/src/mozilla-central/security/nss/lib/ssl/sslenum.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Table enumerating all implemented cipher suites |
3 | | * Part of public API. |
4 | | * |
5 | | * This Source Code Form is subject to the terms of the Mozilla Public |
6 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | | |
9 | | #include "ssl.h" |
10 | | #include "sslproto.h" |
11 | | |
12 | | /* |
13 | | * The ordering of cipher suites in this table must match the ordering in |
14 | | * the cipherSuites table in ssl3con.c. |
15 | | * |
16 | | * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays |
17 | | * in ssl3ecc.c. |
18 | | * |
19 | | * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. |
20 | | * |
21 | | * The ordering is as follows: |
22 | | * * No-encryption cipher suites last |
23 | | * * Export/weak/obsolete cipher suites before no-encryption cipher suites |
24 | | * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA. |
25 | | * * Within key agreement sections, prefer AEAD over non-AEAD cipher suites. |
26 | | * * Within AEAD sections, order by symmetric encryption algorithm which |
27 | | * integrates message authentication algorithm: AES-128-GCM, then |
28 | | * ChaCha20-Poly1305, then AES-256-GCM, |
29 | | * * Within non-AEAD sections, order by symmetric encryption algorithm: |
30 | | * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED, |
31 | | * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a |
32 | | * strong cipher internationally, and is often hardware-accelerated. |
33 | | * Camellia also has wide international support across standards |
34 | | * organizations. SEED is only recommended by the Korean government. 3DES |
35 | | * only provides 112 bits of security. RC4 is now deprecated or forbidden |
36 | | * by many standards organizations. |
37 | | * * Within non-AEAD symmetric algorithm sections, order by message |
38 | | * authentication algorithm: HMAC-SHA256, then HMAC-SHA384, then HMAC-SHA1, |
39 | | * then HMAC-MD5. |
40 | | * * Within symmetric algorithm sections, order by message authentication |
41 | | * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. |
42 | | * * Within message authentication algorithm sections, order by asymmetric |
43 | | * signature algorithm: ECDSA, then RSA, then DSS. |
44 | | * * As a special case, the PSK ciphers, which are only enabled when |
45 | | * TLS 1.3 PSK-resumption is in use, come first. |
46 | | * |
47 | | * Exception: Because some servers ignore the high-order byte of the cipher |
48 | | * suite ID, we must be careful about adding cipher suites with IDs larger |
49 | | * than 0x00ff; see bug 946147. For these broken servers, the first three |
50 | | * cipher suites, with the MSB zeroed, look like: |
51 | | * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } |
52 | | * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } |
53 | | * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } |
54 | | * The broken server only supports the third and fourth ones and will select |
55 | | * the third one. |
56 | | */ |
57 | | const PRUint16 SSL_ImplementedCiphers[] = { |
58 | | TLS_AES_128_GCM_SHA256, |
59 | | TLS_CHACHA20_POLY1305_SHA256, |
60 | | TLS_AES_256_GCM_SHA384, |
61 | | |
62 | | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
63 | | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
64 | | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, |
65 | | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
66 | | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
67 | | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
68 | | /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before |
69 | | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. |
70 | | */ |
71 | | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
72 | | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
73 | | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
74 | | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
75 | | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
76 | | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
77 | | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, |
78 | | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, |
79 | | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, |
80 | | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
81 | | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
82 | | TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
83 | | |
84 | | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
85 | | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
86 | | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, |
87 | | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, |
88 | | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, |
89 | | TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
90 | | TLS_DHE_DSS_WITH_AES_128_CBC_SHA, |
91 | | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
92 | | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, |
93 | | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
94 | | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
95 | | TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
96 | | TLS_DHE_DSS_WITH_AES_256_CBC_SHA, |
97 | | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
98 | | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, |
99 | | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
100 | | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
101 | | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, |
102 | | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, |
103 | | TLS_DHE_DSS_WITH_RC4_128_SHA, |
104 | | |
105 | | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
106 | | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, |
107 | | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
108 | | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, |
109 | | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, |
110 | | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, |
111 | | TLS_ECDH_ECDSA_WITH_RC4_128_SHA, |
112 | | TLS_ECDH_RSA_WITH_RC4_128_SHA, |
113 | | |
114 | | TLS_RSA_WITH_AES_128_GCM_SHA256, |
115 | | TLS_RSA_WITH_AES_256_GCM_SHA384, |
116 | | TLS_RSA_WITH_AES_128_CBC_SHA, |
117 | | TLS_RSA_WITH_AES_128_CBC_SHA256, |
118 | | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, |
119 | | TLS_RSA_WITH_AES_256_CBC_SHA, |
120 | | TLS_RSA_WITH_AES_256_CBC_SHA256, |
121 | | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, |
122 | | TLS_RSA_WITH_SEED_CBC_SHA, |
123 | | TLS_RSA_WITH_3DES_EDE_CBC_SHA, |
124 | | TLS_RSA_WITH_RC4_128_SHA, |
125 | | TLS_RSA_WITH_RC4_128_MD5, |
126 | | |
127 | | /* 56-bit DES "domestic" cipher suites */ |
128 | | TLS_DHE_RSA_WITH_DES_CBC_SHA, |
129 | | TLS_DHE_DSS_WITH_DES_CBC_SHA, |
130 | | TLS_RSA_WITH_DES_CBC_SHA, |
131 | | |
132 | | /* ciphersuites with no encryption */ |
133 | | TLS_ECDHE_ECDSA_WITH_NULL_SHA, |
134 | | TLS_ECDHE_RSA_WITH_NULL_SHA, |
135 | | TLS_ECDH_RSA_WITH_NULL_SHA, |
136 | | TLS_ECDH_ECDSA_WITH_NULL_SHA, |
137 | | TLS_RSA_WITH_NULL_SHA, |
138 | | TLS_RSA_WITH_NULL_SHA256, |
139 | | TLS_RSA_WITH_NULL_MD5, |
140 | | |
141 | | 0 |
142 | | }; |
143 | | |
144 | | const PRUint16 SSL_NumImplementedCiphers = |
145 | | (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; |
146 | | |
147 | | const PRUint16* |
148 | | SSL_GetImplementedCiphers(void) |
149 | 0 | { |
150 | 0 | return SSL_ImplementedCiphers; |
151 | 0 | } |
152 | | |
153 | | PRUint16 |
154 | | SSL_GetNumImplementedCiphers(void) |
155 | 0 | { |
156 | 0 | return SSL_NumImplementedCiphers; |
157 | 0 | } |