|
|
| (119 intermediate revisions by 14 users not shown) |
| Line 1: |
Line 1: |
| The goal of this document is to help operational teams with the configuration of TLS on servers. All Mozilla sites and deployment should follow the recommendations below. | | <table> |
| | <tr> |
| | <td style="min-width: 25em;">__TOC__</td> |
| | <td style="vertical-align: top; max-width: 60em; padding-left: .75rem;">The goal of this document is to help operational teams with the configuration of TLS. All Mozilla websites and deployments should follow the recommendations below. |
|
| |
|
| The Operations Security (OpSec) team maintains this document as a reference guide to navigate the TLS landscape. It contains information on TLS protocols, known issues and vulnerabilities, configuration examples and testing tools. Changes are reviewed and merged by the OpSec team, and broadcasted to the various Operational teams.
| | Mozilla maintains this document as a reference guide for navigating the TLS landscape, as well as a [https://ssl-config.mozilla.org configuration generator] to assist system administrators. Changes are reviewed and merged by the Mozilla Operations Security and Enterprise Information Security teams. |
|
| |
|
| <table><tr>
| | Updates to this page should be submitted to the [https://github.com/mozilla/server-side-tls server-side-tls] repository on GitHub. Issues related to the [https://ssl-config.mozilla.org configuration generator] are maintained in their own [https://github.com/mozilla/ssl-config-generator GitHub repository]. |
| <td><div style="float:left;" class="toclimit-3">__TOC__</div></td>
| |
| <td valign="top">
| |
| {| class="wikitable"
| |
| |-
| |
| ! Document Status !! Major Versions
| |
| |-
| |
| | <span style="color:green;">'''READY'''</span> ||
| |
| * Version 3.1: ulfr: Added non-backward compatible ciphersuite
| |
| * Version 3: ulfr: Remove RC4 for 3DES, fix ordering in openssl 0.9.8 ([https://bugzilla.mozilla.org/show_bug.cgi?id=1024430 1024430]), various minor updates
| |
| * Version 2.5.1: ulfr: Revisit ELB capabilities
| |
| * Version 2.5: ulfr: Update ZLB information for OCSP Stapling and ciphersuite
| |
| * Version 2.4: ulfr: Moved a couple of aes128 above aes256 in the ciphersuite
| |
| * Version 2.3: ulfr: Precisions on IE 7/8 AES support (thanks to Dobin Rutishauser)
| |
| * Version 2.2: ulfr: Added IANA/OpenSSL/GnuTLS correspondence table and conversion tool
| |
| * Version 2.1: ulfr: RC4 vs 3DES discussion. r=joes r=tinfoil
| |
| * Version 2: Public release. r=ulfr r=kang
| |
| * Version 1.5: Julien Vehent (ulfr) added details for PFS DHE handshake, added nginx configuration details; Guillaume Destuynder (kang): added Apache recommended conf
| |
| * Version 1.4: ulfr: revised ciphersuite. Prefer AES before RC4. Prefer 128 before 256. Prefer DHE before non-DHE.
| |
| * Version 1.3: ulfr: added netscaler example conf
| |
| * Version 1.2: ulfr: ciphersuite update: bump DHE-AESGCM above ECDH-RC4
| |
| * Version 1.1: ulfr: integrated review comments from Infra; kang: SPDY information
| |
| * Version 1: ulfr: creation
| |
| |}
| |
| </td>
| |
| </tr></table>
| |
|
| |
|
| = Backward Compatible Ciphersuite =
| | In the interests of usability and maintainability, these guidelines have been considerably simplified from the [[Security/Archive/Server Side TLS 4.0|previous guidelines]]. |
| | </td> |
| | </tr> |
| | </table> |
|
| |
|
| The default ciphersuite that works with all clients back to Windows XP/IE6 is: | | = Recommended configurations = |
| | <span style="float: right; max-width: 600px; text-align: center;"> |
| | [[Image:Ssl-config.mozilla.org.png|600px|link=https://ssl-config.mozilla.org/|Mozilla SSL Configuration Generator]]<br> |
| | The [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator] |
| | </span> |
| | Mozilla maintains three recommended configurations for servers using TLS. Pick the correct configuration depending on your audience: |
|
| |
|
| * Ciphersuite: '''ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK''' | | * <span style="color: green; font-weight: bold;">Modern</span>''':''' Modern clients that support TLS 1.3, with no need for backwards compatibility |
| * Versions: '''SSLv3, TLSv1, TLSv1.1, TLSv1.2'''
| | * <span style="color: orange; font-weight: bold;">Intermediate</span>''':''' Recommended configuration for a general-purpose server |
| * RSA key size: '''2048''' | | * <span style="color: gray; font-weight: bold;">Old</span>''':''' Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8 |
| * DH Parameter size: '''1024''' | |
| * Elliptic curves: '''secp256r1, secp384r1, secp521r1'''
| |
|
| |
|
| If your version of OpenSSL is old, unavailable ciphers will be discarded automatically. Always use the full ciphersuite above and let OpenSSL pick the ones it supports.
| | {| class="wikitable" style="margin: 1.5rem 1rem;" |
| | | |- |
| The ordering of a ciphersuite is very important because it decides which algorithms are going to be selected in priority. The recommendation above prioritizes algorithms that provide perfect forward secrecy.
| | ! Configuration |
| | | ! Firefox |
| The listing below shows the list of algorithms returned by this ciphersuite. If you have to pick them manually for your application, make sure you keep this ordering.
| | ! Android |
| | | ! Chrome |
| Older versions of OpenSSL may not return the full list of algorithms. AES-GCM and some ECDHE are fairly recent, and not present on most versions of OpenSSL shipped with Ubuntu or RHEL. This listing below was obtained from a freshly built OpenSSL.
| | ! Edge |
| | | ! Internet Explorer |
| <source lang="bash">
| | ! Java |
| $ openssl ciphers -V 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK'|column -t
| | ! OpenSSL |
| 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
| | ! Opera |
| 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
| | ! Safari |
| 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
| | |- |
| 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
| | | style="color: green;" | '''Modern''' |
| 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
| | | style="text-align: center;" | 63 |
| 0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
| | | style="text-align: center;" | 10.0 |
| 0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
| | | style="text-align: center;" | 70 |
| 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
| | | style="text-align: center;" | 75 |
| 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
| | | style="text-align: center;" | -- |
| 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
| | | style="text-align: center;" | 11 |
| 0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
| | | style="text-align: center;" | 1.1.1 |
| 0xC0,0x09 - ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
| | | style="text-align: center;" | 57 |
| 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
| | | style="text-align: center;" | 12.1 |
| 0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
| | |- |
| 0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
| | | style="color:orange;" | '''Intermediate''' |
| 0xC0,0x0A - ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
| | | style="text-align: center;" | 27 |
| 0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
| | | style="text-align: center;" | 4.4.2 |
| 0x00,0x33 - DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
| | | style="text-align: center;" | 31 |
| 0x00,0x40 - DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
| | | style="text-align: center;" | 12 |
| 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
| | | style="text-align: center;" | 11 (Win7) |
| 0x00,0x38 - DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
| | | style="text-align: center;" | 8u31 |
| 0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
| | | style="text-align: center;" | 1.0.1 |
| 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
| | | style="text-align: center;" | 20 |
| 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
| | | style="text-align: center;" | 9 |
| 0x00,0x32 - DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
| | |- |
| 0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
| | | style="color:gray;" | '''Old''' |
| 0xC0,0x2D - ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
| | | style="text-align: center;" | 1 |
| 0xC0,0x29 - ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
| | | style="text-align: center;" | 2.3 |
| 0xC0,0x25 - ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
| | | style="text-align: center;" | 1 |
| 0xC0,0x0E - ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
| | | style="text-align: center;" | 12 |
| 0xC0,0x04 - ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
| | | style="text-align: center;" | 8 (WinXP) |
| 0x00,0x3C - AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
| | | style="text-align: center;" | 6 |
| 0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
| | | style="text-align: center;" | 0.9.8 |
| 0x00,0x6A - DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
| | | style="text-align: center;" | 5 |
| 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
| | | style="text-align: center;" | 1 |
| 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
| | |} |
| 0xC0,0x2A - ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
| |
| 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
| |
| 0xC0,0x0F - ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
| |
| 0xC0,0x05 - ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
| |
| 0x00,0x3D - AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
| |
| 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
| |
| 0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
| |
| 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
| |
| 0x00,0x87 - DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
| |
| 0x00,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
| |
| 0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
| |
| 0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
| |
| 0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
| |
| 0x00,0x13 - EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
| |
| 0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
| |
| 0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
| |
| 0x00,0x1F - KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
| |
| 0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
| |
| 0x00,0x44 - DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
| |
| 0x00,0x41 - CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
| |
| | |
| </source>
| |
| | |
| The ciphers are described here: http://www.openssl.org/docs/apps/ciphers.html
| |
| | |
| = Non-Backward Compatible Ciphersuite = | |
| For services that don't need backward compatibility, the parameters below provide a higher level of security:
| |
| * Ciphersuite: '''ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'''
| |
| * Versions: '''TLSv1.1, TLSv1.2'''
| |
| * RSA key size: '''2048'''
| |
| * DH Parameter size: '''2048'''
| |
| * Elliptic curves: '''secp256r1, secp384r1, secp521r1''' (at a minimum)
| |
| | |
| = Prioritization logic =
| |
| | |
| # ECDHE+AESGCM ciphers are selected first. These are TLS 1.2 ciphers and not widely supported at the moment. No known attack currently target these ciphers.
| |
| # [[#Forward_Secrecy|PFS]] ciphersuites are preferred, with ECDHE first, then DHE.
| |
| # AES 128 is preferred to AES 256. There has been [[http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html discussions]] on whether AES256 extra security was worth the cost, and the result is far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks.
| |
| # In the backward compatible ciphersuite, AES is preferred to 3DES. [[#Attacks_on_TLS|BEAST]] attacks on AES are mitigated in TLS 1.1 and above, and difficult to achieve in TLS 1.0. In the non-backward compatible ciphersuite, 3DES is not present.
| |
| # RC4 is removed entirely. 3DES is used for backward compatibility. See discussion in [[#RC4_weaknesses]]
| |
| | |
| = Mandatory discards = | |
| | |
| * aNULL contains non-authenticated Diffie-Hellman key exchanges, that are subject to Man-In-The-Middle (MITM) attacks
| |
| * eNULL contains null-encryption ciphers (cleartext)
| |
| * EXPORT are legacy weak ciphers that were marked as exportable by US law
| |
| * RC4 contains ciphers that use the deprecated ARCFOUR algorithm
| |
| * DES contains ciphers that use the deprecated Data Encryption Standard
| |
| * SSLv2 contains all ciphers that were defined in the old version of the SSL standard, now deprecated
| |
| * MD5 contains all the ciphers that use the deprecated message digest 5 as the hashing algorithm
| |
| | |
| = Forward Secrecy =
| |
| | |
| The concept of forward secrecy is simple: client and server negotiate a key that never hits the wire, and is destroyed at the end of the session. The RSA private from the server is used to sign a Diffie-Hellman key exchange between the client and the server. The pre-master key obtained from the Diffie-Hellman handshake is then used for encryption. Since the pre-master key is specific to a connection between a client and a server, and used only for a limited amount of time, it is called Ephemeral.
| |
| | |
| With Forward Secrecy, if an attacker gets a hold of the server's private key, it will not be able to decrypt past communications. The private key is only used to sign the DH handshake, which does not reveal the pre-master key. Diffie-Hellman ensures that the pre-master keys never leave the client and the server, and cannot be intercepted by a MITM.
| |
| | |
| == DHE handshake and dhparam == | |
| | |
| When an ephemeral Diffie-Hellman cipher is used, the server and the client negotiate a pre-master key using the Diffie-Hellman algorithm. This algorithm requires that the server sends the client a prime number and a generator. Neither are confidential, and are sent in clear text. However, they must be signed, such that a MITM cannot hijack the handshake.
| |
| | |
| As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow:
| |
| | |
| # Server sends Client a [[http://tools.ietf.org/html/rfc5246#section-7.4.3 SERVER KEY EXCHANGE]] message during the SSL Handshake. The message contains:
| |
| ## Prime number ''p''
| |
| ## Generator ''g''
| |
| ## Server's Diffie-Hellman public value ''A = g^X mod p'', where ''X'' is a private integer chosen by the server at random, and never shared with the client.
| |
| ## signature ''S'' of the above (plus two random values) computed using the Server's private RSA key
| |
| # Client verifies the signature ''S''
| |
| # Client sends server a [[http://tools.ietf.org/html/rfc5246#section-7.4.7 CLIENT KEY EXCHANGE]] message. The message contains:
| |
| ## Client's Diffie-Hellman public value ''B = g^Y mod p'', where ''Y'' is a private integer chosen at random and never shared.
| |
| # The Server and the Client can now calculate the pre-master secret using each other's public values:
| |
| ## server calculates ''PMS = B^X mod p''
| |
| ## client calculates ''PMS = A^Y mod p''
| |
| # Client sends a [[http://tools.ietf.org/html/rfc5246#section-7.1 CHANGE CIPHER SPEC]] message to the server, and both parties continue the handshake using ENCRYPTED HANDSHAKE MESSAGES
| |
| | |
| The size of the prime number ''p'' constrains the size of the pre-master key ''PMS'', because of the modulo operation. A smaller prime almost means weaker values of ''A'' and ''B'', which could leak the secret values ''X'' and ''Y''. Thus, the prime ''p'' should not be smaller than the size of the RSA private key.
| |
| <source lang="bash">
| |
| $ openssl dhparam 2048
| |
| Generating DH parameters, 2048 bit long safe prime, generator 2
| |
| ..+..+...............+
| |
| -----BEGIN DH PARAMETERS-----
| |
| MBYCEQCHU6UNZoHMF6bPtj21Hn/bAgEC.....
| |
| ......
| |
| -----END DH PARAMETERS-----
| |
| </source>
| |
|
| |
|
| = OCSP Stapling = | | <p style="max-width: 60em;">The ordering of cipher suites in the <span style="color: gray; font-weight: bold;">Old</span> configuration is very important, as it determines the priority with which algorithms are selected.</p> |
| When connecting to a server, clients should verify the validity of the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. The problem with CRL is that the lists have grown huge and takes forever to download.
| |
|
| |
|
| OCSP is much more lightweight, as only one record is retrieved at a time. But the side effect is that OCSP requests must be made to a 3rd party OCSP responder when connecting to a server, which adds latency and potential failures. In fact, the OCSP responders operated by CAs are often so unreliable that browser will fail silently if no response is received in a timely manner. This reduces security, by allowing an attacker to DoS an OCSP responder to disable the validation.
| | <p style="max-width: 60em;">OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The use of the <span style="color: gray; font-weight: bold;">Old</span> configuration with modern versions of OpenSSL may require custom builds with support for deprecated ciphers.</p> |
|
| |
|
| The solution is to allow the server to send its cached OCSP record during the TLS handshake, therefore bypassing the OCSP responder. This mechanism saves a roundtrip between the client and the OCSP responder, and is called OCSP Stapling.
| | <p style="max-width: 60em;">Different libraries support different cipher suites and refer to them by different names. Mozilla maintains a list of [[Security/Cipher Suites|all known cipher suites]] and their corresponding names.</p> |
| | <br style="clear: right;"> |
|
| |
|
| The server will send a cached OCSP response only if the client requests it, by announcing support for the '''status_request''' TLS extension in its CLIENT HELLO.
| | == <span style="color:green;">'''Modern'''</span> compatibility == |
| | For services with clients that support TLS 1.3 and don't need backward compatibility, the <span style="color: green; font-weight: bold;">Modern</span> configuration provides an extremely high level of security. |
|
| |
|
| Most servers will cache OCSP response for up to 48 hours. At regular intervals, the server will connect to the OCSP responder of the CA to retrieve a fresh OCSP record. The location of the OCSP responder is taken from the Authority Information Access field of the signed certificate. For example, with StartSSL:
| | * Cipher suites (TLS 1.3): '''TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256''' |
| | * Cipher suites (TLS 1.2): (none) |
| | * Protocols: '''TLS 1.3''' |
| | * Certificate type: '''ECDSA (P-256)''' |
| | * TLS curves: '''X25519, prime256v1, secp384r1''' |
| | * HSTS: '''max-age=63072000''' (two years) |
| | * Certificate lifespan: '''90 days''' |
| | * Cipher preference: '''client chooses''' |
|
| |
|
| | <!-- This tabular openssl list can be produced by running "openssl ciphers -V" --> |
| <pre> | | <pre> |
| Authority Information Access:
| | 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD |
| OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca
| | 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD |
| | 0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| </pre> | | </pre> |
|
| |
|
| Support for OCSP Stapling can be tested using the '''-status''' option of the OpenSSL client.
| | * Rationale: |
| | ** All cipher suites are [https://en.wikipedia.org/wiki/Forward_secrecy forward secret] and [https://en.wikipedia.org/wiki/Authenticated_encryption authenticated] |
| | ** The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES |
| | ** We recommend ECDSA certificates using P-256, as P-384 provides negligible improvements to security and Ed25519 is not yet widely supported |
|
| |
|
| <pre>
| | == <span style="color:orange;">'''Intermediate'''</span> compatibility (recommended) == |
| $ openssl s_client -connect monitor.mozillalabs.com:443 -status
| | <p style="max-width: 60em;">For services that don't need compatibility with legacy clients such as Windows XP or old versions of OpenSSL. This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.</p> |
| ...
| |
| ====================================== | |
| OCSP Response Data:
| |
| OCSP Response Status: successful (0x0)
| |
| Response Type: Basic OCSP Response
| |
| Version: 1 (0x0)
| |
| ...
| |
| </pre> | |
|
| |
|
| = Recommended Server Configurations =
| | * Cipher suites (TLS 1.3): '''TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256''' |
| | | * Cipher suites (TLS 1.2): '''ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305''' |
| == Nginx ==
| | * Protocols: '''TLS 1.2, TLS 1.3''' |
| | | * TLS curves: '''X25519, prime256v1, secp384r1''' |
| Nginx provides the best TLS support at the moment. It is the only daemon that provides OCSP Stapling, custom DH parameters, and the full flavor of TLS versions (from OpenSSL).
| | * Certificate type: '''ECDSA (P-256)''' (recommended), or '''RSA (2048 bits)''' |
| | | * DH parameter size: '''2048''' (ffdhe2048, [https://tools.ietf.org/html/rfc7919#appendix-A.1 RFC 7919]) |
| The detail of each configuration parameter, and how to build a recent Nginx with OpenSSL, is [[#Nginx_configuration_details|at the end of this document]].
| | * HSTS: '''max-age=63072000''' (two years) |
| | * Certificate lifespan: '''90 days''' (recommended) to '''366 days''' |
| | * Cipher preference: '''client chooses''' |
|
| |
|
| | <!-- This tabular openssl list can be produced by running "openssl ciphers -V" --> |
| <pre> | | <pre> |
| server {
| | 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD |
| listen 443;
| | 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD |
| ssl on;
| | 0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
| | 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD |
| ssl_certificate /path/to/signed_cert_plus_intermediates;
| | 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD |
| ssl_certificate_key /path/to/private_key;
| | 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD |
| # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
| | 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD |
| ssl_dhparam /path/to/dhparam.pem;
| | 0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| ssl_session_timeout 5m;
| | 0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
| | 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD |
| ssl_ciphers '<recommended ciphersuite from top of this page>';
| | 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD |
| ssl_prefer_server_ciphers on;
| | 0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| ssl_session_cache shared:SSL:50m;
| |
| | |
| # Enable this if your want HSTS (recommended, but be careful)
| |
| # add_header Strict-Transport-Security max-age=15768000;
| |
| | |
| # OCSP Stapling ---
| |
| # fetch OCSP records from URL in ssl_certificate and cache them
| |
| ssl_stapling on;
| |
| ssl_stapling_verify on;
| |
| ## verify chain of trust of OCSP response using Root CA and Intermediate certs
| |
| ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
| |
| resolver <IP DNS resolver>;
| |
| | |
| ....
| |
| }
| |
| </pre> | | </pre> |
|
| |
|
| == Apache ==
| | * Rationale: |
| Originally published on https://www.insecure.ws/2013/10/11/ssltls-configuration-for-apache-mod_ssl/
| | ** All cipher suites are [https://en.wikipedia.org/wiki/Forward_secrecy forward secret] and [https://en.wikipedia.org/wiki/Authenticated_encryption authenticated] |
| | ** TLS 1.2 is the minimum supported protocol, as recommended by [https://tools.ietf.org/html/rfc7525#section-3.1.1 RFC 7525], PCI DSS, and others |
| | ** ECDSA certificates are recommended over RSA certificates, as they allow the use of ECDHE with Windows 7 clients using Internet Explorer 11, as well as allow connections from IE11 on Windows Server 2008 R2 |
| | ** The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES |
| | ** Windows XP (including all embedded versions) are no longer supported by Microsoft, eliminating the need for many older protocols and ciphers |
| | ** Administrators needing to provide access to [https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win%207&key=36 IE 11 on Windows Server 2008 R2] and who are unable to switch to or add ECDSA certificates can add <tt>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</tt> |
| | ** While the goal is to support a broad range of clients, we reasonably disable a number of ciphers that have little support (such as ARIA, Camellia, 3DES, and SEED) |
| | ** 90 days is the recommended maximum certificate lifespan, to encourage certificate issuance automation |
|
| |
|
| OCSP Stapling is only available in httpd 2.3.3 and later.
| | == <span style="color:gray;">'''Old'''</span> backward compatibility == |
|
| |
|
| In Apache 2.4.6, the DH parameter is always set to 1024 bits and is not user configurable. Future versions of Apache will automatically select a better value for the DH parameter.
| | This configuration is compatible with a number of very old clients, and should be used only as a last resort. |
| The configuration below is recommended.
| |
| <pre>
| |
| <VirtualHost *:443>
| |
| ...
| |
| SSLEngine on
| |
| SSLCertificateFile /path/to/signed_certificate
| |
| SSLCertificateChainFile /path/to/intermediate_certificate
| |
| SSLCertificateKeyFile /path/to/private/key
| |
| SSLCACertificateFile /path/to/all_ca_certs
| |
| SSLProtocol all -SSLv2
| |
| SSLCipherSuite <recommended ciphersuite from top of this page>
| |
| SSLHonorCipherOrder on
| |
| SSLCompression off
| |
| | |
| # OCSP Stapling, only in httpd 2.3.3 and later
| |
| SSLUseStapling on
| |
| SSLStaplingResponderTimeout 5
| |
| SSLStaplingReturnResponderErrors off
| |
| SSLStaplingCache shmcb:/var/run/ocsp(128000)
| |
|
| |
| # Enable this if your want HSTS (recommended, but be careful)
| |
| # Header add Strict-Transport-Security "max-age=15768000"
| |
|
| |
| ...
| |
| </VirtualHost>
| |
| </pre>
| |
| | |
| == Haproxy ==
| |
|
| |
|
| SSL support in Haproxy is stable in 1.5. Haproxy supports OCSP Stapling and custom DH parameters size. It can be used as a TLS termination in AWS using ELBs and the PROXY protocol. See [https://jve.linuxwall.info/ressources/taf/haproxy-aws/ Guidelines for HAProxy termination in AWS]
| | * Cipher suites (TLS 1.3): '''TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256''' |
| | * Cipher suites (TLS 1.0 - 1.2): '''ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA''' |
| | * Protocols: '''TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3''' |
| | * TLS curves: '''X25519, prime256v1, secp384r1''' |
| | * Certificate type: '''RSA (2048-bits)''' |
| | * Certificate curve: '''None''' |
| | * DH parameter size: '''1024''' (generated with <tt>openssl dhparam 1024</tt>) |
| | * HSTS: '''max-age=63072000''' (two years) |
| | * Certificate lifespan: '''90 days''' (recommended) to '''366 days''' |
| | * Cipher preference: '''server chooses''' |
|
| |
|
| | <!-- This tabular openssl list can be produced by running "openssl ciphers -V" --> |
| <pre> | | <pre> |
| frontend ft_test
| | 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD |
| mode http | | 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD |
| bind 0.0.0.0:443 ssl crt /path/to/<cert+privkey+intermediate+dhparam> ciphers <recommended_ciphersuite> | | 0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| # Enable this if your want HSTS (recommended, but be careful) | | 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD |
| # rspadd Strict-Transport-Security:\ max-age=15768000 | | 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD |
| | 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD |
| | 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD |
| | 0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| | 0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| | 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD |
| | 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD |
| | 0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD |
| | 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 |
| | 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 |
| | 0xC0,0x09 - ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 |
| | 0xC0,0x13 - ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 |
| | 0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 |
| | 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 |
| | 0xC0,0x0A - ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 |
| | 0xC0,0x14 - ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 |
| | 0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 |
| | 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 |
| | 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD |
| | 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD |
| | 0x00,0x3C - AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 |
| | 0x00,0x3D - AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 |
| | 0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 |
| | 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 |
| | 0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 |
| </pre> | | </pre> |
|
| |
|
| == Stud ==
| | * Rationale: |
| | ** Take a hard look at your infrastructure needs before using this configuration; it is intended for special use cases only |
| | ** If possible, use this configuration only for endpoints that require it, segregating it from other traffic |
| | ** SSLv3 has been disabled entirely, ending support for older Windows XP SP2 clients. Users requiring support for Windows XP SP2 may use [[Security/Archive/Server Side TLS 4.0|previous versions]] of this configuration, with the caveat that SSLv3 is no longer safe to use |
| | ** This configuration requires custom builds to work with modern versions of OpenSSL, using <tt>enable-ssl3</tt>, <tt>enable-ssl3-method</tt>, <tt>enable-deprecated</tt>, and <tt>enable-weak-ssl-ciphers</tt> |
| | ** Most ciphers that are not clearly broken and dangerous to use are supported |
|
| |
|
| Stud is a lightweight SSL termination proxy. It's basically a wrapper for OpenSSL. Stud is not being heavily developed, and features such as OCSP stapling are missing. But it is very lightweight and efficient, and with a recent openssl, supports all the TLS 1.2 ciphers.
| | = JSON version of the recommendations = |
| <pre>
| |
| # SSL x509 certificate file. REQUIRED.
| |
| # List multiple certs to use SNI. Certs are used in the order they
| |
| # are listed; the last cert listed will be used if none of the others match
| |
| #
| |
| # type: string
| |
| pem-file = "<concatenate cert + privkey + dhparam>"
| |
|
| |
| # SSL protocol.
| |
| #
| |
| tls = on
| |
| ssl = on
| |
|
| |
| # List of allowed SSL ciphers.
| |
| #
| |
| # Run openssl ciphers for list of available ciphers.
| |
| # type: string
| |
| ciphers = "<recommended ciphersuite from top of this page>"
| |
|
| |
| # Enforce server cipher list order
| |
| #
| |
| # type: boolean
| |
| prefer-server-ciphers = on
| |
| </pre>
| |
|
| |
|
| == Amazon Web Services Elastic Load Balancer (AWS ELB) == | | <p style="max-width: 60em;">Mozilla also maintains [https://ssl-config.mozilla.org/guidelines/5.7.json these recommendations] in JSON format, for automated system configuration. This location is versioned and permanent, and can be referenced in scripts and tools. The file will not change, to avoid breaking tools when we update the recommendations.</p> |
|
| |
|
| The ELB service support TLS 1.2 and ciphers ordering. It lacks support for custom DH parameters and OCSP Stapling.
| | <p style="max-width: 60em;">We also maintain a [https://ssl-config.mozilla.org/guidelines/latest.json rolling version] of these recommendations, with the caveat that they may change '''without warning''' and '''without providing backwards compatibility'''. As it may break things if you use it to automatically configure your servers without review, we recommend you use the [https://ssl-config.mozilla.org/guidelines/5.7.json version-specific file] instead.</p> |
|
| |
|
| The default configuration of ELBs has sane settings, that can be customized in the Web Console or via the API. We do still recommend that you enforce the ciphersuite using this script: https://github.com/mozilla/identity-ops/blob/master/aws-tools/apply_security_assurance_elb_ciphersuite_policy.py
| | = Version History = |
| | |
| If you want better control over TLS than ELB provide, another option in AWS is to terminate SSL on HAproxy, using the PROXY protocol between ELB and HAproxy. http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
| |
| | |
| == Zeus Load Balancer(Riverbed Stingray) == | |
| ZLB supports TLS1.1 and OCSP Stapling. It lacks support for TLS 1.2, Elliptic Curves and AES-GCM.
| |
| As of Riverbed Steelhead 9.6, TLS parameters are configurable per site. Sites that don't need backward compatibility are encourage to remove support for SSLv3, TLSv1.0, and 3DES. OCSP Stapling must be enabled on all sites.
| |
| | |
| The recommended prioritization is:
| |
| # SSL_DHE_RSA_WITH_AES_128_CBC_SHA
| |
| # SSL_DHE_RSA_WITH_AES_256_CBC_SHA
| |
| # SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| |
| # SSL_RSA_WITH_AES_128_CBC_SHA
| |
| # SSL_RSA_WITH_AES_256_CBC_SHA
| |
| # SSL_RSA_WITH_3DES_EDE_CBC_SHA
| |
| | |
| The following strings can be used directly in the ZLB configuration, under global settings > ssl3_ciphers.
| |
| '''with 3DES'''
| |
| <source lang="bash">
| |
| SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA
| |
| </source>
| |
| '''without 3DES'''
| |
| <source lang="bash">
| |
| SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA
| |
| </source>
| |
| | |
| While the recommended DH prime size is 2048, problems with client libraries, such as Java 6, make this impossible to deploy for now. Therefore, a DH prime of 1024 bits should be used until all clients are compatible with larger primes.
| |
| | |
| == Citrix Netscaler ==
| |
| | |
| There is an issue with Netscaler's TLS1.2 and DHE ciphers. When DHE is used, the TLS handshake fails with a fatal 'Decode error'.
| |
| TLS1.2 works fine with AES and RC4 ciphers.
| |
| | |
| Netscaler documentation is at http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-ssl-supported-ciphers-list-ref.html
| |
| | |
| The configuration sample below shows how a default ciphersuite object can be created and attached to a vserver.
| |
| | |
| First, create a default ciphersuite that can be used in all vservers.
| |
| <pre>
| |
| > add ssl cipher MozillaDefault
| |
| > bind ssl cipher MozillaSecure -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA
| |
| > bind ssl cipher MozillaSecure -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
| |
| > bind ssl cipher MozillaSecure -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA
| |
| > bind ssl cipher MozillaSecure -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
| |
| > bind ssl cipher MozillaSecure -cipherName TLS1-AES-128-CBC-SHA
| |
| > bind ssl cipher MozillaSecure -cipherName TLS1-AES-256-CBC-SHA
| |
| > bind ssl cipher MozillaSecure -cipherName SSL3-DES-CBC3-SHA
| |
| </pre>
| |
| | |
| Second, create a DH parameter. If backward compatibility with Java 6 isn't needed, use 2048 instead of 1024.
| |
| <pre>
| |
| > create ssl dhparam /nsconfig/ssl/dh1024.pem 1024 -gen 5
| |
| </pre>
| |
| | |
| Third, configure the vserver to use the default ciphersuite and DH parameter.
| |
| <pre>
| |
| > add ssl certKey <domain> -cert <cert> -key <key>
| |
| > add ssl certKey <intermediateCertName> -cert <intermediateCertName>
| |
| > link ssl certKey <domain> <intermediateCertName>
| |
| > set ssl vserver <domain>:https -eRSA ENABLED
| |
| > bind ssl vserver <domain>:https -cipherName MozillaDefault
| |
| > set ssl vserver <domain>:https -dh ENABLED -dhFile /nsconfig/ssl/dh1024.pem -dhCount 1000
| |
| </pre>
| |
| | |
| The resulting configuration can be viewed with 'show ssl'
| |
| <pre>
| |
| > show ssl vserver marketplace.firefox.com:https
| |
| | |
| Advanced SSL configuration for VServer marketplace.firefox.com:https:
| |
| DH: ENABLED DHParam File: /nsconfig/ssl/dh1024.pem Refresh Count: 1000
| |
| Ephemeral RSA: ENABLED Refresh Count: 0
| |
| Session Reuse: ENABLED Timeout: 120 seconds
| |
| Cipher Redirect: DISABLED
| |
| SSLv2 Redirect: DISABLED
| |
| ClearText Port: 0
| |
| Client Auth: DISABLED
| |
| SSL Redirect: DISABLED
| |
| Non FIPS Ciphers: DISABLED
| |
| SNI: DISABLED
| |
| SSLv2: DISABLED SSLv3: ENABLED TLSv1: ENABLED
| |
| Push Encryption Trigger: Always
| |
| Send Close-Notify: YES
| |
| | |
| 1) CertKey Name: marketplace.mozilla.org.san Server Certificate
| |
| 1) Cipher Name: MozillaSecure Description: User Created Cipher Group
| |
| </pre>
| |
| | |
| = CipherScan =
| |
| | |
| See https://github.com/jvehent/cipherscan
| |
| | |
| Cipherscan is a small Bash script that connects to a target and list the preferred Ciphers. It's an easy way to test a web server for available ciphers, PFS key size, elliptic curves, support for OCSP Stapling, TLS ticket lifetime and certificate trust.
| |
| | |
| <source lang="bash">
| |
| $ ./cipherscan jve.linuxwall.info
| |
| ..........................
| |
| prio ciphersuite protocols pfs_keysize
| |
| 1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
| |
| 2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits
| |
| 3 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,4096bits
| |
| 4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,4096bits
| |
| 5 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits
| |
| 6 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
| |
| 7 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits
| |
| 8 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
| |
| 9 DHE-RSA-AES128-SHA256 TLSv1.2 DH,4096bits
| |
| 10 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits
| |
| 11 DHE-RSA-AES256-SHA256 TLSv1.2 DH,4096bits
| |
| 12 AES128-GCM-SHA256 TLSv1.2
| |
| 13 AES256-GCM-SHA384 TLSv1.2
| |
| 14 ECDHE-RSA-DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
| |
| 15 EDH-RSA-DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits
| |
| 16 DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2
| |
| 17 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits
| |
| 18 DHE-RSA-CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits
| |
| 19 AES256-SHA256 TLSv1.2
| |
| 20 AES256-SHA TLSv1,TLSv1.1,TLSv1.2
| |
| 21 CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2
| |
| 22 DHE-RSA-CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,4096bits
| |
| 23 AES128-SHA256 TLSv1.2
| |
| 24 AES128-SHA TLSv1,TLSv1.1,TLSv1.2
| |
| 25 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2
| |
| | |
| Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
| |
| TLS ticket lifetime hint: 300
| |
| OCSP stapling: supported
| |
| </source>
| |
| | |
| = SSL Labs (Qualys) =
| |
| | |
| Available here: https://www.ssllabs.com/ssltest/
| |
| | |
| Qualys SSL Labs provides a comprehensive SSL testing suite.
| |
| | |
| GlobalSign has a modified interface of SSL Labs that is interesting as well: https://sslcheck.globalsign.com/
| |
| | |
| = Appendices =
| |
| == Supported ciphers on various systems ==
| |
| | |
| On a variety of ~900 systems (RHEL5 & 6, CentOS 5 & 6 and Ubuntu), the following versions of OpenSSL were found:
| |
| {| class="wikitable" | | {| class="wikitable" |
| |- | | |- |
| | 37 || OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
| | ! Version |
| |-
| | ! Editor |
| | 35 || OpenSSL 0.9.8k 25 Mar 2009
| | ! Changes |
| |-
| |
| | 777 || OpenSSL 1.0.0-fips 29 Mar 2010
| |
| |-
| |
| | 18 || OpenSSL 1.0.1 14 Mar 2012
| |
| |}
| |
| | |
| The recommended ciphersuite was tested on each system. The list below shows the ciphersuites supported by all tested systems. However old your setup may be, it is safe to assume that the following ciphers are going to be available:
| |
| * RC4-SHA
| |
| * DHE-RSA-AES128-SHA
| |
| * DHE-RSA-AES256-SHA
| |
| * AES128-SHA
| |
| * AES256-SHA
| |
| * DHE-DSS-AES128-SHA
| |
| * DHE-DSS-AES256-SHA
| |
| | |
| == Attacks on TLS ==
| |
| === BEAST CVE-2011-3389 ===
| |
| | |
| Beast is a vulnerability in the Initialization Vector (IV) of the CBC mode of AES, Camellia and a few other ciphers that use CBC mode. The attack allows a MITM attacker to recover plaintext values by encrypting the same message multiple times.
| |
| | |
| BEAST is mitigated in TLS1.1 and above.
| |
| | |
| more: https://blog.torproject.org/blog/tor-and-beast-ssl-attack
| |
| | |
| === LUCKY13 ===
| |
| | |
| Lucky13 is another attack on CBC mode that listen for padding checks to decrypt ciphertext.
| |
| | |
| more: https://www.imperialviolet.org/2013/02/04/luckythirteen.html
| |
| | |
| === RC4 weaknesses ===
| |
| | |
| It has been proven that RC4 biases in the first 256 bytes of a cipherstream can be used to recover encrypted text. If the same data is encrypted a very large number of times, then an attacker can apply statistical analysis to the results and recover the encrypted text. While hard to perform, this attack shows that it is time to remove RC4 from the list of trusted ciphers.
| |
| | |
| In a public discussion ([[https://bugzilla.mozilla.org/show_bug.cgi?id=927045 bug 927045]]), it has been recommended to replace RC4 with 3DES. This would impact Internet Explorer 7 and 8 users that, depending on the OS, do not support AES, and will negotiate only RC4 or 3DES ciphers. Internet Explorer uses the cryptographic library “schannel”, which is OS dependent. schannel supports AES in Windows Vista, but not in Windows XP.
| |
|
| |
| While 3DES provides more resistant cryptography, it is also 30 times slower and more cpu intensive than RC4. For large web infrastructure, the CPU cost of replacing 3DES with RC4 is non-zero. For this reason, we recommend that administrators evaluate their traffic patterns, and make the decision of replacing RC4 with 3DES on a per-case basis. At Mozilla, we evaluated that the impact on CPU usage is minor, and thus decided to replace RC4 with 3DES where backward compatibility is required.
| |
| | |
| === CRIME CVE-2012-4929 ===
| |
| | |
| The root cause of the problem is information leakage that occurs when data is compressed prior to encryption. If someone can repeatedly inject and mix arbitrary content with some sensitive and relatively predictable data, and observe the resulting encrypted stream, then he will be able to extract the unknown data from it.
| |
| | |
| more: https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
| |
| | |
| === BREACH ===
| |
| | |
| This is a more complex attack than CRIME, which does not require TLS-level compression (it still needs HTTP-level compression).
| |
| | |
| In order to be successful, it requires to:
| |
| | |
| # Be served from a server that uses HTTP-level compression
| |
| # Reflect user-input in HTTP response bodies
| |
| # Reflect a secret (such as a CSRF token) in HTTP response bodies
| |
| | |
| more: http://breachattack.com/
| |
| | |
| == SPDY ==
| |
| | |
| (see also http://en.wikipedia.org/wiki/SPDY and http://www.chromium.org/spdy/spdy-protocol)
| |
| | |
| SPDY is a protocol that incorporate TLS, which attempts to reduce latency when loading pages. It is currently not an HTTP standard (albeit it is being drafted for HTTP 2.0), but is widely supported.
| |
| | |
| SPDY version 3 is vulnerable to the CRIME attack (see also http://zoompf.com/2012/09/explaining-the-crime-weakness-in-spdy-and-ssl) - this is due to the use of compression. Clients currently implement a non-standard hack in with gzip in order to circumvent the vulnerability. SPDY version 4 is planned to include a proper fix.
| |
| | |
| == TLS tickets (RFC 5077) ==
| |
| | |
| Once a TLS handshake has been negociated between the server and the client, both may exchange a session ticket, which contains an AES-CBC 128bit key which can decrypt the session. This key is generally static and only regenerated when the web server is restarted (with recent versions of Apache, it's stored in a file and also kept upon restarts).
| |
| | |
| The current work-around is to disable RFC 5077 support.
| |
| | |
| more: https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf
| |
| | |
| == Cipher names correspondence table ==
| |
| IANA, OpenSSL and GnuTLS use different naming for the same ciphers. The table below matches some of these ciphers:
| |
| {| class=wikitable
| |
| |-
| |
| ! scope="col" | hex value
| |
| ! scope="col" | IANA
| |
| ! scope="col" | OpenSSL
| |
| ! scope="col" | GnuTLS
| |
| ! scope="col" | NSS
| |
| |-
| |
| ! scope=row | 0x00,0x00
| |
| | TLS_NULL_WITH_NULL_NULL
| |
| |
| |
| |
| |
| | SSL_NULL_WITH_NULL_NULL
| |
| |-
| |
| ! scope=row | 0x00,0x01
| |
| | TLS_RSA_WITH_NULL_MD5
| |
| | NULL-MD5
| |
| | TLS_RSA_NULL_MD5
| |
| | SSL_RSA_WITH_NULL_MD5
| |
| |-
| |
| ! scope=row | 0x00,0x02
| |
| | TLS_RSA_WITH_NULL_SHA
| |
| | NULL-SHA
| |
| | TLS_RSA_NULL_SHA1
| |
| | SSL_RSA_WITH_NULL_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x03
| |
| | TLS_RSA_EXPORT_WITH_RC4_40_MD5
| |
| | EXP-RC4-MD5
| |
| | TLS_RSA_EXPORT_ARCFOUR_40_MD5
| |
| | SSL_RSA_EXPORT_WITH_RC4_40_MD5
| |
| |-
| |
| ! scope=row | 0x00,0x04
| |
| | TLS_RSA_WITH_RC4_128_MD5
| |
| | RC4-MD5
| |
| | TLS_RSA_ARCFOUR_MD5
| |
| | SSL_RSA_WITH_RC4_128_MD5
| |
| |-
| |
| ! scope=row | 0x00,0x05
| |
| | TLS_RSA_WITH_RC4_128_SHA
| |
| | RC4-SHA
| |
| | TLS_RSA_ARCFOUR_SHA1
| |
| | SSL_RSA_WITH_RC4_128_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x06
| |
| | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
| |
| | EXP-RC2-CBC-MD5
| |
| |
| |
| | SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
| |
| |-
| |
| ! scope=row | 0x00,0x07
| |
| | TLS_RSA_WITH_IDEA_CBC_SHA
| |
| | IDEA-CBC-SHA
| |
| |
| |
| | SSL_RSA_WITH_IDEA_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x08
| |
| | TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
| |
| | EXP-DES-CBC-SHA
| |
| |
| |
| | SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x09
| |
| | TLS_RSA_WITH_DES_CBC_SHA
| |
| | DES-CBC-SHA
| |
| |
| |
| | SSL_RSA_WITH_DES_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x0A
| |
| | TLS_RSA_WITH_3DES_EDE_CBC_SHA
| |
| | DES-CBC3-SHA
| |
| | TLS_RSA_3DES_EDE_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x0B
| |
| | TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x0C
| |
| | TLS_DH_DSS_WITH_DES_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x0D
| |
| | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x0E
| |
| | TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x0F
| |
| | TLS_DH_RSA_WITH_DES_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x10
| |
| | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
| |
| |
| |
| |
| |
| | SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x11
| |
| | TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
| |
| | EXP-EDH-DSS-DES-CBC-SHA
| |
| |
| |
| | SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x12
| |
| | TLS_DHE_DSS_WITH_DES_CBC_SHA
| |
| | EDH-DSS-DES-CBC-SHA
| |
| |
| |
| | SSL_DHE_DSS_WITH_DES_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x13
| |
| | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
| |
| | EDH-DSS-DES-CBC3-SHA
| |
| | TLS_DHE_DSS_3DES_EDE_CBC_SHA1
| |
| | SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x14
| |
| | TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
| |
| | EXP-EDH-RSA-DES-CBC-SHA
| |
| |
| |
| | SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x15
| |
| | TLS_DHE_RSA_WITH_DES_CBC_SHA
| |
| | EDH-RSA-DES-CBC-SHA
| |
| |
| |
| | SSL_DHE_RSA_WITH_DES_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x16
| |
| | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| |
| | EDH-RSA-DES-CBC3-SHA
| |
| | TLS_DHE_RSA_3DES_EDE_CBC_SHA1
| |
| | SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x17
| |
| | TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
| |
| | EXP-ADH-RC4-MD5
| |
| |
| |
| | SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5
| |
| |-
| |
| ! scope=row | 0x00,0x18
| |
| | TLS_DH_anon_WITH_RC4_128_MD5
| |
| | ADH-RC4-MD5
| |
| | TLS_DH_ANON_ARCFOUR_MD5
| |
| | SSL_DH_ANON_WITH_RC4_128_MD5
| |
| |-
| |
| ! scope=row | 0x00,0x19
| |
| | TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
| |
| | EXP-ADH-DES-CBC-SHA
| |
| |
| |
| | SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x1A
| |
| | TLS_DH_anon_WITH_DES_CBC_SHA
| |
| | ADH-DES-CBC-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x1B
| |
| | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
| |
| | ADH-DES-CBC3-SHA
| |
| | TLS_DH_ANON_3DES_EDE_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x1E
| |
| | TLS_KRB5_WITH_DES_CBC_SHA
| |
| | KRB5-DES-CBC-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x1F
| |
| | TLS_KRB5_WITH_3DES_EDE_CBC_SHA
| |
| | KRB5-DES-CBC3-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x20
| |
| | TLS_KRB5_WITH_RC4_128_SHA
| |
| | KRB5-RC4-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x21
| |
| | TLS_KRB5_WITH_IDEA_CBC_SHA
| |
| | KRB5-IDEA-CBC-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x22
| |
| | TLS_KRB5_WITH_DES_CBC_MD5
| |
| | KRB5-DES-CBC-MD5
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x23
| |
| | TLS_KRB5_WITH_3DES_EDE_CBC_MD5
| |
| | KRB5-DES-CBC3-MD5
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x24
| |
| | TLS_KRB5_WITH_RC4_128_MD5
| |
| | KRB5-RC4-MD5
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x25
| |
| | TLS_KRB5_WITH_IDEA_CBC_MD5
| |
| | KRB5-IDEA-CBC-MD5
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x26
| |
| | TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
| |
| | EXP-KRB5-DES-CBC-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x27
| |
| | TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA
| |
| | EXP-KRB5-RC2-CBC-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x28
| |
| | TLS_KRB5_EXPORT_WITH_RC4_40_SHA
| |
| | EXP-KRB5-RC4-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x29
| |
| | TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
| |
| | EXP-KRB5-DES-CBC-MD5
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x2A
| |
| | TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5
| |
| | EXP-KRB5-RC2-CBC-MD5
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x2B
| |
| | TLS_KRB5_EXPORT_WITH_RC4_40_MD5
| |
| | EXP-KRB5-RC4-MD5
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x2C
| |
| | TLS_PSK_WITH_NULL_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x2D
| |
| | TLS_DHE_PSK_WITH_NULL_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x2E
| |
| | TLS_RSA_PSK_WITH_NULL_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x2F
| |
| | TLS_RSA_WITH_AES_128_CBC_SHA
| |
| | AES128-SHA
| |
| | TLS_RSA_AES_128_CBC_SHA1
| |
| | TLS_RSA_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x30
| |
| | TLS_DH_DSS_WITH_AES_128_CBC_SHA
| |
| |
| |
| |
| |
| | TLS_DH_DSS_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x31
| |
| | TLS_DH_RSA_WITH_AES_128_CBC_SHA
| |
| |
| |
| |
| |
| | TLS_DH_RSA_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x32
| |
| | TLS_DHE_DSS_WITH_AES_128_CBC_SHA
| |
| | DHE-DSS-AES128-SHA
| |
| | TLS_DHE_DSS_AES_128_CBC_SHA1
| |
| | TLS_DHE_DSS_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x33
| |
| | TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| |
| | DHE-RSA-AES128-SHA
| |
| | TLS_DHE_RSA_AES_128_CBC_SHA1
| |
| | TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x34
| |
| | TLS_DH_anon_WITH_AES_128_CBC_SHA
| |
| | ADH-AES128-SHA
| |
| | TLS_DH_ANON_AES_128_CBC_SHA1
| |
| | TLS_DH_ANON_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x35
| |
| | TLS_RSA_WITH_AES_256_CBC_SHA
| |
| | AES256-SHA
| |
| | TLS_RSA_AES_256_CBC_SHA1
| |
| | TLS_RSA_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x36
| |
| | TLS_DH_DSS_WITH_AES_256_CBC_SHA
| |
| |
| |
| |
| |
| | TLS_DH_DSS_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x37
| |
| | TLS_DH_RSA_WITH_AES_256_CBC_SHA
| |
| |
| |
| |
| |
| | TLS_DH_RSA_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x38
| |
| | TLS_DHE_DSS_WITH_AES_256_CBC_SHA
| |
| | DHE-DSS-AES256-SHA
| |
| | TLS_DHE_DSS_AES_256_CBC_SHA1
| |
| | TLS_DHE_DSS_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x39
| |
| | TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| |
| | DHE-RSA-AES256-SHA
| |
| | TLS_DHE_RSA_AES_256_CBC_SHA1
| |
| | TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x3A
| |
| | TLS_DH_anon_WITH_AES_256_CBC_SHA
| |
| | ADH-AES256-SHA
| |
| | TLS_DH_ANON_AES_256_CBC_SHA1
| |
| | TLS_DH_ANON_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x3B
| |
| | TLS_RSA_WITH_NULL_SHA256
| |
| | NULL-SHA256
| |
| | TLS_RSA_NULL_SHA256
| |
| | TLS_RSA_WITH_NULL_SHA256
| |
| |-
| |
| ! scope=row | 0x00,0x3C
| |
| | TLS_RSA_WITH_AES_128_CBC_SHA256
| |
| | AES128-SHA256
| |
| | TLS_RSA_AES_128_CBC_SHA256
| |
| | TLS_RSA_WITH_AES_128_CBC_SHA256
| |
| |-
| |
| ! scope=row | 0x00,0x3D
| |
| | TLS_RSA_WITH_AES_256_CBC_SHA256
| |
| | AES256-SHA256
| |
| | TLS_RSA_AES_256_CBC_SHA256
| |
| | TLS_RSA_WITH_AES_256_CBC_SHA256
| |
| |-
| |
| ! scope=row | 0x00,0x3E
| |
| | TLS_DH_DSS_WITH_AES_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x3F
| |
| | TLS_DH_RSA_WITH_AES_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x40
| |
| | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
| |
| | DHE-DSS-AES128-SHA256
| |
| DES-CBC-MD5
| |
| | TLS_DHE_DSS_AES_128_CBC_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x41
| |
| | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
| |
| | CAMELLIA128-SHA
| |
| | TLS_RSA_CAMELLIA_128_CBC_SHA1
| |
| | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x42
| |
| | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
| |
| |
| |
| |
| |
| | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x43
| |
| | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
| |
| |
| |
| |
| |
| | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x44
| |
| | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
| |
| | DHE-DSS-CAMELLIA128-SHA
| |
| | TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1
| |
| | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x45
| |
| | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
| |
| | DHE-RSA-CAMELLIA128-SHA
| |
| | TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1
| |
| | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x46
| |
| | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
| |
| | ADH-CAMELLIA128-SHA
| |
| | TLS_DH_ANON_CAMELLIA_128_CBC_SHA1
| |
| | TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x67
| |
| | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| |
| | DHE-RSA-AES128-SHA256
| |
| | TLS_DHE_RSA_AES_128_CBC_SHA256
| |
| | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| |
| |-
| |
| ! scope=row | 0x00,0x68
| |
| | TLS_DH_DSS_WITH_AES_256_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x69
| |
| | TLS_DH_RSA_WITH_AES_256_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x6A
| |
| | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
| |
| | DHE-DSS-AES256-SHA256
| |
| | TLS_DHE_DSS_AES_256_CBC_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x6B
| |
| | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| |
| | DHE-RSA-AES256-SHA256
| |
| | TLS_DHE_RSA_AES_256_CBC_SHA256
| |
| | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| |
| |-
| |
| ! scope=row | 0x00,0x6C
| |
| | TLS_DH_anon_WITH_AES_128_CBC_SHA256
| |
| | ADH-AES128-SHA256
| |
| | TLS_DH_ANON_AES_128_CBC_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x6D
| |
| | TLS_DH_anon_WITH_AES_256_CBC_SHA256
| |
| | ADH-AES256-SHA256
| |
| | TLS_DH_ANON_AES_256_CBC_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x84
| |
| | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
| |
| | CAMELLIA256-SHA
| |
| | TLS_RSA_CAMELLIA_256_CBC_SHA1
| |
| | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x85
| |
| | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
| |
| |
| |
| |
| |
| | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x86
| |
| | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
| |
| |
| |
| |
| |
| | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x87
| |
| | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
| |
| | DHE-DSS-CAMELLIA256-SHA
| |
| | TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1
| |
| | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x88
| |
| | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
| |
| | DHE-RSA-CAMELLIA256-SHA
| |
| | TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1
| |
| | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x89
| |
| | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
| |
| | ADH-CAMELLIA256-SHA
| |
| | TLS_DH_ANON_CAMELLIA_256_CBC_SHA1
| |
| | TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x8A
| |
| | TLS_PSK_WITH_RC4_128_SHA
| |
| | PSK-RC4-SHA
| |
| | TLS_PSK_SHA_ARCFOUR_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x8B
| |
| | TLS_PSK_WITH_3DES_EDE_CBC_SHA
| |
| | PSK-3DES-EDE-CBC-SHA
| |
| | TLS_PSK_SHA_3DES_EDE_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x8C
| |
| | TLS_PSK_WITH_AES_128_CBC_SHA
| |
| | PSK-AES128-CBC-SHA
| |
| | TLS_PSK_SHA_AES_128_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x8D
| |
| | TLS_PSK_WITH_AES_256_CBC_SHA
| |
| | PSK-AES256-CBC-SHA
| |
| | TLS_PSK_SHA_AES_256_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x8E
| |
| | TLS_DHE_PSK_WITH_RC4_128_SHA
| |
| |
| |
| | TLS_DHE_PSK_SHA_ARCFOUR_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x8F
| |
| | TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
| |
| |
| |
| | TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x90
| |
| | TLS_DHE_PSK_WITH_AES_128_CBC_SHA
| |
| |
| |
| | TLS_DHE_PSK_SHA_AES_128_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x91
| |
| | TLS_DHE_PSK_WITH_AES_256_CBC_SHA
| |
| |
| |
| | TLS_DHE_PSK_SHA_AES_256_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x92
| |
| | TLS_RSA_PSK_WITH_RC4_128_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x93
| |
| | TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x94
| |
| | TLS_RSA_PSK_WITH_AES_128_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x95
| |
| | TLS_RSA_PSK_WITH_AES_256_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x96
| |
| | TLS_RSA_WITH_SEED_CBC_SHA
| |
| | SEED-SHA
| |
| |
| |
| | TLS_RSA_WITH_SEED_CBC_SHA
| |
| |-
| |
| ! scope=row | 0x00,0x97
| |
| | TLS_DH_DSS_WITH_SEED_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x98
| |
| | TLS_DH_RSA_WITH_SEED_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x99
| |
| | TLS_DHE_DSS_WITH_SEED_CBC_SHA
| |
| | DHE-DSS-SEED-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x9A
| |
| | TLS_DHE_RSA_WITH_SEED_CBC_SHA
| |
| | DHE-RSA-SEED-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x9B
| |
| | TLS_DH_anon_WITH_SEED_CBC_SHA
| |
| | ADH-SEED-SHA
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x9C
| |
| | TLS_RSA_WITH_AES_128_GCM_SHA256
| |
| | AES128-GCM-SHA256
| |
| | TLS_RSA_AES_128_GCM_SHA256
| |
| | TLS_RSA_WITH_AES_128_GCM_SHA256
| |
| |-
| |
| ! scope=row | 0x00,0x9D
| |
| | TLS_RSA_WITH_AES_256_GCM_SHA384
| |
| | AES256-GCM-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0x9E
| |
| | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| |
| | DHE-RSA-AES128-GCM-SHA256
| |
| | TLS_DHE_RSA_AES_128_GCM_SHA256
| |
| | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| |
| |-
| |
| ! scope=row | 0x00,0x9F
| |
| | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| |
| | DHE-RSA-AES256-GCM-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA0
| |
| | TLS_DH_RSA_WITH_AES_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA1
| |
| | TLS_DH_RSA_WITH_AES_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA2
| |
| | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
| |
| | DHE-DSS-AES128-GCM-SHA256
| |
| | TLS_DHE_DSS_AES_128_GCM_SHA256
| |
| | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
| |
| |-
| |
| ! scope=row | 0x00,0xA3
| |
| | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
| |
| | DHE-DSS-AES256-GCM-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA4
| |
| | TLS_DH_DSS_WITH_AES_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA5
| |
| | TLS_DH_DSS_WITH_AES_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA6
| |
| | TLS_DH_anon_WITH_AES_128_GCM_SHA256
| |
| | ADH-AES128-GCM-SHA256
| |
| | TLS_DH_ANON_AES_128_GCM_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA7
| |
| | TLS_DH_anon_WITH_AES_256_GCM_SHA384
| |
| | ADH-AES256-GCM-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA8
| |
| | TLS_PSK_WITH_AES_128_GCM_SHA256
| |
| |
| |
| | TLS_PSK_AES_128_GCM_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xA9
| |
| | TLS_PSK_WITH_AES_256_GCM_SHA384
| |
| |
| |
| | TLS_PSK_WITH_AES_256_GCM_SHA384
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xAA
| |
| | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
| |
| |
| |
| | TLS_DHE_PSK_AES_128_GCM_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xAB
| |
| | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
| |
| |
| |
| | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xAC
| |
| | TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xAD
| |
| | TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xAE
| |
| | TLS_PSK_WITH_AES_128_CBC_SHA256
| |
| |
| |
| | TLS_PSK_AES_128_CBC_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xAF
| |
| | TLS_PSK_WITH_AES_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB0
| |
| | TLS_PSK_WITH_NULL_SHA256
| |
| |
| |
| | TLS_PSK_NULL_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB1
| |
| | TLS_PSK_WITH_NULL_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB2
| |
| | TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
| |
| |
| |
| | TLS_DHE_PSK_AES_128_CBC_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB3
| |
| | TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB4
| |
| | TLS_DHE_PSK_WITH_NULL_SHA256
| |
| |
| |
| | TLS_DHE_PSK_NULL_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB5
| |
| | TLS_DHE_PSK_WITH_NULL_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB6
| |
| | TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB7
| |
| | TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB8
| |
| | TLS_RSA_PSK_WITH_NULL_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xB9
| |
| | TLS_RSA_PSK_WITH_NULL_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xBA
| |
| | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xBB
| |
| | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xBC
| |
| | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xBD
| |
| | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xBE
| |
| | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xBF
| |
| | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xC0
| |
| | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
| |
| | DES-CBC3-MD5
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xC1
| |
| | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xC2
| |
| | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xC3
| |
| | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xC4
| |
| | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xC5
| |
| | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0x00,0xFF
| |
| | TLS_EMPTY_RENEGOTIATION_INFO_SCSV
| |
| |
| |
| |
| |
| | TLS_EMPTY_RENEGOTIATION_INFO_SCSV
| |
| |-
| |
| ! scope=row | 0xC0,0x01
| |
| | TLS_ECDH_ECDSA_WITH_NULL_SHA
| |
| | ECDH-ECDSA-NULL-SHA
| |
| |
| |
| | TLS_ECDH_ECDSA_WITH_NULL_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x02
| |
| | TLS_ECDH_ECDSA_WITH_RC4_128_SHA
| |
| | ECDH-ECDSA-RC4-SHA
| |
| |
| |
| | TLS_ECDH_ECDSA_WITH_RC4_128_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x03
| |
| | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
| |
| | ECDH-ECDSA-DES-CBC3-SHA
| |
| |
| |
| | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x04
| |
| | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
| |
| | ECDH-ECDSA-AES128-SHA
| |
| |
| |
| | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x05
| |
| | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
| |
| | ECDH-ECDSA-AES256-SHA
| |
| |
| |
| | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x06
| |
| | TLS_ECDHE_ECDSA_WITH_NULL_SHA
| |
| | ECDHE-ECDSA-NULL-SHA
| |
| | TLS_ECDHE_ECDSA_NULL_SHA1
| |
| | TLS_ECDHE_ECDSA_WITH_NULL_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x07
| |
| | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
| |
| | ECDHE-ECDSA-RC4-SHA
| |
| |
| |
| | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x08
| |
| | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
| |
| | ECDHE-ECDSA-DES-CBC3-SHA
| |
| | TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1
| |
| | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x09
| |
| | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
| |
| | ECDHE-ECDSA-AES128-SHA
| |
| | TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
| |
| | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x0A
| |
| | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
| |
| | ECDHE-ECDSA-AES256-SHA
| |
| | TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
| |
| | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x0B
| |
| | TLS_ECDH_RSA_WITH_NULL_SHA
| |
| | ECDH-RSA-NULL-SHA
| |
| |
| |
| | TLS_ECDH_RSA_WITH_NULL_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x0C
| |
| | TLS_ECDH_RSA_WITH_RC4_128_SHA
| |
| | ECDH-RSA-RC4-SHA
| |
| |
| |
| | TLS_ECDH_RSA_WITH_RC4_128_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x0D
| |
| | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
| |
| | ECDH-RSA-DES-CBC3-SHA
| |
| |
| |
| | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x0E
| |
| | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
| |
| | ECDH-RSA-AES128-SHA
| |
| |
| |
| | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x0F
| |
| | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
| |
| | ECDH-RSA-AES256-SHA
| |
| |
| |
| | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x10
| |
| | TLS_ECDHE_RSA_WITH_NULL_SHA
| |
| | ECDHE-RSA-NULL-SHA
| |
| | TLS_ECDHE_RSA_NULL_SHA1
| |
| | TLS_ECDHE_RSA_WITH_NULL_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x11
| |
| | TLS_ECDHE_RSA_WITH_RC4_128_SHA
| |
| | ECDHE-RSA-RC4-SHA
| |
| |
| |
| | TLS_ECDHE_RSA_WITH_RC4_128_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x12
| |
| | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
| |
| | ECDHE-RSA-DES-CBC3-SHA
| |
| | TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1
| |
| | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x13
| |
| | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
| |
| | ECDHE-RSA-AES128-SHA
| |
| | TLS_ECDHE_RSA_AES_128_CBC_SHA1
| |
| | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x14
| |
| | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
| |
| | ECDHE-RSA-AES256-SHA
| |
| | TLS_ECDHE_RSA_AES_256_CBC_SHA1
| |
| | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x15
| |
| | TLS_ECDH_anon_WITH_NULL_SHA
| |
| | AECDH-NULL-SHA
| |
| | TLS_ECDH_ANON_NULL_SHA1
| |
| | TLS_ECDH_anon_WITH_NULL_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x16
| |
| | TLS_ECDH_anon_WITH_RC4_128_SHA
| |
| | AECDH-RC4-SHA
| |
| |
| |
| | TLS_ECDH_anon_WITH_RC4_128_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x17
| |
| | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
| |
| | AECDH-DES-CBC3-SHA
| |
| | TLS_ECDH_ANON_3DES_EDE_CBC_SHA1
| |
| | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x18
| |
| | TLS_ECDH_anon_WITH_AES_128_CBC_SHA
| |
| | AECDH-AES128-SHA
| |
| | TLS_ECDH_ANON_AES_128_CBC_SHA1
| |
| | TLS_ECDH_anon_WITH_AES_128_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x19
| |
| | TLS_ECDH_anon_WITH_AES_256_CBC_SHA
| |
| | AECDH-AES256-SHA
| |
| | TLS_ECDH_ANON_AES_256_CBC_SHA1
| |
| | TLS_ECDH_anon_WITH_AES_256_CBC_SHA
| |
| |-
| |
| ! scope=row | 0xC0,0x1A
| |
| | TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x1B
| |
| | TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x1C
| |
| | TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x1D
| |
| | TLS_SRP_SHA_WITH_AES_128_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x1E
| |
| | TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x1F
| |
| | TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x20
| |
| | TLS_SRP_SHA_WITH_AES_256_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x21
| |
| | TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x22
| |
| | TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x23
| |
| | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
| |
| | ECDHE-ECDSA-AES128-SHA256
| |
| | TLS_ECDHE_ECDSA_AES_128_CBC_SHA256
| |
| | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
| |
| |-
| |
| ! scope=row | 0xC0,0x24
| |
| | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
| |
| | ECDHE-ECDSA-AES256-SHA384
| |
| | TLS_ECDHE_ECDSA_AES_256_CBC_SHA384
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x25
| |
| | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
| |
| | ECDH-ECDSA-AES128-SHA256
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x26
| |
| | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
| |
| | ECDH-ECDSA-AES256-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x27
| |
| | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
| |
| | ECDHE-RSA-AES128-SHA256
| |
| | TLS_ECDHE_RSA_AES_128_CBC_SHA256
| |
| | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
| |
| |-
| |
| ! scope=row | 0xC0,0x28
| |
| | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
| |
| | ECDHE-RSA-AES256-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x29
| |
| | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
| |
| | ECDH-RSA-AES128-SHA256
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x2A
| |
| | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
| |
| | ECDH-RSA-AES256-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x2B
| |
| | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
| |
| | ECDHE-ECDSA-AES128-GCM-SHA256
| |
| | TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
| |
| | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
| |
| |-
| |
| ! scope=row | 0xC0,0x2C
| |
| | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
| |
| | ECDHE-ECDSA-AES256-GCM-SHA384
| |
| | TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x2D
| |
| | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
| |
| | ECDH-ECDSA-AES128-GCM-SHA256
| |
| |
| |
| | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
| |
| |-
| |
| ! scope=row | 0xC0,0x2E
| |
| | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
| |
| | ECDH-ECDSA-AES256-GCM-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x2F
| |
| | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
| |
| | ECDHE-RSA-AES128-GCM-SHA256
| |
| | TLS_ECDHE_RSA_AES_128_GCM_SHA256
| |
| | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
| |
| |-
| |
| ! scope=row | 0xC0,0x30
| |
| | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
| |
| | ECDHE-RSA-AES256-GCM-SHA384
| |
| | TLS_ECDHE_RSA_AES_256_GCM_SHA384
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x31
| |
| | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
| |
| | ECDH-RSA-AES128-GCM-SHA256
| |
| |
| |
| | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
| |
| |-
| |
| ! scope=row | 0xC0,0x32
| |
| | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
| |
| | ECDH-RSA-AES256-GCM-SHA384
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x33
| |
| | TLS_ECDHE_PSK_WITH_RC4_128_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x34
| |
| | TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
| |
| |
| |
| | TLS_ECDHE_PSK_3DES_EDE_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x35
| |
| | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
| |
| |
| |
| | TLS_ECDHE_PSK_AES_128_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x36
| |
| | TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
| |
| |
| |
| | TLS_ECDHE_PSK_AES_256_CBC_SHA1
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x37
| |
| | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
| |
| |
| |
| | TLS_ECDHE_PSK_AES_128_CBC_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x38 | |
| | TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
| |
| |
| |
| | TLS_ECDHE_PSK_AES_256_CBC_SHA384
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x39
| |
| | TLS_ECDHE_PSK_WITH_NULL_SHA
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x3A | |
| | TLS_ECDHE_PSK_WITH_NULL_SHA256
| |
| |
| |
| | TLS_ECDHE_PSK_NULL_SHA256
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x3B | |
| | TLS_ECDHE_PSK_WITH_NULL_SHA384
| |
| |
| |
| | TLS_ECDHE_PSK_NULL_SHA384
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x3C
| |
| | TLS_RSA_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x3D
| |
| | TLS_RSA_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x3E
| |
| | TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x3F
| |
| | TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x40
| |
| | TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x41
| |
| | TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x42
| |
| | TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x43
| |
| | TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x44
| |
| | TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x45
| |
| | TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x46
| |
| | TLS_DH_anon_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x47
| |
| | TLS_DH_anon_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x48
| |
| | TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x49
| |
| | TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x4A
| |
| | TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x4B
| |
| | TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x4C
| |
| | TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x4D
| |
| | TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |- | | |- |
| ! scope=row | 0xC0,0x4E
| | | style="text-align: center;" | 5.7 |
| | TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 | | | style="text-align: center;" | Gene Wood |
| |
| | | Add DHE-RSA-CHACHA20-POLY1305 cipher to the Intermediate configuration |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x4F
| | | style="text-align: center;" | 5.6 |
| | TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 | | | style="text-align: center;" | April King |
| |
| | | Fixed incorrect cipher ordering for the Intermediate configuration |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x50
| | | style="text-align: center;" | 5.5 |
| | TLS_RSA_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | April King |
| |
| | | Update certificate lifespan to reflect browser policy changes |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x51
| | | style="text-align: center;" | 5.3 |
| | TLS_RSA_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | April King |
| |
| | | Bump links to point to 5.3 guidelines, since it fixes a small JSON error |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x52
| | | style="text-align: center;" | 5.0.1 |
| | TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | April King |
| |
| | | Add note about IE 11 on Windows Server 2008 R2 |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x53
| | | style="text-align: center;" | 5.0 |
| | TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | April King |
| |
| | | Server Side TLS 5.0 |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x54
| | | style="text-align: center;" | 4.2 |
| | TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | April King |
| |
| | | Updated cipher suite table |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x55
| | | style="text-align: center;" | 4.1 |
| | TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Clarify Logjam notes, Clarify risk of TLS Tickets |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x56
| | | style="text-align: center;" | 4 |
| | TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Recommend ECDSA in modern level, remove DSS ciphers, publish configurations as JSON |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x57
| | | style="text-align: center;" | 3.8 |
| | TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | redo cipher names chart (April King), move version chart (April King), update Intermediate cipher suite (ulfr) |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x58
| | | style="text-align: center;" | 3.7 |
| | TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | cleanup version table (April King), add F5 conf samples (warburtron), add notes about DHE (rgacogne) |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x59
| | | style="text-align: center;" | 3.6 |
| | TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | bump intermediate DHE to 2048, add note about java compatibility |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x5A
| | | style="text-align: center;" | 3.5 |
| | TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | alm |
| |
| | | comment on weakdh vulnerability |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x5B
| | | style="text-align: center;" | 3.4 |
| | TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | added note about session resumption, HSTS, and HPKP |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x5C
| | | style="text-align: center;" | 3.3 |
| | TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | fix SHA256 prio, add POODLE details, update various templates |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x5D
| | | style="text-align: center;" | 3.2 |
| | TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Added intermediate compatibility mode, renamed other modes |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x5E
| | | style="text-align: center;" | 3.1 |
| | TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Added non-backward compatible ciphersuite |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x5F
| | | style="text-align: center;" | 3 |
| | TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Remove RC4 for 3DES, fix ordering in openssl 0.9.8 ([https://bugzilla.mozilla.org/show_bug.cgi?id=1024430 1024430]), various minor updates |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x60
| | | style="text-align: center;" | 2.5.1 |
| | TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Revisit ELB capabilities |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x61
| | | style="text-align: center;" | 2.5 |
| | TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Update ZLB information for OCSP Stapling and ciphersuite |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x62
| | | style="text-align: center;" | 2.4 |
| | TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Moved a couple of aes128 above aes256 in the ciphersuite |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x63
| | | style="text-align: center;" | 2.3 |
| | TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Precisions on IE 7/8 AES support (thanks to Dobin Rutishauser) |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x64
| | | style="text-align: center;" | 2.2 |
| | TLS_PSK_WITH_ARIA_128_CBC_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | Added IANA/OpenSSL/GnuTLS correspondence table and conversion tool |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x65
| | | style="text-align: center;" | 2.1 |
| | TLS_PSK_WITH_ARIA_256_CBC_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | RC4 vs 3DES discussion. r=joes r=tinfoil |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x66
| | | style="text-align: center;" | 2.0 |
| | TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 | | | style="text-align: center;" | Julien Vehent, kang |
| |
| | | Public release. |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x67
| | | style="text-align: center;" | 1.5 |
| | TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 | | | style="text-align: center;" | Julien Vehent, kang |
| |
| | | added details for PFS DHE handshake, added nginx configuration details; added Apache recommended conf |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x68
| | | style="text-align: center;" | 1.4 |
| | TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | revised ciphersuite. Prefer AES before RC4. Prefer 128 before 256. Prefer DHE before non-DHE. |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x69
| | | style="text-align: center;" | 1.3 |
| | TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 | | | style="text-align: center;" | Julien Vehent |
| |
| | | added netscaler example conf |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x6A
| | | style="text-align: center;" | 1.2 |
| | TLS_PSK_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | ciphersuite update, bump DHE-AESGCM above ECDH-RC4 |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x6B
| | | style="text-align: center;" | 1.1 |
| | TLS_PSK_WITH_ARIA_256_GCM_SHA384 | | | style="text-align: center;" | Julien Vehent, kang |
| |
| | | integrated review comments from Infra; SPDY information |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x6C
| | | style="text-align: center;" | 1.0 |
| | TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 | | | style="text-align: center;" | Julien Vehent |
| |
| | | creation |
| | | |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x6D
| | | colspan="3" | |
| | TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| | | |
| |- | | |- |
| ! scope=row | 0xC0,0x6E
| | | colspan="2" style="border-right: none;" | '''Document Status:''' |
| | TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
| | | style="border-left: none; color:green; text-align: center;" | '''READY''' |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x6F
| |
| | TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x70
| |
| | TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x71
| |
| | TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x72
| |
| | TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x73
| |
| | TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x74
| |
| | TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x75
| |
| | TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |- | |
| ! scope=row | 0xC0,0x76
| |
| | TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x77
| |
| | TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x78
| |
| | TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| | | |
| |- | |
| ! scope=row | 0xC0,0x79
| |
| | TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x7A
| |
| | TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x7B
| |
| | TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x7C
| |
| | TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x7D
| |
| | TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x7E
| |
| | TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x7F
| |
| | TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x80
| |
| | TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x81
| |
| | TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x82
| |
| | TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x83
| |
| | TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x84
| |
| | TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x85
| |
| | TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x86
| |
| | TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x87
| |
| | TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x88
| |
| | TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x89
| |
| | TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x8A
| |
| | TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x8B
| |
| | TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x8C
| |
| | TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x8D
| |
| | TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x8E
| |
| | TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x8F
| |
| | TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x90
| |
| | TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x91
| |
| | TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x92
| |
| | TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x93
| |
| | TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x94
| |
| | TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x95
| |
| | TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x96
| |
| | TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x97
| |
| | TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x98
| |
| | TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x99
| |
| | TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x9A
| |
| | TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x9B
| |
| | TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x9C
| |
| | TLS_RSA_WITH_AES_128_CCM
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x9D
| |
| | TLS_RSA_WITH_AES_256_CCM
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x9E
| |
| | TLS_DHE_RSA_WITH_AES_128_CCM
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0x9F
| |
| | TLS_DHE_RSA_WITH_AES_256_CCM
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA0
| |
| | TLS_RSA_WITH_AES_128_CCM_8
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA1
| |
| | TLS_RSA_WITH_AES_256_CCM_8
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA2
| |
| | TLS_DHE_RSA_WITH_AES_128_CCM_8
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA3
| |
| | TLS_DHE_RSA_WITH_AES_256_CCM_8
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA4
| |
| | TLS_PSK_WITH_AES_128_CCM
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA5
| |
| | TLS_PSK_WITH_AES_256_CCM
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA6
| |
| | TLS_DHE_PSK_WITH_AES_128_CCM
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA7
| |
| | TLS_DHE_PSK_WITH_AES_256_CCM
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA8
| |
| | TLS_PSK_WITH_AES_128_CCM_8
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xA9
| |
| | TLS_PSK_WITH_AES_256_CCM_8
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xAA
| |
| | TLS_PSK_DHE_WITH_AES_128_CCM_8
| |
| |
| |
| |
| |
| |
| |
| |-
| |
| ! scope=row | 0xC0,0xAB
| |
| | TLS_PSK_DHE_WITH_AES_256_CCM_8
| |
| |
| |
| |
| |
| | | |
| |} | | |} |
|
| |
| The table above was automatically generated by the script at https://github.com/jvehent/tlsnames/blob/master/build_correspondence_table.sh
| |
|
| |
| == GnuTLS ciphersuite ==
| |
|
| |
| Using the reference ciphersuite for OpenSSL and the convertion tool below, we obtain the following ciphersuite for GnuTLS. Be aware that some ciphers might be missing, since OpenSSL supports more cryptographic algorithms that GnuTLS.
| |
|
| |
| '''reference gnutls ciphersuite'''
| |
| TLS_ECDHE_RSA_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_AES_128_GCM_SHA256:TLS_ECDHE_RSA_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_AES_256_GCM_SHA384:
| |
| TLS_DHE_RSA_AES_128_GCM_SHA256:TLS_DHE_DSS_AES_128_GCM_SHA256:TLS_ECDHE_RSA_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_AES_128_CBC_SHA256:
| |
| TLS_ECDHE_RSA_AES_128_CBC_SHA1:TLS_ECDHE_ECDSA_AES_128_CBC_SHA1:TLS_ECDHE_ECDSA_AES_256_CBC_SHA384:TLS_ECDHE_RSA_AES_256_CBC_SHA1:
| |
| TLS_ECDHE_ECDSA_AES_256_CBC_SHA1:TLS_DHE_RSA_AES_128_CBC_SHA256:TLS_DHE_RSA_AES_128_CBC_SHA1:TLS_DHE_DSS_AES_128_CBC_SHA256:
| |
| TLS_DHE_RSA_AES_256_CBC_SHA256:TLS_DHE_DSS_AES_256_CBC_SHA1:TLS_DHE_RSA_AES_256_CBC_SHA1:TLS_RSA_AES_128_GCM_SHA256:
| |
| TLS_DHE_DSS_AES_128_CBC_SHA1:TLS_RSA_AES_128_CBC_SHA256:TLS_RSA_AES_128_CBC_SHA1:TLS_DHE_DSS_AES_256_CBC_SHA256:TLS_RSA_AES_256_CBC_SHA256:
| |
| TLS_RSA_AES_256_CBC_SHA1:TLS_RSA_3DES_EDE_CBC_SHA1:TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1:TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1:
| |
| TLS_RSA_CAMELLIA_256_CBC_SHA1:TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1:TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1:TLS_DHE_RSA_3DES_EDE_CBC_SHA1:
| |
| TLS_DHE_DSS_3DES_EDE_CBC_SHA1:TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1:TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1:TLS_RSA_CAMELLIA_128_CBC_SHA1
| |
|
| |
| === Conversion from OpenSSL to GnuTLS ===
| |
|
| |
| Use the script at https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh to transform an OpenSSL ciphersuite into a GnuTLS one. Some ciphers might be discarded depending on the versions of OpenSSL and GnuTLS that are installed on your system.
| |
|
| |
| <source lang="bash">
| |
| $ ./convert_openssl_to_gnutls.sh 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK'
| |
| 0xC0,0x2F openssl:ECDHE-RSA-AES128-GCM-SHA256 gnutls:TLS_ECDHE_RSA_AES_128_GCM_SHA256
| |
| 0xC0,0x2B openssl:ECDHE-ECDSA-AES128-GCM-SHA256 gnutls:TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
| |
| 0xC0,0x30 openssl:ECDHE-RSA-AES256-GCM-SHA384 gnutls:TLS_ECDHE_RSA_AES_256_GCM_SHA384
| |
| 0xC0,0x2C openssl:ECDHE-ECDSA-AES256-GCM-SHA384 gnutls:TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
| |
| 0x00,0x9E openssl:DHE-RSA-AES128-GCM-SHA256 gnutls:TLS_DHE_RSA_AES_128_GCM_SHA256
| |
| 0x00,0xA2 openssl:DHE-DSS-AES128-GCM-SHA256 gnutls:TLS_DHE_DSS_AES_128_GCM_SHA256
| |
| 0x00,0xA3 openssl:DHE-DSS-AES256-GCM-SHA384 gnutls:
| |
| 0x00,0x9F openssl:DHE-RSA-AES256-GCM-SHA384 gnutls:
| |
| 0xC0,0x27 openssl:ECDHE-RSA-AES128-SHA256 gnutls:TLS_ECDHE_RSA_AES_128_CBC_SHA256
| |
| 0xC0,0x23 openssl:ECDHE-ECDSA-AES128-SHA256 gnutls:TLS_ECDHE_ECDSA_AES_128_CBC_SHA256
| |
| 0xC0,0x13 openssl:ECDHE-RSA-AES128-SHA gnutls:TLS_ECDHE_RSA_AES_128_CBC_SHA1
| |
| 0xC0,0x09 openssl:ECDHE-ECDSA-AES128-SHA gnutls:TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
| |
| 0xC0,0x28 openssl:ECDHE-RSA-AES256-SHA384 gnutls:
| |
| 0xC0,0x24 openssl:ECDHE-ECDSA-AES256-SHA384 gnutls:TLS_ECDHE_ECDSA_AES_256_CBC_SHA384
| |
| 0xC0,0x14 openssl:ECDHE-RSA-AES256-SHA gnutls:TLS_ECDHE_RSA_AES_256_CBC_SHA1
| |
| 0xC0,0x0A openssl:ECDHE-ECDSA-AES256-SHA gnutls:TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
| |
| 0x00,0x67 openssl:DHE-RSA-AES128-SHA256 gnutls:TLS_DHE_RSA_AES_128_CBC_SHA256
| |
| 0x00,0x33 openssl:DHE-RSA-AES128-SHA gnutls:TLS_DHE_RSA_AES_128_CBC_SHA1
| |
| 0x00,0x40 openssl:DHE-DSS-AES128-SHA256 gnutls:TLS_DHE_DSS_AES_128_CBC_SHA256
| |
| 0x00,0x6B openssl:DHE-RSA-AES256-SHA256 gnutls:TLS_DHE_RSA_AES_256_CBC_SHA256
| |
| 0x00,0x38 openssl:DHE-DSS-AES256-SHA gnutls:TLS_DHE_DSS_AES_256_CBC_SHA1
| |
| 0x00,0x39 openssl:DHE-RSA-AES256-SHA gnutls:TLS_DHE_RSA_AES_256_CBC_SHA1
| |
| 0x00,0x9C openssl:AES128-GCM-SHA256 gnutls:TLS_RSA_AES_128_GCM_SHA256
| |
| 0x00,0x9D openssl:AES256-GCM-SHA384 gnutls:
| |
| 0x00,0x32 openssl:DHE-DSS-AES128-SHA gnutls:TLS_DHE_DSS_AES_128_CBC_SHA1
| |
| 0xC0,0x31 openssl:ECDH-RSA-AES128-GCM-SHA256 gnutls:
| |
| 0xC0,0x2D openssl:ECDH-ECDSA-AES128-GCM-SHA256 gnutls:
| |
| 0xC0,0x29 openssl:ECDH-RSA-AES128-SHA256 gnutls:
| |
| 0xC0,0x25 openssl:ECDH-ECDSA-AES128-SHA256 gnutls:
| |
| 0xC0,0x0E openssl:ECDH-RSA-AES128-SHA gnutls:
| |
| 0xC0,0x04 openssl:ECDH-ECDSA-AES128-SHA gnutls:
| |
| 0x00,0x3C openssl:AES128-SHA256 gnutls:TLS_RSA_AES_128_CBC_SHA256
| |
| 0x00,0x2F openssl:AES128-SHA gnutls:TLS_RSA_AES_128_CBC_SHA1
| |
| 0x00,0x6A openssl:DHE-DSS-AES256-SHA256 gnutls:TLS_DHE_DSS_AES_256_CBC_SHA256
| |
| 0xC0,0x32 openssl:ECDH-RSA-AES256-GCM-SHA384 gnutls:
| |
| 0xC0,0x2E openssl:ECDH-ECDSA-AES256-GCM-SHA384 gnutls:
| |
| 0xC0,0x2A openssl:ECDH-RSA-AES256-SHA384 gnutls:
| |
| 0xC0,0x26 openssl:ECDH-ECDSA-AES256-SHA384 gnutls:
| |
| 0xC0,0x0F openssl:ECDH-RSA-AES256-SHA gnutls:
| |
| 0xC0,0x05 openssl:ECDH-ECDSA-AES256-SHA gnutls:
| |
| 0x00,0x3D openssl:AES256-SHA256 gnutls:TLS_RSA_AES_256_CBC_SHA256
| |
| 0x00,0x35 openssl:AES256-SHA gnutls:TLS_RSA_AES_256_CBC_SHA1
| |
| 0x00,0x0A openssl:DES-CBC3-SHA gnutls:TLS_RSA_3DES_EDE_CBC_SHA1
| |
| 0x00,0x88 openssl:DHE-RSA-CAMELLIA256-SHA gnutls:TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1
| |
| 0x00,0x87 openssl:DHE-DSS-CAMELLIA256-SHA gnutls:TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1
| |
| 0x00,0x84 openssl:CAMELLIA256-SHA gnutls:TLS_RSA_CAMELLIA_256_CBC_SHA1
| |
| 0xC0,0x12 openssl:ECDHE-RSA-DES-CBC3-SHA gnutls:TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1
| |
| 0xC0,0x08 openssl:ECDHE-ECDSA-DES-CBC3-SHA gnutls:TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1
| |
| 0x00,0x16 openssl:EDH-RSA-DES-CBC3-SHA gnutls:TLS_DHE_RSA_3DES_EDE_CBC_SHA1
| |
| 0x00,0x13 openssl:EDH-DSS-DES-CBC3-SHA gnutls:TLS_DHE_DSS_3DES_EDE_CBC_SHA1
| |
| 0xC0,0x0D openssl:ECDH-RSA-DES-CBC3-SHA gnutls:
| |
| 0xC0,0x03 openssl:ECDH-ECDSA-DES-CBC3-SHA gnutls:
| |
| 0x00,0x1F openssl:KRB5-DES-CBC3-SHA gnutls:
| |
| 0x00,0x45 openssl:DHE-RSA-CAMELLIA128-SHA gnutls:TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1
| |
| 0x00,0x44 openssl:DHE-DSS-CAMELLIA128-SHA gnutls:TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1
| |
| 0x00,0x41 openssl:CAMELLIA128-SHA gnutls:TLS_RSA_CAMELLIA_128_CBC_SHA1
| |
|
| |
| GnuTLS ciphersuite:
| |
| TLS_ECDHE_RSA_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_AES_128_GCM_SHA256:TLS_ECDHE_RSA_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_AES_256_GCM_SHA384:TLS_DHE_RSA_AES_128_GCM_SHA256:TLS_DHE_DSS_AES_128_GCM_SHA256:TLS_ECDHE_RSA_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_AES_128_CBC_SHA256:TLS_ECDHE_RSA_AES_128_CBC_SHA1:TLS_ECDHE_ECDSA_AES_128_CBC_SHA1:TLS_ECDHE_ECDSA_AES_256_CBC_SHA384:TLS_ECDHE_RSA_AES_256_CBC_SHA1:TLS_ECDHE_ECDSA_AES_256_CBC_SHA1:TLS_DHE_RSA_AES_128_CBC_SHA256:TLS_DHE_RSA_AES_128_CBC_SHA1:TLS_DHE_DSS_AES_128_CBC_SHA256:TLS_DHE_RSA_AES_256_CBC_SHA256:TLS_DHE_DSS_AES_256_CBC_SHA1:TLS_DHE_RSA_AES_256_CBC_SHA1:TLS_RSA_AES_128_GCM_SHA256:TLS_DHE_DSS_AES_128_CBC_SHA1:TLS_RSA_AES_128_CBC_SHA256:TLS_RSA_AES_128_CBC_SHA1:TLS_DHE_DSS_AES_256_CBC_SHA256:TLS_RSA_AES_256_CBC_SHA256:TLS_RSA_AES_256_CBC_SHA1:TLS_RSA_3DES_EDE_CBC_SHA1:TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1:TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1:TLS_RSA_CAMELLIA_256_CBC_SHA1:TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1:TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1:TLS_DHE_RSA_3DES_EDE_CBC_SHA1:TLS_DHE_DSS_3DES_EDE_CBC_SHA1:TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1:TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1:TLS_RSA_CAMELLIA_128_CBC_SHA1
| |
|
| |
| Unknown ciphers not present in GnuTLS
| |
| DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:KRB5-DES-CBC3-SHA
| |
|
| |
| </source>
| |
