1 /* 2 * Table enumerating all implemented cipher suites 3 * Part of public API. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9 #include "ssl.h" 10 #include "sslproto.h" 11 12 /* 13 * The ciphers are listed in the following order: 14 * - stronger ciphers before weaker ciphers 15 * - national ciphers before international ciphers 16 * - faster ciphers before slower ciphers 17 * 18 * National ciphers such as Camellia are listed before international ciphers 19 * such as AES and RC4 to allow servers that prefer Camellia to negotiate 20 * Camellia without having to disable AES and RC4, which are needed for 21 * interoperability with clients that don't yet implement Camellia. 22 * 23 * The ordering of cipher suites in this table must match the ordering in 24 * the cipherSuites table in ssl3con.c. 25 * 26 * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays 27 * in ssl3ecc.c. 28 * 29 * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. 30 */ 31 const PRUint16 SSL_ImplementedCiphers[] = { 32 /* 256-bit */ 33 #ifdef NSS_ENABLE_ECC 34 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 35 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 36 #endif /* NSS_ENABLE_ECC */ 37 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 38 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 40 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 41 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 42 #ifdef NSS_ENABLE_ECC 43 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 44 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 45 #endif /* NSS_ENABLE_ECC */ 46 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 47 TLS_RSA_WITH_AES_256_CBC_SHA, 48 TLS_RSA_WITH_AES_256_CBC_SHA256, 49 50 /* 128-bit */ 51 #ifdef NSS_ENABLE_ECC 52 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 53 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 54 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 55 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 56 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 57 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 58 #endif /* NSS_ENABLE_ECC */ 59 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 60 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 61 TLS_DHE_DSS_WITH_RC4_128_SHA, 62 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 63 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 64 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 65 #ifdef NSS_ENABLE_ECC 66 TLS_ECDH_RSA_WITH_RC4_128_SHA, 67 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 68 TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 69 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 70 #endif /* NSS_ENABLE_ECC */ 71 TLS_RSA_WITH_SEED_CBC_SHA, 72 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 73 SSL_RSA_WITH_RC4_128_SHA, 74 SSL_RSA_WITH_RC4_128_MD5, 75 TLS_RSA_WITH_AES_128_CBC_SHA, 76 TLS_RSA_WITH_AES_128_CBC_SHA256, 77 78 /* 112-bit 3DES */ 79 #ifdef NSS_ENABLE_ECC 80 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 81 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 82 #endif /* NSS_ENABLE_ECC */ 83 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 84 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 85 #ifdef NSS_ENABLE_ECC 86 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 87 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 88 #endif /* NSS_ENABLE_ECC */ 89 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, 90 SSL_RSA_WITH_3DES_EDE_CBC_SHA, 91 92 /* 56-bit DES "domestic" cipher suites */ 93 SSL_DHE_RSA_WITH_DES_CBC_SHA, 94 SSL_DHE_DSS_WITH_DES_CBC_SHA, 95 SSL_RSA_FIPS_WITH_DES_CBC_SHA, 96 SSL_RSA_WITH_DES_CBC_SHA, 97 98 /* export ciphersuites with 1024-bit public key exchange keys */ 99 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 100 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 101 102 /* export ciphersuites with 512-bit public key exchange keys */ 103 SSL_RSA_EXPORT_WITH_RC4_40_MD5, 104 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 105 106 /* ciphersuites with no encryption */ 107 #ifdef NSS_ENABLE_ECC 108 TLS_ECDHE_ECDSA_WITH_NULL_SHA, 109 TLS_ECDHE_RSA_WITH_NULL_SHA, 110 TLS_ECDH_RSA_WITH_NULL_SHA, 111 TLS_ECDH_ECDSA_WITH_NULL_SHA, 112 #endif /* NSS_ENABLE_ECC */ 113 SSL_RSA_WITH_NULL_SHA, 114 TLS_RSA_WITH_NULL_SHA256, 115 SSL_RSA_WITH_NULL_MD5, 116 117 /* SSL2 cipher suites. */ 118 SSL_EN_RC4_128_WITH_MD5, 119 SSL_EN_RC2_128_CBC_WITH_MD5, 120 SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ 121 SSL_EN_DES_64_CBC_WITH_MD5, 122 SSL_EN_RC4_128_EXPORT40_WITH_MD5, 123 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, 124 125 0 126 127 }; 128 129 const PRUint16 SSL_NumImplementedCiphers = 130 (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; 131 132 const PRUint16 * 133 SSL_GetImplementedCiphers(void) 134 { 135 return SSL_ImplementedCiphers; 136 } 137 138 PRUint16 139 SSL_GetNumImplementedCiphers(void) 140 { 141 return SSL_NumImplementedCiphers; 142 } 143