Home | History | Annotate | Download | only in conscrypt 
      1 Conscrypt's Capabilities
      2 ========================================
      3 
      4 Conscrypt is relatively selective in choosing the set of primitives to provide, focusing
      5 on the most important and widely-used algorithms.  Following is a list of JCA algorithm names
      6 and other identifiers that are supported by Conscrypt.
      7 
      8 ## TLS
      9 
     10 ### Protocol Versions
     11 
     12 * `SSLv3` (ignored)
     13 * `TLSv1`
     14 * `TLSv1.1`
     15 * `TLSv1.2`
     16 * `TLSv1.3`
     17 
     18 Conscrypt supports TLS v1.0-1.3.  For backwards compatibility it will accept
     19 `SSLv3` in calls to methods like
     20 [`setEnabledProtocols()`](https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLSocket.html#setEnabledProtocols-java.lang.String:A-)
     21 but will ignore it.
     22 
     23 ### SSLContext
     24 
     25 * `Default`
     26 * `SSL`
     27 * `TLS`
     28 * `TLSv1`
     29 * `TLSv1.1`
     30 * `TLSv1.2`
     31 * `TLSv1.3`
     32 
     33 Conscrypt provides the above set of SSLContext algorithm names for JSSE
     34 purposes, including the special value `Default`, which is used to determine the
     35 value of
     36 [`SSLContext.getDefault()`](https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLContext.html#getDefault--).
     37 The `Default`, `SSL`, `TLS`, and `TLSv1.3` values return a context where TLS
     38 v1.0-1.3 are all enabled; the others return a context with TLS v1.0-1.2 enabled.
     39 
     40 ### Cipher Suites
     41 
     42 #### Enabled
     43 * TLS 1.0-1.2
     44   * `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`
     45   * `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
     46   * `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`
     47   * `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
     48   * `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`
     49   * `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`
     50   * `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
     51   * `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`
     52   * `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
     53   * `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`
     54   * `TLS_RSA_WITH_AES_128_CBC_SHA`
     55   * `TLS_RSA_WITH_AES_128_GCM_SHA256`
     56   * `TLS_RSA_WITH_AES_256_CBC_SHA`
     57   * `TLS_RSA_WITH_AES_256_GCM_SHA384`
     58 * TLS 1.3
     59   * `TLS_AES_128_GCM_SHA256`
     60   * `TLS_AES_256_GCM_SHA384`
     61   * `TLS_CHACHA20_POLY1305_SHA256`
     62 
     63 The above cipher suites are enabled by default when the associated version of
     64 the protocol is enabled.  The TLS 1.3 cipher suites cannot be customized; they
     65 are always enabled when TLS 1.3 is enabled, and any attempt to disable them via
     66 a call to
     67 [`setEnabledCipherSuites()`](https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites-java.lang.String:A-)
     68 is ignored.
     69 
     70 #### Supported But Not Enabled
     71 * TLS 1.0-1.2
     72   * `SSL_RSA_WITH_3DES_EDE_CBC_SHA`
     73   * `TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA`
     74   * `TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA`
     75   * `TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256`
     76   * `TLS_PSK_WITH_AES_128_CBC_SHA`
     77   * `TLS_PSK_WITH_AES_256_CBC_SHA`
     78 
     79 The above cipher suites are supported, but not enabled by default.  TLS 1.3
     80 cipher suites cannot be customized, so there are no cipher suites that are
     81 supported but not enabled.
     82 
     83 ## Cryptography
     84 
     85 ### Cipher
     86 
     87 * `AES/CBC/NoPadding`
     88 * `AES/CBC/PKCS5Padding`
     89 * `AES/CTR/NoPadding`
     90 * `AES/ECB/NoPadding`
     91 * `AES/ECB/PKCS5Padding`
     92 
     93 AES with 128, 192, or 256-bit keys.
     94 
     95 * `AES/GCM/NoPadding`
     96 
     97 AES/GCM with 128 or 256-bit keys.
     98 
     99 * `AES_128/CBC/NoPadding`
    100 * `AES_128/CBC/PKCS5Padding`
    101 * `AES_128/ECB/NoPadding`
    102 * `AES_128/ECB/PKCS5Padding`
    103 * `AES_128/GCM/NoPadding`
    104 * `AES_256/CBC/NoPadding`
    105 * `AES_256/CBC/PKCS5Padding`
    106 * `AES_256/ECB/NoPadding`
    107 * `AES_256/ECB/PKCS5Padding`
    108 * `AES_256/GCM/NoPadding`
    109 
    110 Key-restricted versions of the AES ciphers.
    111 
    112 * `ARC4`
    113 
    114 The RC4 stream cipher.
    115 
    116 * `ChaCha20/NONE/NoPadding`
    117 * `ChaCha20/Poly1305/NoPadding`
    118 
    119 ChaCha with 20 rounds, 96-bit nonce, and 32-bit counter as described in
    120 [RFC 7539](https://tools.ietf.org/html/rfc7539), either with or without a Poly1305 AEAD
    121 authenticator.
    122 
    123 * `DESEDE/CBC/NoPadding`
    124 * `DESEDE/CBC/PKCS5Padding`
    125 
    126 Triple DES with either two or three intermediate keys.
    127 
    128 * `RSA/ECB/NoPadding`
    129 * `RSA/ECB/OAEPPadding`
    130 * `RSA/ECB/OAEPWithSHA-1AndMGF1Padding`
    131 * `RSA/ECB/OAEPWithSHA-224AndMGF1Padding`
    132 * `RSA/ECB/OAEPWithSHA-256AndMGF1Padding`
    133 * `RSA/ECB/OAEPWithSHA-384AndMGF1Padding`
    134 * `RSA/ECB/OAEPWithSHA-512AndMGF1Padding`
    135 * `RSA/ECB/PKCS1Padding`
    136 
    137 Conscrypt's OAEP ciphers (eg, `RSA/ECB/OAEPWithSHA-256AndMGF1Padding`) use the named digest for
    138 both the main digest and the MGF1 digest.  This differs from the behavior of some other
    139 providers, including the ones bundled with OpenJDK, which always use SHA-1 for the MGF1 digest.
    140 For maximum compatibility, you should use `RSA/ECB/OAEPPadding` and initialize it with an
    141 [`OAEPParameterSpec`](https://docs.oracle.com/javase/9/docs/api/javax/crypto/spec/OAEPParameterSpec.html).
    142 
    143 ### AlgorithmParameters
    144 * `AES`
    145 * `ChaCha20`
    146 * `DESEDE`
    147 * `EC`
    148 * `GCM`
    149 * `OAEP`
    150 * `PSS`
    151 
    152 Conscrypt's EC AlgorithmParameters implementation only supports named curves.
    153 
    154 ### CertificateFactory
    155 * `X509`
    156 
    157 ### KeyAgreement
    158 * `ECDH`
    159 
    160 ### KeyFactory
    161 * `EC`
    162 * `RSA`
    163 
    164 ### KeyGenerator
    165 * `AES`
    166 * `ARC4`
    167 * `ChaCha20`
    168 * `DESEDE`
    169 * `HmacMD5`
    170 * `HmacSHA1`
    171 * `HmacSHA224`
    172 * `HmacSHA256`
    173 * `HmacSHA384`
    174 * `HmacSHA512`
    175 
    176 ### KeyPairGenerator
    177 * `EC`
    178 * `RSA`
    179 
    180 ### Mac
    181 * `HmacMD5`
    182 * `HmacSHA1`
    183 * `HmacSHA224`
    184 * `HmacSHA256`
    185 * `HmacSHA384`
    186 * `HmacSHA512`
    187 
    188 ### MessageDigest
    189 * `MD5`
    190 * `SHA-1`
    191 * `SHA-224`
    192 * `SHA-256`
    193 * `SHA-384`
    194 * `SHA-512`
    195 
    196 ### SecretKeyFactory
    197 * `DESEDE`
    198 
    199 ### SecureRandom
    200 * `SHA1PRNG`
    201 
    202 ### Signature
    203 * `MD5withRSA`
    204 * `NONEwithECDSA`
    205 * `NONEwithRSA`
    206 * `SHA1withRSA`
    207 * `SHA1withECDSA`
    208 * `SHA1withRSA/PSS`
    209 * `SHA224withRSA`
    210 * `SHA224withECDSA`
    211 * `SHA224withRSA/PSS`
    212 * `SHA256withRSA`
    213 * `SHA256withECDSA`
    214 * `SHA256withRSA/PSS`
    215 * `SHA384withRSA`
    216 * `SHA384withECDSA`
    217 * `SHA384withRSA/PSS`
    218 * `SHA512withRSA`
    219 * `SHA512withECDSA`
    220 * `SHA512withRSA/PSS`
    221 
    222 ### Elliptic Curves
    223 
    224 Conscrypt supports the following curves:
    225 
    226 * secp224r1
    227 * prime256v1 (aka secp256r1)
    228 * secp384r1
    229 * secp521r1
    230