.h" +#include "sslproto.h" + +/* + * The ordering of cipher suites in this table must match the ordering in + * the cipherSuites table in ssl3con.c. + * + * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays + * in ssl3ecc.c. + * + * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. + * + * The ordering is as follows: + * * No-encryption cipher suites last + * * Export/weak/obsolete cipher suites before no-encryption cipher suites + * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA. + * * Within key agreement sections, prefer AEAD over non-AEAD cipher suites. + * * Within AEAD sections, order by symmetric encryption algorithm which + * integrates message authentication algorithm: AES-128-GCM, then + * ChaCha20-Poly1305, then AES-256-GCM, + * * Within non-AEAD sections, order by symmetric encryption algorithm: + * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED, + * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a + * strong cipher internationally, and is often hardware-accelerated. + * Camellia also has wide international support across standards + * organizations. SEED is only recommended by the Korean government. 3DES + * only provides 112 bits of security. RC4 is now deprecated or forbidden + * by many standards organizations. + * * Within non-AEAD symmetric algorithm sections, order by message + * authentication algorithm: HMAC-SHA256, then HMAC-SHA384, then HMAC-SHA1, + * then HMAC-MD5. + * * Within symmetric algorithm sections, order by message authentication + * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. + * * Within message authentication algorithm sections, order by asymmetric + * signature algorithm: ECDSA, then RSA, then DSS. + * * As a special case, the PSK ciphers, which are only enabled when + * TLS 1.3 PSK-resumption is in use, come first. + * + * Exception: Because some servers ignore the high-order byte of the cipher + * suite ID, we must be careful about adding cipher suites with IDs larger + * than 0x00ff; see bug 946147. For these broken servers, the first three + * cipher suites, with the MSB zeroed, look like: + * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } + * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } + * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } + * The broken server only supports the third and fourth ones and will select + * the third one. + */ +const PRUint16 SSL_ImplementedCiphers[] = { + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_256_GCM_SHA384, + + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. + */ + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_RC4_128_SHA, + + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + TLS_ECDH_RSA_WITH_RC4_128_SHA, + + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_RSA_WITH_SEED_CBC_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, + + /* 56-bit DES "domestic" cipher suites */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, + TLS_RSA_WITH_DES_CBC_SHA, + + /* ciphersuites with no encryption */ + TLS_ECDHE_ECDSA_WITH_NULL_SHA, + TLS_ECDHE_RSA_WITH_NULL_SHA, + TLS_ECDH_RSA_WITH_NULL_SHA, + TLS_ECDH_ECDSA_WITH_NULL_SHA, + TLS_RSA_WITH_NULL_SHA, + TLS_RSA_WITH_NULL_SHA256, + TLS_RSA_WITH_NULL_MD5, + + 0 +}; + +const PRUint16 SSL_NumImplementedCiphers = + (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; + +const PRUint16* +SSL_GetImplementedCiphers(void) +{ + return SSL_ImplementedCiphers; +} + +PRUint16 +SSL_GetNumImplementedCiphers(void) +{ + return SSL_NumImplementedCiphers; +} |