Home | History | Annotate | Download | only in ssl
      1 /*
      2  * Table enumerating all implemented cipher suites
      3  * Part of public API.
      4  *
      5  * This Source Code Form is subject to the terms of the Mozilla Public
      6  * License, v. 2.0. If a copy of the MPL was not distributed with this
      7  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      8 
      9 #include "ssl.h"
     10 #include "sslproto.h"
     11 
     12 /*
     13  * The ciphers are listed in the following order:
     14  * - stronger ciphers before weaker ciphers
     15  * - national ciphers before international ciphers
     16  * - faster ciphers before slower ciphers
     17  *
     18  * National ciphers such as Camellia are listed before international ciphers
     19  * such as AES and RC4 to allow servers that prefer Camellia to negotiate
     20  * Camellia without having to disable AES and RC4, which are needed for
     21  * interoperability with clients that don't yet implement Camellia.
     22  *
     23  * The ordering of cipher suites in this table must match the ordering in
     24  * the cipherSuites table in ssl3con.c.
     25  *
     26  * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
     27  * in ssl3ecc.c.
     28  *
     29  * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h.
     30  */
     31 const PRUint16 SSL_ImplementedCiphers[] = {
     32     /* 256-bit */
     33 #ifdef NSS_ENABLE_ECC
     34     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     35     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
     36 #endif /* NSS_ENABLE_ECC */
     37     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     38     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
     39     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
     40     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     41     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
     42 #ifdef NSS_ENABLE_ECC
     43     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
     44     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
     45 #endif /* NSS_ENABLE_ECC */
     46     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     47     TLS_RSA_WITH_AES_256_CBC_SHA,
     48     TLS_RSA_WITH_AES_256_CBC_SHA256,
     49 
     50     /* 128-bit */
     51 #ifdef NSS_ENABLE_ECC
     52     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     53     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     54     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
     55     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
     56     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     57     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
     58 #endif /* NSS_ENABLE_ECC */
     59     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     60     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     61     TLS_DHE_DSS_WITH_RC4_128_SHA,
     62     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
     63     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     64     TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
     65 #ifdef NSS_ENABLE_ECC
     66     TLS_ECDH_RSA_WITH_RC4_128_SHA,
     67     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
     68     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
     69     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
     70 #endif /* NSS_ENABLE_ECC */
     71     TLS_RSA_WITH_SEED_CBC_SHA,
     72     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
     73     SSL_RSA_WITH_RC4_128_SHA,
     74     SSL_RSA_WITH_RC4_128_MD5,
     75     TLS_RSA_WITH_AES_128_CBC_SHA,
     76     TLS_RSA_WITH_AES_128_CBC_SHA256,
     77 
     78     /* 112-bit 3DES */
     79 #ifdef NSS_ENABLE_ECC
     80     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
     81     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
     82 #endif /* NSS_ENABLE_ECC */
     83     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
     84     SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
     85 #ifdef NSS_ENABLE_ECC
     86     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
     87     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
     88 #endif /* NSS_ENABLE_ECC */
     89     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
     90     SSL_RSA_WITH_3DES_EDE_CBC_SHA,
     91 
     92     /* 56-bit DES "domestic" cipher suites */
     93     SSL_DHE_RSA_WITH_DES_CBC_SHA,
     94     SSL_DHE_DSS_WITH_DES_CBC_SHA,
     95     SSL_RSA_FIPS_WITH_DES_CBC_SHA,
     96     SSL_RSA_WITH_DES_CBC_SHA,
     97 
     98     /* export ciphersuites with 1024-bit public key exchange keys */
     99     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
    100     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
    101 
    102     /* export ciphersuites with 512-bit public key exchange keys */
    103     SSL_RSA_EXPORT_WITH_RC4_40_MD5,
    104     SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
    105 
    106     /* ciphersuites with no encryption */
    107 #ifdef NSS_ENABLE_ECC
    108     TLS_ECDHE_ECDSA_WITH_NULL_SHA,
    109     TLS_ECDHE_RSA_WITH_NULL_SHA,
    110     TLS_ECDH_RSA_WITH_NULL_SHA,
    111     TLS_ECDH_ECDSA_WITH_NULL_SHA,
    112 #endif /* NSS_ENABLE_ECC */
    113     SSL_RSA_WITH_NULL_SHA,
    114     TLS_RSA_WITH_NULL_SHA256,
    115     SSL_RSA_WITH_NULL_MD5,
    116 
    117     /* SSL2 cipher suites. */
    118     SSL_EN_RC4_128_WITH_MD5,
    119     SSL_EN_RC2_128_CBC_WITH_MD5,
    120     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,  /* actually 112, not 192 */
    121     SSL_EN_DES_64_CBC_WITH_MD5,
    122     SSL_EN_RC4_128_EXPORT40_WITH_MD5,
    123     SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,
    124 
    125     0
    126 
    127 };
    128 
    129 const PRUint16 SSL_NumImplementedCiphers =
    130     (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
    131 
    132 const PRUint16 *
    133 SSL_GetImplementedCiphers(void)
    134 {
    135     return SSL_ImplementedCiphers;
    136 }
    137 
    138 PRUint16
    139 SSL_GetNumImplementedCiphers(void)
    140 {
    141     return SSL_NumImplementedCiphers;
    142 }
    143