Changes

Jump to: navigation, search

Security/Server Side TLS

77,687 bytes added, 22:00, 28 August 2015
Push version 3.8
<span style="float: right;">[[File:OpSec.png|300px]]</span><table> <tr> <td>__TOC__</td> <td style="vertical-align: top; padding-left: 1em;">The goal of this document is to help operational teams with the configuration of TLS on servers. All Mozilla sites and deployment should follow the recommendations below.
The Operations Security (OpSec) team maintains this document as a reference guide to navigate the TLS landscape. It contains information on TLS protocols, known issues and vulnerabilities, configuration examples and testing tools. Changes are reviewed and merged by the OpSec team, and broadcasted to the various Operational teams.
<table><tr>Updates to this page should be submitted to the [https://github.com/mozilla/server-side-tls source repository on github]. If you are looking for the configuration generator, follow this link:[https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://mozilla.github.io/server-side-tls/ssl-config-generator/]. </td valign="top"><div style="float:left;" class="toclimit-3">__TOC__ </divtr></tdtable><td valign= Recommended configurations ="top">Three configurations are recommended. Pick the right configuration depending on your audience. If you do not need backward compatibility, and are building a service for modern clients only (post FF27), then use the Modern configuration. Otherwise, prefer the Intermediate configuration. Use the Old backward compatible configuration only if your service will be accessed by very old clients, such as Windows XP IE6, or ancient libraries & bots. 
{| class="wikitable"
|-
! VersionConfiguration ! Editor! ChangesOldest compatible client|-| <span style="text-aligncolor: centergreen;" >'''Modern'''</span> | 3| Firefox 27, Chrome 22, IE 11, Opera 14, Safari 7, Android 4.74, Java 8|- | <span style="text-aligncolor: centerorange;" >'''Intermediate'''</span> | ulfr| cleanup version table (marumari)Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, add F5 conf samples (warburtron)Android 2.3, add notes about DHE (rgacogne)Java 7|-| <span style="text-aligncolor: centergray;" >'''Old'''</span> || 3.Windows XP IE6, Java 6| } == <span style="text-aligncolor: centergreen;" | ulfr>'''Modern'''</span> compatibility ==| bump intermediate DHE to 2048For services that don't need backward compatibility, the parameters below provide a higher level of security. This configuration is compatible with Firefox 27, Chrome 22, IE 11, add note about java compatibilityOpera 14 and Safari 7. |* Ciphersuite: '''ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'''| style="text-align* Versions: center;" | 3'''TLSv1.1, TLSv1.52'''* RSA key size: '''2048'''| style="text-align* DH Parameter size: center;" | alm'''2048'''| comment on weakdh vulnerability* Elliptic curves: '''secp256r1, secp384r1, secp521r1''' (at a minimum)|* Certificate signature: '''SHA-256'''| style* HSTS: '''max-age="text-align: center;" | 3.415724800''' | == <span style="text-aligncolor: centerorange;" | ulfr>'''Intermediate'''</span> compatibility (default) ==| added note about session resumptionFor services that don't need compatibility with legacy clients (mostly WinXP), but still need to support a wide range of clients, this configuration is recommended. It is is compatible with Firefox 1, Chrome 1, HSTSIE 7, Opera 5 and HPKPSafari 1.|* Ciphersuite: '''ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-| style="textCBC3-alignSHA: center;" | 3.3| style="textECDHE-ECDSA-DES-CBC3-alignSHA: center;" | ulfr| fix AES128-GCM-SHA256 prio, add POODLE details, update various templates|:AES256-GCM-| style="textSHA384:AES128-alignSHA256: center;" | 3.2| style="textAES256-alignSHA256: center;" | ulfr| Added intermediate compatibility mode, renamed other modes|AES128-| style="textSHA:AES256-alignSHA:AES:CAMELLIA: center;" | 3.1| style="textDES-CBC3-alignSHA: center;" | ulfr| Added non!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-backward compatible ciphersuite|DES-| style="textCBC3-alignSHA: center;" | 3| style="text!EDH-RSA-DES-CBC3-alignSHA: center;" | ulfr!KRB5-DES-CBC3-SHA'''| Remove RC4 for 3DES* Versions: '''TLSv1, fix ordering in openssl 0TLSv1.91, TLSv1.8 2'''* RSA key size: '''2048'''* DH Parameter size: '''2048''' (see [[https:Security//bugzilla.mozilla.org/show_bug.cgi?id=1024430 1024430Server_Side_TLS#DHE_and_Java|DHE and Java]]for details)* Elliptic curves: '''secp256r1, secp384r1, various minor updatessecp521r1''' (at a minimum)|* Certificate signature: '''SHA-256''' | == <span style="text-aligncolor: centergray;" | 2>'''Old'''</span> backward compatibility == This is the old ciphersuite that works with all clients back to Windows XP/IE6.5It should be used as a last resort only.1| style="text* Ciphersuite: '''ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-alignSHA: center;" | ulfr| Revisit ELB capabilities|!KRB5-DES-CBC3-SHA'''| style="text-align* Versions: center;" | '''SSLv3, TLSv1, TLSv1.1, TLSv1.2.5'''| style="text-align* RSA key size: center;" | ulfr| Update ZLB information for OCSP Stapling and ciphersuite'''2048'''* DH Parameter size: '''1024''' (see [[#Pre-defined_DHE_groups|Pre-defined DHE groups]])| style="text-align* Elliptic curves: center;" | 2.4'''secp256r1, secp384r1, secp521r1'''| style="text* Certificate signature: '''SHA-1''' (windows XP pre-sp3 is incompatible with sha-align: center;" | ulfr256) | Moved a couple If your version of aes128 OpenSSL is old, unavailable ciphers will be discarded automatically. Always use the full ciphersuite above aes256 and let OpenSSL pick the ones it supports. The ordering of a ciphersuite is very important because it decides which algorithms are going to be selected in priority. The recommendation above prioritizes algorithms that provide perfect forward secrecy. The listing below shows the list of algorithms returned by this ciphersuite. If you have to pick them manually for your application, make sure you keep this ordering. |Older versions of OpenSSL may not return the full list of algorithms. AES-GCM and some ECDHE are fairly recent, and not present on most versions of OpenSSL shipped with Ubuntu or RHEL. This listing below was obtained from a freshly built OpenSSL.| style<source lang="textbash">$ openssl ciphers -V 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-alignSHA: center;" | 2.3| style="textAES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-alignSHA: center;" !KRB5-DES-CBC3-SHA'| ulfrcolumn -t| Precisions on IE 7/8 AES support 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(thanks to Dobin Rutishauser128) Mac=AEAD|0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD| style0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac="textAEAD0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-align: center;" | SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD| style0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac="textAEAD0x00,0xA3 - DHE-DSS-align: center;" | ulfr| Added IANA/OpenSSL/GnuTLS correspondence table and conversion tool|AES256-| style="textGCM-align: center;" | SHA384 TLSv1.2.1 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD| style="text0x00,0x9F - DHE-RSA-AES256-GCM-align: center;" | ulfr| RC4 vs 3DES discussionSHA384 TLSv1. r2 Kx=DH Au=joes rRSA Enc=tinfoilAESGCM(256) Mac=AEAD|0xC0,0x27 - ECDHE-RSA-| style="textAES128-align: center;" | SHA256 TLSv1.2.0 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256| style="text0xC0,0x23 - ECDHE-ECDSA-AES128-align: center;" | ulfr, kang| Public releaseSHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256|0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1| style0xC0,0x09 - ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac="textSHA10xC0,0x28 - ECDHE-RSA-AES256-align: center;" | 1SHA384 TLSv1.5| style2 Kx=ECDH Au=RSA Enc=AES(256) Mac="text-align: center;" | ulfr, kangSHA384| added details for PFS DHE handshake0xC0, added nginx configuration details; added Apache recommended conf|0x24 - ECDHE-ECDSA-| style="textAES256-align: center;" | 1SHA384 TLSv1.42 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384| style0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac="textSHA10xC0,0x0A - ECDHE-ECDSA-AES256-align: center;" | ulfrSHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1| revised ciphersuite0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1. Prefer 2 Kx=DH Au=RSA Enc=AES before RC4. Prefer (128 before 256. Prefer ) Mac=SHA2560x00,0x33 - DHE before non-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA10x00,0x40 - DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256|0x00,0x6B - DHE-RSA-| style="textAES256-align: center;" | 1SHA256 TLSv1.32 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256| style0x00,0x38 - DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac="textSHA10x00,0x39 - DHE-RSA-AES256-align: center;" | ulfrSHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1| added netscaler example conf0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1|0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1| style0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac="textAEAD0x00,0x9D - AES256-GCM-align: center;" | 1SHA384 TLSv1.2| style Kx=RSA Au=RSA Enc=AESGCM(256) Mac="text-align: center;" | ulfrAEAD| ciphersuite update0x00, bump DHE0x3C -AESGCM above ECDH AES128-RC4SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256|0x00,0x3D -| style="text AES256-align: center;" | 1SHA256 TLSv1.12 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256| style0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac="textSHA10x00,0x35 - AES256-align: center;" | ulfrSHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA10x00, kang| integrated review comments from Infra; SPDY information|0x6A - DHE-DSS-| style="textAES256-align: center;" | 1SHA256 TLSv1.02 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256| style0x00,0x32 - DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac="textSHA10x00,0x0A - DES-CBC3-align: center;" | ulfrSHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1| creation0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1|0x00,0x87 - DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1| colspan0x00,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac="3" | &nbsp;SHA1|0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1| colspan0x00,0x44 - DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc="2" styleCamellia(128) Mac="border-right: none;" | '''Document Status:'''SHA1| style="border0x00,0x41 -left: none; color:green; text CAMELLIA128-align: center;" | '''READY'''|}[[File:OpSec.png|center|300px]]</td></tr></table>SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
Updates to this page should be submitted to the [https:<//github.com/mozilla/server-side-tls source repository on github].>
If you The ciphers are looking for the configuration generator, follow this linkdescribed here: [httpshttp://mozillawww.githubopenssl.ioorg/server-side-tlsdocs/ssl-config-generatorapps/ https://mozilla.github.io/server-side-tls/ssl-config-generator/]ciphers.html
= Recommended configurations Prioritization logic =Three configurations are recommended. Pick the right configuration depending on your audience. If you do not need backward compatibility, and are building a service for modern clients only (post FF27), then use the Modern configuration. Otherwise, prefer the Intermediate configuration. Use the Old backward compatible configuration only if your service will be accessed by very old clients, such as Windows XP IE6, or ancient libraries & bots.
<table><tr># ECDHE+AESGCM ciphers are selected first. These are TLS 1.2 ciphers and not widely supported at the moment. No known attack currently target these ciphers.# [[#Forward_Secrecy|PFS]] ciphersuites are preferred, with ECDHE first, then DHE.# SHA256 signature is preferred to SHA-1 in ciphers and certificates. MD5 is disallowed entirely.<td><div style="float# AES 128 is preferred to AES 256. There has been [http:left;" class="toclimit//www.mail-3">__TOC__</div><archive.com/td><td valign="top">{| class="wikitable"|dev-! Configuration !! Oldest compatible client|tech- | <span style="color:green;">'''Modern'''<crypto@lists.mozilla.org/span> || Firefox 27msg11247.html discussions] on whether AES256 extra security was worth the cost, Chrome 22and the result is far from obvious. At the moment, IE 11AES128 is preferred, Opera 14because it provides good security, Safari 7is really fast, Android 4and seems to be more resistant to timing attacks.4# In the backward compatible ciphersuite, Java 8AES is preferred to 3DES. [[#Attacks_on_TLS|- | <span style="color:orange;">'''Intermediate'''</span> || Firefox BEAST]] attacks on AES are mitigated in TLS 1, Chrome .1and above, IE 7, Opera 5, Safari and difficult to achieve in TLS 1, Windows XP IE8, Android 2.3, Java 7|0. In the non- | <span style="color:gray;">'''Old'''</span> || Windows XP IE6backward compatible ciphersuite, Java 63DES is not present.|}# RC4 is removed entirely. 3DES is used for backward compatibility. See discussion in [[#RC4_weaknesses]]</td></tr></table>== <span style="color:green;">'''Modern'''</span> compatibility Mandatory discards ==For services that don't need backward compatibility, the parameters below provide a higher level of security. This configuration is compatible with Firefox 27, Chrome 22, IE 11, Opera 14 and Safari 7.
* Ciphersuite: '''ECDHEaNULL contains non-RSAauthenticated Diffie-AES128Hellman key exchanges, that are subject to Man-GCMIn-SHA256:ECDHEThe-ECDSAMiddle (MITM) attacks* eNULL contains null-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'''encryption ciphers (cleartext)* Versions: '''TLSv1.1, TLSv1.2'''EXPORT are legacy weak ciphers that were marked as exportable by US law* RSA key size: '''2048'''RC4 contains ciphers that use the deprecated ARCFOUR algorithm* DH Parameter size: '''2048'''DES contains ciphers that use the deprecated Data Encryption Standard* Elliptic curves: '''secp256r1, secp384r1SSLv2 contains all ciphers that were defined in the old version of the SSL standard, secp521r1''' (at a minimum)now deprecated* Certificate signature: '''SHA-256'''* HSTS: '''max-age=15724800'''MD5 contains all the ciphers that use the deprecated message digest 5 as the hashing algorithm
=Forward Secrecy = <span style="color:orange;">'''Intermediate'''</span> compatibility (default) ==For services that don't need compatibility with legacy clients (mostly WinXP), but still need to support a wide range of clients, this configuration is recommended. It is is compatible with Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1.
* CiphersuiteThe concept of forward secrecy is simple: '''ECDHE-client and server negotiate a key that never hits the wire, and is destroyed at the end of the session. The RSAprivate from the server is used to sign a Diffie-AES128Hellman key exchange between the client and the server. The pre-GCMmaster key obtained from the Diffie-SHA256:ECDHEHellman handshake is then used for encryption. Since the pre-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'''* Versions: '''TLSv1master key is specific to a connection between a client and a server, TLSv1.1, TLSv1.2'''* RSA key size: '''2048'''* DH Parameter size: '''2048''' (see [[Security/Server_Side_TLS#DHE_and_Java|DHE and Java]] used only for details)* Elliptic curves: '''secp256r1a limited amount of time, secp384r1, secp521r1''' (at a minimum)* Certificate signature: '''SHA-256'''it is called Ephemeral.
== <span style="color:gray;">With Forward Secrecy, if an attacker gets a hold of the server'''Old'''</span> backward compatibility ==s private key, it will not be able to decrypt past communications. The private key is only used to sign the DH handshake, which does not reveal the pre-master key. Diffie-Hellman ensures that the pre-master keys never leave the client and the server, and cannot be intercepted by a MITM.
This is the old ciphersuite that works with all clients back to Windows XP/IE6. It should be used as a last resort only.== DHE handshake and dhparam ==
* Ciphersuite: '''ECDHEWhen an ephemeral Diffie-RSAHellman cipher is used, the server and the client negotiate a pre-AES128master key using the Diffie-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'''* Versions: '''SSLv3, TLSv1, TLSv1Hellman algorithm. This algorithm requires that the server sends the client a prime number and a generator.1Neither are confidential, TLSv1and are sent in clear text.2'''* RSA key size: '''2048'''* DH Parameter size: '''1024''' (see [[#Pre-defined_DHE_groups|Pre-defined DHE groups]])* Elliptic curves: '''secp256r1However, secp384r1they must be signed, secp521r1'''* Certificate signature: '''SHA-1''' (windows XP pre-sp3 is incompatible with sha-256)such that a MITM cannot hijack the handshake.
If your version of OpenSSL As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow:[[File:Dhe_params.png|frame|server key exchange message as displayed in Wireshark]][[File:Dhe_client_params.png|frame|client key exchange message as displayed in Wireshark]]# Server sends Client a [http://tools.ietf.org/html/rfc5246#section-7.4.3 SERVER KEY EXCHANGE] message during the SSL Handshake. The message contains:## Prime number ''p''## Generator ''g''## Server's Diffie-Hellman public value ''A = g^X mod p'', where ''X'' is olda private integer chosen by the server at random, unavailable ciphers will be discarded automaticallyand never shared with the client. Always use (note: A is called ''pubkey'' in wireshark)## signature ''S'' of the full ciphersuite above (plus two random values) computed using the Server's private RSA key# Client verifies the signature ''S''# Client sends server a [http://tools.ietf.org/html/rfc5246#section-7.4.7 CLIENT KEY EXCHANGE] message. The message contains:## Client's Diffie-Hellman public value ''B = g^Y mod p'', where ''Y'' is a private integer chosen at random and let OpenSSL pick never shared. (note: B is called ''pubkey'' in wireshark)# The Server and the Client can now calculate the ones it supportspre-master secret using each other's public values:## server calculates ''PMS = B^X mod p''## client calculates ''PMS = A^Y mod p''# Client sends a [http://tools.ietf.org/html/rfc5246#section-7.1 CHANGE CIPHER SPEC] message to the server, and both parties continue the handshake using ENCRYPTED HANDSHAKE MESSAGES
The ordering size of a ciphersuite is very important the prime number ''p'' constrains the size of the pre-master key ''PMS'', because it decides of the modulo operation. A smaller prime almost means weaker values of ''A'' and ''B'', which algorithms are going could leak the secret values ''X'' and ''Y''. Thus, the prime ''p'' should not be smaller than the size of the RSA private key.<source lang="bash">$ openssl dhparam 2048Generating DH parameters, 2048 bit long safe prime, generator 2..+..+...............+-----BEGIN DH PARAMETERS-----MBYCEQCHU6UNZoHMF6bPtj21Hn/bAgEC...........-----END DH PARAMETERS-----</source> == Pre-defined DHE groups ==In order to be selected lower the burden of system administrators, several servers provide pre-computed DH groups. Unfortunately, the [https://weakdh.org/ logjam] report showed that it is very likely that a state-level adversary may have broken the most widely used 1024-bit DH group, Oakley group 2, standardized in priority[https://tools.ietf.org/html/rfc2409#section-6.2 rfc2409]]. The recommendation above prioritizes algorithms that provide perfect forward secrecy For this reason, the use of this group is considered unsafe and you should either:* use a larger group, with a minimum size of 2048-bit, as recommended in the intermediate and modern configurations ;* keep using a 1024-bit DH group if you need to (see [[#DHE_and_Java]]), but move away from Oakley group 2 and use a custom DH group instead, generated via the openssl dhparam 1024 command ;* disable DHE altogether, relying on ECDHE for PFS if you don't support legacy clients lacking ECDHE support (see [[#DHE_and_ECDHE_support]]).
The listing below shows It is currently assumed that standardized 2048 bits DH groups provide sufficient security to resist factorization attacks. However, the list careful administrator should generate a random DH group instead of algorithms returned using a standardized one when setting up a new server, as advised by this ciphersuitethe [https://weakdh. If you have to pick them manually for your application, make sure you keep this orderingorg|logjam] authors.
Older versions of OpenSSL may not return == DHE and ECDHE support ==Most modern clients that support both ECDHE and DHE typically prefer the full list of algorithmsformer, because ECDHE provides faster handshakes than DHE ([http://vincent. AESbernat.im/en/blog/2011-GCM and some ECDHE are fairly recentssl-perfect-forward-secrecy.html], and not present on most versions of OpenSSL shipped with Ubuntu or RHEL[http://nmav.gnutls.org/2011/12/price-to-pay-for-perfect-forward. This listing below was obtained from a freshly built OpenSSLhtml]).
<source lang="bash">$ openssl ciphers -V 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:Unfortunately, some widely used clients lack support for ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:and must then rely on DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHAto provide perfect forward secrecy:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'|column -t0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1* Android < 3.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv10.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD00xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD* Java < 70xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1* OpenSSL < 1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv10.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD00x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD0x00,0xA3 - Note that schannel on Windows XP technically support DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD0xC0but only with DSA keys,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1making it unusable on the internet in practice.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA2560xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA2560xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA EncDHE and Java =AES(128) Mac=SHA10xC0,0x09 Java 6 and 7 do not support Diffie- ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA10xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1Hellman parameters larger than 1024 bits.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA3840xC0If your server expects to receive connections from java 6 clients and wants to enable PFS,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1it must provide a DHE parameter of 1024 bits.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA3840xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA10xC0If keeping the compatibility with Java < 7 is a necessity,0x0A - ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA10x00thus preventing the use of large DH keys,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256three solutions are available:0x00,0x33 - DHE-RSA* using custom 1024-AES128-SHA SSLv3 Kx=bit DH Au=RSA Enc=AES(128) Mac=SHA10x00parameters,0x40 - DHE-DSS-AES128-SHA256 TLSv1.different from Oakley group 2 Kx=;* if the software used does not support custom DH Au=DSS Enc=AES(128) Mac=SHA2560x00parameters,0x6B - DHE-RSA-AES256-SHA256 TLSv1like Apache HTTPd < 2.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA2560x00.30,0x38 it is possible to keep using the 1024- DHE-DSS-AES256-SHA SSLv3 Kx=bit DH Au=DSS Enc=AES(256) Mac=SHA10x00Oakley group 2,0x39 knowing these clients will be at risk from a state- level adversary ;* it is also possible to completely disable DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA10xC0,0x12 - . This means that clients not supporting ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA10xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA10x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=will be reverting to static RSA Enc=AESGCM(128) Mac=AEAD0x00,0x9D - AES256-GCM-SHA384 TLSv1giving up Forward Secrecy.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD0x00,0x3C - AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA2560x00,0x3D - AES256-SHA256 TLSv1The case of Java 7 is a bit different.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA2560x00Java 7 supports ECDHE ciphers,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA10x00so if the server provides ECDHE and prioritizes it before DHE ciphers using server side ordering,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA10x00,0x6A - then Java 7 will use ECDHE and not care about the size of the DHE-DSS-AES256-SHA256 TLSv1parameter.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA2560x00In this situation,0x32 - the server can use 2048 bits DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1parameters for all other clients.0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA10x00However,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA10x00if the server does not support ECDHE,0x87 - then Java 7 will use DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA10x00and fail if the parameter is larger than 1024 bits. When failing,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA10x00the handshake will not attempt to fall back to the next cipher in line,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=but simply fail with the error "java.lang.RuntimeException: Could not generate DH Au=RSA Enc=Camellia(128) Mac=SHA10x00,0x44 - DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA10x00,0x41 - CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1keypair".
</source>{| class="wikitable"|-! Java supported !! ECDHE prioritized !! smallest DH parameter size|- | 6 || irrelevant || 1024|- | 7 || NO || 1024The ciphers are described here: http://www.openssl.org/docs/apps/ciphers.html|- | 7 || YES || 2048= Prioritization logic =|- | 8 || irrelevant || 2048|}
# ECDHE+AESGCM ciphers are selected first. These are TLS 1.2 ciphers and not widely supported at the moment. No known attack currently target these ciphers.
# [[#Forward_Secrecy|PFS]] ciphersuites are preferred, with ECDHE first, then DHE.
# SHA256 signature is preferred to SHA-1 in ciphers and certificates. MD5 is disallowed entirely.
# AES 128 is preferred to AES 256. There has been [[http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html discussions]] on whether AES256 extra security was worth the cost, and the result is far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks.
# In the backward compatible ciphersuite, AES is preferred to 3DES. [[#Attacks_on_TLS|BEAST]] attacks on AES are mitigated in TLS 1.1 and above, and difficult to achieve in TLS 1.0. In the non-backward compatible ciphersuite, 3DES is not present.
# RC4 is removed entirely. 3DES is used for backward compatibility. See discussion in [[#RC4_weaknesses]]
= Mandatory discards OCSP Stapling =When connecting to a server, clients should verify the validity of the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. The problem with CRL is that the lists have grown huge and takes forever to download.
* aNULL contains non-authenticated Diffie-Hellman key exchangesOCSP is much more lightweight, as only one record is retrieved at a time. But the side effect is that are subject OCSP requests must be made to a 3rd party OCSP responder when connecting to Man-a server, which adds latency and potential failures. In-The-Middle (MITM) attacks* eNULL contains null-encryption ciphers (cleartext)* EXPORT fact, the OCSP responders operated by CAs are legacy weak ciphers that were marked as exportable by US law* RC4 contains ciphers that use the deprecated ARCFOUR algorithm* DES contains ciphers that use the deprecated Data Encryption Standard* SSLv2 contains all ciphers often so unreliable that were defined browser will fail silently if no response is received in the old version of the SSL standarda timely manner. This reduces security, now deprecated* MD5 contains all the ciphers that use the deprecated message digest 5 as by allowing an attacker to DoS an OCSP responder to disable the hashing algorithmvalidation.
= Forward Secrecy =The solution is to allow the server to send its cached OCSP record during the TLS handshake, therefore bypassing the OCSP responder. This mechanism saves a roundtrip between the client and the OCSP responder, and is called OCSP Stapling.
The concept of forward secrecy is simple: client and server negotiate will send a key that never hits cached OCSP response only if the wireclient requests it, and is destroyed at the end of the session. The RSA private from the server is used to sign a Diffie-Hellman key exchange between the client and the server. The pre-master key obtained from the Diffie-Hellman handshake is then used by announcing support for encryption. Since the pre-master key is specific to a connection between a client and a server, and used only for a limited amount of time, it is called Ephemeral'''status_request''' TLS extension in its CLIENT HELLO.
With Forward Secrecy, if an attacker gets a hold of the server's private key, it will not be able to decrypt past communications. The private key is only used to sign the DH handshake, which does not reveal the pre-master key. Diffie-Hellman ensures that the pre-master keys never leave the client and the server, and cannot be intercepted by a MITM[[File:OCSP_Stapling.png]]
== DHE handshake and dhparam ==Most servers will cache OCSP response for up to 48 hours. At regular intervals, the server will connect to the OCSP responder of the CA to retrieve a fresh OCSP record. The location of the OCSP responder is taken from the Authority Information Access field of the signed certificate. For example, with StartSSL:
When an ephemeral Diffie-Hellman cipher is used, the server and the client negotiate a <pre>Authority Information Access: OCSP -master key using the Diffie-Hellman algorithmURI:http://ocsp.startssl. This algorithm requires that the com/sub/class1/server sends the client a prime number and a generator. Neither are confidential, and are sent in clear text. However, they must be signed, such that a MITM cannot hijack the handshake./ca</pre>
As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow:[[File:Dhe_params.png|frame|server key exchange message as displayed in Wireshark]][[File:Dhe_client_params.png|frame|client key exchange message as displayed in Wireshark]]# Server sends Client a [[http://tools.ietf.org/html/rfc5246#section-7.4.3 SERVER KEY EXCHANGE]] message during Support for OCSP Stapling can be tested using the SSL Handshake. The message contains:## Prime number ''p''## Generator ''g''## Server's Diffie-Hellman public value ''A = g^X mod p'', where 'status'X'' is a private integer chosen by the server at random, and never shared with the client. (note: A is called ''pubkey'' in wireshark)## signature ''S'' option of the above (plus two random values) computed using the Server's private RSA key# Client verifies the signature ''S''# Client sends server a [[http://tools.ietf.org/html/rfc5246#section-7.4.7 CLIENT KEY EXCHANGE]] message. The message contains:## Client's Diffie-Hellman public value ''B = g^Y mod p'', where ''Y'' is a private integer chosen at random and never shared. (note: B is called ''pubkey'' in wireshark)# The Server and the Client can now calculate the pre-master secret using each other's public values:## server calculates ''PMS = B^X mod p''## OpenSSL client calculates ''PMS = A^Y mod p''# Client sends a [[http://tools.ietf.org/html/rfc5246#section-7.1 CHANGE CIPHER SPEC]] message to the server, and both parties continue the handshake using ENCRYPTED HANDSHAKE MESSAGES
The size of the prime number ''p'' constrains the size of the <pre-master key ''PMS'', because of the modulo operation. A smaller prime almost means weaker values of ''A'' and ''B'', which could leak the secret values ''X'' and ''Y''. Thus, the prime ''p'' should not be smaller than the size of the RSA private key.<source lang="bash">$ openssl dhparam 2048Generating DH parameters, 2048 bit long safe prime, generator 2s_client -connect monitor.mozillalabs.+com:443 -status..+...............+-----BEGIN DH PARAMETERS-----======================================OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP ResponseMBYCEQCHU6UNZoHMF6bPtj21Hn/bAgEC..... Version: 1 (0x0)......-----END DH PARAMETERS-----</sourcepre>
=Session Resumption = Pre-defined DHE groups ==In order to lower the burden of system administrators, several servers provide pre-computed DH groups. Unfortunately, the [[https://weakdh.org|logjam] report showed that it is very likely that a state-level adversary may have broken the most widely used 1024-bit DH group, Oakley group 2, standardized in [[https://tools.ietf.org/html/rfc2409#section-6.2|rfc2409]].
For this reason, Session Resumption is the ability to reuse the use of this group is considered unsafe session secrets previously negotiated between a client and you should either:* use a larger group, with server for a minimum size new TLS connection. This feature greatly increases the speed establishment of 2048-bit, as recommended in TLS connections after the intermediate and modern configurations ;* keep using a 1024-bit DH group if you need to (see [[#DHE_and_Java]])first handshake, but move away from Oakley group 2 and is very useful for connections that use Perfect Forward Secrecy with a custom DH group instead, generated via the openssl dhparam 1024 command ;* disable slow handshake like DHE altogether, relying on ECHDE for PFS if you don't support legacy clients lacking ECDHE support (see [[#DHE_and_ECHDE_support]]).
It is currently assumed that standardized 2048 bits DH groups provide sufficient security to resist factorization attacks. However, the careful administrator should generate a random DH group instead of Session Resumption can be performed using a standardized one when setting up a new server, as advised by the [[httpsof two methods://weakdh.org|logjam]] authors.
== DHE # session identifier: When establishing a first session, the server generates an arbitrary session ID sent to the client. On subsequent connections, the client sends the session ID in the CLIENT HELLO message, indicating to the server it wants to reuse an existing state. If the server can find a corresponding state in its local cache, it reuse the session secrets and skips directly to exchanging encrypted data with the client. If the cache stored on the server is compromised, session keys from the cache can be used to decrypt past and ECDHE support ==future sessions.Most modern # session tickets: Storing a cache on the server might be problematic for systems that handle very large numbers of clients that support both ECDHE and DHE typically prefer . Session tickets provide an alternative where the server sends the former, because ECDHE provides faster handshakes than DHE encrypted state ([[http://vincentticket) to the client instead of storing it in its local cache.bernatThe client can send back the encrypted state to the server in subsequent connections, thus allowing session resumption.im/en/blog/2011-ssl-perfect-forward-secrecyThis method requires symmetric keys on the server to encrypt and decrypt session tickets.html]]If the keys are compromised, [[http://nmav.gnutls.org/2011/12/price-an attacker obtains access to-pay-for-perfect-forward.html]])session keys and can decrypt past and future sessions.
UnfortunatelySession resumption is a very useful performance feature of TLS, some widely used clients lack support for ECDHE but also carries a significant amount of risk. Most servers do not purge sessions or ticket keys, thus increasing the risk that a server compromise would leak data from previous (and must then rely on DHE to provide perfect forward secrecy:* Android < 3.0.0* Java < 7* OpenSSL < 1.0future) connections.0
Note that schannel on Windows XP technically support DHEThe current recommendation for web servers is to enable session resumption and benefit from the performance improvement, but only with DSA to restart servers daily when possible. This ensure that sessions get purged and ticket keys, making it unusable get renewed on the internet in practicea regular basis.
=HSTS: HTTP Strict Transport Security = DHE and Java ==Java 6 and 7 do not support Diffie-Hellman parameters larger than 1024 bits. If your server expects to receive connections from java 6 clients and wants to enable PFS, it must provide a DHE parameter of 1024 bits.
If keeping the compatibility with Java < 7 is a necessity, thus preventing the use of large DH keys, three solutions are available[https:* using custom 1024-bit DH parameters, different from Oakley group 2 ;* if the software used does not support custom DH parameters, like Apache HTTPd < 2//tools.2ietf.30, it org/html/rfc6797 HSTS] is possible a HTTP header sent by a server to keep using a client, indicating that the 1024-bit DH Oakley group 2, knowing these clients will current site must only be at risk from a state-level adversary ;* it accessed over HTTPS until expiration of the HSTS value is also possible to completely disable DHE. This means that clients not supporting ECDHE will be reverting to static RSA, giving up Forward Secrecyreached.
The case of Java 7 header format is a bit different. Java 7 supports ECDHE ciphersvery simple, so if the server provides ECDHE and prioritizes it before DHE ciphers using server side ordering, then Java 7 will use ECDHE and not care about the size composed only of a '''max-age''' parameter that indicates when the DHE parameterdirective should expire. max-age is expressed in seconds. In this situationA typical value is 15724800 seconds, the server can use 2048 bits DHE parameters for all other clientsor 6 months.<pre>Strict-Transport-Security: max-age=15724800</pre>
HoweverHSTS is becoming more and more of a standard, if but should only be used when the server does not support ECDHE, then Java 7 site's operators are confident that HTTPS will use DHE and fail if be available continuously for the parameter is larger than 1024 bitsduration of max-age. When failing, Once the handshake will not attempt to fall back HSTS header is sent to client, HTTPS cannot be disabled on the next cipher in line, but simply fail with site until the error "java.lang.RuntimeException: Could not generate DH keypair"last client has expired its HSTS record.
{| class="wikitable"|-! Java supported !! ECDHE prioritized !! smallest DH parameter size|- | 6 || irrelevant || 1024|- | 7 || NO || 1024|- | 7 || YES || 2048|- | 8 || irrelevant || 2048|}HPKP: Public Key Pinning Extension for HTTP =
See [http://tools.ietf.org/html/rfc7469 RFC7469].
= OCSP Stapling =When connecting HPKP is an '''experimental''' HTTP header sent by a server to a serverclient, clients to indicate that some certificates related to the site should verify be pinned in the validity of client. The client would thus refuse to establish a connection to the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. The problem with CRL is that if the lists have grown huge and takes forever to downloadpining does not comply.
OCSP is much more lightweightDue to its experimental nature, as only one record HPKP is retrieved at a timecurrently '''not''' recommended on production sites. But More informations can be found on the side effect is that OCSP requests must be made to a 3rd party OCSP responder when connecting to a server, which adds latency and potential failures[https://developer. In fact, the OCSP responders operated by CAs are often so unreliable that browser will fail silently if no response is received in a timely mannermozilla. This reduces security, by allowing an attacker to DoS an OCSP responder to disable the validationorg/en-US/docs/Web/Security/Public_Key_Pinning MDN description page].
The solution is to allow the server to send its cached OCSP record during the TLS handshake, therefore bypassing the OCSP responder. This mechanism saves a roundtrip between the client and the OCSP responder, and is called OCSP Stapling.= Recommended Server Configurations =
The server will send Try out our configuration generator to create a cached OCSP response only if the client requests it, by announcing support sample configuration file for various servers. Click the '''status_request''' TLS extension in its CLIENT HELLO.image below:
[[FileImage:OCSP_StaplingServer-side-tls-config-generator.png|link=https://mozilla.github.io/server-side-tls/ssl-config-generator/]]
Most servers will cache OCSP response for up to 48 hours. At regular intervals, the server will connect to the OCSP responder of the CA to retrieve a fresh OCSP record. The location of the OCSP responder is taken from the Authority Information Access field of the signed certificate. For example, with StartSSL:== Nginx ==
<pre>Authority Information Access: Nginx provides OCSP - URI:http://ocspStapling, custom DH parameters, and the full flavor of TLS versions (from OpenSSL).startssl.com/sub/class1/server/ca</pre>
Support for OCSP Stapling can be tested using The detail of each configuration parameter, and how to build a recent Nginx with OpenSSL, is [[#Nginx_configuration_details|at the '''-status''' option end of the OpenSSL clientthis document]].
<pre>
$ openssl s_client -connect monitor.mozillalabs.com:server { listen 443 -statusssl;...====================================== # certs sent to the client in SERVER HELLO are concatenated in ssl_certificateOCSP Response Data: ssl_certificate /path/to/signed_cert_plus_intermediates; OCSP Response Status: successful (0x0)ssl_certificate_key /path/to/private_key; Response Type: Basic OCSP Responsessl_session_timeout 5m; Versionssl_session_cache shared: 1 (0x0)...</pre>SSL:5m;
= Session Resumption = # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /path/to/dhparam.pem;
Session Resumption is the ability # Intermediate configuration. tweak to reuse the session secrets previously negotiated between a client and a server for a new TLS connectionyour needs. ssl_protocols TLSv1 TLSv1. This feature greatly increases the speed establishment of TLS connections after the first handshake, and is very useful for connections that use Perfect Forward Secrecy with a slow handshake like DHE1 TLSv1.2; ssl_ciphers '<paste intermediate ciphersuite here>'; ssl_prefer_server_ciphers on; Session Resumption can be performed using one of two methods: # Enable this if your want HSTS (recommended) # add_header Strict-Transport-Security max-age=15768000; # session identifier: When establishing a first session, the server generates an arbitrary session ID sent to the client. On subsequent connections, the client sends the session ID OCSP Stapling --- # fetch OCSP records from URL in the CLIENT HELLO message, indicating to the server it wants to reuse an existing state. If the server can find a corresponding state in its local cache, it reuse the session secrets ssl_certificate and skips directly to exchanging encrypted data with the client. If the cache stored them ssl_stapling on; ssl_stapling_verify on the server is compromised, session keys from the cache can be used to decrypt past and future sessions.; # session tickets: Storing a cache on the server might be problematic for systems that handle very large numbers # verify chain of trust of clients. Session tickets provide an alternative where the server sends the encrypted state (ticket) OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /path/to the client instead of storing it in its local cache/root_CA_cert_plus_intermediates; resolver <IP DNS resolver>; . The client can send back the encrypted state to the server in subsequent connections, thus allowing session resumption. This method requires symmetric keys on the server to encrypt and decrypt session tickets. If the keys are compromised, an attacker obtains access to session keys and can decrypt past and future sessions.}Session resumption is a very useful performance feature of TLS, but also carries a significant amount of risk. Most servers do not purge sessions or ticket keys, thus increasing the risk that a server compromise would leak data from previous (and future) connections.</pre>
The current recommendation for web servers is to enable session resumption and benefit from the performance improvement== Apache ==Apache supports OCSP Stapling, but to restart servers daily when possibleonly in httpd 2.3. This ensure that sessions get purged 3 and ticket keys get renewed on a regular basislater.
= HSTS: HTTP Strict Transport Security =Before Apache 2.4.7, the DH parameter is always set to 1024 bits and is not user configurable. This has been fixed in mod_ssl 2.4.7 that Red Hat has backported into their RHEL 6 Apache 2.2 distribution with httpd-2.2.15-32.el6. Future versions of Apache will automatically select a better value for the DH parameter.
[[https://tools.ietf.org/html/rfc6797 HSTS]] is a HTTP header sent by a server to a client, indicating that the current site must only be accessed over HTTPS until expiration of the HSTS value is reached.
 
The header format is very simple, composed only of a '''max-age''' parameter that indicates when the directive should expire. max-age is expressed in seconds. A typical value is 15724800 seconds, or 6 months.
<pre>
Strict-Transport-Security<VirtualHost *: max-age=15724800443> ... SSLEngine on< SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key SSLCACertificateFile /path/to/pre>all_ca_certs
HSTS is becoming more and more of a standard # Intermediate configuration, but should only be used when the site's operators are confident that HTTPS will be available continuously for the duration of maxtweak to your needs SSLProtocol all -SSLv2 -age. Once the HSTS header is sent to client, HTTPS cannot be disabled SSLv3 SSLCipherSuite <paste intermediate ciphersuite here> SSLHonorCipherOrder on the site until the last client has expired its HSTS record. = HPKP: Public Key Pinning Extension for HTTP = SSLCompression off
See [[http # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off # On Apache 2.4+, SSLStaplingCache must be set *outside* of the VirtualHost SSLStaplingCache shmcb:/var/run/toolsocsp(128000) # Enable this if your want HSTS (recommended) # Header add Strict-Transport-Security "max-age=15768000" .ietf.org.</htmlVirtualHost># TLS Session cache, outside of virtual host, apache 2.4+# the path doesn't need to existSSLSessionCache shmcb:/rfc7469 RFC7469]].path/to/ssl_gcache_data(5120000)</pre>
HPKP is an '''experimental''' HTTP header sent by a server to a client, to indicate that some certificates related to the site should be pinned in the client. The client would thus refuse to establish a connection to the server if the pining does not comply.== Haproxy ==
Due to its experimental nature, HPKP SSL support in Haproxy is currently '''not''' recommended on production sitesstable in 1. More informations 5. Haproxy supports OCSP Stapling and custom DH parameters size. It can be found on used as a TLS termination in AWS using ELBs and the [PROXY protocol. See [https://developerjve.mozillalinuxwall.orginfo/en-USressources/docstaf/Web/Securityhaproxy-aws/Public_Key_Pinning MDN description page]Guidelines for HAProxy termination in AWS].
= Recommended Server Configurations =<pre>global # set default parameters to the Intermediate configuration tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers <paste intermediate ciphersuite here>
Try out our configuration generator frontend ft_test mode http bind 0.0.0.0:443 ssl no-sslv3 crt /path/to create /<cert+privkey+intermediate+dhparam> # Enable this if your want HSTS (recommended) # rspadd Strict-Transport-Security:\ max-age=15768000</pre><div style="font-family: 'Fira Sans','Trebuchet MS',sans-serif !important; font-size: 140%; font-weight: bold; line-height: 1.6">OCSP Stapling support</div>While HAProxy can serve OCSP stapled responses, it cannot fetch and update OCSP records from the CA automatically. The OCSP response must be downloaded by another process and placed next to the certificate, with a sample configuration '.ocsp' extension.<pre>/etc/haproxy/certs/├── ca.pem├── server_cert.pem├── server_bundle.pem└── server_bundle.pem.ocsp</pre>The file 'server_bundle.pem.ocsp' must be retrieved and updated at regular intervals. A cronjob can be used for various serversthis:<pre>$ openssl ocsp -noverify -issuer /etc/haproxy/certs/ca. Click pem \-cert /etc/haproxy/certs/server_cert.pem \-url http://ocsp.startssl.com/sub/class1/server/ca \-no_nonce -header Host ocsp.startssl.com \-respout /etc/haproxy/certs/server_bundle.pem.ocsp</pre>The URL above is taken from the image belowserver certificate:<pre>$ openssl x509 -in server_cert.pem -text | grep OCSPOCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca</pre>
[[Image:Server-side-tls-config-generator.png|link=https://mozilla.github.io/server-side-tls/ssl-config-generator/]]= Stud ==
Stud is a lightweight SSL termination proxy. It's basically a wrapper for OpenSSL. Stud is not being heavily developed, and features such as OCSP stapling are missing. But it is very lightweight and efficient, and with a recent openssl, supports all the TLS 1.2 ciphers.<pre># SSL x509 certificate file. REQUIRED.# List multiple certs to use SNI. Certs are used in the order they# are listed; the last cert listed will be used if none of the others match## type: stringpem-file ="<concatenate cert + privkey + dhparam>" # SSL protocol.#tls = Nginx onssl =on # List of allowed SSL ciphers.## Run openssl ciphers for list of available ciphers.# type: stringciphers ="<paste intermediate ciphersuite here>" # Enforce server cipher list order## type: booleanprefer-server-ciphers = on</pre>
Nginx provides OCSP Stapling, custom DH parameters, and the full flavor of TLS versions == Amazon Web Services Elastic Load Balancer (from OpenSSLAWS ELB).==
The detail of each configuration parameterELB service supports TLS 1.2 and ciphers ordering, but lacks support for custom DH parameters and how to build a recent Nginx with OpenSSL, is [[#Nginx_configuration_details|at the end of this document]]OCSP Stapling.
<pre>server { listen 443 ssl;The default configuration of ELBs has old settings, that can be customized in the Web Console or via the API. We recommend that you use the [[Security/Server_Side_TLS#elb_ciphers.py]] to enforce the right TLS configuration on an elastic load balancer.
# certs sent to Below is a side-by-side comparison of the client in SERVER HELLO 'intermediate' recommended configuration versus the default ELB configuration. The top ciphers are the same, but SSLv3 and various deprecated ciphers are concatenated in ssl_certificate ssl_certificate /path/to/signed_cert_plus_intermediates; ssl_certificate_key /path/to/private_key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:5m;removed from the intermediate configuration.
<source>= INTERMEDIATE configuration = | = default ELB configuration = |prio ciphersuite protocols pfs_keysize | prio ciphersuite protocols pfs_keysize1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits | 1 # DiffieECDHE-RSA-AES128-GCM-Hellman parameter for DHE ciphersuitesSHA256 TLSv1.2 ECDH,P-256, recommended 2048 bits256bits2 ssl_dhparam /path/to/dhparamECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits | 2 ECDHE-RSA-AES128-SHA256 TLSv1.pem;2 ECDH,P-256,256bits3 # Intermediate configurationECDHE-RSA-AES128-SHA TLSv1,TLSv1. tweak to your needs1,TLSv1.2 ECDH,P-256,256bits | 3 ssl_protocols ECDHE-RSA-AES128-SHA SSLv3,TLSv1 ,TLSv1.1 ,TLSv1.2; ECDH,P-256,256bits4 ssl_ciphers '<paste intermediate ciphersuite here>';ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits | 4 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits5 ssl_prefer_server_ciphers on;ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits | 5 # Enable this if your want HSTS (recommended)ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits6 # add_header StrictECDHE-TransportRSA-Security maxAES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-age=15768000;256,256bits | 6 # OCSP Stapling ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits7 # fetch OCSP records from URL in ssl_certificate and cache themAES128-GCM-SHA256 TLSv1.2 | 7 AES128-GCM-SHA256 TLSv1.28 ssl_stapling on;AES128-SHA256 TLSv1.2 | 8 ssl_stapling_verify on;AES128-SHA256 TLSv1.29 ## verify chain of trust of OCSP response using Root CA and Intermediate certsAES128-SHA TLSv1,TLSv1.1,TLSv1.2 | 9 ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 resolver <IP DNS resolver>;10 AES256-GCM-SHA384 TLSv1.2 | 10 AES256-GCM-SHA384 TLSv1.211 AES256-SHA256 TLSv1.2 | 11 AES256-SHA256 TLSv1.2 12 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 | 12 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2}13 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,1024bits | 13 DHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 DH,1024bits</pre>14 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 | 14 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits15 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,1024bits | 15 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2== Apache ==16 DHE-RSA-AES256-SHA256 TLSv1.2 DH,1024bits |Apache supports OCSP Stapling17 DHE-RSA-AES256-SHA TLSv1,TLSv1.1, but only in httpd TLSv1.2 DH,1024bits | Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature18 CAMELLIA256-SHA TLSv1,TLSv1.31,TLSv1.2 | TLS ticket lifetime hint: 30019 DHE-RSA-AES128-GCM-SHA256 TLSv1.3 and later2 DH,1024bits | OCSP stapling: not supported20 DHE-RSA-AES128-SHA256 TLSv1.2 DH,1024bits | |Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature |TLS ticket lifetime hint: 300 |OCSP stapling: not supported |</source>
Before Apache 2.4.7If you want better control over TLS than ELB provide, the DH parameter another option in AWS is always set to 1024 bits terminate SSL on HAproxy, using the PROXY protocol between ELB and is not user configurable. This has been fixed in mod_ssl 2HAproxy.4https://jve.7 that Red Hat has backported into their RHEL 6 Apache 2linuxwall.2 distribution with httpdinfo/ressources/taf/haproxy-2.2.15-32.el6. Future versions of Apache will automatically select a better value for the DH parameter.aws/
<pre>== Zeus Load Balancer (Riverbed Stingray) ==<VirtualHost *:443> ZLB supports TLS1.2 and OCSP Stapling.It lacks support for Elliptic Curves and AES-GCM. SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key SSLCACertificateFile /path/to/all_ca_certsAs of Riverbed Steelhead 9.6, TLS parameters are configurable per site.
The recommended prioritization is:# Intermediate configuration, tweak to your needsSSL_DHE_RSA_WITH_AES_128_CBC_SHA SSLProtocol all -SSLv2 -SSLv3# SSL_DHE_RSA_WITH_AES_256_CBC_SHA SSLCipherSuite <paste intermediate ciphersuite here># SSL_RSA_WITH_AES_128_CBC_SHA SSLHonorCipherOrder on# SSL_RSA_WITH_AES_256_CBC_SHA SSLCompression off# SSL_RSA_WITH_3DES_EDE_CBC_SHA
# OCSP StaplingThe following strings can be used directly in the ZLB configuration, only in httpd 2under global settings > ssl3_ciphers.3.3 and later SSLUseStapling on'''with 3DES''' SSLStaplingResponderTimeout 5<source lang="bash"> SSLStaplingReturnResponderErrors off # On Apache 2.4+SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA, SSLStaplingCache must be set *outside* of the VirtualHostSSL_RSA_WITH_3DES_EDE_CBC_SHA SSLStaplingCache shmcb:</var/run/ocsp(128000)source> '''without 3DES''' # Enable this if your want HSTS (recommended) # Header add Strict-Transport-Security <source lang="max-age=15768000bash" ...</VirtualHost># TLS Session cacheSSL_DHE_RSA_WITH_AES_128_CBC_SHA, outside of virtual hostSSL_DHE_RSA_WITH_AES_256_CBC_SHA, apache 2.4+# the path doesn't need to existSSLSessionCache shmcb:/path/to/ssl_gcache_data(5120000)SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA</presource>
== Haproxy ==While the recommended DH prime size is 2048, problems with client libraries, such as Java 6/7, make this impossible to deploy for now. Therefore, a DH prime of 1024 bits should be used until all clients are compatible with larger primes.
SSL support in Haproxy == Citrix Netscaler == There is stable in 1.5an issue with Netscaler's TLS1. Haproxy supports OCSP Stapling 2 and custom DH parameters sizeDHE ciphers. It can be When DHE is used as , the TLS handshake fails with a TLS termination in AWS using ELBs fatal 'Decode error'.TLS1.2 works fine with AES and the PROXY protocolRC4 ciphers. See [https Netscaler documentation is at http://jvesupport.linuxwallcitrix.infocom/ressourcesproddocs/taftopic/haproxynetscaler-traffic-management-10-awsmap/ Guidelines for HAProxy termination in AWS]ns-ssl-supported-ciphers-list-ref.html The configuration sample below shows how a default ciphersuite object can be created and attached to a vserver.
First, create a default ciphersuite that can be used in all vservers.
<pre>
global> add ssl cipher MozillaDefault # set default parameters to the Intermediate configuration> bind ssl cipher MozillaDefault -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA tune.> bind ssl.defaultcipher MozillaDefault -dhcipherName TLS1-param 2048DHE-RSA-AES-128-CBC-SHA > bind sslcipher MozillaDefault -cipherName TLS1-DHE-DSS-AES-default256-CBC-SHA> bindssl cipher MozillaDefault -ciphers <paste intermediate ciphersuite herecipherName TLS1-DHE-RSA-AES-256-CBC-SHA>bind ssl cipher MozillaDefault -cipherName TLS1-AES-128-CBC-SHA> bind ssl cipher MozillaDefault -cipherName TLS1-AES-256-CBC-SHAfrontend ft_test mode http > bind 0.0.0.0:443 ssl nocipher MozillaDefault -sslv3 crt /path/to/<cert+privkey+intermediate+dhparam> # Enable this if your want HSTS (recommended) # rspadd StrictcipherName SSL3-TransportDES-Security:\ maxCBC3-age=15768000SHA
</pre>
=== OCSP Stapling support ===While HAProxy can serve OCSP stapled responsesSecond, it cannot fetch and update OCSP records from the CA automaticallycreate a DH parameter. The OCSP response must be downloaded by another process and placed next to the certificate, If backward compatibility with a '.ocsp' extension.<pre>/etc/haproxy/certs/├── ca.pem├── server_cert.pem├── server_bundle.pem└── server_bundle.pem.ocsp<Java 6/pre>The file 7 isn'server_bundle.pem.ocsp' must be retrieved and updated at regular intervalst needed, use 2048 instead of 1024. A cronjob can be used for this:
<pre>
$ openssl ocsp -noverify -issuer /etc> create ssl dhparam /haproxynsconfig/certsssl/cadh1024.pem \-cert /etc/haproxy/certs/server_cert.pem \-url http://ocsp.startssl.com/sub/class1/server/ca \-no_nonce -header Host ocsp.startssl.com \1024 -respout /etc/haproxy/certs/server_bundle.pem.ocspgen 5
</pre>
The URL above is taken from Third, configure the server certificate:vserver to use the default ciphersuite and DH parameter.
<pre>
$ openssl x509 > add ssl certKey <domain> -in server_cert.pem cert <cert> -key <key>> add ssl certKey <intermediateCertName> -text | grep OCSPcert <intermediateCertName>> link ssl certKey <domain> <intermediateCertName>OCSP > set ssl vserver <domain>:https - URIeRSA ENABLED> bind ssl vserver <domain>:httphttps -cipherName MozillaDefault> set ssl vserver <domain>:https -dh ENABLED -dhFile /nsconfig/ocspssl/dh1024.startssl.com/sub/class1/server/capem -dhCount 1000
</pre>
== Stud ==The resulting configuration can be viewed with 'show ssl'<pre>> show ssl vserver marketplace.firefox.com:https
Stud is a lightweight Advanced SSL termination proxy. It's basically a wrapper configuration for OpenSSLVServer marketplace. Stud is not being heavily developed, and features such as OCSP stapling are missing. But it is very lightweight and efficient, and with a recent openssl, supports all the TLS 1.2 ciphersfirefox.com:https:<pre># SSL x509 certificate file. REQUIRED DH: ENABLED DHParam File: /nsconfig/ssl/dh1024.pem Refresh Count: 1000# List multiple certs to use SNI. Certs are used in the order they Ephemeral RSA: ENABLED Refresh Count: 0# are listed; the last cert listed will be used if none of the others match Session Reuse: ENABLED Timeout: 120 seconds# Cipher Redirect: DISABLED# type SSLv2 Redirect: stringDISABLEDpem-file = "<concatenate cert + privkey + dhparam>" ClearText Port: 0 Client Auth: DISABLED# SSL protocol.Redirect: DISABLED# Non FIPS Ciphers: DISABLEDtls = on SNI: DISABLEDssl = on SSLv2: DISABLED SSLv3: ENABLED TLSv1: ENABLED Push Encryption Trigger: Always# List of allowed SSL ciphers. Send Close-Notify: YES## Run openssl ciphers for list of available ciphers1) CertKey Name: marketplace.mozilla.org.san Server Certificate# type1) Cipher Name: stringciphers = "<paste intermediate ciphersuite here>" # Enforce server cipher list order## typeMozillaDefault Description: booleanprefer-server-ciphers = onUser Created Cipher Group
</pre>
== Amazon Web Services Elastic Load Balancer (AWS ELB) Go ==
The ELB service Go standard library supports TLS 1TLS1.2 and a limited subset of ECDHE and GCM ciphers ordering. To configure a Go program accepting TLS connections, but lacks support for custom DH parameters and OCSP Stapling.use the following code:
The default configuration of ELBs has old settings, that can be customized in the Web Console or via the API. We recommend that you use the [[Security/Server_Side_TLS#elb_ciphers.py]] to enforce the right TLS configuration on an elastic load balancer. Below is a side-by-side comparison of the 'intermediate' recommended configuration versus the default ELB configuration. The top ciphers are the same, but SSLv3 and various deprecated ciphers are removed from the intermediate configuration. <sourcelang="python"> config := INTERMEDIATE configuration = | = default ELB configuration = |prio ciphersuite protocols pfs_keysize | prio ciphersuite protocols pfs_keysize1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits | 1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1tls.2 ECDH,P-256,256bitsConfig{2 ECDHE-RSA-AES128-SHA256 TLSv1 MinVersion: tls.2 ECDH,P-256VersionTLS10,256bits | 2 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits3 ECDHE-RSA-AES128-SHA TLSv1PreferServerCipherSuites: true,TLSv1.1,TLSv1.2 ECDH,P-256,256bits | 3 ECDHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1CipherSuites: []uint16{ tls.1TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLSv1 tls.2 ECDHTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,P-256,256bits4 ECDHE-RSA-AES256-GCM-SHA384 TLSv1 tls.2 ECDHTLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,P-256,256bits | 4 ECDHE-RSA-AES256-GCM-SHA384 TLSv1 tls.2 ECDH,P-256TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,256bits5 ECDHE-RSA-AES256-SHA384 TLSv1 tls.2 ECDHTLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,P-256,256bits | 5 ECDHE-RSA-AES256-SHA384 TLSv1 tls.2 ECDH,P-256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,256bits6 ECDHE-RSA-AES256-SHA TLSv1,TLSv1 tls.1TLS_RSA_WITH_AES_128_CBC_SHA,TLSv1 tls.2 ECDHTLS_RSA_WITH_AES_256_CBC_SHA,P-256,256bits | 6 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1 tls.1TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLSv1 tls.2 ECDH,P-256TLS_RSA_WITH_3DES_EDE_CBC_SHA},256bits7 AES128-GCM-SHA256 TLSv1.2 | 7 AES128-GCM-SHA256 TLSv1.2}8 AES128-SHA256 TLSv1.2 | 8 AES128-SHA256 TLSv1.2</source>9 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 | 9 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.210 AES256== F5 BIG-GCM-SHA384 TLSv1.2 | 10 AES256-GCM-SHA384 TLSv1.2IP ==11 AES256-SHA256 TLSv1.2 | 11 AES256-SHA256 TLSv1.212 AES256BIG-SHA TLSv1,TLSv1IP uses SSL profiles which may be applied to one or multiple 'virtual servers' (VIPs).1SSL profiles may use F5's default recommended cipher suites or may be manually configured to explicitly state which,TLSv1.2 | 12 AES256-SHA SSLv3and in what order,TLSv1,TLSv1they are applied.1,TLSv1.213 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,1024bits | 13 DHE-SSL profiles can make use of multiple key types and support alternate key chains for each type (RSA-AES128-SHA SSLv3,TLSv1,TLSv1DSA and ECDSA).1,TLSv1.2 DH,1024bits14 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 | 14 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits15 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,1024bits | 15 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.216 DHE-RSA-AES256-SHA256 TLSv1.2 DH,1024bits |17 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,1024bits | Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature18 CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 | TLS ticket lifetime hint: 30019 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,1024bits | OCSP stapling: not supported20 DHE-RSA-AES128-SHA256 TLSv1This can be performed either via the management web interface or via the TMOS command line (console or SSH).2 DH,1024bits | |Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature |TLS ticket lifetime hint: 300 |OCSP stapling: not supported |</source>
If you want better control over TLS than ELB provide<div style="font-family: 'Fira Sans', another option in AWS is to terminate SSL on HAproxy'Trebuchet MS', using the PROXY protocol between ELB and HAproxy. httpssans-serif !important; font-size: 140%; font-weight: bold; line-height://jve1.linuxwall.info/ressources/taf/haproxy6">Configuring Recommended Cipher-awssuites</div>
== Zeus Load Balancer(Riverbed Stingray) ==ZLB supports TLS1To create a new SSL profile to conform to the '''Modern Compatibility''' cipher suite use the tmsh create profile command as follows.2 and OCSP Stapling. It lacks support for Elliptic Curves and AES-GCM.As of Riverbed Steelhead 9.6, TLS parameters are configurable per site.
The recommended prioritization is<pre>tmsh create /ltm profile client-ssl moz_modern ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:# SSL_DHE_RSA_WITH_AES_128_CBC_SHAECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE+AES-GCM:# SSL_DHE_RSA_WITH_AES_256_CBC_SHAECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-CBC-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-CBC-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!EXPORT:!DES:!RC4:!3DES:!MD5# SSL_RSA_WITH_AES_128_CBC_SHA</pre># SSL_RSA_WITH_AES_256_CBC_SHA# SSL_RSA_WITH_3DES_EDE_CBC_SHANote that Null ciphers are automatically rejected and are only made available if explicitly allowed by the F5 administrator.
The following strings can Currently DHE-RSA-AES128-SHA256 & DHE-RSA-AES256-SHA256 are not available in TMOS v11.6.x. This is expected to be used directly resolved in an upcoming hotfix and the ZLB configuration, under global settings > ssl3_ciphersnext major release of TMOS. The full list of support ciphers is available here: https://support.f5.'''with 3DES'''<source lang="bash">SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA<com/kb/en-us/solutions/public/13000/source>'''without 3DES'''<source lang="bash">SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA<100/source>sol13163.html
While the recommended DH prime size is 2048, problems with client libraries, such as Java 6/7, make To apply this impossible new profile to deploy for now. Therefore, a DH prime of 1024 bits should be used until all clients are compatible with larger primes.an existing virtual server use either the management web interface or the following command line:
== Citrix Netscaler ==<pre>tmsh modify /ltm virtual my_virtual_server profiles add { moz_modern }</pre>
There is an issue with Netscaler's TLS1.2 and DHE ciphers. When DHE is used, Any subsequenty changes to the TLS handshake fails with a fatal 'Decode error'.TLS1.2 works fine with AES and RC4 ciphersSSL profile do not need to be manually re-applied to the LTM virtual server.
Netscaler documentation is at http<div style="font-family://support.citrix.com/proddocs/topic/netscaler'Fira Sans','Trebuchet MS',sans-trafficserif !important; font-managementsize: 140%; font-10weight: bold; line-mapheight: 1.6">OCSP Stapling</ns-ssl-supported-ciphers-list-ref.htmldiv>
The configuration sample below shows how Using the '''modify''' command allows us to easily add settings to our new SSL profile. Adding OCSP stapling is a 3 step process. First we must create a default ciphersuite object can be created and attached DNS resolver for outbound queries. Secondly we create our OCSP Stapling profile making use of this DNS resolver. Finally we add the OCSP Stapling profile to a vserverour SSL profile.
First, create '''1. Creating the DNS resolver'''This command creates a default ciphersuite that can be used in DNS resolver for all vserversdomains (.<pre>> add ssl cipher MozillaDefault> bind ssl cipher MozillaDefault -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA> bind ssl cipher MozillaDefault -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA> bind ssl cipher MozillaDefault -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA> bind ssl cipher MozillaDefault -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA> bind ssl cipher MozillaDefault -cipherName TLS1-AES-128-CBC-SHA> bind ssl cipher MozillaDefault -cipherName TLS1-AES-256-CBC-SHA> bind ssl cipher MozillaDefault -cipherName SSL3-DES-CBC3-SHA</pre>) and uses Googles public DNS servers
Second, create a DH parameter. If backward compatibility with Java 6/7 isn't needed, use 2048 instead of 1024.<pre>> tmsh create ssl dhparam /nsconfig/ssl/dh1024net dns-resolver myResolver forward-zones add { .pem 1024 -gen 5{ nameservers add { 8.8.8.8:53 } nameservers add { 8.8.4.4:53 } } }</pre>
Third, configure '''2. Creating the vserver OCSP Stapling profile'''The following command is used to use the default ciphersuite and DH parameter.<pre>> add ssl certKey <domain> -cert <cert> -key <key>> add ssl certKey <intermediateCertName> -cert <intermediateCertName>> link ssl certKey <domain> <intermediateCertName>> set ssl vserver <domain>:https -eRSA ENABLED> bind ssl vserver <domain>:https -cipherName MozillaDefault> set ssl vserver <domain>:https -dh ENABLED -dhFile /nsconfig/ssl/dh1024.pem -dhCount 1000</pre>create an OCSP stapling profile called '''myOCSP''' with our new DNS resolver '''myResolver'''
The resulting configuration can be viewed with 'show ssl'<pre>tmsh create ltm profile ocsp-stapling-params myOCSP dns-resolver myResolver trusted-ca ca-bundle.crt</pre> show ssl vserver marketplace.firefox.com:https
Advanced SSL configuration for VServer marketplace.firefox'''3.com:https:Applying the OCSP Stapling profile to the DNS profile''' DH: ENABLED DHParam File: Using the '''modify''' command we will replace the default certificate and key in our existing SSL profile with the same default cert/nsconfig/ssl/dh1024key but, this time, making using of our new OCSP profile.pem Refresh Count: 1000 Ephemeral RSA: ENABLED Refresh Count: 0 Session Reuse: ENABLED Timeout: 120 seconds<pre>tmsh modify ltm profile client-ssl moz_modern cert-key-chain replace-all-with { default { cert default.crt key default.key ocsp-stapling-params myOCSP } }</pre> Cipher Redirect: DISABLED SSLv2 Redirect<div style="font-family: DISABLED ClearText Port'Fira Sans','Trebuchet MS',sans-serif !important; font-size: 0 Client Auth: DISABLED SSL Redirect140%; font-weight: DISABLED Non FIPS Ciphers: DISABLED SNI: DISABLED SSLv2: DISABLED SSLv3: ENABLED TLSv1: ENABLED Push Encryption Trigger: Always Send Closebold; line-Notifyheight: YES1.6">Session Resumption</div>
1) CertKey Name: marketplaceTo enable session resumption using Session Tickets enable the option in the SSL profile via the management web interface or use the '''session-ticket enabled''' parameter when creating the profile at the command line.mozillaAgain, we can use the '''modify''' command to append this to our existing '''moz_modern''' SSL profile.org.san Server Certificate1) Cipher Name: MozillaDefault Description: User Created Cipher Group</pre>
== Go ==For example:
The Go standard library supports TLS1.2 and a limited subset of ECDHE and GCM ciphers. To configure a Go program accepting TLS connections, use the following code:<pre>tmsh modify /ltm profile client-ssl moz_modern session-ticket enabled</pre>
<source langdiv style="python"> config font-family:= tls.Config{ MinVersion'Fira Sans','Trebuchet MS',sans-serif !important; font-size: tls.VersionTLS10, PreferServerCipherSuites140%; font-weight: true, CipherSuitesbold; line-height: []uint16{ tls1.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_RSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA}, }6">Viewing the config</sourcediv>
== F5 BIG-IP ==To confirm the configuration of your new SSL profile and to ensure that it is correctly applied to your virtual server use the '''list''' command.
BIG-IP uses View your SSL profiles which may be applied to one or multiple 'virtual servers' (VIPs). SSL profiles may use F5's default recommended cipher suites or may be manually configured to explicitly state which, and in what order, they are applied. SSL profiles can make use of multiple key types and support alternate key chains for each type (RSA, DSA and ECDSA). This can be performed either via the management web interface or via the TMOS command line (console or SSH). profile:
=== Configuring Recommended Cipher<pre>tmsh list ltm profile client-suites ===ssl moz_modern</pre>
To create a new SSL Which outputs all configuration paratmers of the profile to conform to the called '''Modern Compatibilitymoz_modern''' cipher suite use the tmsh create profile command as follows...:
<presource>tmsh create /ltm profile client-ssl moz_modern { app-service none cert-key-chain { default { cert default.crt key default.key ocsp-stapling-params myOCSP } } ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE+AES-GCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-CBC-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-CBC-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!EXPORT:!DES:!RC4:!3DES:!MD5 inherit-certkeychain true session-ticket enabled}</presource>
Note that Null ciphers are automatically rejected and are only made available if explicitly allowed by the F5 administrator.And to check it is correctly applied to your virtual server:
Currently DHE-RSA-AES128-SHA256 & DHE-RSA-AES256-SHA256 are not available in TMOS v11.6.x. This is expected to be resolved in an upcoming hotfix and the next major release of TMOS. The full <pre>list of support ciphers is available here: https:ltm virtual vs_myWebsite<//support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.htmlpre>
To apply this new Which should list the SSL profile to an existing virtual server use either the management web interface or the following command lineby name:
<presource>tmsh modify /ltm virtual my_virtual_server vs_myWebsite { destination 10.0.0.100:https ip-protocol tcp mask 255.255.255.255 pool pool_webServers profiles add { http { } http2 { } manual_profile { } moz_modern { context clientside } spdy { }</pre> tcp { }Any subsequenty changes to the SSL profile do not need to be manually re wan-optimized-applied to the LTM virtual server.compression { } }=== OCSP Stapling === rules { }Using the '''modify''' command allows us to easily add settings to our new SSL profile source 0. Adding OCSP stapling is a 3 step process0. First we must create a DNS resolver for outbound queries. Secondly we create our OCSP Stapling profile making use of this DNS resolver. Finally we add the OCSP Stapling profile to our SSL profile0.0/0 source-address-translation { type automap } vs-index 4}</source>
<div style="font-family: 'Fira Sans','Trebuchet MS',sans-serif !important; font-size: 140%; font-weight: bold; line-height: 1. Creating the DNS resolver'''This command creates a DNS resolver for all domains (.) and uses Googles public DNS servers6">Enabling HSTS</div>
<pre>tmsh create net dns-resolver myResolver forward-zones add { iRules are F5's flexible scripting language and can be used to easily enable HSTS for any TLS website. { nameservers add { 8The standard HTTP should have redirection configured to send users to the HTTPS site.8The following simple iRule is then applied to the HTTPS virtual server to insert the HSTS header enabling the maximum allowed age and including sub domains.8.8:53 } nameservers add { 8.8.4.4:53 } } }</pre>
'''2. Creating the OCSP Stapling profile'''<source>The following command is used to create an OCSP stapling profile called '''myOCSP''' with our new DNS resolver '''myResolver'''when HTTP_RESPONSE { <pre>tmsh create ltm profile ocsp HTTP::header insert Strict-staplingTransport-params myOCSP dnsSecurity "max-resolver myResolver trusted-ca ca-bundle.crtage=15768000; includeSubDomains"}</presource>
'''3. Applying the OCSP Stapling profile to the DNS profile'''Using the '''modify''' command we will replace the default certificate and key in our existing SSL profile with the same default cert/key but, this time, making using of our new OCSP profile.= CipherScan =
<pre>tmsh modify ltm profile client-ssl moz_modern cert-key-chain replace-all-with { default { cert defaultSee https://github.crt key default.key ocsp-stapling-params myOCSP } }<com/jvehent/pre>cipherscan
=== Session Resumption ===Cipherscan is a small Bash script that connects to a target and list the preferred Ciphers. It's an easy way to test a web server for available ciphers, PFS key size, elliptic curves, support for OCSP Stapling, TLS ticket lifetime and certificate trust.
To enable session resumption using Session Tickets enable the option in the SSL profile via the management web interface or use the '''session<source lang="bash">$ ./cipherscan jve.linuxwall.info..........................prio ciphersuite protocols pfs_keysize1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits3 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,4096bits4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,4096bits5 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits6 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits7 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits8 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits9 DHE-RSA-AES128-SHA256 TLSv1.2 DH,4096bits10 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits11 DHE-RSA-AES256-SHA256 TLSv1.2 DH,4096bits12 AES128-GCM-SHA256 TLSv1.213 AES256-GCM-SHA384 TLSv1.214 ECDHE-RSA-DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits15 EDH-RSA-DES-CBC3-ticket enabled''' parameter when creating the profile at the command lineSHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits16 DES-CBC3-SHA TLSv1,TLSv1. Again1, we can use the '''modify''' command to append this to our existing '''moz_modern''' SSL profileTLSv1.217 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bitsFor example:18 DHE-RSA-CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits19 AES256-SHA256 TLSv1.2<pre>tmsh modify /ltm profile client20 AES256-ssl moz_modern sessionSHA TLSv1,TLSv1.1,TLSv1.221 CAMELLIA256-ticket enabled</pre>SHA TLSv1,TLSv1.1,TLSv1.222 DHE-RSA-CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits=== Viewing the config ===23 AES128-SHA256 TLSv1.224 AES128-SHA TLSv1,TLSv1.1,TLSv1.2To confirm the configuration of your new SSL profile and to ensure that it is correctly applied to your virtual server use the '''list''' command25 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 Certificate: trusted, 2048 bit, sha1WithRSAEncryption signatureTLS ticket lifetime hint: 300View your SSL profileOCSP stapling:supported</source>
<pre>tmsh list ltm profile client-ssl moz_modern</pre>= SSL Labs (Qualys) =
Which outputs all configuration paratmers of the profile called '''moz_modern'''Available here:https://www.ssllabs.com/ssltest/
<source>ltm profile client-ssl moz_modern { app-service none cert-key-chain { default { cert defaultQualys SSL Labs provides a comprehensive SSL testing suite.crt key default.key ocsp-stapling-params myOCSP } } ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE+AES-GCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-CBC-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-CBC-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!EXPORT:!DES:!RC4:!3DES:!MD5 inherit-certkeychain true session-ticket enabled}</source>
And to check it GlobalSign has a modified interface of SSL Labs that is correctly applied to your virtual serverinteresting as well:https://sslcheck.globalsign.com/
= elb_ciphers.py =This python script uses boto to create a TLS policy and apply it to a given load balancer. Make sure you have an AWS access key configured in ~/.boto to use this script, then invoke it as follow:<presource lang="bash">list ltm virtual vs_myWebsite$ python cipher.py us-east-1 stooge-lb-prod-1 modernNew Policy 'Mozilla-OpSec-TLS-Modern-v-3-2' created and applied to load balancer stooge-lb-prod-1 in us-east-1</presource>If no mode is specified, the intermediate mode will be used. The modes are 'old', 'intermediate' and 'modern', and map to the recommended configurations.<source lang="python">#!/usr/bin/env python
Which should list the SSL profile by name# Apply recommendation from https://wiki.mozilla.org/Security/Server_Side_TLS
<source>ltm virtual vs_myWebsite {# This Source Code Form is subject to the terms of the Mozilla Public destination 10# License, v.02.0.100If a copy of the MPL was not distributed with this# file, You can obtain one at http:https ip-protocol tcp mask 255//mozilla.255org/MPL/2.2550/.255 pool pool_webServers# profiles {# Contributors: http { }# Gene Wood [:gene] http2 { }# Julien Vehent [:ulfr] manual_profile { }# JP Schneider [:jp] moz_modern { context clientsideimport boto.ec2.elb }import sys spdy { } tcp { }if len(sys.argv) < 3: wan print "usage : %s REGION ELB-optimized-compression { } } rules { } source 0NAME <MODE>" % sys.argv[0.0.0/0] print "" source print "Example : %s us-addresswest-translation { type automap } vs2 persona-org-index 40810" % sys.argv[0]} print "MODE can be 'old', 'intermediate' (default) or 'modern'"< print "see https://wiki.mozilla.org/Security/source>Server_Side_TLS" sys.exit(1)
region =sys.argv[1]load_balancer_name =sys.argv[2]try: conf_mode = Enabling HSTS =sys.argv[3]except IndexError: conf_mode ='intermediate'conn_elb =boto.ec2.elb.connect_to_region(region)
iRules are F5's flexible scripting language and can be used to easily enable HSTS for any TLS website#import logging#logging. The standard HTTP should have redirection configured to send users to the HTTPS site. The following simple iRule is then applied to the HTTPS virtual server to insert the HSTS header enabling the maximum allowed age and including sub domainsbasicConfig(level=logging.DEBUG)
<source>policy = {'old':{},when HTTP_RESPONSE 'intermediate':{}, HTTP 'modern'::header insert Strict-Transport-Security "max-age=15768000; includeSubDomains"{}}</source>
policy['old']['name'] = CipherScan = See https://github.com/jvehent/cipherscan Cipherscan is a small Bash script that connects to a target and list the preferred Ciphers. It's an easy way to test a web server for available ciphers, PFS key size, elliptic curves, support for OCSP Stapling, Mozilla-OpSec-TLS ticket lifetime and certificate trust.-Old-v-3-3'policy['old']['ciphersuite'] = {<source lang= "bashECDHE-ECDSA-AES128-GCM-SHA256">: True,$ ./cipherscan jve.linuxwall.info..........................prio ciphersuite protocols pfs_keysize1 "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH": True,P "ECDHE-256ECDSA-AES128-SHA256": True,256bits2 "ECDHE-RSA-AES256AES128-SHA256": True, "ECDHE-ECDSA-GCMAES128-SHA384 TLSv1.2 ECDHSHA": True,P "ECDHE-256RSA-AES128-SHA": True,256bits3 DHE "ECDHE-RSAECDSA-AES256-GCM-SHA384 TLSv1.2 DH": True,4096bits4 DHE "ECDHE-RSA-AES128AES256-GCM-SHA256 TLSv1.2 DHSHA384": True,4096bits5 "ECDHE-RSAECDSA-AES128AES256-SHA256 TLSv1.2 ECDHSHA384": True,P "ECDHE-RSA-AES256-256SHA384": True,256bits6 "ECDHE-RSA-AES128AES256-SHA TLSv1": True,TLSv1.1 "ECDHE-ECDSA-AES256-SHA": True,TLSv1.2 ECDH,P "ADH-AES128-GCM-256SHA256": False,256bits7 ECDHE "ADH-RSAAES256-AES256GCM-SHA384 TLSv1.2 ECDH": False,P "ADH-256AES128-SHA": False,256bits8 ECDHE "ADH-AES128-RSASHA256": False, "ADH-AES256-SHA TLSv1": False,TLSv1.1 "ADH-AES256-SHA256": False,TLSv1.2 ECDH "ADH-CAMELLIA128-SHA": False,P "ADH-256CAMELLIA256-SHA": False,256bits9 DHE "ADH-RSADES-AES128CBC3-SHA256 TLSv1.2 DHSHA": False,4096bits10 DHE "ADH-RSADES-AES128CBC-SHA TLSv1": False,TLSv1.1 "ADH-RC4-MD5": False,TLSv1.2 DH,4096bits11 DHE "ADH-RSASEED-AES256-SHA256 TLSv1.2 DHSHA": False,4096bits12 "AES128-GCM-SHA256 TLSv1.2": True,13 "AES256-GCM-SHA384 TLSv1.2": True,14 ECDHE "AES128-RSASHA": True, "AES128-DES-CBC3SHA256": True, "AES256-SHA TLSv1": True,TLSv1.1 "AES256-SHA256": True,TLSv1.2 ECDH "CAMELLIA128-SHA": True,P "CAMELLIA256-256SHA": True,256bits15 EDH "DES-RSACBC3-MD5": False, "DES-CBC3-SHA TLSv1": True,TLSv1.1 "DES-CBC-MD5": False,TLSv1.2 DH,4096bits16 "DES-CBC3CBC-SHA ": False, TLSv1"DHE-DSS-AES128-GCM-SHA256": True,TLSv1.1 "DHE-DSS-AES256-GCM-SHA384": True,TLSv1.217 "DHE-RSADSS-AES256AES128-SHA TLSv1": True,TLSv1.1,TLSv1.2 DH "DHE-DSS-AES128-SHA256": True,4096bits18 "DHE-RSADSS-CAMELLIA256AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH": True,4096bits19 "DHE-DSS-AES256-SHA256 TLSv1.2": True,20 AES256 "DHE-DSS-CAMELLIA128-SHA TLSv1": False,TLSv1.1,TLSv1.221 "DHE-DSS-CAMELLIA256-SHA TLSv1": False,TLSv1.1 "DHE-DSS-SEED-SHA": False,TLSv1.222 "DHE-RSA-CAMELLIA128AES128-GCM-SHA TLSv1SHA256": True,TLSv1.1 "DHE-RSA-AES256-GCM-SHA384": True,TLSv1.2 DH "DHE-RSA-AES128-SHA": True,4096bits23 "DHE-RSA-AES128-SHA256 TLSv1.2": True,24 AES128 "DHE-RSA-AES256-SHA TLSv1": True,TLSv1.1 "DHE-RSA-AES256-SHA256": True,TLSv1.225 "DHE-RSA-CAMELLIA128-SHA TLSv1": False,TLSv1.1 "DHE-RSA-CAMELLIA256-SHA": False,TLSv1.2 "DHE-RSA-SEED-SHA": False,Certificate "EDH-DSS-DES-CBC3-SHA": trustedFalse, 2048 bit "EDH-DSS-DES-CBC-SHA": False, sha1WithRSAEncryption signatureTLS ticket lifetime hint "EDH-RSA-DES-CBC3-SHA": 300False,OCSP stapling "EDH-RSA-DES-CBC-SHA": supportedFalse,</source> "EXP-ADH-DES-CBC-SHA": False, "EXP-ADH-RC4-MD5": False,= SSL Labs (Qualys) = "EXP-DES-CBC-SHA": False, "EXP-EDH-DSS-DES-CBC-SHA": False,Available here "EXP-EDH-RSA-DES-CBC-SHA": httpsFalse, "EXP-KRB5-DES-CBC-MD5"://www.ssllabs.com/ssltest/False, "EXP-KRB5-DES-CBC-SHA": False,Qualys SSL Labs provides a comprehensive SSL testing suite. "EXP-KRB5-RC2-CBC-MD5": False, "EXP-KRB5-RC2-CBC-SHA": False,GlobalSign has a modified interface of SSL Labs that is interesting as well "EXP-KRB5-RC4-MD5": httpsFalse, "EXP-KRB5-RC4-SHA"://sslcheck.globalsign.com/False, "EXP-RC2-CBC-MD5": False,= elb_ciphers.py = "EXP-RC4-MD5": False,This python script uses boto to create a TLS policy and apply it to a given load balancer. Make sure you have an AWS access key configured in ~/.boto to use this script "IDEA-CBC-SHA": False, then invoke it as follow "KRB5-DES-CBC3-MD5":False,<source lang= "bashKRB5-DES-CBC3-SHA">: False,$ python cipher.py us "KRB5-DES-eastCBC-1 stoogeMD5": False, "KRB5-lbDES-prodCBC-1 modernSHA": False,New Policy 'Mozilla "KRB5-OpSecRC4-TLSMD5": False, "KRB5-ModernRC4-vSHA": False, "PSK-33DES-2' created and applied to load balancer stoogeEDE-lbCBC-prodSHA": False, "PSK-1 in usAES128-eastCBC-1SHA": False,</source> "PSK-AES256-CBC-SHA": False,If no mode is specified "PSK-RC4-SHA": False, the intermediate mode will be used. The modes are 'old' "RC2-CBC-MD5": False, 'intermediate' and 'modern' "RC4-MD5": False, and map to the recommended configurations.<source lang= "pythonRC4-SHA">: False,#!/usr/bin/env python "SEED-SHA": False, "Protocol-SSLv2": False,# Apply recommendation from https "Protocol-SSLv3"://wiki.mozilla.org/Security/Server_Side_TLSTrue, "Protocol-TLSv1": True,# This Source Code Form is subject to the terms of the Mozilla Public# License "Protocol-TLSv1.1": True, v. 2.0. If a copy of the MPL was not distributed with this# file, You can obtain one at http://mozilla "Protocol-TLSv1.org/MPL/2.0/.## Contributors":True,# Gene Wood [:gene]# Julien Vehent [ "Server-Defined-Cipher-Order":ulfr]True# JP Schneider [:jp] }
import boto# reuse the Old policy minus SSLv3 and 3DESpolicy['intermediate']['name'] = 'Mozilla-OpSec-TLS-Intermediate-v-3-3'policy['intermediate']['ciphersuite'] = policy['old']['ciphersuite'].ec2copy()policy['intermediate']['ciphersuite'].elbupdate(import sys {"Protocol-SSLv3": False})
if len# reuse the intermediate policy minus TLSv1 and non PFS cipherspolicy['modern']['name'] = 'Mozilla-OpSec-TLS-Modern-v-3-3'policy['modern']['ciphersuite'] = policy['intermediate']['ciphersuite'].copy(sys)policy['modern']['ciphersuite'].argv) < 3update( {"Protocol-TLSv1": False, "AES128-GCM-SHA256":False, print "AES256-GCM-SHA384"usage : %s REGION ELBFalse, "DHE-DSS-AES128-NAME <MODE>SHA" % sys.argv[0]: False, print "AES128-SHA256": False, print "AES128-SHA"Example : %s usFalse, "DHE-westDSS-2 personaAES256-orgSHA256": False, "AES256-SHA256": False, "AES256-0810SHA" % sys.argv[0]: False, "CAMELLIA128-SHA": False, print "CAMELLIA256-SHA"MODE can be 'old': False, 'intermediate' "DES-CBC3-SHA": False}) if not conf_mode in policy.keys(default) or 'modern'": print "see https://wikiInvalid policy name, must be one of %s" % policy.mozilla.org/Security/Server_Side_TLS"keys() sys.exit(1)
region # Create the Ciphersuite Policyparams = sys.argv{'LoadBalancerName': load_balancer_name, 'PolicyName': policy[1conf_mode]load_balancer_name = sys.argv[2'name'],try 'PolicyTypeName':'SSLNegotiationPolicyType'}conn_elb.build_complex_list_params( params, [(x, policy[conf_mode]['ciphersuite'][x]) for x in policy[conf_mode = sys]['ciphersuite'].argv[3keys()],except IndexError: 'PolicyAttributes.member', conf_mode = ('AttributeName', 'intermediateAttributeValue'))policy_result = conn_elb = boto.ec2.elb.connect_to_regionget_list(region'CreateLoadBalancerPolicy', params, None, verb='POST')
#import loggingApply the Ciphersuite Policy to your ELB#loggingparams = {'LoadBalancerName': load_balancer_name, 'LoadBalancerPort': 443, 'PolicyNames.basicConfig(level=loggingmember.DEBUG)1': policy[conf_mode]['name']}
policy result = {conn_elb.get_list('oldSetLoadBalancerPoliciesOfListener':{},params, None) print "New Policy 'intermediate%s':{},created and applied to load balancer %s in %s" % ( policy[conf_mode]['modernname':{}}], load_balancer_name, region)</source>
policy['old']['name'] = 'Mozilla-OpSec-TLS-Old-v-3-3'Appendices =policy['old']['ciphersuite'] = {= Supported ciphers on various systems ==  "ECDHE-ECDSA-AES128-GCM-SHA256"On a variety of ~900 systems (RHEL5 & 6, CentOS 5 & 6 and Ubuntu), the following versions of OpenSSL were found: True, {| class="ECDHE-RSA-AES128-GCM-SHA256wikitable": True, "ECDHE|-ECDSA| 37 || OpenSSL 0.9.8e-AES128fips-SHA256": True,rhel5 01 Jul 2008 "ECDHE|-RSA| 35 || OpenSSL 0.9.8k 25 Mar 2009|-AES128| 777 || OpenSSL 1.0.0-SHA256": True,fips 29 Mar 2010 "ECDHE|-ECDSA-AES128-SHA": True, "ECDHE-RSA-AES128-SHA": True,| 18 || OpenSSL 1.0.1 14 Mar 2012|} "ECDHE-ECDSA-AES256-GCM-SHA384": True, "ECDHE-RSA-AES256-GCM-SHA384": TrueThe recommended ciphersuite was tested on each system. The list below shows the ciphersuites supported by all tested systems. However old your setup may be, "ECDHE-ECDSA-AES256-SHA384"it is safe to assume that the following ciphers are going to be available: True, "ECDHE* RC4-RSA-AES256-SHA384": True,SHA "ECDHE* DHE-RSA-AES256AES128-SHA": True, "ECDHE* DHE-ECDSARSA-AES256-SHA": True, "ADH-* AES128-GCM-SHA256": False,SHA "ADH-* AES256-GCMSHA* DHE-SHA384": False, "ADHDSS-AES128-SHA": False, "ADH* DHE-AES128-SHA256": False, "ADHDSS-AES256-SHA": False, "ADH-AES256-SHA256": False, "ADH-CAMELLIA128-SHA": False,== Attacks on SSL and TLS == "ADH=== BEAST (CVE-CAMELLIA2562011-SHA": False,3389) === "ADH-DES-CBC3-SHA": False, "ADH-DES-Beast is a vulnerability in the Initialization Vector (IV) of the CBC-SHA": Falsemode of AES,Camellia and a few other ciphers that use CBC mode. The attack allows a MITM attacker to recover plaintext values by encrypting the same message multiple times. BEAST is mitigated in TLS1.1 and above.  "ADHmore: https://blog.torproject.org/blog/tor-RC4and-MD5": False, "ADHbeast-SEEDssl-SHA": False,attack  "AES128-GCM-SHA256": True,=== LUCKY13 === "AES256-GCM-SHA384": True, "AES128-SHA": True,Lucky13 is another attack on CBC mode that listen for padding checks to decrypt ciphertext. "AES128-SHA256": True, "AES256-SHA"more: True, "AES256-SHA256"https: True,//www.imperialviolet.org/2013/02/04/luckythirteen.html "CAMELLIA128-SHA": True, "CAMELLIA256-SHA": True,=== RC4 weaknesses === "DES-CBC3-MD5": False, "DES-CBC3-SHA": TrueAs of February 2015, "DES-CBC-MD5"the IETF explicitely prohibits the use of RC4: False, "DES-CBC-SHA"[http: False,//www.ietf.org/rfc/rfc7465.txt RFC 7465]. "DHE-DSS-AES128-GCM-SHA256": True, "DHE-DSS-AES256-GCM-SHA384": TrueIt has been proven that RC4 biases in the first 256 bytes of a cipherstream can be used to recover encrypted text. If the same data is encrypted a very large number of times, "DHE-DSS-AES128-SHA": Truethen an attacker can apply statistical analysis to the results and recover the encrypted text. While hard to perform,this attack shows that it is time to remove RC4 from the list of trusted ciphers. "DHE-DSS-AES128-SHA256": True, "DHE-DSS-AES256-SHA"In a public discussion ([https: True//bugzilla.mozilla.org/show_bug.cgi?id=927045 bug 927045]), "DHE-DSS-AES256-SHA256": Trueit has been recommended to replace RC4 with 3DES. This would impact Internet Explorer 7 and 8 users that, "DHE-DSS-CAMELLIA128-SHA": Falsedepending on the OS, "DHE-DSS-CAMELLIA256-SHA": Falsedo not support AES, "DHE-DSS-SEED-SHA": Falseand will negotiate only RC4 or 3DES ciphers. Internet Explorer uses the cryptographic library “schannel”, "DHE-RSA-AES128-GCM-SHA256": Truewhich is OS dependent. schannel supports AES in Windows Vista,but not in Windows XP. "DHE-RSA-AES256-GCM-SHA384": True, "DHE-RSA-AES128-SHA": TrueWhile 3DES provides more resistant cryptography, "DHE-RSA-AES128-SHA256": Trueit is also 30 times slower and more cpu intensive than RC4. For large web infrastructure, "DHEthe CPU cost of replacing 3DES with RC4 is non-RSA-AES256-SHA": Truezero. For this reason, "DHE-RSA-AES256-SHA256": Truewe recommend that administrators evaluate their traffic patterns, "DHEand make the decision of replacing RC4 with 3DES on a per-RSA-CAMELLIA128-SHA": Falsecase basis. At Mozilla, "DHE-RSA-CAMELLIA256-SHA": Falsewe evaluated that the impact on CPU usage is minor,and thus decided to replace RC4 with 3DES where backward compatibility is required. "DHE-RSA-SEED-SHA": False, "EDH=== CRIME (CVE-DSS2012-DES-CBC3-SHA": False,4929) === "EDH-DSS-DES-CBC-SHA": False, "EDH-RSA-DES-CBC3-SHA": FalseThe root cause of the problem is information leakage that occurs when data is compressed prior to encryption. If someone can repeatedly inject and mix arbitrary content with some sensitive and relatively predictable data, "EDH-RSA-DES-CBC-SHA": Falseand observe the resulting encrypted stream,then he will be able to extract the unknown data from it. "EXP-ADH-DES-CBC-SHA": False, "EXP-ADH-RC4-MD5"more: False, "EXP-DES-CBC-SHA"https: False, "EXP//community.qualys.com/blogs/securitylabs/2012/09/14/crime-EDHinformation-DSSleakage-DESattack-CBCagainst-SHA": False,ssltls  "EXP-EDH-RSA-DES-CBC-SHA": False,=== BREACH === "EXP-KRB5-DES-CBC-MD5": False, "EXP-KRB5-DES-CBC-SHA": FalseThis is a more complex attack than CRIME, "EXPwhich does not require TLS-KRB5level compression (it still needs HTTP-RC2-CBC-MD5": False,level compression). "EXP-KRB5-RC2-CBC-SHA": False, "EXP-KRB5-RC4-MD5": FalseIn order to be successful, "EXP-KRB5-RC4-SHA"it requires to: False, "EXP-RC2-CBC-MD5": False, "EXP-RC4# Be served from a server that uses HTTP-MD5": False,level compression "IDEA-CBC# Reflect user-SHA": False,input in HTTP response bodies "KRB5-DES-CBC3-MD5": False,# Reflect a secret (such as a CSRF token) in HTTP response bodies "KRB5-DES-CBC3-SHA": False, "KRB5-DES-CBC-MD5"more: False, "KRB5-DES-CBC-SHA"http: False,//breachattack.com/ "KRB5-RC4-MD5": False, "KRB5-RC4-SHA"=== POODLE ([http: False, "PSK//web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-3DES2014-EDE3566 CVE-CBC2014-SHA": False3566]) === POODLE is an attack on the padding used by SSLv3. It is a significant improvement of the BEAST attack which led the cryptography community to recommend disabling SSLv3 globally. <blockquote>''If you can arrange the message to be the correct length then the last block is 15 arbitrary bytes and the padding length (15). Then you arrange an interesting byte to be in the last position of a different block and duplicate that block to the end. If the record is accepted,then you know what the last byte contained because it decrypted to 15.'' "PSK-AES128-CBC-SHA": False''Thus the attacker needs to be able to control some of the plaintext in order to align things in the messages and needs to be able to burn lots of connections (256 per byte,roughly). Thus a secret needs to be repeated in connection after connection (i.e. a cookie).''  "PSK-AES256-CBC-SHA"source: Adam Langley in https: False,//bugzilla.mozilla.org/show_bug.cgi?id=1076983#c29 "PSK-RC4-SHA": False,</blockquote> "RC2-CBC-MD5": False, "RC4-MD5": FalseDaniel Stenberg (Mozilla, "RC4-SHA"cUrl) has a good description of the exploitability of POODLE in http: False, "SEED//daniel.haxx.se/blog/2014/10/17/curl-SHA": False, "Protocolis-SSLv2": False, "Protocolno-SSLv3": True,poodle/ "Protocol-TLSv1": True, "Protocol-Our guidelines maintain support for SSLv3 in the Old configuration only. This is required for clients on Windows XP service pack 1 & 2 that do not have support for TLSv1.1": True0. Internet Explorer and Chrome on those platforms are impacted. Mozilla wants to be reachable from very old clients, "Protocol-TLSv1to allow them to download a better browser.2": TrueTherefore,we maintain SSLv3 compatibility on a limited number of sites. But all sites that do not need that level of compatibility are encouraged to implement the Intermediate configuration "Server=== Logjam attack on weak Diffie-Defined-Cipher-Order": True }Hellman ===
# reuse the Old policy minus SSLv3 The Logjam attack describes methods of attacking TLS servers supporting DHE export ciphers, and 3DESpolicy['intermediate']['name'] with weak (<= 'Mozilla-OpSec-1024 bit) Diffie Hellman groups. Modern TLS-Intermediate-v-3-3'policy['must use DH parameters of 2048 bits and above, or only use ECDHE. The modern configuration in this guide provide configurations that are not impacted by this issue. The intermediate']['ciphersuite'] = policy['and old']['ciphersuite']configurations are impacted, and administrators are encourage to use DH parameters of 2048 bits wherever possible.copy()policy['intermediate']['ciphersuite'].update( {"Protocol-SSLv3"more: False})https://weakdh.org
# reuse the intermediate policy minus TLSv1 and non PFS cipherspolicy['modern']['name'] = 'Mozilla-OpSec-TLS-Modern-v-3-3'policy['modern']['ciphersuite'] = policy['intermediate']['ciphersuite'].copy()policy['modern']['ciphersuite'].update( {"Protocol-TLSv1": False, "AES128-GCM-SHA256": False, "AES256-GCM-SHA384": False, "DHE-DSS-AES128-SHA": False, "AES128-SHA256": False, "AES128-SHA": False, "DHE-DSS-AES256-SHA256": False, "AES256-SHA256": False, "AES256-SHA": False, "CAMELLIA128-SHA": False, "CAMELLIA256-SHA": False, "DES-CBC3-SHA": False})SPDY ==
if not conf_mode in policy(see also http://en.wikipedia.keys()org/wiki/SPDY and http: print "Invalid policy name, must be one of %s" % policy//www.keys() syschromium.exit(1org/spdy/spdy-protocol)
# Create the Ciphersuite Policyparams = {'LoadBalancerName': load_balancer_name, 'PolicyName': policy[conf_mode]['name']SPDY is a protocol that incorporate TLS, 'PolicyTypeName': 'SSLNegotiationPolicyType'}conn_elbwhich attempts to reduce latency when loading pages.build_complex_list_params( params, [It is currently not an HTTP standard (x, policy[conf_mode]['ciphersuite'][x]) albeit it is being drafted for x in policy[conf_mode]['ciphersuite']HTTP 2.keys(0)],but is widely supported. 'PolicyAttributes.member', SPDY version 3 is vulnerable to the CRIME attack ('AttributeName', 'AttributeValue'see also http://zoompf.com/2012/09/explaining-the-crime-weakness-in-spdy-and-ssl))policy_result = conn_elb- this is due to the use of compression. Clients currently implement a non-standard hack in with gzip in order to circumvent the vulnerability. SPDY version 4 is planned to include a proper fix.get_list('CreateLoadBalancerPolicy', params, None, verb='POST')
# Apply the Ciphersuite Policy to your ELBparams = {'LoadBalancerName': load_balancer_name, 'LoadBalancerPort': 443, 'PolicyNames.member.1': policy[conf_mode]['name']}= TLS tickets (RFC 5077) ==
result = conn_elbOnce a TLS handshake has been negociated between the server and the client, both may exchange a session ticket, which contains an AES-CBC 128bit key which can decrypt the session.get_listThis key is generally static and only regenerated when the web server is restarted ('SetLoadBalancerPoliciesOfListener'with recent versions of Apache, params, None)print "New Policy it'%s' created stored in a file and applied to load balancer %s in %s" % ( policy[conf_mode]['name'], load_balancer_name, regionalso kept upon restarts)</source>.
= Appendices === Supported ciphers on various systems ==The current work-around is to disable RFC 5077 support.
On a variety of ~900 systems (RHEL5 & 6more: https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf == Cipher names correspondence table ==IANA, CentOS 5 & 6 OpenSSL and Ubuntu), GnuTLS use different naming for the following versions of OpenSSL were found:same ciphers. The table below matches these ciphers as well as their corresponding compatibility level.{| class="wikitablesortable"|-! scope="col" | Hex! scope="col" | Priority! scope="col" | IANA! scope="col" | GnuTLS! scope="col" | NSS! scope="col" | OpenSSL
|-
! scope=row | 37 0xC0,0x2F|style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 1| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | OpenSSL 0.9.8eTLS_ECDHE_RSA_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | ECDHE-RSA-AES128-GCM-SHA256|-! scope=row | 0xC0,0x2B| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 2| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | ECDHE-ECDSA-AES128-GCM-SHA256|-! scope=row | 0xC0,0x30| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 3| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_AES_256_GCM_SHA384| style="background-color: #9EDB58; font-weight: bold;" | | style="background-color: #9EDB58; font-weight: bold;" | ECDHE-RSA-AES256-GCM-SHA384|-! scope=row | 0xC0,0x2C| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 4| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_AES_256_GCM_SHA384| style="background-color: #9EDB58; font-weight: bold;" | | style="background-color: #9EDB58; font-weight: bold;" | ECDHE-ECDSA-AES256-fipsGCM-rhel5 01 Jul 2008SHA384
|-
! scope=row | 35 0x00,0x9E|style="background-color: #9EDB58; font-weight: bold; text-align: center;" | OpenSSL 0.9.8k 25 Mar 20095| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | DHE-RSA-AES128-GCM-SHA256
|-
! scope=row | 777 0x00,0xA2|style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 6| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_DSS_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | OpenSSL 1.0.0TLS_DHE_DSS_WITH_AES_128_GCM_SHA256| style="background-color: #9EDB58; font-weight: bold;" | DHE-DSS-AES128-GCM-fips 29 Mar 2010SHA256
|-
! scope=row | 0x00,0xA3| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 7| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384| 18 style="background-color: #9EDB58; font-weight: bold;" |TLS_DHE_DSS_AES_256_GCM_SHA384| style="background-color: #9EDB58; font-weight: bold;" | OpenSSL 1.0.1 14 Mar 2012|}style="background-color: #9EDB58; font-weight: bold;" | DHE-DSS-AES256-GCM-SHA384|-The recommended ciphersuite was tested on each system. The list below shows the ciphersuites supported by all tested systems. However old your setup may be! scope=row | 0x00, it is safe to assume that the following ciphers are going to be available0x9F| style="background-color:#9EDB58; font-weight: bold; text-align: center;" | 8* RC4| style="background-color: #9EDB58; font-SHAweight: bold;" | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384* DHE| style="background-color: #9EDB58; font-RSAweight: bold;" | TLS_DHE_RSA_AES_256_GCM_SHA384| style="background-AES128color: #9EDB58; font-SHAweight: bold;" | * | style="background-color: #9EDB58; font-weight: bold;" | DHE-RSA-AES256-SHAGCM-SHA384|-! scope=row | 0xC0,0x27| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 9| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_AES_128_CBC_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256* | style="background-color: #9EDB58; font-weight: bold;" | ECDHE-RSA-AES128-SHASHA256|-! scope=row | 0xC0,0x23| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 10| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_AES_128_CBC_SHA256* AES256| style="background-color: #9EDB58; font-SHAweight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256* DHE| style="background-color: #9EDB58; font-weight: bold;" | ECDHE-DSSECDSA-AES128-SHASHA256|-! scope=row | 0xC0,0x13| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 11| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_AES_128_CBC_SHA1| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA* DHE| style="background-color: #9EDB58; font-weight: bold;" | ECDHE-DSSRSA-AES256AES128-SHA|-! scope=row | 0xC0,0x09| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 12| style= Attacks on SSL and TLS "background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_AES_128_CBC_SHA1| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | ECDHE-ECDSA-AES128-SHA|-! scope=row | 0xC0,0x28| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 13| style= BEAST CVE"background-2011color: #9EDB58; font-3389 weight: bold;" | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_AES_256_CBC_SHA384| style="background-color: #9EDB58; font-weight: bold;" | | style="background-color: #9EDB58; font-weight: bold;" | ECDHE-RSA-AES256-SHA384|-Beast is a vulnerability in the Initialization Vector (IV) of the CBC mode of AES! scope=row | 0xC0, Camellia and a few other ciphers that use CBC mode. The attack allows a MITM attacker to recover plaintext values by encrypting the same message multiple times.0x24| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 14BEAST is mitigated in TLS1.1 and above.| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_AES_256_CBC_SHA384more| style="background-color: https#9EDB58; font-weight://blog.torproject.org/blog/torbold;" | | style="background-andcolor: #9EDB58; font-beastweight: bold;" | ECDHE-sslECDSA-AES256-attackSHA384|-! scope=row | 0xC0,0x14| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 15| style= LUCKY13 "background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_AES_256_CBC_SHA1| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | ECDHE-RSA-AES256-SHA|-Lucky13 is another attack on CBC mode that listen for padding checks to decrypt ciphertext.! scope=row | 0xC0,0x0A| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 16more| style="background-color: https#9EDB58; font-weight://www.imperialviolet.org/2013/02/04/luckythirteen.htmlbold;" | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_AES_256_CBC_SHA1| style="background-color: #9EDB58; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | ECDHE-ECDSA-AES256-SHA|-! scope= RC4 weaknesses row | 0x00,0x67| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 17| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_AES_128_CBC_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256As of February 2015, the IETF explicitely prohibits the use of RC4| style="background-color: [[http#9EDB58; font-weight://www.ietf.org/rfc/rfc7465.txt RFC 7465]].bold;" | DHE-RSA-AES128-SHA256|-It has been proven that RC4 biases in the first 256 bytes of a cipherstream can be used to recover encrypted text. If the same data is encrypted a very large number of times! scope=row | 0x00, then an attacker can apply statistical analysis to the results and recover the encrypted 0x33| style="background-color: #9EDB58; font-weight: bold; text. While hard to perform-align: center;" | 18| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_128_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_AES_128_CBC_SHA1| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_128_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | DHE-RSA-AES128-SHA|-! scope=row | 0x00, this attack shows that it is time to remove RC4 from the list of trusted ciphers.0x40| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 19In a public discussion ([[https| style="background-color://bugzilla.mozilla.org/show_bug.cgi?id#9EDB58; font-weight: bold;" | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256| style=927045 bug 927045]]), it has been recommended to replace RC4 with 3DES. This would impact Internet Explorer 7 and 8 users that, depending on the OS, do not support AES, and will negotiate only RC4 or 3DES ciphers. Internet Explorer uses the cryptographic library “schannel”, which is OS dependent. schannel supports AES in Windows Vista, but not in Windows XP."background-color: #9EDB58; font-weight: bold;" | TLS_DHE_DSS_AES_128_CBC_SHA256 | style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256While 3DES provides more resistant cryptography, it is also 30 times slower and more cpu intensive than RC4. For large web infrastructure, the CPU cost of replacing 3DES with RC4 is non| style="background-color: #9EDB58; font-weight: bold;" | DHE-DSS-zero. For this reason, we recommend that administrators evaluate their traffic patterns, and make the decision of replacing RC4 with 3DES on a perAES128-case basis. At Mozilla, we evaluated that the impact on CPU usage is minor, and thus decided to replace RC4 with 3DES where backward compatibility is required.SHA256|-! scope=row | 0x00,0x6B| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 20| style= CRIME CVE"background-2012color: #9EDB58; font-4929 weight: bold;" | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_AES_256_CBC_SHA256| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256| style="background-color: #9EDB58; font-weight: bold;" | DHE-RSA-AES256-SHA256|-The root cause of the problem is information leakage that occurs when data is compressed prior to encryption. If someone can repeatedly inject and mix arbitrary content with some sensitive and relatively predictable data, and observe the resulting encrypted stream! scope=row | 0x00, then he will be able to extract the unknown data from it.0x38| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 21more| style="background-color: https#9EDB58; font-weight://community.qualys.com/blogs/securitylabs/2012/09/14/crimebold;" | TLS_DHE_DSS_WITH_AES_256_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_DSS_AES_256_CBC_SHA1| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_DSS_WITH_AES_256_CBC_SHA| style="background-informationcolor: #9EDB58; font-leakageweight: bold;" | DHE-attackDSS-againstAES256-ssltlsSHA|-! scope=row | 0x00,0x39| style="background-color: #9EDB58; font-weight: bold; text-align: center;" | 22| style= BREACH "background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_256_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_AES_256_CBC_SHA1| style="background-color: #9EDB58; font-weight: bold;" | TLS_DHE_RSA_WITH_AES_256_CBC_SHA| style="background-color: #9EDB58; font-weight: bold;" | DHE-RSA-AES256-SHA|-This is a more complex attack than CRIME! scope=row | 0xC0, which does not require TLS0x12| style="background-color: #DBC158; font-level compression (it still needs HTTPweight: bold; text-level compression).align: center;" | 23| style="background-color: #DBC158; font-weight: bold;" | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHAIn order to be successful, it requires to| style="background-color: #DBC158; font-weight:bold;" | TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA| style="background-color: # Be served from a server that uses HTTPDBC158; font-weight: bold;" | ECDHE-RSA-DES-CBC3-SHA|-level compression! scope=row | 0xC0,0x08| style="background-color: # Reflect userDBC158; font-weight: bold; text-input in HTTP response bodiesalign: center;" | 24| style="background-color: # Reflect a secret (such as a CSRF token) in HTTP response bodiesDBC158; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHAmore| style="background-color: http#DBC158; font-weight://breachattack.com/bold;" | ECDHE-ECDSA-DES-CBC3-SHA|-! scope=row | 0x00,0x9C| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 25| style= POODLE [http"background-color://web.nvd.nist.gov/view/vuln/detail?vulnId#DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_128_GCM_SHA256| style=CVE"background-2014color: #DBC158; font-3566 CVEweight: bold;" | TLS_RSA_AES_128_GCM_SHA256| style="background-2014color: #DBC158; font-3566] weight: bold;" | TLS_RSA_WITH_AES_128_GCM_SHA256| style="background-color: #DBC158; font-weight: bold;" | AES128-GCM-SHA256|-! scope=row | 0x00,0x9D| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 26| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_256_GCM_SHA384POODLE is an attack on the padding used by SSLv3. It is a significant improvement of the BEAST attack which led the cryptography community to recommend disabling SSLv3 globally.| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_AES_256_GCM_SHA384| style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | AES256-GCM-SHA384<blockquote>|-''If you can arrange the message to be the correct length then the last block is 15 arbitrary bytes and the padding length (15). Then you arrange an interesting byte to be in the last position of a different block and duplicate that block to the end. If the record is accepted! scope=row | 0x00, then you know what the last byte contained because it decrypted to 15.''0x3C''Thus the attacker needs to be able to control some of the plaintext in order to | style="background-color: #DBC158; font-weight: bold; text-align things in the messages and needs to be able to burn lots of connections (256 per byte, roughly). Thus a secret needs to be repeated in connection after connection (i.e. a cookie).'': center;" | 27| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_128_CBC_SHA256source| style="background-color: Adam Langley in https#DBC158; font-weight://bugzilla.mozilla.org/show_bug.cgi?idbold;" | TLS_RSA_AES_128_CBC_SHA256| style=1076983"background-color: #c29DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_128_CBC_SHA256</blockquote>| style="background-color: #DBC158; font-weight: bold;" | AES128-SHA256|-Daniel Stenberg (Mozilla! scope=row | 0x00, cUrl) has a good description of the exploitability of POODLE in http0x3D| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 28| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_256_CBC_SHA256| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_AES_256_CBC_SHA256| style="background-color: #DBC158; font-weight://daniel.haxx.se/blog/2014/10/17/curlbold;" | TLS_RSA_WITH_AES_256_CBC_SHA256| style="background-iscolor: #DBC158; font-noweight: bold;" | AES256-poodle/SHA256|-Our guidelines maintain support for SSLv3 in the Old configuration only. This is required for clients on Windows XP service pack 1 & 2 that do not have support for TLSv1.0. Internet Explorer and Chrome on those platforms are impacted. Mozilla wants to be reachable from very old clients! scope=row | 0x00, to allow them to download a better browser. Therefore, we maintain SSLv3 compatibility on a limited number of sites. But all sites that do not need that level of compatibility are encouraged to implement the Intermediate configuration0x2F| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 29| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_AES_128_CBC_SHA1| style= Logjam attack on weak Diffie"background-Hellman color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | AES128-SHA|-! scope=row | 0x00,0x35| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 30| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_256_CBC_SHAThe Logjam attack describes methods of attacking TLS servers supporting DHE export ciphers, and with weak (<| style= 1024 bit) Diffie Hellman groups. Modern TLS must use DH parameters of 2048 bits and above, or only use ECDHE. The modern configuration in this guide provide configurations that are not impacted by this issue. The intermediate and old configurations are impacted, and administrators are encourage to use DH parameters of 2048 bits wherever possible."background-color: #DBC158; font-weight: bold;" | TLS_RSA_AES_256_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_AES_256_CBC_SHAmore| style="background-color: https#DBC158; font-weight://weakdh.orgbold;" | AES256-SHA|-! scope=row | 0xC0,0x22| style= SPDY "background-color: #DBC158; font-weight: bold; text-align: center;" | 31| style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_DSS_AES_256_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | (see also http| style="background-color://en.wikipedia.org/wiki/SPDY and http#DBC158; font-weight://www.chromium.org/spdy/spdybold;" | SRP-DSS-AES-protocol)256-CBC-SHA|-SPDY is a protocol that incorporate TLS! scope=row | 0xC0, which attempts to reduce latency when loading pages. It is currently not an HTTP standard (albeit it is being drafted for HTTP 2.0), but is widely supported.0x21| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 32| style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHASPDY version 3 is vulnerable to the CRIME attack (see also http| style="background-color://zoompf.com/2012/09/explaining#DBC158; font-theweight: bold;" | TLS_SRP_SHA_RSA_AES_256_CBC_SHA1| style="background-color: #DBC158; font-crimeweight: bold;" | | style="background-weaknesscolor: #DBC158; font-inweight: bold;" | SRP-spdyRSA-andAES-ssl) 256- this is due to the use of compression. Clients currently implement a nonCBC-standard hack in with gzip in order to circumvent the vulnerability. SPDY version 4 is planned to include a proper fix.SHA|-! scope=row | 0xC0,0x20| style= TLS tickets (RFC 5077) "background-color: #DBC158; font-weight: bold; text-align: center;" | 33| style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_WITH_AES_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_AES_256_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | Once a TLS handshake has been negociated between the server and the client, both may exchange a session ticket, which contains an | style="background-color: #DBC158; font-weight: bold;" | SRP-AES-256-CBC 128bit key which can decrypt the session. This key is generally static and only regenerated when the web server is restarted (with recent versions of Apache-SHA|-! scope=row | 0x00, it's stored in a file and also kept upon restarts).0xA5| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 34The current work| style="background-color: #DBC158; font-around is to disable RFC 5077 support.weight: bold;" | TLS_DH_DSS_WITH_AES_256_GCM_SHA384| style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | more| style="background-color: https#DBC158; font-weight://media.blackhat.com/usbold;" | DH-13/USDSS-AES256-GCM-SHA384|-! scope=row | 0x00,0xA1| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 35| style="background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_AES_256_GCM_SHA384| style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | DH-13RSA-DaigniereAES256-TLSGCM-SecretsSHA384|-Slides.pdf! scope=row | 0x00,0x6A| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 36| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256| style= Cipher names correspondence table "background-color: #DBC158; font-weight: bold;" | TLS_DHE_DSS_AES_256_CBC_SHA256| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256| style="background-color: #DBC158; font-weight: bold;" | DHE-DSS-AES256-SHA256IANA|-! scope=row | 0x00, OpenSSL and GnuTLS use different naming for the same ciphers. The table below matches some of these ciphers0x69| style="background-color: #DBC158; font-weight:bold; text-align: center;" | 37{| classstyle=wikitable"background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_AES_256_CBC_SHA256| style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | DH-RSA-AES256-SHA256
|-
! scope=row | 0x00,0x68| style="colbackground-color: #DBC158; font-weight: bold; text-align: center;" | hex value38! scope| style="colbackground-color: #DBC158; font-weight: bold;" | IANATLS_DH_DSS_WITH_AES_256_CBC_SHA256! scope| style="colbackground-color: #DBC158; font-weight: bold;" | OpenSSL! scope| style="colbackground-color: #DBC158; font-weight: bold;" | GnuTLS! scope| style="colbackground-color: #DBC158; font-weight: bold;" | NSSDH-DSS-AES256-SHA256
|-
! scope=row | 0x00,0x37| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 39| style="background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_AES_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_AES_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DH-RSA-AES256-SHA|-! scope=row | 0x00,0x36| TLS_NULL_WITH_NULL_NULLstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 40| style="background-color: #DBC158; font-weight: bold;" | TLS_DH_DSS_WITH_AES_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | | SSL_NULL_WITH_NULL_NULLstyle="background-color: #DBC158; font-weight: bold;" | TLS_DH_DSS_WITH_AES_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DH-DSS-AES256-SHA|-! scope=row | 0xC0,0x1F| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 41| style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_DSS_AES_128_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | SRP-DSS-AES-128-CBC-SHA
|-
! scope=row | 0x000xC0,0x010x1E| TLS_RSA_WITH_NULL_MD5style="background-color: #DBC158; font-weight: bold; text-align: center;" | 42| NULLstyle="background-MD5color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_RSA_AES_128_CBC_SHA1| TLS_RSA_NULL_MD5style="background-color: #DBC158; font-weight: bold;" | | SSL_RSA_WITH_NULL_MD5style="background-color: #DBC158; font-weight: bold;" | SRP-RSA-AES-128-CBC-SHA
|-
! scope=row | 0x000xC0,0x020x1D| TLS_RSA_WITH_NULL_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 43| NULLstyle="background-SHAcolor: #DBC158; font-weight: bold;" | TLS_SRP_SHA_WITH_AES_128_CBC_SHA| TLS_RSA_NULL_SHA1style="background-color: #DBC158; font-weight: bold;" | TLS_SRP_SHA_AES_128_CBC_SHA1| SSL_RSA_WITH_NULL_SHAstyle="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | SRP-AES-128-CBC-SHA
|-
! scope=row | 0x00,0x030xA4| TLS_RSA_EXPORT_WITH_RC4_40_MD5style="background-color: #DBC158; font-weight: bold; text-align: center;" | 44| style="background-color: #DBC158; font-weight: bold;" | TLS_DH_DSS_WITH_AES_128_GCM_SHA256| EXPstyle="background-RC4color: #DBC158; font-MD5weight: bold;" | | TLS_RSA_EXPORT_ARCFOUR_40_MD5style="background-color: #DBC158; font-weight: bold;" | | SSL_RSA_EXPORT_WITH_RC4_40_MD5style="background-color: #DBC158; font-weight: bold;" | DH-DSS-AES128-GCM-SHA256
|-
! scope=row | 0x00,0x040xA0| TLS_RSA_WITH_RC4_128_MD5style="background-color: #DBC158; font-weight: bold; text-align: center;" | 45| RC4style="background-MD5color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_AES_128_GCM_SHA256| TLS_RSA_ARCFOUR_MD5style="background-color: #DBC158; font-weight: bold;" | | SSL_RSA_WITH_RC4_128_MD5style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | DH-RSA-AES128-GCM-SHA256
|-
! scope=row | 0x00,0x050x3F| TLS_RSA_WITH_RC4_128_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 46| style="background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_AES_128_CBC_SHA256| RC4style="background-color: #DBC158; font-SHAweight: bold;" | | TLS_RSA_ARCFOUR_SHA1style="background-color: #DBC158; font-weight: bold;" | | SSL_RSA_WITH_RC4_128_SHAstyle="background-color: #DBC158; font-weight: bold;" | DH-RSA-AES128-SHA256
|-
! scope=row | 0x00,0x060x3E| TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5style="background-color: #DBC158; font-weight: bold; text-align: center;" | 47| EXPstyle="background-RC2color: #DBC158; font-CBCweight: bold;" | TLS_DH_DSS_WITH_AES_128_CBC_SHA256| style="background-color: #DBC158; font-MD5weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | | SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5style="background-color: #DBC158; font-weight: bold;" | DH-DSS-AES128-SHA256
|-
! scope=row | 0x00,0x070x32| TLS_RSA_WITH_IDEA_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 48| IDEAstyle="background-CBCcolor: #DBC158; font-SHAweight: bold;" | TLS_DHE_DSS_WITH_AES_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_DSS_AES_128_CBC_SHA1| SSL_RSA_WITH_IDEA_CBC_SHAstyle="background-color: #DBC158; font-weight: bold;" | TLS_DHE_DSS_WITH_AES_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DHE-DSS-AES128-SHA
|-
! scope=row | 0x00,0x080x31| TLS_RSA_EXPORT_WITH_DES40_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 49| EXPstyle="background-color: #DBC158; font-DESweight: bold;" | TLS_DH_RSA_WITH_AES_128_CBC_SHA| style="background-CBCcolor: #DBC158; font-SHAweight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_AES_128_CBC_SHA| SSL_RSA_EXPORT_WITH_DES40_CBC_SHAstyle="background-color: #DBC158; font-weight: bold;" | DH-RSA-AES128-SHA
|-
! scope=row | 0x00,0x090x30| TLS_RSA_WITH_DES_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 50| DESstyle="background-CBCcolor: #DBC158; font-SHAweight: bold;" | TLS_DH_DSS_WITH_AES_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | | SSL_RSA_WITH_DES_CBC_SHAstyle="background-color: #DBC158; font-weight: bold;" | TLS_DH_DSS_WITH_AES_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DH-DSS-AES128-SHA
|-
! scope=row | 0x00,0x0A
| style="background-color: #DBC158; font-weight: bold; text-align: center;" | 51| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_3DES_EDE_CBC_SHA| DESstyle="background-CBC3color: #DBC158; font-SHAweight: bold;" | TLS_RSA_3DES_EDE_CBC_SHA1| TLS_RSA_3DES_EDE_CBC_SHA1style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_3DES_EDE_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" |
|-
! scope=row | 0x00,0x0B0x88| TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 52| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DHE-RSA-CAMELLIA256-SHA
|-
! scope=row | 0x00,0x0C0x87| TLS_DH_DSS_WITH_DES_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 53| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DHE-DSS-CAMELLIA256-SHA
|-
! scope=row | 0x00,0x0D0x86| TLS_DH_DSS_WITH_3DES_EDE_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 54| style="background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DH-RSA-CAMELLIA256-SHA
|-
! scope=row | 0x00,0x0E0x85| TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 55| style="background-color: #DBC158; font-weight: bold;" | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DH-DSS-CAMELLIA256-SHA
|-
! scope=row | 0x00,0x0F0x84| TLS_DH_RSA_WITH_DES_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 56| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_CAMELLIA_256_CBC_SHA1| style="background-color: #DBC158; font-weight: bold;" | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | CAMELLIA256-SHA
|-
! scope=row | 0x00,0x100x45| TLS_DH_RSA_WITH_3DES_EDE_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 57| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1| SSL_DH_RSA_WITH_3DES_EDE_CBC_SHAstyle="background-color: #DBC158; font-weight: bold;" | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | DHE-RSA-CAMELLIA128-SHA
|-
! scope=row | 0x00,0x110x44| TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 58| EXPstyle="background-EDHcolor: #DBC158; font-DSSweight: bold;" | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA| style="background-color: #DBC158; font-DESweight: bold;" | TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1| style="background-CBCcolor: #DBC158; font-SHAweight: bold;" | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHADHE-DSS-CAMELLIA128-SHA
|-
! scope=row | 0x00,0x120x43| TLS_DHE_DSS_WITH_DES_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 59| EDHstyle="background-DSScolor: #DBC158; font-DESweight: bold;" | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA| style="background-CBCcolor: #DBC158; font-SHAweight: bold;" | | style="background-color: #DBC158; font-weight: bold;" | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA| SSL_DHE_DSS_WITH_DES_CBC_SHAstyle="background-color: #DBC158; font-weight: bold;" | DH-RSA-CAMELLIA128-SHA
|-
! scope=row | 0x00,0x130x42| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 60| EDHstyle="background-DSScolor: #DBC158; font-DESweight: bold;" | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA| style="background-CBC3color: #DBC158; font-SHAweight: bold;" | | TLS_DHE_DSS_3DES_EDE_CBC_SHA1style="background-color: #DBC158; font-weight: bold;" | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA| SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHAstyle="background-color: #DBC158; font-weight: bold;" | DH-DSS-CAMELLIA128-SHA
|-
! scope=row | 0x00,0x140x41| TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHAstyle="background-color: #DBC158; font-weight: bold; text-align: center;" | 61| EXPstyle="background-EDHcolor: #DBC158; font-RSAweight: bold;" | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA| style="background-color: #DBC158; font-DESweight: bold;" | TLS_RSA_CAMELLIA_128_CBC_SHA1| style="background-CBCcolor: #DBC158; font-SHAweight: bold;" | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA| style="background-color: #DBC158; font-weight: bold;" | SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHACAMELLIA128-SHA
|-
! scope=row | 0x000xC0,0x150x1C| TLS_DHE_RSA_WITH_DES_CBC_SHAstyle="background-color: #CCCCCC; font-weight: bold; text-align: center;" | 62| EDHstyle="background-RSAcolor: #CCCCCC; font-DESweight: bold;" | TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA| style="background-CBCcolor: #CCCCCC; font-SHAweight: bold;" | TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1| style="background-color: #CCCCCC; font-weight: bold;" | | SSL_DHE_RSA_WITH_DES_CBC_SHAstyle="background-color: #CCCCCC; font-weight: bold;" | SRP-DSS-3DES-EDE-CBC-SHA
|-
! scope=row | 0x000xC0,0x160x1B| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHAstyle="background-color: #CCCCCC; font-weight: bold; text-align: center;" | 63| EDHstyle="background-RSAcolor: #CCCCCC; font-DESweight: bold;" | TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA| style="background-CBC3color: #CCCCCC; font-SHAweight: bold;" | TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1| TLS_DHE_RSA_3DES_EDE_CBC_SHA1style="background-color: #CCCCCC; font-weight: bold;" | | SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHAstyle="background-color: #CCCCCC; font-weight: bold;" | SRP-RSA-3DES-EDE-CBC-SHA
|-
! scope=row | 0x000xC0,0x170x1A| TLS_DH_anon_EXPORT_WITH_RC4_40_MD5style="background-color: #CCCCCC; font-weight: bold; text-align: center;" | 64| EXPstyle="background-color: #CCCCCC; font-ADHweight: bold;" | TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA| style="background-RC4color: #CCCCCC; font-MD5weight: bold;" | TLS_SRP_SHA_3DES_EDE_CBC_SHA1| style="background-color: #CCCCCC; font-weight: bold;" | | SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5style="background-color: #CCCCCC; font-weight: bold;" | SRP-3DES-EDE-CBC-SHA
|-
! scope=row | 0x00,0x180x10| TLS_DH_anon_WITH_RC4_128_MD5style="background-color: #CCCCCC; font-weight: bold; text-align: center;" | 65| style="background-color: #CCCCCC; font-weight: bold;" | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA| ADHstyle="background-RC4color: #CCCCCC; font-MD5weight: bold;" | | TLS_DH_ANON_ARCFOUR_MD5style="background-color: #CCCCCC; font-weight: bold;" | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA| SSL_DH_ANON_WITH_RC4_128_MD5style="background-color: #CCCCCC; font-weight: bold;" |
|-
! scope=row | 0x00,0x190x0D| TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHAstyle="background-color: #CCCCCC; font-weight: bold; text-align: center;" | 66| EXPstyle="background-ADHcolor: #CCCCCC; font-DESweight: bold;" | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA| style="background-CBCcolor: #CCCCCC; font-SHAweight: bold;" | | style="background-color: #CCCCCC; font-weight: bold;" | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA| SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHAstyle="background-color: #CCCCCC; font-weight: bold;" |
|-
! scope=row | 0x00,0x1A0x00| TLS_DH_anon_WITH_DES_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | ADHstyle="background-DEScolor: white;" | TLS_NULL_WITH_NULL_NULL| style="background-CBCcolor: white;" | | style="background-SHAcolor: white;" | TLS_NULL_WITH_NULL_NULL| style="background-color: white;" |
|-
! scope=row | 0x00,0x1B0x01| TLS_DH_anon_WITH_3DES_EDE_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | ADHstyle="background-DEScolor: white;" | TLS_RSA_WITH_NULL_MD5| style="background-CBC3color: white;" | TLS_RSA_NULL_MD5| style="background-SHAcolor: white;" | TLS_RSA_WITH_NULL_MD5| TLS_DH_ANON_3DES_EDE_CBC_SHA1style="background-color: white;" |
|-
! scope=row | 0x00,0x1E0x02| TLS_KRB5_WITH_DES_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | KRB5style="background-DEScolor: white;" | TLS_RSA_WITH_NULL_SHA| style="background-CBCcolor: white;" | TLS_RSA_NULL_SHA1| style="background-SHAcolor: white;" | TLS_RSA_WITH_NULL_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x1F0x03| TLS_KRB5_WITH_3DES_EDE_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | KRB5style="background-DEScolor: white;" | TLS_RSA_EXPORT_WITH_RC4_40_MD5| style="background-CBC3color: white;" | | style="background-SHAcolor: white;" | TLS_RSA_EXPORT_WITH_RC4_40_MD5| style="background-color: white;" |
|-
! scope=row | 0x00,0x200x04| TLS_KRB5_WITH_RC4_128_SHAstyle="background-color: white;" data-sort-value="1000" | | KRB5style="background-RC4color: white;" | TLS_RSA_WITH_RC4_128_MD5| style="background-SHAcolor: white;" | TLS_RSA_ARCFOUR_128_MD5| style="background-color: white;" | TLS_RSA_WITH_RC4_128_MD5| style="background-color: white;" |
|-
! scope=row | 0x00,0x210x05| TLS_KRB5_WITH_IDEA_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | KRB5style="background-IDEAcolor: white;" | TLS_RSA_WITH_RC4_128_SHA| style="background-CBCcolor: white;" | TLS_RSA_ARCFOUR_128_SHA1| style="background-SHAcolor: white;" | TLS_RSA_WITH_RC4_128_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x220x06| TLS_KRB5_WITH_DES_CBC_MD5style="background-color: white;" data-sort-value="1000" | | KRB5style="background-DEScolor: white;" | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5| style="background-CBCcolor: white;" | | style="background-MD5color: white;" | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5| style="background-color: white;" |
|-
! scope=row | 0x00,0x230x07| TLS_KRB5_WITH_3DES_EDE_CBC_MD5style="background-color: white;" data-sort-value="1000" | | KRB5style="background-DEScolor: white;" | TLS_RSA_WITH_IDEA_CBC_SHA| style="background-CBC3color: white;" | | style="background-MD5color: white;" | TLS_RSA_WITH_IDEA_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x240x08| TLS_KRB5_WITH_RC4_128_MD5style="background-color: white;" data-sort-value="1000" | | KRB5style="background-RC4color: white;" | TLS_RSA_EXPORT_WITH_DES40_CBC_SHA| style="background-MD5color: white;" | | style="background-color: white;" | TLS_RSA_EXPORT_WITH_DES40_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x250x09| TLS_KRB5_WITH_IDEA_CBC_MD5style="background-color: white;" data-sort-value="1000" | | KRB5style="background-IDEAcolor: white;" | TLS_RSA_WITH_DES_CBC_SHA| style="background-CBCcolor: white;" | | style="background-MD5color: white;" | TLS_RSA_WITH_DES_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x260x0B| TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHAstyle="background-color: white;" data-sort-value="1000" | | EXPstyle="background-KRB5color: white;" | TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA| style="background-DEScolor: white;" | | style="background-CBC-SHAcolor: white;" | TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x270x0C| TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHAstyle="background-color: white;" data-sort-value="1000" | | EXPstyle="background-KRB5color: white;" | TLS_DH_DSS_WITH_DES_CBC_SHA| style="background-RC2color: white;" | | style="background-CBC-SHAcolor: white;" | TLS_DH_DSS_WITH_DES_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x280x0E| TLS_KRB5_EXPORT_WITH_RC4_40_SHAstyle="background-color: white;" data-sort-value="1000" | | EXPstyle="background-KRB5color: white;" | TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA| style="background-RC4color: white;" | | style="background-SHAcolor: white;" | TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x290x0F| TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5style="background-color: white;" data-sort-value="1000" | | EXPstyle="background-KRB5color: white;" | TLS_DH_RSA_WITH_DES_CBC_SHA| style="background-DEScolor: white;" | | style="background-CBC-MD5color: white;" | TLS_DH_RSA_WITH_DES_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x2A0x11| TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5style="background-color: white;" data-sort-value="1000" | | EXPstyle="background-KRB5color: white;" | TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA| style="background-RC2color: white;" | | style="background-CBC-MD5color: white;" | TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x2B0x12| TLS_KRB5_EXPORT_WITH_RC4_40_MD5style="background-color: white;" data-sort-value="1000" | | EXPstyle="background-KRB5color: white;" | TLS_DHE_DSS_WITH_DES_CBC_SHA| style="background-RC4color: white;" | | style="background-MD5color: white;" | TLS_DHE_DSS_WITH_DES_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x2C0x13| TLS_PSK_WITH_NULL_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | TLS_DHE_DSS_3DES_EDE_CBC_SHA1| style="background-color: white;" | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x2D0x14| TLS_DHE_PSK_WITH_NULL_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x2E0x15| TLS_RSA_PSK_WITH_NULL_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_DES_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_DHE_RSA_WITH_DES_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x2F0x16| TLS_RSA_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | AES128style="background-SHAcolor: white;" | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA| TLS_RSA_AES_128_CBC_SHA1style="background-color: white;" | TLS_DHE_RSA_3DES_EDE_CBC_SHA1| TLS_RSA_WITH_AES_128_CBC_SHAstyle="background-color: white;" | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" |
|-
! scope=row | 0x00,0x300x17| TLS_DH_DSS_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_EXPORT_WITH_RC4_40_MD5| style="background-color: white;" | | TLS_DH_DSS_WITH_AES_128_CBC_SHAstyle="background-color: white;" | TLS_DH_anon_EXPORT_WITH_RC4_40_MD5| style="background-color: white;" |
|-
! scope=row | 0x00,0x310x18| TLS_DH_RSA_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_RC4_128_MD5| style="background-color: white;" | TLS_DH_ANON_ARCFOUR_128_MD5| TLS_DH_RSA_WITH_AES_128_CBC_SHAstyle="background-color: white;" | TLS_DH_anon_WITH_RC4_128_MD5| style="background-color: white;" |
|-
! scope=row | 0x00,0x320x19| TLS_DHE_DSS_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | DHEstyle="background-DSScolor: white;" | TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA| style="background-AES128color: white;" | | style="background-SHAcolor: white;" | TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA| TLS_DHE_DSS_AES_128_CBC_SHA1style="background-color: white;" | TLS_DHE_DSS_WITH_AES_128_CBC_SHA
|-
! scope=row | 0x00,0x330x1A| TLS_DHE_RSA_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | DHEstyle="background-RSAcolor: white;" | TLS_DH_anon_WITH_DES_CBC_SHA| style="background-AES128color: white;" | | style="background-SHAcolor: white;" | TLS_DH_anon_WITH_DES_CBC_SHA| TLS_DHE_RSA_AES_128_CBC_SHA1style="background-color: white;" | TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|-
! scope=row | 0x00,0x340x1B| TLS_DH_anon_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | ADHstyle="background-AES128color: white;" | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA| style="background-SHAcolor: white;" | TLS_DH_ANON_3DES_EDE_CBC_SHA1| TLS_DH_ANON_AES_128_CBC_SHA1style="background-color: white;" | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA| TLS_DH_ANON_WITH_AES_128_CBC_SHAstyle="background-color: white;" |
|-
! scope=row | 0x00,0x350x1E| TLS_RSA_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | AES256style="background-SHAcolor: white;" | TLS_KRB5_WITH_DES_CBC_SHA| TLS_RSA_AES_256_CBC_SHA1style="background-color: white;" | | TLS_RSA_WITH_AES_256_CBC_SHAstyle="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x360x1F| TLS_DH_DSS_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_KRB5_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | | TLS_DH_DSS_WITH_AES_256_CBC_SHAstyle="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x370x20| TLS_DH_RSA_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_KRB5_WITH_RC4_128_SHA| style="background-color: white;" | | TLS_DH_RSA_WITH_AES_256_CBC_SHAstyle="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x380x21| TLS_DHE_DSS_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | DHEstyle="background-DSScolor: white;" | TLS_KRB5_WITH_IDEA_CBC_SHA| style="background-AES256color: white;" | | style="background-SHAcolor: white;" | | TLS_DHE_DSS_AES_256_CBC_SHA1style="background-color: white;" | TLS_DHE_DSS_WITH_AES_256_CBC_SHA
|-
! scope=row | 0x00,0x390x22| TLS_DHE_RSA_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | DHEstyle="background-RSAcolor: white;" | TLS_KRB5_WITH_DES_CBC_MD5| style="background-AES256color: white;" | | style="background-SHAcolor: white;" | | TLS_DHE_RSA_AES_256_CBC_SHA1style="background-color: white;" | TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|-
! scope=row | 0x00,0x3A0x23| TLS_DH_anon_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | ADHstyle="background-AES256color: white;" | TLS_KRB5_WITH_3DES_EDE_CBC_MD5| style="background-SHAcolor: white;" | | TLS_DH_ANON_AES_256_CBC_SHA1style="background-color: white;" | | TLS_DH_ANON_WITH_AES_256_CBC_SHAstyle="background-color: white;" |
|-
! scope=row | 0x00,0x3B0x24| TLS_RSA_WITH_NULL_SHA256style="background-color: white;" data-sort-value="1000" | | NULLstyle="background-SHA256color: white;" | TLS_KRB5_WITH_RC4_128_MD5| TLS_RSA_NULL_SHA256style="background-color: white;" | | TLS_RSA_WITH_NULL_SHA256style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x3C0x25| TLS_RSA_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | AES128style="background-SHA256color: white;" | TLS_KRB5_WITH_IDEA_CBC_MD5| TLS_RSA_AES_128_CBC_SHA256style="background-color: white;" | | TLS_RSA_WITH_AES_128_CBC_SHA256style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x3D0x26| TLS_RSA_WITH_AES_256_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | AES256style="background-SHA256color: white;" | TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA| TLS_RSA_AES_256_CBC_SHA256style="background-color: white;" | | TLS_RSA_WITH_AES_256_CBC_SHA256style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x3E0x27| TLS_DH_DSS_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x3F0x28| TLS_DH_RSA_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_KRB5_EXPORT_WITH_RC4_40_SHA| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x400x29| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256| DHEstyle="background-DSScolor: white;" data-AES128sort-SHA256value="1000" | DES| style="background-CBCcolor: white;" | TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5| style="background-MD5color: white;" | | TLS_DHE_DSS_AES_128_CBC_SHA256style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x410x2A| TLS_RSA_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | CAMELLIA128style="background-SHAcolor: white;" | TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5| TLS_RSA_CAMELLIA_128_CBC_SHA1style="background-color: white;" | | TLS_RSA_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x420x2B| TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_KRB5_EXPORT_WITH_RC4_40_MD5| style="background-color: white;" | | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0x00,0x430x2C| TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_NULL_SHA| style="background-color: white;" | TLS_PSK_NULL_SHA1| TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" | | style="background-color: white;" | PSK-NULL-SHA
|-
! scope=row | 0x00,0x440x2D| TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | DHEstyle="background-DSScolor: white;" | TLS_DHE_PSK_WITH_NULL_SHA| style="background-CAMELLIA128color: white;" | TLS_DHE_PSK_NULL_SHA1| style="background-SHAcolor: white;" | | TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1style="background-color: white;" | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHADHE-PSK-NULL-SHA
|-
! scope=row | 0x00,0x450x2E| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | DHEstyle="background-RSAcolor: white;" | TLS_RSA_PSK_WITH_NULL_SHA| style="background-CAMELLIA128color: white;" | TLS_RSA_PSK_NULL_SHA1| style="background-SHAcolor: white;" | | TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1style="background-color: white;" | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHARSA-PSK-NULL-SHA
|-
! scope=row | 0x00,0x460x34| TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | ADHstyle="background-CAMELLIA128color: white;" | TLS_DH_anon_WITH_AES_128_CBC_SHA| style="background-SHAcolor: white;" | TLS_DH_ANON_AES_128_CBC_SHA1| TLS_DH_ANON_CAMELLIA_128_CBC_SHA1style="background-color: white;" | TLS_DH_anon_WITH_AES_128_CBC_SHA| TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHAstyle="background-color: white;" | ADH-AES128-SHA
|-
! scope=row | 0x00,0x670x3A| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | DHEstyle="background-RSAcolor: white;" | TLS_DH_anon_WITH_AES_256_CBC_SHA| style="background-AES128color: white;" | TLS_DH_ANON_AES_256_CBC_SHA1| style="background-SHA256color: white;" | TLS_DH_anon_WITH_AES_256_CBC_SHA| TLS_DHE_RSA_AES_128_CBC_SHA256style="background-color: white;" | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256ADH-AES256-SHA
|-
! scope=row | 0x00,0x680x3B| TLS_DH_DSS_WITH_AES_256_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_NULL_SHA256| style="background-color: white;" | TLS_RSA_NULL_SHA256| style="background-color: white;" | TLS_RSA_WITH_NULL_SHA256| style="background-color: white;" | NULL-SHA256
|-
! scope=row | 0x00,0x690x46| TLS_DH_RSA_WITH_AES_256_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA|style="background-! scope=row color: white;" | 0x00,0x6ATLS_DH_ANON_CAMELLIA_128_CBC_SHA1| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256| DHE-DSS-AES256style="background-SHA256| TLS_DHE_DSS_AES_256_CBC_SHA256color: white;" | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA|style="background-! scope=row | 0x00,0x6B| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256color: white;" | DHE-RSAADH-AES256CAMELLIA128-SHA256| TLS_DHE_RSA_AES_256_CBC_SHA256| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256SHA
|-
! scope=row | 0x00,0x6C
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_AES_128_CBC_SHA256| style="background-color: white;" | TLS_DH_ANON_AES_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | ADH-AES128-SHA256| TLS_DH_ANON_AES_128_CBC_SHA256|
|-
! scope=row | 0x00,0x6D
| TLS_DH_anon_WITH_AES_256_CBC_SHA256| ADHstyle="background-AES256color: white;" data-SHA256| TLS_DH_ANON_AES_256_CBC_SHA256| |sort-! scopevalue=row "1000" | 0x00,0x84| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA| CAMELLIA256style="background-SHAcolor: white;" | TLS_RSA_CAMELLIA_256_CBC_SHA1TLS_DH_anon_WITH_AES_256_CBC_SHA256| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA|-! scopestyle=row | 0x00,0x85| TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA| | | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA|"background-! scope=row color: white;" | 0x00,0x86| TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA| | | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHATLS_DH_ANON_AES_256_CBC_SHA256|-! scopestyle=row | 0x00,0x87| TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA| DHE-DSS-CAMELLIA256"background-SHAcolor: white;" | TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1| TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA|style="background-! scope=row color: white;" | 0x00,0x88| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA| DHEADH-RSAAES256-CAMELLIA256-SHA| TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHASHA256
|-
! scope=row | 0x00,0x89
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA| style="background-color: white;" | TLS_DH_ANON_CAMELLIA_256_CBC_SHA1| style="background-color: white;" | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA| style="background-color: white;" | ADH-CAMELLIA256-SHA| TLS_DH_ANON_CAMELLIA_256_CBC_SHA1| TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
|-
! scope=row | 0x00,0x8A
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_RC4_128_SHA| style="background-color: white;" | TLS_PSK_ARCFOUR_128_SHA1| style="background-color: white;" | | style="background-color: white;" | PSK-RC4-SHA| TLS_PSK_SHA_ARCFOUR_SHA1|
|-
! scope=row | 0x00,0x8B
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | TLS_PSK_3DES_EDE_CBC_SHA1| style="background-color: white;" | | style="background-color: white;" | PSK-3DES-EDE-CBC-SHA| TLS_PSK_SHA_3DES_EDE_CBC_SHA1|
|-
! scope=row | 0x00,0x8C
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_AES_128_CBC_SHA| style="background-color: white;" | TLS_PSK_AES_128_CBC_SHA1| style="background-color: white;" | | style="background-color: white;" | PSK-AES128-CBC-SHA| TLS_PSK_SHA_AES_128_CBC_SHA1|
|-
! scope=row | 0x00,0x8D
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_AES_256_CBC_SHA| style="background-color: white;" | TLS_PSK_AES_256_CBC_SHA1| style="background-color: white;" | | style="background-color: white;" | PSK-AES256-CBC-SHA| TLS_PSK_SHA_AES_256_CBC_SHA1|
|-
! scope=row | 0x00,0x8E
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_RC4_128_SHA| style="background-color: white;" | TLS_DHE_PSK_ARCFOUR_128_SHA1| TLS_DHE_PSK_SHA_ARCFOUR_SHA1style="background-color: white;" | | style="background-color: white;" | DHE-PSK-RC4-SHA
|-
! scope=row | 0x00,0x8F
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | TLS_DHE_PSK_3DES_EDE_CBC_SHA1| TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1style="background-color: white;" | | style="background-color: white;" | DHE-PSK-3DES-EDE-CBC-SHA
|-
! scope=row | 0x00,0x90
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_AES_128_CBC_SHA| style="background-color: white;" | TLS_DHE_PSK_AES_128_CBC_SHA1| TLS_DHE_PSK_SHA_AES_128_CBC_SHA1style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES128-CBC-SHA
|-
! scope=row | 0x00,0x91
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_AES_256_CBC_SHA| style="background-color: white;" | TLS_DHE_PSK_AES_256_CBC_SHA1| TLS_DHE_PSK_SHA_AES_256_CBC_SHA1style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES256-CBC-SHA
|-
! scope=row | 0x00,0x92
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_RC4_128_SHA| style="background-color: white;" | TLS_RSA_PSK_ARCFOUR_128_SHA1| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-RC4-SHA
|-
! scope=row | 0x00,0x93
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | TLS_RSA_PSK_3DES_EDE_CBC_SHA1| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-3DES-EDE-CBC-SHA
|-
! scope=row | 0x00,0x94
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_AES_128_CBC_SHA| style="background-color: white;" | TLS_RSA_PSK_AES_128_CBC_SHA1| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-AES128-CBC-SHA
|-
! scope=row | 0x00,0x95
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_AES_256_CBC_SHA| style="background-color: white;" | TLS_RSA_PSK_AES_256_CBC_SHA1| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-AES256-CBC-SHA
|-
! scope=row | 0x00,0x96
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_SEED_CBC_SHA| SEEDstyle="background-SHAcolor: white;" | | style="background-color: white;" | TLS_RSA_WITH_SEED_CBC_SHA| TLS_RSA_WITH_SEED_CBC_SHAstyle="background-color: white;" | SEED-SHA
|-
! scope=row | 0x00,0x97
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_DSS_WITH_SEED_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | DH-DSS-SEED-SHA
|-
! scope=row | 0x00,0x98
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_RSA_WITH_SEED_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | DH-RSA-SEED-SHA
|-
! scope=row | 0x00,0x99
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_DSS_WITH_SEED_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | DHE-DSS-SEED-SHA| |
|-
! scope=row | 0x00,0x9A
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_SEED_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | DHE-RSA-SEED-SHA| |
|-
! scope=row | 0x00,0x9B
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_SEED_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ADH-SEED-SHA| |
|-
! scope=row | 0x00,0x9C0xA6| TLS_RSA_WITH_AES_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | AES128style="background-GCMcolor: white;" | TLS_DH_anon_WITH_AES_128_GCM_SHA256| style="background-SHA256color: white;" | TLS_DH_ANON_AES_128_GCM_SHA256| TLS_RSA_AES_128_GCM_SHA256style="background-color: white;" | | TLS_RSA_WITH_AES_128_GCM_SHA256style="background-color: white;" | ADH-AES128-GCM-SHA256
|-
! scope=row | 0x00,0x9D0xA7| TLS_RSA_WITH_AES_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | AES256style="background-GCMcolor: white;" | TLS_DH_anon_WITH_AES_256_GCM_SHA384| style="background-SHA384color: white;" | TLS_DH_ANON_AES_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | ADH-AES256-GCM-SHA384
|-
! scope=row | 0x00,0x9E0xA8| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | DHEstyle="background-RSAcolor: white;" | TLS_PSK_WITH_AES_128_GCM_SHA256| style="background-color: white;" | TLS_PSK_AES_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | PSK-AES128-GCM-SHA256| TLS_DHE_RSA_AES_128_GCM_SHA256| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|-
! scope=row | 0x00,0x9F0xA9| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | DHEstyle="background-RSAcolor: white;" | TLS_PSK_WITH_AES_256_GCM_SHA384| style="background-color: white;" | TLS_PSK_AES_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | PSK-AES256-GCM-SHA384| |
|-
! scope=row | 0x00,0xA00xAA| TLS_DH_RSA_WITH_AES_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256| style="background-color: white;" | TLS_DHE_PSK_AES_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES128-GCM-SHA256
|-
! scope=row | 0x00,0xA10xAB| TLS_DH_RSA_WITH_AES_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384| style="background-color: white;" | TLS_DHE_PSK_AES_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES256-GCM-SHA384
|-
! scope=row | 0x00,0xA20xAC| TLS_DHE_DSS_WITH_AES_128_GCM_SHA256| DHE-DSSstyle="background-AES128color: white;" data-GCMsort-SHA256value="1000" | TLS_DHE_DSS_AES_128_GCM_SHA256| TLS_DHE_DSS_WITH_AES_128_GCM_SHA256|-! scopestyle=row | 0x00,0xA3| TLS_DHE_DSS_WITH_AES_256_GCM_SHA384| DHE-DSS"background-AES256-GCM-SHA384color: white;" | TLS_RSA_PSK_WITH_AES_128_GCM_SHA256| |-! scopestyle=row | 0x00,0xA4| TLS_DH_DSS_WITH_AES_128_GCM_SHA256| | | |"background-! scope=row | 0x00,0xA5color: white;" | TLS_DH_DSS_WITH_AES_256_GCM_SHA384TLS_RSA_PSK_AES_128_GCM_SHA256| | | |-! scopestyle=row | 0x00,0xA6| TLS_DH_anon_WITH_AES_128_GCM_SHA256| ADH"background-AES128-GCM-SHA256| TLS_DH_ANON_AES_128_GCM_SHA256color: white;" | |-! scopestyle=row | 0x00,0xA7| TLS_DH_anon_WITH_AES_256_GCM_SHA384| ADH-AES256-GCM"background-SHA384| | color: white;" |RSA-! scope=row | 0x00,0xA8| TLS_PSK_WITH_AES_128_GCM_SHA256| | TLS_PSK_AES_128_GCM_SHA256| |PSK-! scope=row | 0x00,0xA9| TLS_PSK_WITH_AES_256_GCM_SHA384| | TLS_PSK_WITH_AES_256_GCM_SHA384| |AES128-! scope=row | 0x00,0xAA| TLS_DHE_PSK_WITH_AES_128_GCM_SHA256| | TLS_DHE_PSK_AES_128_GCM_SHA256| |GCM-! scope=row | 0x00,0xAB| TLS_DHE_PSK_WITH_AES_256_GCM_SHA384| | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384| |-! scope=row | 0x00,0xAC| TLS_RSA_PSK_WITH_AES_128_GCM_SHA256| | | SHA256
|-
! scope=row | 0x00,0xAD
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_AES_256_GCM_SHA384| style="background-color: white;" | TLS_RSA_PSK_AES_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-AES256-GCM-SHA384
|-
! scope=row | 0x00,0xAE
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_AES_128_CBC_SHA256| style="background-color: white;" | TLS_PSK_AES_128_CBC_SHA256| TLS_PSK_AES_128_CBC_SHA256style="background-color: white;" | | style="background-color: white;" | PSK-AES128-CBC-SHA256
|-
! scope=row | 0x00,0xAF
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_AES_256_CBC_SHA384| style="background-color: white;" | TLS_PSK_AES_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | PSK-AES256-CBC-SHA384
|-
! scope=row | 0x00,0xB0
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_NULL_SHA256| style="background-color: white;" | TLS_PSK_NULL_SHA256| TLS_PSK_NULL_SHA256style="background-color: white;" | | style="background-color: white;" | PSK-NULL-SHA256
|-
! scope=row | 0x00,0xB1
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_NULL_SHA384| style="background-color: white;" | TLS_PSK_NULL_SHA384| style="background-color: white;" | | style="background-color: white;" | PSK-NULL-SHA384
|-
! scope=row | 0x00,0xB2
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_AES_128_CBC_SHA256| style="background-color: white;" | TLS_DHE_PSK_AES_128_CBC_SHA256| TLS_DHE_PSK_AES_128_CBC_SHA256style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES128-CBC-SHA256
|-
! scope=row | 0x00,0xB3
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_AES_256_CBC_SHA384| style="background-color: white;" | TLS_DHE_PSK_AES_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES256-CBC-SHA384
|-
! scope=row | 0x00,0xB4
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_NULL_SHA256| style="background-color: white;" | TLS_DHE_PSK_NULL_SHA256| TLS_DHE_PSK_NULL_SHA256style="background-color: white;" | | style="background-color: white;" | DHE-PSK-NULL-SHA256
|-
! scope=row | 0x00,0xB5
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_NULL_SHA384| style="background-color: white;" | TLS_DHE_PSK_NULL_SHA384| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-NULL-SHA384
|-
! scope=row | 0x00,0xB6
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_AES_128_CBC_SHA256| style="background-color: white;" | TLS_RSA_PSK_AES_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-AES128-CBC-SHA256
|-
! scope=row | 0x00,0xB7
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_AES_256_CBC_SHA384| style="background-color: white;" | TLS_RSA_PSK_AES_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-AES256-CBC-SHA384
|-
! scope=row | 0x00,0xB8
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_NULL_SHA256| style="background-color: white;" | TLS_RSA_PSK_NULL_SHA256| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-NULL-SHA256
|-
! scope=row | 0x00,0xB9
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_NULL_SHA384| style="background-color: white;" | TLS_RSA_PSK_NULL_SHA384| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-NULL-SHA384
|-
! scope=row | 0x00,0xBA
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_RSA_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | CAMELLIA128-SHA256
|-
! scope=row | 0x00,0xBB
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | DH-DSS-CAMELLIA128-SHA256
|-
! scope=row | 0x00,0xBC
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | DH-RSA-CAMELLIA128-SHA256
|-
! scope=row | 0x00,0xBD
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_DHE_DSS_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | DHE-DSS-CAMELLIA128-SHA256
|-
! scope=row | 0x00,0xBE
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_DHE_RSA_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | DHE-RSA-CAMELLIA128-SHA256
|-
! scope=row | 0x00,0xBF
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_DH_ANON_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | ADH-CAMELLIA128-SHA256
|-
! scope=row | 0x00,0xC0
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256| DESstyle="background-CBC3color: white;" | TLS_RSA_CAMELLIA_256_CBC_SHA256| style="background-MD5color: white;" | | style="background-color: white;" | CAMELLIA256-SHA256
|-
! scope=row | 0x00,0xC1
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | DH-DSS-CAMELLIA256-SHA256
|-
! scope=row | 0x00,0xC2
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | DH-RSA-CAMELLIA256-SHA256
|-
! scope=row | 0x00,0xC3
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256| style="background-color: white;" | TLS_DHE_DSS_CAMELLIA_256_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | DHE-DSS-CAMELLIA256-SHA256
|-
! scope=row | 0x00,0xC4
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256| style="background-color: white;" | TLS_DHE_RSA_CAMELLIA_256_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | DHE-RSA-CAMELLIA256-SHA256
|-
! scope=row | 0x00,0xC5
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256| style="background-color: white;" | TLS_DH_ANON_CAMELLIA_256_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | ADH-CAMELLIA256-SHA256
|-
! scope=row | 0x00,0xFF
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_EMPTY_RENEGOTIATION_INFO_SCSV| style="background-color: white;" | | style="background-color: white;" | TLS_EMPTY_RENEGOTIATION_INFO_SCSV| style="background-color: white;" | |-! scope=row | 0x56,0x00| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_FALLBACK_SCSV| style="background-color: white;" | | TLS_EMPTY_RENEGOTIATION_INFO_SCSVstyle="background-color: white;" | TLS_FALLBACK_SCSV| style="background-color: white;" |
|-
! scope=row | 0xC0,0x01
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_NULL_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_NULL_SHA| style="background-color: white;" | ECDH-ECDSA-NULL-SHA| | TLS_ECDH_ECDSA_WITH_NULL_SHA
|-
! scope=row | 0xC0,0x02
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_RC4_128_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_RC4_128_SHA| style="background-color: white;" | ECDH-ECDSA-RC4-SHA| | TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|-
! scope=row | 0xC0,0x03
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | ECDH-ECDSA-DES-CBC3-SHA| | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|-
! scope=row | 0xC0,0x04
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA| style="background-color: white;" | ECDH-ECDSA-AES128-SHA| | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|-
! scope=row | 0xC0,0x05
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA| style="background-color: white;" | ECDH-ECDSA-AES256-SHA| | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|-
! scope=row | 0xC0,0x06
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_NULL_SHA| style="background-color: white;" | TLS_ECDHE_ECDSA_NULL_SHA1| style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_NULL_SHA| style="background-color: white;" | ECDHE-ECDSA-NULL-SHA| TLS_ECDHE_ECDSA_NULL_SHA1| TLS_ECDHE_ECDSA_WITH_NULL_SHA
|-
! scope=row | 0xC0,0x07
| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA| ECDHEstyle="background-ECDSAcolor: white;" data-RC4sort-SHAvalue="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA|-! scopestyle=row | 0xC0,0x08| TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA| ECDHE-ECDSA-DES-CBC3"background-SHAcolor: white;" | TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1TLS_ECDHE_ECDSA_ARCFOUR_128_SHA1| TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA|-! scopestyle=row | 0xC0,0x09| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA| ECDHE-ECDSA"background-AES128-SHAcolor: white;" | TLS_ECDHE_ECDSA_AES_128_CBC_SHA1| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHATLS_ECDHE_ECDSA_WITH_RC4_128_SHA|style="background-! scope=row | 0xC0,0x0A| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHAcolor: white;" | ECDHE-ECDSA-AES256RC4-SHA| TLS_ECDHE_ECDSA_AES_256_CBC_SHA1| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|-
! scope=row | 0xC0,0x0B
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_NULL_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_NULL_SHA| style="background-color: white;" | ECDH-RSA-NULL-SHA| | TLS_ECDH_RSA_WITH_NULL_SHA
|-
! scope=row | 0xC0,0x0C
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_RC4_128_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_RC4_128_SHA| style="background-color: white;" | ECDH-RSA-RC4-SHA| | TLS_ECDH_RSA_WITH_RC4_128_SHA
|-
! scope=row | 0xC0,0x0D
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | ECDH-RSA-DES-CBC3-SHA| | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|-
! scope=row | 0xC0,0x0E
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA| style="background-color: white;" | ECDH-RSA-AES128-SHA| | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|-
! scope=row | 0xC0,0x0F
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA| style="background-color: white;" | ECDH-RSA-AES256-SHA| | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|-
! scope=row | 0xC0,0x10
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_NULL_SHA| style="background-color: white;" | TLS_ECDHE_RSA_NULL_SHA1| style="background-color: white;" | TLS_ECDHE_RSA_WITH_NULL_SHA| style="background-color: white;" | ECDHE-RSA-NULL-SHA| TLS_ECDHE_RSA_NULL_SHA1| TLS_ECDHE_RSA_WITH_NULL_SHA
|-
! scope=row | 0xC0,0x11
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_RC4_128_SHA| style="background-color: white;" | TLS_ECDHE_RSA_ARCFOUR_128_SHA1| style="background-color: white;" | TLS_ECDHE_RSA_WITH_RC4_128_SHA| style="background-color: white;" | ECDHE-RSA-RC4-SHA| | TLS_ECDHE_RSA_WITH_RC4_128_SHA
|-
! scope=row | 0xC0,0x120x15| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA| ECDHEstyle="background-RSAcolor: white;" data-DESsort-CBC3-SHAvalue="1000" | TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA|style="background-! scope=row color: white;" | 0xC0,0x13TLS_ECDH_anon_WITH_NULL_SHA| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA| ECDHEstyle="background-RSA-AES128-SHAcolor: white;" | TLS_ECDHE_RSA_AES_128_CBC_SHA1| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHATLS_ECDH_ANON_NULL_SHA1|-! scopestyle=row | 0xC0,0x14| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA| ECDHE"background-RSA-AES256-SHAcolor: white;" | TLS_ECDHE_RSA_AES_256_CBC_SHA1| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHATLS_ECDH_anon_WITH_NULL_SHA|style="background-! scope=row | 0xC0,0x15| TLS_ECDH_anon_WITH_NULL_SHAcolor: white;" | AECDH-NULL-SHA| TLS_ECDH_ANON_NULL_SHA1| TLS_ECDH_anon_WITH_NULL_SHA
|-
! scope=row | 0xC0,0x16
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_anon_WITH_RC4_128_SHA| style="background-color: white;" | TLS_ECDH_ANON_ARCFOUR_128_SHA1| style="background-color: white;" | TLS_ECDH_anon_WITH_RC4_128_SHA| style="background-color: white;" | AECDH-RC4-SHA| | TLS_ECDH_anon_WITH_RC4_128_SHA
|-
! scope=row | 0xC0,0x17
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | TLS_ECDH_ANON_3DES_EDE_CBC_SHA1| style="background-color: white;" | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA| style="background-color: white;" | AECDH-DES-CBC3-SHA| TLS_ECDH_ANON_3DES_EDE_CBC_SHA1| TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
|-
! scope=row | 0xC0,0x18
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_anon_WITH_AES_128_CBC_SHA| AECDH-AES128style="background-SHAcolor: white;" | TLS_ECDH_ANON_AES_128_CBC_SHA1| style="background-color: white;" | TLS_ECDH_anon_WITH_AES_128_CBC_SHA| style="background-color: white;" | AECDH-AES128-SHA
|-
! scope=row | 0xC0,0x19
| style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_anon_WITH_AES_256_CBC_SHA| AECDH-AES256style="background-SHAcolor: white;" | TLS_ECDH_ANON_AES_256_CBC_SHA1| style="background-color: white;" | TLS_ECDH_anon_WITH_AES_256_CBC_SHA| style="background-color: white;" | AECDH-AES256-SHA
|-
! scope=row | 0xC0,0x1A0x25| TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-ECDSA-AES128-SHA256
|-
! scope=row | 0xC0,0x1B0x26| TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-ECDSA-AES256-SHA384
|-
! scope=row | 0xC0,0x1C0x29| TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-RSA-AES128-SHA256
|-
! scope=row | 0xC0,0x1D0x2A| TLS_SRP_SHA_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-RSA-AES256-SHA384
|-
! scope=row | 0xC0,0x1E0x2D| TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256| style="background-color: white;" | ECDH-ECDSA-AES128-GCM-SHA256
|-
! scope=row | 0xC0,0x1F0x2E| TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-ECDSA-AES256-GCM-SHA384
|-
! scope=row | 0xC0,0x200x31| TLS_SRP_SHA_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256| style="background-color: white;" | ECDH-RSA-AES128-GCM-SHA256
|-
! scope=row | 0xC0,0x210x32| TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-RSA-AES256-GCM-SHA384
|-
! scope=row | 0xC0,0x220x33| TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_PSK_WITH_RC4_128_SHA| style="background-color: white;" | TLS_ECDHE_PSK_ARCFOUR_128_SHA1| style="background-color: white;" | | style="background-color: white;" | ECDHE-PSK-RC4-SHA
|-
! scope=row | 0xC0,0x230x34| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | ECDHEstyle="background-ECDSAcolor: white;" | TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA| style="background-AES128color: white;" | TLS_ECDHE_PSK_3DES_EDE_CBC_SHA1| style="background-SHA256color: white;" | | TLS_ECDHE_ECDSA_AES_128_CBC_SHA256style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256ECDHE-PSK-3DES-EDE-CBC-SHA
|-
! scope=row | 0xC0,0x240x35| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | ECDHEstyle="background-ECDSAcolor: white;" | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA| style="background-AES256color: white;" | TLS_ECDHE_PSK_AES_128_CBC_SHA1| style="background-SHA384color: white;" | | TLS_ECDHE_ECDSA_AES_256_CBC_SHA384style="background-color: white;" | ECDHE-PSK-AES128-CBC-SHA
|-
! scope=row | 0xC0,0x250x36| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | ECDHstyle="background-ECDSAcolor: white;" | TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA| style="background-AES128color: white;" | TLS_ECDHE_PSK_AES_256_CBC_SHA1| style="background-SHA256color: white;" | | style="background-color: white;" | ECDHE-PSK-AES256-CBC-SHA
|-
! scope=row | 0xC0,0x260x37| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | ECDHstyle="background-ECDSAcolor: white;" | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256| style="background-AES256color: white;" | TLS_ECDHE_PSK_AES_128_CBC_SHA256| style="background-SHA384color: white;" | | style="background-color: white;" | ECDHE-PSK-AES128-CBC-SHA256
|-
! scope=row | 0xC0,0x270x38| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | ECDHEstyle="background-RSAcolor: white;" | TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384| style="background-AES128color: white;" | TLS_ECDHE_PSK_AES_256_CBC_SHA384| style="background-SHA256color: white;" | | TLS_ECDHE_RSA_AES_128_CBC_SHA256style="background-color: white;" | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256ECDHE-PSK-AES256-CBC-SHA384
|-
! scope=row | 0xC0,0x280x39| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | ECDHEstyle="background-RSAcolor: white;" | TLS_ECDHE_PSK_WITH_NULL_SHA| style="background-AES256color: white;" | TLS_ECDHE_PSK_NULL_SHA1| style="background-SHA384color: white;" | | style="background-color: white;" | ECDHE-PSK-NULL-SHA
|-
! scope=row | 0xC0,0x290x3A| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | ECDHstyle="background-RSAcolor: white;" | TLS_ECDHE_PSK_WITH_NULL_SHA256| style="background-AES128color: white;" | TLS_ECDHE_PSK_NULL_SHA256| style="background-SHA256color: white;" | | style="background-color: white;" | ECDHE-PSK-NULL-SHA256
|-
! scope=row | 0xC0,0x2A0x3B| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | ECDHstyle="background-RSAcolor: white;" | TLS_ECDHE_PSK_WITH_NULL_SHA384| style="background-AES256color: white;" | TLS_ECDHE_PSK_NULL_SHA384| style="background-SHA384color: white;" | | style="background-color: white;" | ECDHE-PSK-NULL-SHA384
|-
! scope=row | 0xC0,0x2B0x3C| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | ECDHEstyle="background-ECDSAcolor: white;" | TLS_RSA_WITH_ARIA_128_CBC_SHA256| style="background-AES128color: white;" | | style="background-GCM-SHA256color: white;" | | TLS_ECDHE_ECDSA_AES_128_GCM_SHA256style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|-
! scope=row | 0xC0,0x2C0x3D| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | ECDHEstyle="background-ECDSAcolor: white;" | TLS_RSA_WITH_ARIA_256_CBC_SHA384| style="background-AES256color: white;" | | style="background-GCM-SHA384color: white;" | | TLS_ECDHE_ECDSA_AES_256_GCM_SHA384style="background-color: white;" |
|-
! scope=row | 0xC0,0x2D0x3E| TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | ECDHstyle="background-ECDSAcolor: white;" | TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256| style="background-AES128color: white;" | | style="background-GCM-SHA256color: white;" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|-
! scope=row | 0xC0,0x2E0x3F| TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | ECDHstyle="background-ECDSAcolor: white;" | TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384| style="background-AES256color: white;" | | style="background-GCM-SHA384color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x2F0x40| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | ECDHEstyle="background-RSAcolor: white;" | TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256| style="background-AES128color: white;" | | style="background-GCM-SHA256color: white;" | | TLS_ECDHE_RSA_AES_128_GCM_SHA256style="background-color: white;" | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|-
! scope=row | 0xC0,0x300x41| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | ECDHEstyle="background-RSAcolor: white;" | TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384| style="background-AES256color: white;" | | style="background-GCM-SHA384color: white;" | | TLS_ECDHE_RSA_AES_256_GCM_SHA384style="background-color: white;" |
|-
! scope=row | 0xC0,0x310x42| TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | ECDHstyle="background-RSAcolor: white;" | TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256| style="background-AES128color: white;" | | style="background-GCM-SHA256color: white;" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|-
! scope=row | 0xC0,0x320x43| TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | ECDHstyle="background-RSAcolor: white;" | TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384| style="background-AES256color: white;" | | style="background-GCM-SHA384color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x330x44| TLS_ECDHE_PSK_WITH_RC4_128_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x340x45| TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384| TLS_ECDHE_PSK_3DES_EDE_CBC_SHA1style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x350x46| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_ARIA_128_CBC_SHA256| TLS_ECDHE_PSK_AES_128_CBC_SHA1style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x360x47| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_ARIA_256_CBC_SHA384| TLS_ECDHE_PSK_AES_256_CBC_SHA1style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x370x48| TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256| TLS_ECDHE_PSK_AES_128_CBC_SHA256style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x380x49| TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384| TLS_ECDHE_PSK_AES_256_CBC_SHA384style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x390x4A| TLS_ECDHE_PSK_WITH_NULL_SHAstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x3A0x4B| TLS_ECDHE_PSK_WITH_NULL_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384| TLS_ECDHE_PSK_NULL_SHA256style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x3B0x4C| TLS_ECDHE_PSK_WITH_NULL_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256| TLS_ECDHE_PSK_NULL_SHA384style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x3C0x4D| TLS_RSA_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x3D0x4E| TLS_RSA_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x3E0x4F| TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x3F0x50| TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x400x51| TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x410x52| TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x420x53| TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x430x54| TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x440x55| TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x450x56| TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x460x57| TLS_DH_anon_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x470x58| TLS_DH_anon_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x480x59| TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x490x5A| TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x4A0x5B| TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x4B0x5C| TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x4C0x5D| TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x4D0x5E| TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x4E0x5F| TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x4F0x60| TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x500x61| TLS_RSA_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x510x62| TLS_RSA_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x520x63| TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x530x64| TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_ARIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x540x65| TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_ARIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x550x66| TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x560x67| TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x570x68| TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x580x69| TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x590x6A| TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x5A0x6B| TLS_DH_anon_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x5B0x6C| TLS_DH_anon_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x5C0x6D| TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x5D0x6E| TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x5E0x6F| TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x5F0x70| TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x600x71| TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x610x72| TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | ECDHE-ECDSA-CAMELLIA128-SHA256
|-
! scope=row | 0xC0,0x620x73| TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | TLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | ECDHE-ECDSA-CAMELLIA256-SHA384
|-
! scope=row | 0xC0,0x630x74| TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-ECDSA-CAMELLIA128-SHA256
|-
! scope=row | 0xC0,0x640x75| TLS_PSK_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-ECDSA-CAMELLIA256-SHA384
|-
! scope=row | 0xC0,0x650x76| TLS_PSK_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | ECDHE-RSA-CAMELLIA128-SHA256
|-
! scope=row | 0xC0,0x660x77| TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | TLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | ECDHE-RSA-CAMELLIA256-SHA384
|-
! scope=row | 0xC0,0x670x78| TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-RSA-CAMELLIA128-SHA256
|-
! scope=row | 0xC0,0x680x79| TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" | ECDH-RSA-CAMELLIA256-SHA384
|-
! scope=row | 0xC0,0x690x7A| TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_RSA_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x6A0x7B| TLS_PSK_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_RSA_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x6B0x7C| TLS_PSK_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_DHE_RSA_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x6C0x7D| TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_DHE_RSA_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x6D0x7E| TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x6E0x7F| TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x6F0x80| TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_DHE_DSS_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x700x81| TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_DHE_DSS_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x710x82| TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x720x83| TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x730x84| TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_DH_ANON_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x740x85| TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_DH_ANON_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x750x86| TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x760x87| TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x770x88| TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x780x89| TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x790x8A| TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x7A0x8B| TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x7B0x8C| TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x7C0x8D| TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x7D0x8E| TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_PSK_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x7E0x8F| TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_PSK_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x7F0x90| TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_DHE_PSK_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x800x91| TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_DHE_PSK_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x810x92| TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | TLS_RSA_PSK_CAMELLIA_128_GCM_SHA256| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x820x93| TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | TLS_RSA_PSK_CAMELLIA_256_GCM_SHA384| style="background-color: white;" | | style="background-color: white;" |
|-
! scope=row | 0xC0,0x830x94| TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_PSK_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | PSK-CAMELLIA128-SHA256
|-
! scope=row | 0xC0,0x840x95| TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | TLS_PSK_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | PSK-CAMELLIA256-SHA384
|-
! scope=row | 0xC0,0x850x96| TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_DHE_PSK_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-CAMELLIA128-SHA256
|-
! scope=row | 0xC0,0x860x97| TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | TLS_DHE_PSK_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-CAMELLIA256-SHA384
|-
! scope=row | 0xC0,0x870x98| TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_RSA_PSK_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-CAMELLIA128-SHA256
|-
! scope=row | 0xC0,0x880x99| TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | TLS_RSA_PSK_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | RSA-PSK-CAMELLIA256-SHA384
|-
! scope=row | 0xC0,0x890x9A| TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | TLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256| style="background-color: white;" | | style="background-color: white;" | ECDHE-PSK-CAMELLIA128-SHA256
|-
! scope=row | 0xC0,0x8A0x9B| TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | TLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384| style="background-color: white;" | | style="background-color: white;" | ECDHE-PSK-CAMELLIA256-SHA384
|-
! scope=row | 0xC0,0x8B0x9C| TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_AES_128_CCM| style="background-color: white;" | TLS_RSA_AES_128_CCM| style="background-color: white;" | | style="background-color: white;" | AES128-CCM
|-
! scope=row | 0xC0,0x8C0x9D| TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_AES_256_CCM| style="background-color: white;" | TLS_RSA_AES_256_CCM| style="background-color: white;" | | style="background-color: white;" | AES256-CCM
|-
! scope=row | 0xC0,0x8D0x9E| TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_AES_128_CCM| style="background-color: white;" | TLS_DHE_RSA_AES_128_CCM| style="background-color: white;" | | style="background-color: white;" | DHE-RSA-AES128-CCM
|-
! scope=row | 0xC0,0x8E0x9F| TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_AES_256_CCM| style="background-color: white;" | TLS_DHE_RSA_AES_256_CCM| style="background-color: white;" | | style="background-color: white;" | DHE-RSA-AES256-CCM
|-
! scope=row | 0xC0,0x8F0xA0| TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_AES_128_CCM_8| style="background-color: white;" | TLS_RSA_AES_128_CCM_8| style="background-color: white;" | | style="background-color: white;" | AES128-CCM8
|-
! scope=row | 0xC0,0x900xA1| TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_RSA_WITH_AES_256_CCM_8| style="background-color: white;" | TLS_RSA_AES_256_CCM_8| style="background-color: white;" | | style="background-color: white;" | AES256-CCM8
|-
! scope=row | 0xC0,0x910xA2| TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_AES_128_CCM_8| style="background-color: white;" | TLS_DHE_RSA_AES_128_CCM_8| style="background-color: white;" | | style="background-color: white;" | DHE-RSA-AES128-CCM8
|-
! scope=row | 0xC0,0x920xA3| TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_RSA_WITH_AES_256_CCM_8| style="background-color: white;" | TLS_DHE_RSA_AES_256_CCM_8| style="background-color: white;" | | style="background-color: white;" | DHE-RSA-AES256-CCM8
|-
! scope=row | 0xC0,0x930xA4| TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_AES_128_CCM| style="background-color: white;" | TLS_PSK_AES_128_CCM| style="background-color: white;" | | style="background-color: white;" | PSK-AES128-CCM
|-
! scope=row | 0xC0,0x940xA5| TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_AES_256_CCM| style="background-color: white;" | TLS_PSK_AES_256_CCM| style="background-color: white;" | | style="background-color: white;" | PSK-AES256-CCM
|-
! scope=row | 0xC0,0x950xA6| TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_AES_128_CCM| style="background-color: white;" | TLS_DHE_PSK_AES_128_CCM| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES128-CCM
|-
! scope=row | 0xC0,0x960xA7| TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_DHE_PSK_WITH_AES_256_CCM| style="background-color: white;" | TLS_DHE_PSK_AES_256_CCM| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES256-CCM
|-
! scope=row | 0xC0,0x970xA8| TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_AES_128_CCM_8| style="background-color: white;" | TLS_PSK_AES_128_CCM_8| style="background-color: white;" | | style="background-color: white;" | PSK-AES128-CCM8
|-
! scope=row | 0xC0,0x980xA9| TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_WITH_AES_256_CCM_8| style="background-color: white;" | TLS_PSK_AES_256_CCM_8| style="background-color: white;" | | style="background-color: white;" | PSK-AES256-CCM8
|-
! scope=row | 0xC0,0x990xAA| TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_DHE_WITH_AES_128_CCM_8| style="background-color: white;" | TLS_DHE_PSK_AES_128_CCM_8| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES128-CCM8
|-
! scope=row | 0xC0,0x9A0xAB| TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_PSK_DHE_WITH_AES_256_CCM_8| style="background-color: white;" | TLS_DHE_PSK_AES_256_CCM_8| style="background-color: white;" | | style="background-color: white;" | DHE-PSK-AES256-CCM8
|-
! scope=row | 0xC0,0x9B0xAC| TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384style="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_AES_128_CCM| style="background-color: white;" | TLS_ECDHE_ECDSA_AES_128_CCM| style="background-color: white;" | | style="background-color: white;" | ECDHE-ECDSA-AES128-CCM
|-
! scope=row | 0xC0,0x9C0xAD| TLS_RSA_WITH_AES_128_CCMstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_AES_256_CCM| style="background-color: white;" | TLS_ECDHE_ECDSA_AES_256_CCM| style="background-color: white;" | | style="background-color: white;" | ECDHE-ECDSA-AES256-CCM
|-
! scope=row | 0xC0,0x9D0xAE| TLS_RSA_WITH_AES_256_CCMstyle="background-color: white;" data-sort-value="1000" | | style="background-color: white;" | TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8| style="background-color: white;" | TLS_ECDHE_ECDSA_AES_128_CCM_8| style="background-color: white;" | | style="background-color: white;" | ECDHE-ECDSA-AES128-CCM8
|-
! scope=row | 0xC0,0x9E| TLS_DHE_RSA_WITH_AES_128_CCM| | | 0xAF|style="background-color: white;" data-! scope=row | 0xC0,0x9F| TLS_DHE_RSA_WITH_AES_256_CCM| | | |sort-! scopevalue=row "1000" | 0xC0,0xA0| TLS_RSA_WITH_AES_128_CCM_8| | | |-! scopestyle=row | 0xC0,0xA1| TLS_RSA_WITH_AES_256_CCM_8| | | |"background-! scope=row | 0xC0,0xA2| TLS_DHE_RSA_WITH_AES_128_CCM_8| | color: white;" | TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8|-! scopestyle=row | 0xC0,0xA3| TLS_DHE_RSA_WITH_AES_256_CCM_8| | | |"background-! scope=row | 0xC0,0xA4color: white;" | TLS_PSK_WITH_AES_128_CCMTLS_ECDHE_ECDSA_AES_256_CCM_8| | | |-! scopestyle=row | 0xC0,0xA5| TLS_PSK_WITH_AES_256_CCM| | | |"background-! scope=row | 0xC0,0xA6| TLS_DHE_PSK_WITH_AES_128_CCM| | color: white;" | |-! scopestyle=row | 0xC0,0xA7| TLS_DHE_PSK_WITH_AES_256_CCM| | | |"background-! scope=row | 0xC0,0xA8| TLS_PSK_WITH_AES_128_CCM_8| | | color: white;" |ECDHE-! scope=row | 0xC0,0xA9| TLS_PSK_WITH_AES_256_CCM_8| | | |ECDSA-! scope=row | 0xC0,0xAA| TLS_PSK_DHE_WITH_AES_128_CCM_8| | | |AES256-! scope=row | 0xC0,0xAB| TLS_PSK_DHE_WITH_AES_256_CCM_8| | | CCM8|} The table above was automatically generated by the script at via: [https://github.com/marumari/tls-table/blob/master/tls-table.py https://github.com/jvehentmarumari/tlsnamestls-table/blob/master/build_correspondence_tabletls-table.py]. Colors correspond to the [[#Modern_compatibility|<span style="color: #008000; font-weight: bold;">Modern</span>]], [[#Intermediate_compatibility_.28default.29|<span style="color: #FFA500; font-weight: bold;">Intermediate</span>]], and [[#Old_backward_compatibility|<span style="color: #808080; font-weight: bold;">Old</span>]] compatibility levels. Each compatibility level is a superset of the more modern levels above it.sh == GnuTLS ciphersuite == Unlike OpenSSL, GnuTLS will panic if you give it ciphers aren't supported by the library. That makes it very difficult to share a default ciphersuite to use in GnuTLS. The next best thing is using the following ciphersuite, and removing the components that break on your own version: '''NONE:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AES-256-CBC:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+SIGN-RSA-SHA224:+SIGN-RSA-SHA1:+SIGN-DSA-SHA256:+SIGN-DSA-SHA224:+SIGN-DSA-SHA1:+CURVE-ALL:+AEAD:+SHA256:+SHA384:+SHA1:+COMP-NULL''' A ciphersuite can be tested in GnuTLS using '''gnutls-cli'''. 
<source code=bash>
$ gnutls-cli --version
</source>
In the example above, the component SIGN-RSA-SHA224 is not supported by this version of gnutls and should be removed from the ciphersuite.
 
= Version History =
{| class="wikitable"
|-
! Version
! Editor
! Changes
|-
| style="text-align: center;" | 3.8
| style="text-align: center;" | ulfr
| redo cipher names chart (marumari), move version chart (marumari), update Intermediate cipher suite (ulfr)
|-
| style="text-align: center;" | 3.7
| style="text-align: center;" | ulfr
| cleanup version table (marumari), add F5 conf samples (warburtron), add notes about DHE (rgacogne)
|-
| style="text-align: center;" | 3.6
| style="text-align: center;" | ulfr
| bump intermediate DHE to 2048, add note about java compatibility
|-
| style="text-align: center;" | 3.5
| style="text-align: center;" | alm
| comment on weakdh vulnerability
|-
| style="text-align: center;" | 3.4
| style="text-align: center;" | ulfr
| added note about session resumption, HSTS, and HPKP
|-
| style="text-align: center;" | 3.3
| style="text-align: center;" | ulfr
| fix SHA256 prio, add POODLE details, update various templates
|-
| style="text-align: center;" | 3.2
| style="text-align: center;" | ulfr
| Added intermediate compatibility mode, renamed other modes
|-
| style="text-align: center;" | 3.1
| style="text-align: center;" | ulfr
| Added non-backward compatible ciphersuite
|-
| style="text-align: center;" | 3
| style="text-align: center;" | ulfr
| Remove RC4 for 3DES, fix ordering in openssl 0.9.8 ([https://bugzilla.mozilla.org/show_bug.cgi?id=1024430 1024430]), various minor updates
|-
| style="text-align: center;" | 2.5.1
| style="text-align: center;" | ulfr
| Revisit ELB capabilities
|-
| style="text-align: center;" | 2.5
| style="text-align: center;" | ulfr
| Update ZLB information for OCSP Stapling and ciphersuite
|-
| style="text-align: center;" | 2.4
| style="text-align: center;" | ulfr
| Moved a couple of aes128 above aes256 in the ciphersuite
|-
| style="text-align: center;" | 2.3
| style="text-align: center;" | ulfr
| Precisions on IE 7/8 AES support (thanks to Dobin Rutishauser)
|-
| style="text-align: center;" | 2.2
| style="text-align: center;" | ulfr
| Added IANA/OpenSSL/GnuTLS correspondence table and conversion tool
|-
| style="text-align: center;" | 2.1
| style="text-align: center;" | ulfr
| RC4 vs 3DES discussion. r=joes r=tinfoil
|-
| style="text-align: center;" | 2.0
| style="text-align: center;" | ulfr, kang
| Public release.
|-
| style="text-align: center;" | 1.5
| style="text-align: center;" | ulfr, kang
| added details for PFS DHE handshake, added nginx configuration details; added Apache recommended conf
|-
| style="text-align: center;" | 1.4
| style="text-align: center;" | ulfr
| revised ciphersuite. Prefer AES before RC4. Prefer 128 before 256. Prefer DHE before non-DHE.
|-
| style="text-align: center;" | 1.3
| style="text-align: center;" | ulfr
| added netscaler example conf
|-
| style="text-align: center;" | 1.2
| style="text-align: center;" | ulfr
| ciphersuite update, bump DHE-AESGCM above ECDH-RC4
|-
| style="text-align: center;" | 1.1
| style="text-align: center;" | ulfr, kang
| integrated review comments from Infra; SPDY information
|-
| style="text-align: center;" | 1.0
| style="text-align: center;" | ulfr
| creation
|-
| colspan="3" | &nbsp;
|-
| colspan="2" style="border-right: none;" | '''Document Status:'''
| style="border-left: none; color:green; text-align: center;" | '''READY'''
|}
Antispam, confirm
97
edits

Navigation menu