Path: blob/master/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
67771 views
/*1* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.ssl;2627import java.util.*;2829import static sun.security.ssl.CipherSuite.HashAlg.*;30import static sun.security.ssl.CipherSuite.KeyExchange.*;31import static sun.security.ssl.CipherSuite.MacAlg.*;32import static sun.security.ssl.SSLCipher.*;33import sun.security.ssl.NamedGroup.NamedGroupSpec;34import static sun.security.ssl.NamedGroup.NamedGroupSpec.*;3536/**37* Enum for SSL/(D)TLS cipher suites.38*39* Please refer to the "TLS Cipher Suite Registry" section for more details40* about each cipher suite:41* https://www.iana.org/assignments/tls-parameters/tls-parameters.xml42*/43enum CipherSuite {44//45// in preference order46//4748// Definition of the CipherSuites that are enabled by default.49//50// They are listed in preference order, most preferred first, using51// the following criteria:52// 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be53// changed later, see below).54// 2. Prefer forward secrecy cipher suites.55// 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM),56// AES_128(GCM), AES_256, AES_128, 3DES-EDE.57// 4. Prefer the stronger MAC algorithm, in the order of SHA384,58// SHA256, SHA, MD5.59// 5. Prefer the better performance of key exchange and digital60// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,61// DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA.6263// TLS 1.3 cipher suites.64TLS_AES_256_GCM_SHA384(650x1302, true, "TLS_AES_256_GCM_SHA384",66ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384),67TLS_AES_128_GCM_SHA256(680x1301, true, "TLS_AES_128_GCM_SHA256",69ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256),70TLS_CHACHA20_POLY1305_SHA256(710x1303, true, "TLS_CHACHA20_POLY1305_SHA256",72ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256),7374// Suite B compliant cipher suites, see RFC 6460.75//76// Note that, at present this provider is not Suite B compliant. The77// preference order of the GCM cipher suites does not follow the spec78// of RFC 6460. In this section, only two cipher suites are listed79// so that applications can make use of Suite-B compliant cipher80// suite firstly.81TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(820xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "",83ProtocolVersion.PROTOCOLS_OF_12,84K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),85TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(860xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "",87ProtocolVersion.PROTOCOLS_OF_12,88K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),8990// Not suite B, but we want it to position the suite early in the list91// of 1.2 suites.92TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(930xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "",94ProtocolVersion.PROTOCOLS_OF_12,95K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256),9697//98// Forward secrecy cipher suites.99//100101// AES_256(GCM) - ECDHE102TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(1030xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "",104ProtocolVersion.PROTOCOLS_OF_12,105K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),106TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(1070xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",108ProtocolVersion.PROTOCOLS_OF_12,109K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),110111// AES_128(GCM) - ECDHE112TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(1130xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "",114ProtocolVersion.PROTOCOLS_OF_12,115K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),116117// AES_256(GCM) - DHE118TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(1190x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "",120ProtocolVersion.PROTOCOLS_OF_12,121K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),122TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(1230xCCAA, true, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",124ProtocolVersion.PROTOCOLS_OF_12,125K_DHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),126TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(1270x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "",128ProtocolVersion.PROTOCOLS_OF_12,129K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384),130131// AES_128(GCM) - DHE132TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(1330x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "",134ProtocolVersion.PROTOCOLS_OF_12,135K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),136TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(1370x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "",138ProtocolVersion.PROTOCOLS_OF_12,139K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256),140141// AES_256(CBC) - ECDHE142TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(1430xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "",144ProtocolVersion.PROTOCOLS_OF_12,145K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384),146TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(1470xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "",148ProtocolVersion.PROTOCOLS_OF_12,149K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384),150151// AES_128(CBC) - ECDHE152TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(1530xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "",154ProtocolVersion.PROTOCOLS_OF_12,155K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256),156TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(1570xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "",158ProtocolVersion.PROTOCOLS_OF_12,159K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256),160161// AES_256(CBC) - DHE162TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(1630x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "",164ProtocolVersion.PROTOCOLS_OF_12,165K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256),166TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(1670x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "",168ProtocolVersion.PROTOCOLS_OF_12,169K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256),170171// AES_128(CBC) - DHE172TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(1730x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "",174ProtocolVersion.PROTOCOLS_OF_12,175K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256),176TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(1770x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "",178ProtocolVersion.PROTOCOLS_OF_12,179K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256),180181//182// not forward secret cipher suites.183//184185// AES_256(GCM)186TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(1870xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",188ProtocolVersion.PROTOCOLS_OF_12,189K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),190TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(1910xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "",192ProtocolVersion.PROTOCOLS_OF_12,193K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384),194195// AES_128(GCM)196TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(1970xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "",198ProtocolVersion.PROTOCOLS_OF_12,199K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),200TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(2010xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "",202ProtocolVersion.PROTOCOLS_OF_12,203K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256),204205// AES_256(CBC)206TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(2070xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "",208ProtocolVersion.PROTOCOLS_OF_12,209K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384),210TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(2110xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "",212ProtocolVersion.PROTOCOLS_OF_12,213K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384),214215// AES_128(CBC)216TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(2170xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "",218ProtocolVersion.PROTOCOLS_OF_12,219K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256),220TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(2210xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "",222ProtocolVersion.PROTOCOLS_OF_12,223K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256),224225//226// Legacy, used for compatibility227//228229// AES_256(CBC) - ECDHE - Using SHA230TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(2310xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "",232ProtocolVersion.PROTOCOLS_TO_12,233K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256),234TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(2350xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "",236ProtocolVersion.PROTOCOLS_TO_12,237K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256),238239// AES_128(CBC) - ECDHE - using SHA240TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(2410xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "",242ProtocolVersion.PROTOCOLS_TO_12,243K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256),244TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(2450xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "",246ProtocolVersion.PROTOCOLS_TO_12,247K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256),248249// AES_256(CBC) - DHE - Using SHA250TLS_DHE_RSA_WITH_AES_256_CBC_SHA(2510x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "",252ProtocolVersion.PROTOCOLS_TO_12,253K_DHE_RSA, B_AES_256, M_SHA, H_SHA256),254TLS_DHE_DSS_WITH_AES_256_CBC_SHA(2550x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "",256ProtocolVersion.PROTOCOLS_TO_12,257K_DHE_DSS, B_AES_256, M_SHA, H_SHA256),258259// AES_128(CBC) - DHE - using SHA260TLS_DHE_RSA_WITH_AES_128_CBC_SHA(2610x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "",262ProtocolVersion.PROTOCOLS_TO_12,263K_DHE_RSA, B_AES_128, M_SHA, H_SHA256),264TLS_DHE_DSS_WITH_AES_128_CBC_SHA(2650x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "",266ProtocolVersion.PROTOCOLS_TO_12,267K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),268269// AES_256(CBC) - using SHA, not forward secrecy270TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(2710xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",272ProtocolVersion.PROTOCOLS_TO_12,273K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256),274TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(2750xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "",276ProtocolVersion.PROTOCOLS_TO_12,277K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),278279// AES_128(CBC) - using SHA, not forward secrecy280TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(2810xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",282ProtocolVersion.PROTOCOLS_TO_12,283K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256),284TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(2850xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "",286ProtocolVersion.PROTOCOLS_TO_12,287K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256),288289//290// deprecated, used for compatibility291//292293// RSA, AES_256(GCM)294TLS_RSA_WITH_AES_256_GCM_SHA384(2950x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "",296ProtocolVersion.PROTOCOLS_OF_12,297K_RSA, B_AES_256_GCM, M_NULL, H_SHA384),298299// RSA, AES_128(GCM)300TLS_RSA_WITH_AES_128_GCM_SHA256(3010x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "",302ProtocolVersion.PROTOCOLS_OF_12,303K_RSA, B_AES_128_GCM, M_NULL, H_SHA256),304305// RSA, AES_256(CBC)306TLS_RSA_WITH_AES_256_CBC_SHA256(3070x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "",308ProtocolVersion.PROTOCOLS_OF_12,309K_RSA, B_AES_256, M_SHA256, H_SHA256),310311// RSA, AES_128(CBC)312TLS_RSA_WITH_AES_128_CBC_SHA256(3130x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "",314ProtocolVersion.PROTOCOLS_OF_12,315K_RSA, B_AES_128, M_SHA256, H_SHA256),316317// RSA, AES_256(CBC) - using SHA, not forward secrecy318TLS_RSA_WITH_AES_256_CBC_SHA(3190x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",320ProtocolVersion.PROTOCOLS_TO_12,321K_RSA, B_AES_256, M_SHA, H_SHA256),322323// RSA, AES_128(CBC) - using SHA, not forward secrecy324TLS_RSA_WITH_AES_128_CBC_SHA(3250x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",326ProtocolVersion.PROTOCOLS_TO_12,327K_RSA, B_AES_128, M_SHA, H_SHA256),328329// 3DES_EDE, forward secrecy.330TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(3310xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",332ProtocolVersion.PROTOCOLS_TO_12,333K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),334TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(3350xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",336ProtocolVersion.PROTOCOLS_TO_12,337K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),338SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(3390x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",340"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",341ProtocolVersion.PROTOCOLS_TO_12,342K_DHE_RSA, B_3DES, M_SHA, H_SHA256),343SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(3440x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",345"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",346ProtocolVersion.PROTOCOLS_TO_12,347K_DHE_DSS, B_3DES, M_SHA, H_SHA256),348349// 3DES_EDE, not forward secrecy.350TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(3510xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",352ProtocolVersion.PROTOCOLS_TO_12,353K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),354TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(3550xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",356ProtocolVersion.PROTOCOLS_TO_12,357K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),358SSL_RSA_WITH_3DES_EDE_CBC_SHA(3590x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA",360"TLS_RSA_WITH_3DES_EDE_CBC_SHA",361ProtocolVersion.PROTOCOLS_TO_12,362K_RSA, B_3DES, M_SHA, H_SHA256),363364// Renegotiation protection request Signalling Cipher Suite Value (SCSV).365TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior3660x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "",367ProtocolVersion.PROTOCOLS_TO_12,368K_SCSV, B_NULL, M_NULL, H_NONE),369370// Definition of the CipherSuites that are supported but not enabled371// by default.372// They are listed in preference order, preferred first, using the373// following criteria:374// 1. If a cipher suite has been obsoleted, we put it at the end of375// the list.376// 2. Prefer the stronger bulk cipher, in the order of AES_256,377// AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.378// 3. Prefer the stronger MAC algorithm, in the order of SHA384,379// SHA256, SHA, MD5.380// 4. Prefer the better performance of key exchange and digital381// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,382// RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.383TLS_DH_anon_WITH_AES_256_GCM_SHA384(3840x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "",385ProtocolVersion.PROTOCOLS_OF_12,386K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384),387TLS_DH_anon_WITH_AES_128_GCM_SHA256(3880x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "",389ProtocolVersion.PROTOCOLS_OF_12,390K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256),391TLS_DH_anon_WITH_AES_256_CBC_SHA256(3920x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "",393ProtocolVersion.PROTOCOLS_OF_12,394K_DH_ANON, B_AES_256, M_SHA256, H_SHA256),395TLS_ECDH_anon_WITH_AES_256_CBC_SHA(3960xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "",397ProtocolVersion.PROTOCOLS_TO_12,398K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256),399TLS_DH_anon_WITH_AES_256_CBC_SHA(4000x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "",401ProtocolVersion.PROTOCOLS_TO_12,402K_DH_ANON, B_AES_256, M_SHA, H_SHA256),403TLS_DH_anon_WITH_AES_128_CBC_SHA256(4040x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "",405ProtocolVersion.PROTOCOLS_OF_12,406K_DH_ANON, B_AES_128, M_SHA256, H_SHA256),407TLS_ECDH_anon_WITH_AES_128_CBC_SHA(4080xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "",409ProtocolVersion.PROTOCOLS_TO_12,410K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256),411TLS_DH_anon_WITH_AES_128_CBC_SHA(4120x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "",413ProtocolVersion.PROTOCOLS_TO_12,414K_DH_ANON, B_AES_128, M_SHA, H_SHA256),415TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(4160xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "",417ProtocolVersion.PROTOCOLS_TO_12,418K_ECDH_ANON, B_3DES, M_SHA, H_SHA256),419SSL_DH_anon_WITH_3DES_EDE_CBC_SHA(4200x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",421"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",422ProtocolVersion.PROTOCOLS_TO_12,423K_DH_ANON, B_3DES, M_SHA, H_SHA256),424425// RC4426TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(4270xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",428ProtocolVersion.PROTOCOLS_TO_TLS12,429K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),430TLS_ECDHE_RSA_WITH_RC4_128_SHA(4310xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",432ProtocolVersion.PROTOCOLS_TO_TLS12,433K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),434SSL_RSA_WITH_RC4_128_SHA(4350x0005, false, "SSL_RSA_WITH_RC4_128_SHA",436"TLS_RSA_WITH_RC4_128_SHA",437ProtocolVersion.PROTOCOLS_TO_TLS12,438K_RSA, B_RC4_128, M_SHA, H_SHA256),439TLS_ECDH_ECDSA_WITH_RC4_128_SHA(4400xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",441ProtocolVersion.PROTOCOLS_TO_TLS12,442K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),443TLS_ECDH_RSA_WITH_RC4_128_SHA(4440xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",445ProtocolVersion.PROTOCOLS_TO_TLS12,446K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),447SSL_RSA_WITH_RC4_128_MD5(4480x0004, false, "SSL_RSA_WITH_RC4_128_MD5",449"TLS_RSA_WITH_RC4_128_MD5",450ProtocolVersion.PROTOCOLS_TO_TLS12,451K_RSA, B_RC4_128, M_MD5, H_SHA256),452TLS_ECDH_anon_WITH_RC4_128_SHA(4530xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",454ProtocolVersion.PROTOCOLS_TO_TLS12,455K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),456SSL_DH_anon_WITH_RC4_128_MD5(4570x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5",458"TLS_DH_anon_WITH_RC4_128_MD5",459ProtocolVersion.PROTOCOLS_TO_TLS12,460K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),461462// Weak cipher suites obsoleted in TLS 1.2 [RFC 5246]463SSL_RSA_WITH_DES_CBC_SHA(4640x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",465"TLS_RSA_WITH_DES_CBC_SHA",466ProtocolVersion.PROTOCOLS_TO_11,467K_RSA, B_DES, M_SHA, H_NONE),468SSL_DHE_RSA_WITH_DES_CBC_SHA(4690x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA",470"TLS_DHE_RSA_WITH_DES_CBC_SHA",471ProtocolVersion.PROTOCOLS_TO_11,472K_DHE_RSA, B_DES, M_SHA, H_NONE),473SSL_DHE_DSS_WITH_DES_CBC_SHA(4740x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA",475"TLS_DHE_DSS_WITH_DES_CBC_SHA",476ProtocolVersion.PROTOCOLS_TO_11,477K_DHE_DSS, B_DES, M_SHA, H_NONE),478SSL_DH_anon_WITH_DES_CBC_SHA(4790x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA",480"TLS_DH_anon_WITH_DES_CBC_SHA",481ProtocolVersion.PROTOCOLS_TO_11,482K_DH_ANON, B_DES, M_SHA, H_NONE),483484// Weak cipher suites obsoleted in TLS 1.1 [RFC 4346]485SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(4860x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",487"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",488ProtocolVersion.PROTOCOLS_TO_10,489K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),490SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(4910x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",492"TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",493ProtocolVersion.PROTOCOLS_TO_10,494K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),495SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(4960x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",497"TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",498ProtocolVersion.PROTOCOLS_TO_10,499K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE),500SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA(5010x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",502"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",503ProtocolVersion.PROTOCOLS_TO_10,504K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE),505SSL_RSA_EXPORT_WITH_RC4_40_MD5(5060x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5",507"TLS_RSA_EXPORT_WITH_RC4_40_MD5",508ProtocolVersion.PROTOCOLS_TO_10,509K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE),510SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(5110x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",512"TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",513ProtocolVersion.PROTOCOLS_TO_10,514K_DH_ANON, B_RC4_40, M_MD5, H_NONE),515516// No traffic encryption cipher suites517TLS_RSA_WITH_NULL_SHA256(5180x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",519ProtocolVersion.PROTOCOLS_OF_12,520K_RSA, B_NULL, M_SHA256, H_SHA256),521TLS_ECDHE_ECDSA_WITH_NULL_SHA(5220xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "",523ProtocolVersion.PROTOCOLS_TO_12,524K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256),525TLS_ECDHE_RSA_WITH_NULL_SHA(5260xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "",527ProtocolVersion.PROTOCOLS_TO_12,528K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256),529SSL_RSA_WITH_NULL_SHA(5300x0002, false, "SSL_RSA_WITH_NULL_SHA",531"TLS_RSA_WITH_NULL_SHA",532ProtocolVersion.PROTOCOLS_TO_12,533K_RSA, B_NULL, M_SHA, H_SHA256),534TLS_ECDH_ECDSA_WITH_NULL_SHA(5350xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "",536ProtocolVersion.PROTOCOLS_TO_12,537K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256),538TLS_ECDH_RSA_WITH_NULL_SHA(5390xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "",540ProtocolVersion.PROTOCOLS_TO_12,541K_ECDH_RSA, B_NULL, M_SHA, H_SHA256),542TLS_ECDH_anon_WITH_NULL_SHA(5430xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "",544ProtocolVersion.PROTOCOLS_TO_12,545K_ECDH_ANON, B_NULL, M_SHA, H_SHA256),546SSL_RSA_WITH_NULL_MD5(5470x0001, false, "SSL_RSA_WITH_NULL_MD5",548"TLS_RSA_WITH_NULL_MD5",549ProtocolVersion.PROTOCOLS_TO_12,550K_RSA, B_NULL, M_MD5, H_SHA256),551552// Definition of the cipher suites that are not supported but the names553// are known.554TLS_AES_128_CCM_SHA256( // TLS 1.3555"TLS_AES_128_CCM_SHA256", 0x1304),556TLS_AES_128_CCM_8_SHA256( // TLS 1.3557"TLS_AES_128_CCM_8_SHA256", 0x1305),558559// Remaining unsupported cipher suites defined in RFC2246.560CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006),561CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007),562CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b),563CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c),564CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d),565CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e),566CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f),567CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010),568569// SSL 3.0 Fortezza cipher suites570CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c),571CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d),572573// 1024/56 bit exportable cipher suites from expired internet draft574CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062),575CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063),576CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064),577CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065),578CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066),579580// Netscape old and new SSL 3.0 FIPS cipher suites581// see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html582CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0),583CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),584CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe),585CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff),586587// Unsupported Kerberos cipher suites from RFC 2712588CS_001E("TLS_KRB5_WITH_DES_CBC_SHA", 0x001E),589CS_001F("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001F),590CS_0020("TLS_KRB5_WITH_RC4_128_SHA", 0x0020),591CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021),592CS_0022("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022),593CS_0023("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023),594CS_0024("TLS_KRB5_WITH_RC4_128_MD5", 0x0024),595CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025),596CS_0026("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026),597CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027),598CS_0028("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028),599CS_0029("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029),600CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a),601CS_002B("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002B),602603// Unsupported cipher suites from RFC 4162604CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096),605CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097),606CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098),607CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099),608CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a),609CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b),610611// Unsupported cipher suites from RFC 4279612CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a),613CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b),614CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c),615CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d),616CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e),617CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f),618CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090),619CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091),620CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092),621CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093),622CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094),623CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095),624625// Unsupported cipher suites from RFC 4785626CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c),627CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d),628CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e),629630// Unsupported cipher suites from RFC 5246631CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030),632CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031),633CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036),634CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037),635CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e),636CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f),637CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068),638CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069),639640// Unsupported cipher suites from RFC 5288641CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0),642CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1),643CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4),644CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5),645646// Unsupported cipher suites from RFC 5487647CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8),648CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9),649CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa),650CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab),651CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac),652CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad),653CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae),654CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af),655CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0),656CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1),657CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2),658CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3),659CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4),660CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5),661CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6),662CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7),663CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8),664CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9),665666// Unsupported cipher suites from RFC 5932667CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041),668CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042),669CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043),670CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044),671CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045),672CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046),673CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084),674CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085),675CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086),676CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087),677CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088),678CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089),679CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba),680CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb),681CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc),682CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd),683CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be),684CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf),685CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0),686CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1),687CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2),688CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3),689CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4),690CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5),691692// TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507693CS_5600("TLS_FALLBACK_SCSV", 0x5600),694695// Unsupported cipher suites from RFC 5054696CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a),697CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b),698CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c),699CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d),700CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e),701CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f),702CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020),703CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021),704CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022),705706// Unsupported cipher suites from RFC 5489707CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033),708CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034),709CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035),710CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036),711CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037),712CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038),713CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039),714CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a),715CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b),716717// Unsupported cipher suites from RFC 6209718CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c),719CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d),720CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e),721CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f),722CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040),723CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041),724CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042),725CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043),726CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044),727CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045),728CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046),729CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047),730CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048),731CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049),732CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a),733CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b),734CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c),735CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d),736CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e),737CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f),738CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050),739CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051),740CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052),741CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053),742CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054),743CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055),744CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056),745CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057),746CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058),747CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059),748CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a),749CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b),750CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c),751CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d),752CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e),753CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f),754CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060),755CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061),756CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062),757CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063),758CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064),759CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065),760CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066),761CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067),762CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068),763CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069),764CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a),765CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b),766CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c),767CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d),768CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e),769CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f),770CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070),771CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071),772773// Unsupported cipher suites from RFC 6367774CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072),775CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073),776CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074),777CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075),778CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076),779CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077),780CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078),781CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079),782CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a),783CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b),784CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c),785CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d),786CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e),787CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f),788CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080),789CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081),790CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082),791CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083),792CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084),793CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085),794CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086),795CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087),796CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088),797CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089),798CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a),799CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b),800CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c),801CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d),802CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e),803CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f),804CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090),805CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091),806CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092),807CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093),808CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094),809CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095),810CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096),811CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097),812CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098),813CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099),814CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a),815CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b),816817// Unsupported cipher suites from RFC 6655818CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c),819CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d),820CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e),821CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f),822CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0),823CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1),824CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2),825CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3),826CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4),827CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5),828CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6),829CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7),830CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8),831CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9),832CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa),833CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab),834835// Unsupported cipher suites from RFC 7251836CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac),837CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad),838CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae),839CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af),840841C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000);842843final int id;844final boolean isDefaultEnabled;845final String name;846final List<String> aliases;847final List<ProtocolVersion> supportedProtocols;848final KeyExchange keyExchange;849final SSLCipher bulkCipher;850final MacAlg macAlg;851final HashAlg hashAlg;852853final boolean exportable;854855private static final Map<Integer, CipherSuite> cipherSuiteIds;856private static final Map<String, CipherSuite> cipherSuiteNames;857private static final List<CipherSuite> allowedCipherSuites;858private static final List<CipherSuite> defaultCipherSuites;859860static {861Map<Integer, CipherSuite> ids = new HashMap<>();862Map<String, CipherSuite> names = new HashMap<>();863List<CipherSuite> allowedCS = new ArrayList<>();864List<CipherSuite> defaultCS = new ArrayList<>();865866for(CipherSuite cs : CipherSuite.values()) {867ids.put(cs.id, cs);868names.put(cs.name, cs);869for (String alias : cs.aliases) {870names.put(alias, cs);871}872873if (!cs.supportedProtocols.isEmpty()) {874allowedCS.add(cs);875}876877if (cs.isDefaultEnabled) {878defaultCS.add(cs);879}880}881882cipherSuiteIds = Map.copyOf(ids);883cipherSuiteNames = Map.copyOf(names);884allowedCipherSuites = List.copyOf(allowedCS);885defaultCipherSuites = List.copyOf(defaultCS);886}887888// known but unsupported cipher suite889private CipherSuite(String name, int id) {890this(id, false, name, "",891ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null);892}893894// TLS 1.3 cipher suite895private CipherSuite(int id, boolean isDefaultEnabled,896String name, ProtocolVersion[] supportedProtocols,897SSLCipher bulkCipher, HashAlg hashAlg) {898this(id, isDefaultEnabled, name, "",899supportedProtocols, null, bulkCipher, M_NULL, hashAlg);900}901902private CipherSuite(int id, boolean isDefaultEnabled,903String name, String aliases,904ProtocolVersion[] supportedProtocols,905KeyExchange keyExchange, SSLCipher cipher,906MacAlg macAlg, HashAlg hashAlg) {907this.id = id;908this.isDefaultEnabled = isDefaultEnabled;909this.name = name;910if (!aliases.isEmpty()) {911this.aliases = Arrays.asList(aliases.split(","));912} else {913this.aliases = Collections.emptyList();914}915this.supportedProtocols = Arrays.asList(supportedProtocols);916this.keyExchange = keyExchange;917this.bulkCipher = cipher;918this.macAlg = macAlg;919this.hashAlg = hashAlg;920921this.exportable = (cipher != null && cipher.exportable);922}923924static CipherSuite nameOf(String ciperSuiteName) {925return cipherSuiteNames.get(ciperSuiteName);926}927928static CipherSuite valueOf(int id) {929return cipherSuiteIds.get(id);930}931932static String nameOf(int id) {933CipherSuite cs = cipherSuiteIds.get(id);934935if (cs != null) {936return cs.name;937}938939return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")";940}941942static Collection<CipherSuite> allowedCipherSuites() {943return allowedCipherSuites;944}945946static Collection<CipherSuite> defaultCipherSuites() {947return defaultCipherSuites;948}949950/**951* Validates and converts an array of cipher suite names.952*953* @throws IllegalArgumentException when one or more of the ciphers named954* by the parameter is not supported, or when the parameter is null.955*/956static List<CipherSuite> validValuesOf(String[] names) {957if (names == null) {958throw new IllegalArgumentException("CipherSuites cannot be null");959}960961List<CipherSuite> cipherSuites = new ArrayList<>(names.length);962for (String name : names) {963if (name == null || name.isEmpty()) {964throw new IllegalArgumentException(965"The specified CipherSuites array contains " +966"invalid null or empty string elements");967}968969boolean found = false;970CipherSuite cs;971if ((cs = cipherSuiteNames.get(name)) != null972&& !cs.supportedProtocols.isEmpty()) {973cipherSuites.add(cs);974found = true;975}976if (!found) {977throw new IllegalArgumentException(978"Unsupported CipherSuite: " + name);979}980}981982return Collections.unmodifiableList(cipherSuites);983}984985static String[] namesOf(List<CipherSuite> cipherSuites) {986String[] names = new String[cipherSuites.size()];987int i = 0;988for (CipherSuite cipherSuite : cipherSuites) {989names[i++] = cipherSuite.name;990}991992return names;993}994995boolean isAvailable() {996// Note: keyExchange is null for TLS 1.3 CipherSuites.997return !supportedProtocols.isEmpty() &&998(keyExchange == null || keyExchange.isAvailable()) &&999bulkCipher != null && bulkCipher.isAvailable();1000}10011002public boolean supports(ProtocolVersion protocolVersion) {1003return supportedProtocols.contains(protocolVersion);1004}10051006boolean isNegotiable() {1007return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable();1008}10091010boolean isAnonymous() {1011return (keyExchange != null && keyExchange.isAnonymous);1012}10131014// See also SSLWriteCipher.calculatePacketSize().1015int calculatePacketSize(int fragmentSize,1016ProtocolVersion protocolVersion, boolean isDTLS) {1017int packetSize = fragmentSize;1018if (bulkCipher != null && bulkCipher != B_NULL) {1019int blockSize = bulkCipher.ivSize;1020switch (bulkCipher.cipherType) {1021case BLOCK_CIPHER:1022packetSize += macAlg.size;1023packetSize += 1; // 1 byte padding length field1024packetSize += // use the minimal padding1025(blockSize - (packetSize % blockSize)) % blockSize;1026if (protocolVersion.useTLS11PlusSpec()) {1027packetSize += blockSize; // explicit IV1028}10291030break;1031case AEAD_CIPHER:1032if (protocolVersion == ProtocolVersion.TLS12 ||1033protocolVersion == ProtocolVersion.DTLS12) {1034packetSize +=1035bulkCipher.ivSize - bulkCipher.fixedIvSize;1036}1037packetSize += bulkCipher.tagSize;10381039break;1040default: // NULL_CIPHER or STREAM_CIPHER1041packetSize += macAlg.size;1042}1043}10441045return packetSize +1046(isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);1047}10481049// See also CipherBox.calculateFragmentSize().1050int calculateFragSize(int packetLimit,1051ProtocolVersion protocolVersion, boolean isDTLS) {1052int fragSize = packetLimit -1053(isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize);1054if (bulkCipher != null && bulkCipher != B_NULL) {1055int blockSize = bulkCipher.ivSize;1056switch (bulkCipher.cipherType) {1057case BLOCK_CIPHER:1058if (protocolVersion.useTLS11PlusSpec()) {1059fragSize -= blockSize; // explicit IV1060}1061fragSize -= (fragSize % blockSize); // cannot hold a block1062// No padding for a maximum fragment.1063fragSize -= 1; // 1 byte padding length field: 0x001064fragSize -= macAlg.size;10651066break;1067case AEAD_CIPHER:1068fragSize -= bulkCipher.tagSize;1069fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize;10701071break;1072default: // NULL_CIPHER or STREAM_CIPHER1073fragSize -= macAlg.size;1074}1075}10761077return fragSize;1078}10791080/**1081* An SSL/TLS key exchange algorithm.1082*/1083static enum KeyExchange {1084K_NULL ("NULL", false, true, NAMED_GROUP_NONE),1085K_RSA ("RSA", true, false, NAMED_GROUP_NONE),1086K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE),1087K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE),1088K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE),1089K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE),1090K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE),1091K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE),1092K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE),1093K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE),1094K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE),10951096// These KeyExchanges can use either ECDHE/XDH, so we'll use a1097// varargs here.1098K_ECDH_ECDSA ("ECDH_ECDSA", JsseJce.ALLOW_ECC, false,1099NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),1100K_ECDH_RSA ("ECDH_RSA", JsseJce.ALLOW_ECC, false,1101NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),1102K_ECDHE_ECDSA ("ECDHE_ECDSA", JsseJce.ALLOW_ECC, false,1103NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),1104K_ECDHE_RSA ("ECDHE_RSA", JsseJce.ALLOW_ECC, false,1105NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),1106K_ECDH_ANON ("ECDH_anon", JsseJce.ALLOW_ECC, true,1107NAMED_GROUP_ECDHE, NAMED_GROUP_XDH),11081109// renegotiation protection request signaling cipher suite1110K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE);11111112// name of the key exchange algorithm, e.g. DHE_DSS1113final String name;1114final boolean allowed;1115final NamedGroupSpec[] groupTypes;1116private final boolean alwaysAvailable;1117private final boolean isAnonymous;11181119KeyExchange(String name, boolean allowed,1120boolean isAnonymous, NamedGroupSpec... groupTypes) {1121this.name = name;1122this.groupTypes = groupTypes;1123this.allowed = allowed;11241125this.alwaysAvailable = allowed && (!name.startsWith("EC"));1126this.isAnonymous = isAnonymous;1127}11281129boolean isAvailable() {1130if (alwaysAvailable) {1131return true;1132}11331134if (NamedGroupSpec.arrayContains(groupTypes,1135NamedGroupSpec.NAMED_GROUP_ECDHE)) {1136return (allowed && JsseJce.isEcAvailable());1137} else {1138return allowed;1139}1140}11411142@Override1143public String toString() {1144return name;1145}1146}11471148/**1149* An SSL/TLS key MAC algorithm.1150*1151* Also contains a factory method to obtain an initialized MAC1152* for this algorithm.1153*/1154static enum MacAlg {1155M_NULL ("NULL", 0, 0, 0),1156M_MD5 ("MD5", 16, 64, 9),1157M_SHA ("SHA", 20, 64, 9),1158M_SHA256 ("SHA256", 32, 64, 9),1159M_SHA384 ("SHA384", 48, 128, 17);11601161// descriptive name, e.g. MD51162final String name;11631164// size of the MAC value (and MAC key) in bytes1165final int size;11661167// block size of the underlying hash algorithm1168final int hashBlockSize;11691170// minimal padding size of the underlying hash algorithm1171final int minimalPaddingSize;11721173MacAlg(String name, int size,1174int hashBlockSize, int minimalPaddingSize) {1175this.name = name;1176this.size = size;1177this.hashBlockSize = hashBlockSize;1178this.minimalPaddingSize = minimalPaddingSize;1179}11801181@Override1182public String toString() {1183return name;1184}1185}11861187/**1188* The hash algorithms used for PRF (PseudoRandom Function) or HKDF.1189*1190* Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for1191* generating the necessary material.1192*/1193static enum HashAlg {1194H_NONE ("NONE", 0, 0),1195H_SHA256 ("SHA-256", 32, 64),1196H_SHA384 ("SHA-384", 48, 128);11971198final String name;1199final int hashLength;1200final int blockSize;12011202HashAlg(String hashAlg, int hashLength, int blockSize) {1203this.name = hashAlg;1204this.hashLength = hashLength;1205this.blockSize = blockSize;1206}12071208@Override1209public String toString() {1210return name;1211}1212}1213}121412151216