8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
Reviewed-by: wetmore, xuelei, mullan, coffeys
This commit is contained in:
Vinnie Ryan
parent
6613384dc9
commit
a63d39ad89
@ -1253,4 +1253,55 @@ public abstract class SSLEngine {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the most recent application protocol value negotiated for this
|
||||
* connection.
|
||||
* <p>
|
||||
* If supported by the underlying SSL/TLS/DTLS implementation,
|
||||
* application name negotiation mechanisms such as <a
|
||||
* href="http://www.ietf.org/rfc/rfc7301.txt"> RFC 7301 </a>, the
|
||||
* Application-Layer Protocol Negotiation (ALPN), can negotiate
|
||||
* application-level values between peers.
|
||||
* <p>
|
||||
* @implSpec
|
||||
* The implementation in this class throws
|
||||
* {@code UnsupportedOperationException} and performs no other action.
|
||||
*
|
||||
* @return null if it has not yet been determined if application
|
||||
* protocols might be used for this connection, an empty
|
||||
* {@code String} if application protocols values will not
|
||||
* be used, or a non-empty application protocol {@code String}
|
||||
* if a value was successfully negotiated.
|
||||
* @throws UnsupportedOperationException if the underlying provider
|
||||
* does not implement the operation.
|
||||
* @since 9
|
||||
*/
|
||||
public String getApplicationProtocol() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the application protocol value negotiated on a SSL/TLS
|
||||
* handshake currently in progress.
|
||||
* <p>
|
||||
* Like {@link #getHandshakeSession()},
|
||||
* a connection may be in the middle of a handshake. The
|
||||
* application protocol may or may not yet be available.
|
||||
* <p>
|
||||
* @implSpec
|
||||
* The implementation in this class throws
|
||||
* {@code UnsupportedOperationException} and performs no other action.
|
||||
*
|
||||
* @return null if it has not yet been determined if application
|
||||
* protocols might be used for this handshake, an empty
|
||||
* {@code String} if application protocols values will not
|
||||
* be used, or a non-empty application protocol {@code String}
|
||||
* if a value was successfully negotiated.
|
||||
* @throws UnsupportedOperationException if the underlying provider
|
||||
* does not implement the operation.
|
||||
* @since 9
|
||||
*/
|
||||
public String getHandshakeApplicationProtocol() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
}
|
||||
|
||||
@ -56,6 +56,17 @@ import java.util.LinkedHashMap;
|
||||
* {@link SSLSocket#setSSLParameters SSLSocket.setSSLParameters()} and
|
||||
* {@link SSLServerSocket#setSSLParameters SSLServerSocket.setSSLParameters()}
|
||||
* and {@link SSLEngine#setSSLParameters SSLEngine.setSSLParameters()}.
|
||||
* <p>
|
||||
* For example:
|
||||
*
|
||||
* <blockquote><pre>
|
||||
* SSLParameters p = sslSocket.getSSLParameters();
|
||||
* p.setProtocols(new String[] { "TLSv1.2" });
|
||||
* p.setCipherSuites(
|
||||
* new String[] { "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", ... });
|
||||
* p.setApplicationProtocols(new String[] {"h2", "http/1.1"});
|
||||
* sslSocket.setSSLParameters(p);
|
||||
* </pre></blockquote>
|
||||
*
|
||||
* @see SSLSocket
|
||||
* @see SSLEngine
|
||||
@ -76,6 +87,7 @@ public class SSLParameters {
|
||||
private boolean preferLocalCipherSuites;
|
||||
private boolean enableRetransmissions = true;
|
||||
private int maximumPacketSize = 0;
|
||||
private String[] applicationProtocols = new String[0];
|
||||
|
||||
/**
|
||||
* Constructs SSLParameters.
|
||||
@ -480,7 +492,7 @@ public class SSLParameters {
|
||||
*
|
||||
* @see #getEnableRetransmissions()
|
||||
*
|
||||
* @since 1.9
|
||||
* @since 9
|
||||
*/
|
||||
public void setEnableRetransmissions(boolean enableRetransmissions) {
|
||||
this.enableRetransmissions = enableRetransmissions;
|
||||
@ -495,7 +507,7 @@ public class SSLParameters {
|
||||
*
|
||||
* @see #setEnableRetransmissions(boolean)
|
||||
*
|
||||
* @since 1.9
|
||||
* @since 9
|
||||
*/
|
||||
public boolean getEnableRetransmissions() {
|
||||
return enableRetransmissions;
|
||||
@ -523,7 +535,7 @@ public class SSLParameters {
|
||||
*
|
||||
* @see #getMaximumPacketSize()
|
||||
*
|
||||
* @since 1.9
|
||||
* @since 9
|
||||
*/
|
||||
public void setMaximumPacketSize(int maximumPacketSize) {
|
||||
if (maximumPacketSize < 0) {
|
||||
@ -563,11 +575,80 @@ public class SSLParameters {
|
||||
*
|
||||
* @see #setMaximumPacketSize(int)
|
||||
*
|
||||
* @since 1.9
|
||||
* @since 9
|
||||
*/
|
||||
public int getMaximumPacketSize() {
|
||||
return maximumPacketSize;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a prioritized array of application-layer protocol names that
|
||||
* can be negotiated over the SSL/TLS/DTLS protocols.
|
||||
* <p>
|
||||
* The array could be empty (zero-length), in which case protocol
|
||||
* indications will not be used.
|
||||
* <p>
|
||||
* This method will return a new array each time it is invoked.
|
||||
*
|
||||
* @return a non-null, possibly zero-length array of application protocol
|
||||
* {@code String}s. The array is ordered based on protocol
|
||||
* preference, with {@code protocols[0]} being the most preferred.
|
||||
* @see #setApplicationProtocols
|
||||
* @since 9
|
||||
*/
|
||||
public String[] getApplicationProtocols() {
|
||||
return applicationProtocols.clone();
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the prioritized array of application-layer protocol names that
|
||||
* can be negotiated over the SSL/TLS/DTLS protocols.
|
||||
* <p>
|
||||
* If application-layer protocols are supported by the underlying
|
||||
* SSL/TLS implementation, this method configures which values can
|
||||
* be negotiated by protocols such as <a
|
||||
* href="http://www.ietf.org/rfc/rfc7301.txt"> RFC 7301 </a>, the
|
||||
* Application Layer Protocol Negotiation (ALPN).
|
||||
* <p>
|
||||
* If this end of the connection is expected to offer application protocol
|
||||
* values, all protocols configured by this method will be sent to the
|
||||
* peer.
|
||||
* <p>
|
||||
* If this end of the connection is expected to select the application
|
||||
* protocol value, the {@code protocols} configured by this method are
|
||||
* compared with those sent by the peer. The first matched value becomes
|
||||
* the negotiated value. If none of the {@code protocols} were actually
|
||||
* requested by the peer, the underlying protocol will determine what
|
||||
* action to take. (For example, ALPN will send a
|
||||
* {@code "no_application_protocol"} alert and terminate the connection.)
|
||||
* <p>
|
||||
* @implSpec
|
||||
* This method will make a copy of the {@code protocols} array.
|
||||
*
|
||||
* @param protocols an ordered array of application protocols,
|
||||
* with {@code protocols[0]} being the most preferred.
|
||||
* If the array is empty (zero-length), protocol
|
||||
* indications will not be used.
|
||||
* @throws IllegalArgumentException if protocols is null, or if
|
||||
* any element in a non-empty array is null or an
|
||||
* empty (zero-length) string
|
||||
* @see #getApplicationProtocols
|
||||
* @since 9
|
||||
*/
|
||||
public void setApplicationProtocols(String[] protocols) {
|
||||
if (protocols == null) {
|
||||
throw new IllegalArgumentException("protocols was null");
|
||||
}
|
||||
|
||||
String[] tempProtocols = protocols.clone();
|
||||
|
||||
for (String p : tempProtocols) {
|
||||
if (p == null || p.equals("")) {
|
||||
throw new IllegalArgumentException(
|
||||
"An element of protocols was null/empty");
|
||||
}
|
||||
}
|
||||
applicationProtocols = tempProtocols;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -662,4 +662,55 @@ public abstract class SSLSocket extends Socket
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the most recent application protocol value negotiated for this
|
||||
* connection.
|
||||
* <p>
|
||||
* If supported by the underlying SSL/TLS/DTLS implementation,
|
||||
* application name negotiation mechanisms such as <a
|
||||
* href="http://www.ietf.org/rfc/rfc7301.txt"> RFC 7301 </a>, the
|
||||
* Application-Layer Protocol Negotiation (ALPN), can negotiate
|
||||
* application-level values between peers.
|
||||
* <p>
|
||||
* @implSpec
|
||||
* The implementation in this class throws
|
||||
* {@code UnsupportedOperationException} and performs no other action.
|
||||
*
|
||||
* @return null if it has not yet been determined if application
|
||||
* protocols might be used for this connection, an empty
|
||||
* {@code String} if application protocols values will not
|
||||
* be used, or a non-empty application protocol {@code String}
|
||||
* if a value was successfully negotiated.
|
||||
* @throws UnsupportedOperationException if the underlying provider
|
||||
* does not implement the operation.
|
||||
* @since 9
|
||||
*/
|
||||
public String getApplicationProtocol() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the application protocol value negotiated on a SSL/TLS
|
||||
* handshake currently in progress.
|
||||
* <p>
|
||||
* Like {@link #getHandshakeSession()},
|
||||
* a connection may be in the middle of a handshake. The
|
||||
* application protocol may or may not yet be available.
|
||||
* <p>
|
||||
* @implSpec
|
||||
* The implementation in this class throws
|
||||
* {@code UnsupportedOperationException} and performs no other action.
|
||||
*
|
||||
* @return null if it has not yet been determined if application
|
||||
* protocols might be used for this handshake, an empty
|
||||
* {@code String} if application protocols values will not
|
||||
* be used, or a non-empty application protocol {@code String}
|
||||
* if a value was successfully negotiated.
|
||||
* @throws UnsupportedOperationException if the underlying provider
|
||||
* does not implement the operation.
|
||||
* @since 9
|
||||
*/
|
||||
public String getHandshakeApplicationProtocol() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,168 @@
|
||||
/*
|
||||
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
package sun.security.ssl;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.*;
|
||||
import java.util.*;
|
||||
|
||||
import javax.net.ssl.*;
|
||||
|
||||
/*
|
||||
* [RFC 7301]
|
||||
* This TLS extension facilitates the negotiation of application-layer protocols
|
||||
* within the TLS handshake. Clients MAY include an extension of type
|
||||
* "application_layer_protocol_negotiation" in the (extended) ClientHello
|
||||
* message. The "extension_data" field of this extension SHALL contain a
|
||||
* "ProtocolNameList" value:
|
||||
*
|
||||
* enum {
|
||||
* application_layer_protocol_negotiation(16), (65535)
|
||||
* } ExtensionType;
|
||||
*
|
||||
* opaque ProtocolName<1..2^8-1>;
|
||||
*
|
||||
* struct {
|
||||
* ProtocolName protocol_name_list<2..2^16-1>
|
||||
* } ProtocolNameList;
|
||||
*/
|
||||
final class ALPNExtension extends HelloExtension {
|
||||
|
||||
final static int ALPN_HEADER_LENGTH = 1;
|
||||
final static int MAX_APPLICATION_PROTOCOL_LENGTH = 255;
|
||||
final static int MAX_APPLICATION_PROTOCOL_LIST_LENGTH = 65535;
|
||||
private int listLength = 0; // ProtocolNameList length
|
||||
private List<String> protocolNames = null;
|
||||
|
||||
// constructor for ServerHello
|
||||
ALPNExtension(String protocolName) throws SSLException {
|
||||
this(new String[]{ protocolName });
|
||||
}
|
||||
|
||||
// constructor for ClientHello
|
||||
ALPNExtension(String[] protocolNames) throws SSLException {
|
||||
super(ExtensionType.EXT_ALPN);
|
||||
if (protocolNames.length == 0) { // never null, never empty
|
||||
throw new IllegalArgumentException(
|
||||
"The list of application protocols cannot be empty");
|
||||
}
|
||||
this.protocolNames = Arrays.asList(protocolNames);
|
||||
for (String p : protocolNames) {
|
||||
int length = p.getBytes(StandardCharsets.UTF_8).length;
|
||||
if (length == 0) {
|
||||
throw new SSLProtocolException(
|
||||
"Application protocol name is empty");
|
||||
}
|
||||
if (length <= MAX_APPLICATION_PROTOCOL_LENGTH) {
|
||||
listLength += length + ALPN_HEADER_LENGTH;
|
||||
} else {
|
||||
throw new SSLProtocolException(
|
||||
"Application protocol name is too long: " + p);
|
||||
}
|
||||
if (listLength > MAX_APPLICATION_PROTOCOL_LIST_LENGTH) {
|
||||
throw new SSLProtocolException(
|
||||
"Application protocol name list is too long");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// constructor for ServerHello for parsing ALPN extension
|
||||
ALPNExtension(HandshakeInStream s, int len) throws IOException {
|
||||
super(ExtensionType.EXT_ALPN);
|
||||
|
||||
if (len >= 2) {
|
||||
listLength = s.getInt16(); // list length
|
||||
if (listLength < 2 || listLength + 2 != len) {
|
||||
throw new SSLProtocolException(
|
||||
"Invalid " + type + " extension: incorrect list length " +
|
||||
"(length=" + listLength + ")");
|
||||
}
|
||||
} else {
|
||||
throw new SSLProtocolException(
|
||||
"Invalid " + type + " extension: insufficient data " +
|
||||
"(length=" + len + ")");
|
||||
}
|
||||
|
||||
int remaining = listLength;
|
||||
this.protocolNames = new ArrayList<>();
|
||||
while (remaining > 0) {
|
||||
// opaque ProtocolName<1..2^8-1>; // RFC 7301
|
||||
byte[] bytes = s.getBytes8();
|
||||
if (bytes.length == 0) {
|
||||
throw new SSLProtocolException("Invalid " + type +
|
||||
" extension: empty application protocol name");
|
||||
}
|
||||
String p =
|
||||
new String(bytes, StandardCharsets.UTF_8); // app protocol
|
||||
protocolNames.add(p);
|
||||
remaining -= bytes.length + ALPN_HEADER_LENGTH;
|
||||
}
|
||||
|
||||
if (remaining != 0) {
|
||||
throw new SSLProtocolException(
|
||||
"Invalid " + type + " extension: extra data " +
|
||||
"(length=" + remaining + ")");
|
||||
}
|
||||
}
|
||||
|
||||
List<String> getPeerAPs() {
|
||||
return protocolNames;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the length in bytes, including extension type and length fields.
|
||||
*/
|
||||
@Override
|
||||
int length() {
|
||||
return 6 + listLength;
|
||||
}
|
||||
|
||||
@Override
|
||||
void send(HandshakeOutStream s) throws IOException {
|
||||
s.putInt16(type.id);
|
||||
s.putInt16(listLength + 2); // length of extension_data
|
||||
s.putInt16(listLength); // length of ProtocolNameList
|
||||
|
||||
for (String p : protocolNames) {
|
||||
s.putBytes8(p.getBytes(StandardCharsets.UTF_8));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
if (protocolNames == null || protocolNames.isEmpty()) {
|
||||
sb.append("<empty>");
|
||||
} else {
|
||||
for (String protocolName : protocolNames) {
|
||||
sb.append("[" + protocolName + "]");
|
||||
}
|
||||
}
|
||||
|
||||
return "Extension " + type +
|
||||
", protocol names: " + sb;
|
||||
}
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -83,6 +83,9 @@ final class Alerts {
|
||||
static final byte alert_bad_certificate_status_response = 113;
|
||||
static final byte alert_bad_certificate_hash_value = 114;
|
||||
|
||||
// from RFC 7301 (TLS ALPN Extension)
|
||||
static final byte alert_no_application_protocol = 120;
|
||||
|
||||
static String alertDescription(byte code) {
|
||||
switch (code) {
|
||||
|
||||
@ -144,6 +147,8 @@ final class Alerts {
|
||||
return "bad_certificate_status_response";
|
||||
case alert_bad_certificate_hash_value:
|
||||
return "bad_certificate_hash_value";
|
||||
case alert_no_application_protocol:
|
||||
return "no_application_protocol";
|
||||
|
||||
default:
|
||||
return "<UNKNOWN ALERT: " + (code & 0x0ff) + ">";
|
||||
@ -189,6 +194,7 @@ final class Alerts {
|
||||
case alert_unrecognized_name:
|
||||
case alert_bad_certificate_status_response:
|
||||
case alert_bad_certificate_hash_value:
|
||||
case alert_no_application_protocol:
|
||||
e = new SSLHandshakeException(reason);
|
||||
break;
|
||||
|
||||
|
||||
@ -764,7 +764,7 @@ final class CipherSuite implements Comparable<CipherSuite> {
|
||||
final boolean N = (SunJSSE.isFIPS() == false);
|
||||
|
||||
/*
|
||||
* TLS Cipher Suite Registry, as of August 2010.
|
||||
* TLS Cipher Suite Registry, as of November 2015.
|
||||
*
|
||||
* http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
|
||||
*
|
||||
@ -773,77 +773,77 @@ final class CipherSuite implements Comparable<CipherSuite> {
|
||||
* 192-254 Specification Required Refers to value of first byte
|
||||
* 255 Reserved for Private Use Refers to value of first byte
|
||||
*
|
||||
* Value Description Reference
|
||||
* 0x00,0x00 TLS_NULL_WITH_NULL_NULL [RFC5246]
|
||||
* 0x00,0x01 TLS_RSA_WITH_NULL_MD5 [RFC5246]
|
||||
* 0x00,0x02 TLS_RSA_WITH_NULL_SHA [RFC5246]
|
||||
* 0x00,0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 [RFC4346]
|
||||
* 0x00,0x04 TLS_RSA_WITH_RC4_128_MD5 [RFC5246]
|
||||
* 0x00,0x05 TLS_RSA_WITH_RC4_128_SHA [RFC5246]
|
||||
* 0x00,0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 [RFC4346]
|
||||
* 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469]
|
||||
* 0x00,0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 [RFC4346]
|
||||
* 0x00,0x18 TLS_DH_anon_WITH_RC4_128_MD5 [RFC5246]
|
||||
* 0x00,0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3 [RFC5246]
|
||||
* 0x00,0x1E TLS_KRB5_WITH_DES_CBC_SHA [RFC2712]
|
||||
* 0x00,0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA [RFC2712]
|
||||
* 0x00,0x20 TLS_KRB5_WITH_RC4_128_SHA [RFC2712]
|
||||
* 0x00,0x21 TLS_KRB5_WITH_IDEA_CBC_SHA [RFC2712]
|
||||
* 0x00,0x22 TLS_KRB5_WITH_DES_CBC_MD5 [RFC2712]
|
||||
* 0x00,0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 [RFC2712]
|
||||
* 0x00,0x24 TLS_KRB5_WITH_RC4_128_MD5 [RFC2712]
|
||||
* 0x00,0x25 TLS_KRB5_WITH_IDEA_CBC_MD5 [RFC2712]
|
||||
* 0x00,0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA [RFC2712]
|
||||
* 0x00,0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA [RFC2712]
|
||||
* 0x00,0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA [RFC2712]
|
||||
* 0x00,0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [RFC2712]
|
||||
* 0x00,0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 [RFC2712]
|
||||
* 0x00,0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 [RFC2712]
|
||||
* 0x00,0x2C TLS_PSK_WITH_NULL_SHA [RFC4785]
|
||||
* 0x00,0x2D TLS_DHE_PSK_WITH_NULL_SHA [RFC4785]
|
||||
* 0x00,0x2E TLS_RSA_PSK_WITH_NULL_SHA [RFC4785]
|
||||
* 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x3B TLS_RSA_WITH_NULL_SHA256 [RFC5246]
|
||||
* 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* Value Description Reference
|
||||
* 0x00,0x00 TLS_NULL_WITH_NULL_NULL [RFC5246]
|
||||
* 0x00,0x01 TLS_RSA_WITH_NULL_MD5 [RFC5246]
|
||||
* 0x00,0x02 TLS_RSA_WITH_NULL_SHA [RFC5246]
|
||||
* 0x00,0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 [RFC4346]
|
||||
* 0x00,0x04 TLS_RSA_WITH_RC4_128_MD5 [RFC5246]
|
||||
* 0x00,0x05 TLS_RSA_WITH_RC4_128_SHA [RFC5246]
|
||||
* 0x00,0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 [RFC4346]
|
||||
* 0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469]
|
||||
* 0x00,0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 [RFC4346]
|
||||
* 0x00,0x18 TLS_DH_anon_WITH_RC4_128_MD5 [RFC5246]
|
||||
* 0x00,0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA [RFC4346]
|
||||
* 0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469]
|
||||
* 0x00,0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [RFC5246]
|
||||
* 0x00,0x1C-1D Reserved to avoid conflicts with SSLv3 [RFC5246]
|
||||
* 0x00,0x1E TLS_KRB5_WITH_DES_CBC_SHA [RFC2712]
|
||||
* 0x00,0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA [RFC2712]
|
||||
* 0x00,0x20 TLS_KRB5_WITH_RC4_128_SHA [RFC2712]
|
||||
* 0x00,0x21 TLS_KRB5_WITH_IDEA_CBC_SHA [RFC2712]
|
||||
* 0x00,0x22 TLS_KRB5_WITH_DES_CBC_MD5 [RFC2712]
|
||||
* 0x00,0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 [RFC2712]
|
||||
* 0x00,0x24 TLS_KRB5_WITH_RC4_128_MD5 [RFC2712]
|
||||
* 0x00,0x25 TLS_KRB5_WITH_IDEA_CBC_MD5 [RFC2712]
|
||||
* 0x00,0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA [RFC2712]
|
||||
* 0x00,0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA [RFC2712]
|
||||
* 0x00,0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA [RFC2712]
|
||||
* 0x00,0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 [RFC2712]
|
||||
* 0x00,0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 [RFC2712]
|
||||
* 0x00,0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 [RFC2712]
|
||||
* 0x00,0x2C TLS_PSK_WITH_NULL_SHA [RFC4785]
|
||||
* 0x00,0x2D TLS_DHE_PSK_WITH_NULL_SHA [RFC4785]
|
||||
* 0x00,0x2E TLS_RSA_PSK_WITH_NULL_SHA [RFC4785]
|
||||
* 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA [RFC5246]
|
||||
* 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA [RFC5246]
|
||||
* 0x00,0x3B TLS_RSA_WITH_NULL_SHA256 [RFC5246]
|
||||
* 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [RFC5932]
|
||||
* 0x00,0x47-4F Reserved to avoid conflicts with
|
||||
* deployed implementations [Pasi_Eronen]
|
||||
* 0x00,0x50-58 Reserved to avoid conflicts [Pasi Eronen]
|
||||
@ -852,143 +852,261 @@ final class CipherSuite implements Comparable<CipherSuite> {
|
||||
* 0x00,0x5D-5F Unassigned
|
||||
* 0x00,0x60-66 Reserved to avoid conflicts with widely
|
||||
* deployed implementations [Pasi_Eronen]
|
||||
* 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 [RFC5246]
|
||||
* 0x00,0x6E-83 Unassigned
|
||||
* 0x00,0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x8A TLS_PSK_WITH_RC4_128_SHA [RFC4279]
|
||||
* 0x00,0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
|
||||
* 0x00,0x8C TLS_PSK_WITH_AES_128_CBC_SHA [RFC4279]
|
||||
* 0x00,0x8D TLS_PSK_WITH_AES_256_CBC_SHA [RFC4279]
|
||||
* 0x00,0x8E TLS_DHE_PSK_WITH_RC4_128_SHA [RFC4279]
|
||||
* 0x00,0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
|
||||
* 0x00,0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC4279]
|
||||
* 0x00,0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC4279]
|
||||
* 0x00,0x92 TLS_RSA_PSK_WITH_RC4_128_SHA [RFC4279]
|
||||
* 0x00,0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
|
||||
* 0x00,0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA [RFC4279]
|
||||
* 0x00,0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA [RFC4279]
|
||||
* 0x00,0x96 TLS_RSA_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x9B TLS_DH_anon_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x9C TLS_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0x9D TLS_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
|
||||
* 0x00,0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
|
||||
* 0x00,0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
|
||||
* 0x00,0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
|
||||
* 0x00,0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
|
||||
* 0x00,0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
|
||||
* 0x00,0xAE TLS_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
|
||||
* 0x00,0xAF TLS_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
|
||||
* 0x00,0xB0 TLS_PSK_WITH_NULL_SHA256 [RFC5487]
|
||||
* 0x00,0xB1 TLS_PSK_WITH_NULL_SHA384 [RFC5487]
|
||||
* 0x00,0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
|
||||
* 0x00,0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
|
||||
* 0x00,0xB4 TLS_DHE_PSK_WITH_NULL_SHA256 [RFC5487]
|
||||
* 0x00,0xB5 TLS_DHE_PSK_WITH_NULL_SHA384 [RFC5487]
|
||||
* 0x00,0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
|
||||
* 0x00,0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
|
||||
* 0x00,0xB8 TLS_RSA_PSK_WITH_NULL_SHA256 [RFC5487]
|
||||
* 0x00,0xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [RFC5487]
|
||||
* 0x00,0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [RFC5932]
|
||||
* 0x00,0x8A TLS_PSK_WITH_RC4_128_SHA [RFC4279]
|
||||
* 0x00,0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
|
||||
* 0x00,0x8C TLS_PSK_WITH_AES_128_CBC_SHA [RFC4279]
|
||||
* 0x00,0x8D TLS_PSK_WITH_AES_256_CBC_SHA [RFC4279]
|
||||
* 0x00,0x8E TLS_DHE_PSK_WITH_RC4_128_SHA [RFC4279]
|
||||
* 0x00,0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
|
||||
* 0x00,0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC4279]
|
||||
* 0x00,0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC4279]
|
||||
* 0x00,0x92 TLS_RSA_PSK_WITH_RC4_128_SHA [RFC4279]
|
||||
* 0x00,0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA [RFC4279]
|
||||
* 0x00,0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA [RFC4279]
|
||||
* 0x00,0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA [RFC4279]
|
||||
* 0x00,0x96 TLS_RSA_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x9B TLS_DH_anon_WITH_SEED_CBC_SHA [RFC4162]
|
||||
* 0x00,0x9C TLS_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0x9D TLS_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 [RFC5288]
|
||||
* 0x00,0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 [RFC5288]
|
||||
* 0x00,0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
|
||||
* 0x00,0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
|
||||
* 0x00,0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
|
||||
* 0x00,0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
|
||||
* 0x00,0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 [RFC5487]
|
||||
* 0x00,0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 [RFC5487]
|
||||
* 0x00,0xAE TLS_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
|
||||
* 0x00,0xAF TLS_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
|
||||
* 0x00,0xB0 TLS_PSK_WITH_NULL_SHA256 [RFC5487]
|
||||
* 0x00,0xB1 TLS_PSK_WITH_NULL_SHA384 [RFC5487]
|
||||
* 0x00,0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
|
||||
* 0x00,0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
|
||||
* 0x00,0xB4 TLS_DHE_PSK_WITH_NULL_SHA256 [RFC5487]
|
||||
* 0x00,0xB5 TLS_DHE_PSK_WITH_NULL_SHA384 [RFC5487]
|
||||
* 0x00,0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 [RFC5487]
|
||||
* 0x00,0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 [RFC5487]
|
||||
* 0x00,0xB8 TLS_RSA_PSK_WITH_NULL_SHA256 [RFC5487]
|
||||
* 0x00,0xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [RFC5487]
|
||||
* 0x00,0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 [RFC5932]
|
||||
* 0x00,0xC6-FE Unassigned
|
||||
* 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [RFC5746]
|
||||
* 0x01-BF,* Unassigned
|
||||
* 0xC0,0x01 TLS_ECDH_ECDSA_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x06 TLS_ECDHE_ECDSA_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x0B TLS_ECDH_RSA_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x10 TLS_ECDHE_RSA_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x15 TLS_ECDH_anon_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x16 TLS_ECDH_anon_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x17 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x18 TLS_ECDH_anon_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x19 TLS_ECDH_anon_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x1A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1D TLS_SRP_SHA_WITH_AES_128_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x21 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x22 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289]
|
||||
* 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289]
|
||||
* 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289]
|
||||
* 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289]
|
||||
* 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5289]
|
||||
* 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289]
|
||||
* 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [RFC5289]
|
||||
* 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 [RFC5289]
|
||||
* 0xC0,0x2B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289]
|
||||
* 0xC0,0x2C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289]
|
||||
* 0xC0,0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289]
|
||||
* 0xC0,0x2E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289]
|
||||
* 0xC0,0x2F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5289]
|
||||
* 0xC0,0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5289]
|
||||
* 0xC0,0x31 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [RFC5289]
|
||||
* 0xC0,0x32 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 [RFC5289]
|
||||
* 0xC0,0x33 TLS_ECDHE_PSK_WITH_RC4_128_SHA [RFC5489]
|
||||
* 0xC0,0x34 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC5489]
|
||||
* 0xC0,0x35 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA [RFC5489]
|
||||
* 0xC0,0x36 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA [RFC5489]
|
||||
* 0xC0,0x37 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5489]
|
||||
* 0xC0,0x38 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5489]
|
||||
* 0xC0,0x39 TLS_ECDHE_PSK_WITH_NULL_SHA [RFC5489]
|
||||
* 0xC0,0x3A TLS_ECDHE_PSK_WITH_NULL_SHA256 [RFC5489]
|
||||
* 0xC0,0x3B TLS_ECDHE_PSK_WITH_NULL_SHA384 [RFC5489]
|
||||
* 0xC0,0x3C-FF Unassigned
|
||||
* 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [RFC5746]
|
||||
* 0x01-55,* Unassigned
|
||||
* 0x56,0x00 TLS_FALLBACK_SCSV [RFC7507]
|
||||
* 0x56,0x01-0xC0,0x00 Unassigned
|
||||
* 0xC0,0x01 TLS_ECDH_ECDSA_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x06 TLS_ECDHE_ECDSA_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x0B TLS_ECDH_RSA_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x10 TLS_ECDHE_RSA_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x15 TLS_ECDH_anon_WITH_NULL_SHA [RFC4492]
|
||||
* 0xC0,0x16 TLS_ECDH_anon_WITH_RC4_128_SHA [RFC4492]
|
||||
* 0xC0,0x17 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x18 TLS_ECDH_anon_WITH_AES_128_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x19 TLS_ECDH_anon_WITH_AES_256_CBC_SHA [RFC4492]
|
||||
* 0xC0,0x1A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1D TLS_SRP_SHA_WITH_AES_128_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x1F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x20 TLS_SRP_SHA_WITH_AES_256_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x21 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x22 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA [RFC5054]
|
||||
* 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289]
|
||||
* 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289]
|
||||
* 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [RFC5289]
|
||||
* 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 [RFC5289]
|
||||
* 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [RFC5289]
|
||||
* 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289]
|
||||
* 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [RFC5289]
|
||||
* 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 [RFC5289]
|
||||
* 0xC0,0x2B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289]
|
||||
* 0xC0,0x2C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289]
|
||||
* 0xC0,0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [RFC5289]
|
||||
* 0xC0,0x2E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 [RFC5289]
|
||||
* 0xC0,0x2F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [RFC5289]
|
||||
* 0xC0,0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [RFC5289]
|
||||
* 0xC0,0x31 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [RFC5289]
|
||||
* 0xC0,0x32 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 [RFC5289]
|
||||
* 0xC0,0x33 TLS_ECDHE_PSK_WITH_RC4_128_SHA [RFC5489]
|
||||
* 0xC0,0x34 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA [RFC5489]
|
||||
* 0xC0,0x35 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA [RFC5489]
|
||||
* 0xC0,0x36 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA [RFC5489]
|
||||
* 0xC0,0x37 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 [RFC5489]
|
||||
* 0xC0,0x38 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 [RFC5489]
|
||||
* 0xC0,0x39 TLS_ECDHE_PSK_WITH_NULL_SHA [RFC5489]
|
||||
* 0xC0,0x3A TLS_ECDHE_PSK_WITH_NULL_SHA256 [RFC5489]
|
||||
* 0xC0,0x3B TLS_ECDHE_PSK_WITH_NULL_SHA384 [RFC5489]
|
||||
* 0xC0,0x3C TLS_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x3D TLS_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x3E TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x3F TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x40 TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x41 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x42 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x43 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x44 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x45 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x46 TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x47 TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x48 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x49 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x4A TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x4B TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x4C TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x4D TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x4E TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x4F TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x50 TLS_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x51 TLS_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x52 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x53 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x54 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x55 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x56 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x57 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x58 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x59 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x5A TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x5B TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x5C TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x5D TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x5E TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x5F TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x60 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x61 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x62 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x63 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x64 TLS_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x65 TLS_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x66 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x67 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x68 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x69 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x6A TLS_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x6B TLS_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x6C TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x6D TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x6E TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 [RFC6209]
|
||||
* 0xC0,0x6F TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 [RFC6209]
|
||||
* 0xC0,0x70 TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 [RFC6209]
|
||||
* 0xC0,0x71 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 [RFC6209]
|
||||
* 0xC0,0x72 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
|
||||
* 0xC0,0x73 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
|
||||
* 0xC0,0x74 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
|
||||
* 0xC0,0x75 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
|
||||
* 0xC0,0x76 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
|
||||
* 0xC0,0x77 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
|
||||
* 0xC0,0x78 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
|
||||
* 0xC0,0x79 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
|
||||
* 0xC0,0x7A TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x7B TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x7C TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x7D TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x7E TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x7F TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x80 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x81 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x82 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x83 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x84 TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x85 TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x86 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x87 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x88 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x89 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x8A TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x8B TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x8C TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x8D TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x8E TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x8F TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x90 TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x91 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x92 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 [RFC6367]
|
||||
* 0xC0,0x93 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 [RFC6367]
|
||||
* 0xC0,0x94 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
|
||||
* 0xC0,0x95 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
|
||||
* 0xC0,0x96 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
|
||||
* 0xC0,0x97 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
|
||||
* 0xC0,0x98 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
|
||||
* 0xC0,0x99 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
|
||||
* 0xC0,0x9A TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 [RFC6367]
|
||||
* 0xC0,0x9B TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 [RFC6367]
|
||||
* 0xC0,0x9C TLS_RSA_WITH_AES_128_CCM [RFC6655]
|
||||
* 0xC0,0x9D TLS_RSA_WITH_AES_256_CCM [RFC6655]
|
||||
* 0xC0,0x9E TLS_DHE_RSA_WITH_AES_128_CCM [RFC6655]
|
||||
* 0xC0,0x9F TLS_DHE_RSA_WITH_AES_256_CCM [RFC6655]
|
||||
* 0xC0,0xA0 TLS_RSA_WITH_AES_128_CCM_8 [RFC6655]
|
||||
* 0xC0,0xA1 TLS_RSA_WITH_AES_256_CCM_8 [RFC6655]
|
||||
* 0xC0,0xA2 TLS_DHE_RSA_WITH_AES_128_CCM_8 [RFC6655]
|
||||
* 0xC0,0xA3 TLS_DHE_RSA_WITH_AES_256_CCM_8 [RFC6655]
|
||||
* 0xC0,0xA4 TLS_PSK_WITH_AES_128_CCM [RFC6655]
|
||||
* 0xC0,0xA5 TLS_PSK_WITH_AES_256_CCM [RFC6655]
|
||||
* 0xC0,0xA6 TLS_DHE_PSK_WITH_AES_128_CCM [RFC6655]
|
||||
* 0xC0,0xA7 TLS_DHE_PSK_WITH_AES_256_CCM [RFC6655]
|
||||
* 0xC0,0xA8 TLS_PSK_WITH_AES_128_CCM_8 [RFC6655]
|
||||
* 0xC0,0xA9 TLS_PSK_WITH_AES_256_CCM_8 [RFC6655]
|
||||
* 0xC0,0xAA TLS_PSK_DHE_WITH_AES_128_CCM_8 [RFC6655]
|
||||
* 0xC0,0xAB TLS_PSK_DHE_WITH_AES_256_CCM_8 [RFC6655]
|
||||
* 0xC0,0xAC TLS_ECDHE_ECDSA_WITH_AES_128_CCM [RFC7251]
|
||||
* 0xC0,0xAD TLS_ECDHE_ECDSA_WITH_AES_256_CCM [RFC7251]
|
||||
* 0xC0,0xAE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 [RFC7251]
|
||||
* 0xC0,0xAF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 [RFC7251]
|
||||
* 0xC0,0xB0-FF Unassigned
|
||||
* 0xC1-FD,* Unassigned
|
||||
* 0xFE,0x00-FD Unassigned
|
||||
* 0xFE,0xFE-FF Reserved to avoid conflicts with widely
|
||||
@ -1289,149 +1407,276 @@ final class CipherSuite implements Comparable<CipherSuite> {
|
||||
// the debug output.
|
||||
|
||||
// remaining unsupported ciphersuites defined in RFC2246.
|
||||
add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006);
|
||||
add("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007);
|
||||
add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b);
|
||||
add("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c);
|
||||
add("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d);
|
||||
add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e);
|
||||
add("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f);
|
||||
add("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010);
|
||||
add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006);
|
||||
add("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007);
|
||||
add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b);
|
||||
add("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c);
|
||||
add("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d);
|
||||
add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e);
|
||||
add("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f);
|
||||
add("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010);
|
||||
|
||||
// SSL 3.0 Fortezza ciphersuites
|
||||
add("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c);
|
||||
add("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d);
|
||||
add("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c);
|
||||
add("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d);
|
||||
|
||||
// 1024/56 bit exportable ciphersuites from expired internet draft
|
||||
add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062);
|
||||
add("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063);
|
||||
add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064);
|
||||
add("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065);
|
||||
add("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066);
|
||||
add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062);
|
||||
add("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063);
|
||||
add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064);
|
||||
add("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065);
|
||||
add("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066);
|
||||
|
||||
// Netscape old and new SSL 3.0 FIPS ciphersuites
|
||||
// see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
|
||||
add("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0);
|
||||
add("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1);
|
||||
add("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe);
|
||||
add("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff);
|
||||
add("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0);
|
||||
add("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1);
|
||||
add("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe);
|
||||
add("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff);
|
||||
|
||||
// Unsupported Kerberos cipher suites from RFC 2712
|
||||
add("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021);
|
||||
add("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025);
|
||||
add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027);
|
||||
add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a);
|
||||
add("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021);
|
||||
add("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025);
|
||||
add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027);
|
||||
add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a);
|
||||
|
||||
// Unsupported cipher suites from RFC 4162
|
||||
add("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096);
|
||||
add("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097);
|
||||
add("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098);
|
||||
add("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099);
|
||||
add("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a);
|
||||
add("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b);
|
||||
add("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096);
|
||||
add("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097);
|
||||
add("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098);
|
||||
add("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099);
|
||||
add("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a);
|
||||
add("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b);
|
||||
|
||||
// Unsupported cipher suites from RFC 4279
|
||||
add("TLS_PSK_WITH_RC4_128_SHA", 0x008a);
|
||||
add("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b);
|
||||
add("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c);
|
||||
add("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d);
|
||||
add("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e);
|
||||
add("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f);
|
||||
add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090);
|
||||
add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091);
|
||||
add("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092);
|
||||
add("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093);
|
||||
add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094);
|
||||
add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095);
|
||||
add("TLS_PSK_WITH_RC4_128_SHA", 0x008a);
|
||||
add("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b);
|
||||
add("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c);
|
||||
add("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d);
|
||||
add("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e);
|
||||
add("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f);
|
||||
add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090);
|
||||
add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091);
|
||||
add("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092);
|
||||
add("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093);
|
||||
add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094);
|
||||
add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095);
|
||||
|
||||
// Unsupported cipher suites from RFC 4785
|
||||
add("TLS_PSK_WITH_NULL_SHA", 0x002c);
|
||||
add("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d);
|
||||
add("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e);
|
||||
add("TLS_PSK_WITH_NULL_SHA", 0x002c);
|
||||
add("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d);
|
||||
add("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e);
|
||||
|
||||
// Unsupported cipher suites from RFC 5246
|
||||
add("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030);
|
||||
add("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031);
|
||||
add("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036);
|
||||
add("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037);
|
||||
add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e);
|
||||
add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f);
|
||||
add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068);
|
||||
add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069);
|
||||
add("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030);
|
||||
add("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031);
|
||||
add("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036);
|
||||
add("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037);
|
||||
add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e);
|
||||
add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f);
|
||||
add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068);
|
||||
add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069);
|
||||
|
||||
// Unsupported cipher suites from RFC 5288
|
||||
add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0);
|
||||
add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1);
|
||||
add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4);
|
||||
add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5);
|
||||
add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0);
|
||||
add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1);
|
||||
add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4);
|
||||
add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5);
|
||||
|
||||
// Unsupported cipher suites from RFC 5487
|
||||
add("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8);
|
||||
add("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9);
|
||||
add("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa);
|
||||
add("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab);
|
||||
add("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac);
|
||||
add("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad);
|
||||
add("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae);
|
||||
add("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af);
|
||||
add("TLS_PSK_WITH_NULL_SHA256", 0x00b0);
|
||||
add("TLS_PSK_WITH_NULL_SHA384", 0x00b1);
|
||||
add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2);
|
||||
add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3);
|
||||
add("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4);
|
||||
add("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5);
|
||||
add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6);
|
||||
add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7);
|
||||
add("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8);
|
||||
add("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9);
|
||||
add("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8);
|
||||
add("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9);
|
||||
add("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa);
|
||||
add("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab);
|
||||
add("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac);
|
||||
add("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad);
|
||||
add("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae);
|
||||
add("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af);
|
||||
add("TLS_PSK_WITH_NULL_SHA256", 0x00b0);
|
||||
add("TLS_PSK_WITH_NULL_SHA384", 0x00b1);
|
||||
add("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2);
|
||||
add("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3);
|
||||
add("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4);
|
||||
add("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5);
|
||||
add("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6);
|
||||
add("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7);
|
||||
add("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8);
|
||||
add("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9);
|
||||
|
||||
// Unsupported cipher suites from RFC 5932
|
||||
add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046);
|
||||
add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089);
|
||||
add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf);
|
||||
add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5);
|
||||
add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046);
|
||||
add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089);
|
||||
add("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf);
|
||||
add("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5);
|
||||
|
||||
// TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507
|
||||
add("TLS_FALLBACK_SCSV", 0x5600);
|
||||
|
||||
// Unsupported cipher suites from RFC 5054
|
||||
add("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a);
|
||||
add("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b);
|
||||
add("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c);
|
||||
add("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d);
|
||||
add("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e);
|
||||
add("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f);
|
||||
add("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020);
|
||||
add("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021);
|
||||
add("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022);
|
||||
add("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a);
|
||||
add("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b);
|
||||
add("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c);
|
||||
add("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d);
|
||||
add("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e);
|
||||
add("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f);
|
||||
add("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020);
|
||||
add("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021);
|
||||
add("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022);
|
||||
|
||||
// Unsupported cipher suites from RFC 5489
|
||||
add("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033);
|
||||
add("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034);
|
||||
add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035);
|
||||
add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036);
|
||||
add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037);
|
||||
add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038);
|
||||
add("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039);
|
||||
add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a);
|
||||
add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b);
|
||||
add("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033);
|
||||
add("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034);
|
||||
add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035);
|
||||
add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036);
|
||||
add("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037);
|
||||
add("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038);
|
||||
add("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039);
|
||||
add("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a);
|
||||
add("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b);
|
||||
|
||||
// Unsupported cipher suites from RFC 6209
|
||||
add("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c);
|
||||
add("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d);
|
||||
add("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e);
|
||||
add("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f);
|
||||
add("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040);
|
||||
add("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041);
|
||||
add("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042);
|
||||
add("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043);
|
||||
add("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044);
|
||||
add("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045);
|
||||
add("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046);
|
||||
add("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047);
|
||||
add("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048);
|
||||
add("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049);
|
||||
add("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a);
|
||||
add("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b);
|
||||
add("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c);
|
||||
add("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d);
|
||||
add("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e);
|
||||
add("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f);
|
||||
add("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050);
|
||||
add("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051);
|
||||
add("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052);
|
||||
add("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053);
|
||||
add("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054);
|
||||
add("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055);
|
||||
add("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056);
|
||||
add("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057);
|
||||
add("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058);
|
||||
add("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059);
|
||||
add("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a);
|
||||
add("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b);
|
||||
add("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c);
|
||||
add("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d);
|
||||
add("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e);
|
||||
add("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f);
|
||||
add("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060);
|
||||
add("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061);
|
||||
add("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062);
|
||||
add("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063);
|
||||
add("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064);
|
||||
add("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065);
|
||||
add("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066);
|
||||
add("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067);
|
||||
add("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068);
|
||||
add("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069);
|
||||
add("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a);
|
||||
add("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b);
|
||||
add("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c);
|
||||
add("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d);
|
||||
add("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e);
|
||||
add("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f);
|
||||
add("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070);
|
||||
add("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071);
|
||||
|
||||
// Unsupported cipher suites from RFC 6367
|
||||
add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072);
|
||||
add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073);
|
||||
add("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074);
|
||||
add("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075);
|
||||
add("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076);
|
||||
add("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077);
|
||||
add("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078);
|
||||
add("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079);
|
||||
add("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a);
|
||||
add("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c);
|
||||
add("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e);
|
||||
add("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080);
|
||||
add("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082);
|
||||
add("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084);
|
||||
add("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085);
|
||||
add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086);
|
||||
add("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087);
|
||||
add("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088);
|
||||
add("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089);
|
||||
add("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a);
|
||||
add("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b);
|
||||
add("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c);
|
||||
add("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d);
|
||||
add("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e);
|
||||
add("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f);
|
||||
add("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090);
|
||||
add("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091);
|
||||
add("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092);
|
||||
add("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093);
|
||||
add("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094);
|
||||
add("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095);
|
||||
add("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096);
|
||||
add("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097);
|
||||
add("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098);
|
||||
add("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099);
|
||||
add("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a);
|
||||
add("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b);
|
||||
|
||||
// Unsupported cipher suites from RFC 6655
|
||||
add("TLS_RSA_WITH_AES_128_CCM", 0xc09c);
|
||||
add("TLS_RSA_WITH_AES_256_CCM", 0xc09d);
|
||||
add("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e);
|
||||
add("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f);
|
||||
add("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0);
|
||||
add("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1);
|
||||
add("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2);
|
||||
add("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3);
|
||||
add("TLS_PSK_WITH_AES_128_CCM", 0xc0A4);
|
||||
add("TLS_PSK_WITH_AES_256_CCM", 0xc0A5);
|
||||
add("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6);
|
||||
add("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7);
|
||||
add("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8);
|
||||
add("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9);
|
||||
add("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa);
|
||||
add("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab);
|
||||
|
||||
// Unsupported cipher suites from RFC 7251
|
||||
add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac);
|
||||
add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad);
|
||||
add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae);
|
||||
add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af);
|
||||
}
|
||||
|
||||
// ciphersuite SSL_NULL_WITH_NULL_NULL
|
||||
|
||||
@ -151,6 +151,9 @@ final class ClientHandshaker extends Handshaker {
|
||||
private static final boolean enableMFLExtension =
|
||||
Debug.getBooleanProperty("jsse.enableMFLExtension", false);
|
||||
|
||||
// Whether an ALPN extension was sent in the ClientHello
|
||||
private boolean alpnActive = false;
|
||||
|
||||
private List<SNIServerName> requestedServerNames =
|
||||
Collections.<SNIServerName>emptyList();
|
||||
|
||||
@ -700,6 +703,44 @@ final class ClientHandshaker extends Handshaker {
|
||||
} // Otherwise, using the value negotiated during the original
|
||||
// session initiation
|
||||
|
||||
// check the ALPN extension
|
||||
ALPNExtension serverHelloALPN =
|
||||
(ALPNExtension) mesg.extensions.get(ExtensionType.EXT_ALPN);
|
||||
|
||||
if (serverHelloALPN != null) {
|
||||
// Check whether an ALPN extension was sent in ClientHello message
|
||||
if (!alpnActive) {
|
||||
fatalSE(Alerts.alert_unsupported_extension,
|
||||
"Server sent " + ExtensionType.EXT_ALPN +
|
||||
" extension when not requested by client");
|
||||
}
|
||||
|
||||
List<String> protocols = serverHelloALPN.getPeerAPs();
|
||||
// Only one application protocol name should be present
|
||||
String p;
|
||||
if ((protocols.size() == 1) &&
|
||||
!((p = protocols.get(0)).isEmpty())) {
|
||||
int i;
|
||||
for (i = 0; i < localApl.length; i++) {
|
||||
if (localApl[i].equals(p)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (i == localApl.length) {
|
||||
fatalSE(Alerts.alert_handshake_failure,
|
||||
"Server has selected an application protocol name " +
|
||||
"which was not offered by the client: " + p);
|
||||
}
|
||||
applicationProtocol = p;
|
||||
} else {
|
||||
fatalSE(Alerts.alert_handshake_failure,
|
||||
"Incorrect data in ServerHello " + ExtensionType.EXT_ALPN +
|
||||
" message");
|
||||
}
|
||||
} else {
|
||||
applicationProtocol = "";
|
||||
}
|
||||
|
||||
if (resumingSession && session != null) {
|
||||
setHandshakeSessionSE(session);
|
||||
// Reserve the handshake state if this is a session-resumption
|
||||
@ -729,6 +770,7 @@ final class ClientHandshaker extends Handshaker {
|
||||
} else if ((type != ExtensionType.EXT_ELLIPTIC_CURVES)
|
||||
&& (type != ExtensionType.EXT_EC_POINT_FORMATS)
|
||||
&& (type != ExtensionType.EXT_SERVER_NAME)
|
||||
&& (type != ExtensionType.EXT_ALPN)
|
||||
&& (type != ExtensionType.EXT_RENEGOTIATION_INFO)
|
||||
&& (type != ExtensionType.EXT_STATUS_REQUEST)
|
||||
&& (type != ExtensionType.EXT_STATUS_REQUEST_V2)) {
|
||||
@ -1525,6 +1567,12 @@ final class ClientHandshaker extends Handshaker {
|
||||
clientHelloMessage.addCertStatusRequestExtension();
|
||||
}
|
||||
|
||||
// Add ALPN extension
|
||||
if (localApl != null && localApl.length > 0) {
|
||||
clientHelloMessage.addALPNExtension(localApl);
|
||||
alpnActive = true;
|
||||
}
|
||||
|
||||
// reset the client random cookie
|
||||
clnt_random = clientHelloMessage.clnt_random;
|
||||
|
||||
|
||||
@ -43,8 +43,7 @@ final class ExtensionType {
|
||||
return name;
|
||||
}
|
||||
|
||||
static List<ExtensionType> knownExtensions =
|
||||
new ArrayList<ExtensionType>(14);
|
||||
static List<ExtensionType> knownExtensions = new ArrayList<>(15);
|
||||
|
||||
static ExtensionType get(int id) {
|
||||
for (ExtensionType ext : knownExtensions) {
|
||||
@ -97,6 +96,11 @@ final class ExtensionType {
|
||||
static final ExtensionType EXT_SIGNATURE_ALGORITHMS =
|
||||
e(0x000D, "signature_algorithms"); // IANA registry value: 13
|
||||
|
||||
// extension defined in RFC 7301 (ALPN)
|
||||
static final ExtensionType EXT_ALPN =
|
||||
e(0x0010, "application_layer_protocol_negotiation");
|
||||
// IANA registry value: 16
|
||||
|
||||
// extensions defined in RFC 6961
|
||||
static final ExtensionType EXT_STATUS_REQUEST_V2 =
|
||||
e(0x0011, "status_request_v2"); // IANA registry value: 17
|
||||
|
||||
@ -412,6 +412,11 @@ static final class ClientHello extends HandshakeMessage {
|
||||
extensions.add(new CertStatusReqListV2Extension(itemList));
|
||||
}
|
||||
|
||||
// add application_layer_protocol_negotiation extension
|
||||
void addALPNExtension(String[] applicationProtocols) throws SSLException {
|
||||
extensions.add(new ALPNExtension(applicationProtocols));
|
||||
}
|
||||
|
||||
@Override
|
||||
int messageType() { return ht_client_hello; }
|
||||
|
||||
|
||||
@ -116,6 +116,12 @@ abstract class Handshaker {
|
||||
List<SNIServerName> serverNames = Collections.<SNIServerName>emptyList();
|
||||
Collection<SNIMatcher> sniMatchers = Collections.<SNIMatcher>emptyList();
|
||||
|
||||
// List of local ApplicationProtocols
|
||||
String[] localApl = null;
|
||||
|
||||
// Negotiated ALPN value
|
||||
String applicationProtocol = null;
|
||||
|
||||
// The maximum expected network packet size for SSL/TLS/DTLS records.
|
||||
int maximumPacketSize = 0;
|
||||
|
||||
@ -480,6 +486,20 @@ abstract class Handshaker {
|
||||
this.maximumPacketSize = maximumPacketSize;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the Application Protocol list.
|
||||
*/
|
||||
void setApplicationProtocols(String[] apl) {
|
||||
this.localApl = apl;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the "negotiated" ALPN value.
|
||||
*/
|
||||
String getHandshakeApplicationProtocol() {
|
||||
return applicationProtocol;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the cipher suites preference.
|
||||
*/
|
||||
|
||||
@ -33,8 +33,8 @@ import javax.net.ssl.*;
|
||||
/**
|
||||
* This file contains all the classes relevant to TLS Extensions for the
|
||||
* ClientHello and ServerHello messages. The extension mechanism and
|
||||
* several extensions are defined in RFC 3546. Additional extensions are
|
||||
* defined in the ECC RFC 4492.
|
||||
* several extensions are defined in RFC 6066. Additional extensions are
|
||||
* defined in the ECC RFC 4492 and the ALPN extension is defined in RFC 7301.
|
||||
*
|
||||
* Currently, only the two ECC extensions are fully supported.
|
||||
*
|
||||
@ -52,6 +52,7 @@ import javax.net.ssl.*;
|
||||
* . SupportedEllipticCurvesExtension: the ECC supported curves extension.
|
||||
* . SupportedEllipticPointFormatsExtension: the ECC supported point formats
|
||||
* (compressed/uncompressed) extension.
|
||||
* . ALPNExtension: the application_layer_protocol_negotiation extension.
|
||||
*
|
||||
* @since 1.6
|
||||
* @author Andreas Sterbenz
|
||||
@ -85,6 +86,8 @@ final class HelloExtensions {
|
||||
new SupportedEllipticPointFormatsExtension(s, extlen);
|
||||
} else if (extType == ExtensionType.EXT_RENEGOTIATION_INFO) {
|
||||
extension = new RenegotiationInfoExtension(s, extlen);
|
||||
} else if (extType == ExtensionType.EXT_ALPN) {
|
||||
extension = new ALPNExtension(s, extlen);
|
||||
} else if (extType == ExtensionType.EXT_MAX_FRAGMENT_LENGTH) {
|
||||
extension = new MaxFragmentLengthExtension(s, extlen);
|
||||
} else if (extType == ExtensionType.EXT_STATUS_REQUEST) {
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -198,6 +198,14 @@ public final class SSLEngineImpl extends SSLEngine {
|
||||
Collection<SNIMatcher> sniMatchers =
|
||||
Collections.<SNIMatcher>emptyList();
|
||||
|
||||
// Configured application protocol values
|
||||
String[] applicationProtocols = new String[0];
|
||||
|
||||
// Negotiated application protocol value.
|
||||
//
|
||||
// The value under negotiation will be obtained from handshaker.
|
||||
String applicationProtocol = null;
|
||||
|
||||
// Have we been told whether we're client or server?
|
||||
private boolean serverModeSet = false;
|
||||
private boolean roleIsServer;
|
||||
@ -413,6 +421,7 @@ public final class SSLEngineImpl extends SSLEngine {
|
||||
} else { // cs_DATA
|
||||
connectionState = cs_RENEGOTIATE;
|
||||
}
|
||||
|
||||
if (roleIsServer) {
|
||||
handshaker = new ServerHandshaker(this, sslContext,
|
||||
enabledProtocols, doClientAuth,
|
||||
@ -432,6 +441,7 @@ public final class SSLEngineImpl extends SSLEngine {
|
||||
handshaker.setMaximumPacketSize(maximumPacketSize);
|
||||
handshaker.setEnabledCipherSuites(enabledCipherSuites);
|
||||
handshaker.setEnableSessionCreation(enableSessionCreation);
|
||||
handshaker.setApplicationProtocols(applicationProtocols);
|
||||
|
||||
outputRecord.initHandshaker();
|
||||
}
|
||||
@ -1055,6 +1065,9 @@ public final class SSLEngineImpl extends SSLEngine {
|
||||
handshaker.isSecureRenegotiation();
|
||||
clientVerifyData = handshaker.getClientVerifyData();
|
||||
serverVerifyData = handshaker.getServerVerifyData();
|
||||
// set connection ALPN value
|
||||
applicationProtocol =
|
||||
handshaker.getHandshakeApplicationProtocol();
|
||||
|
||||
sess = handshaker.getSession();
|
||||
handshakeSession = null;
|
||||
@ -2140,6 +2153,7 @@ public final class SSLEngineImpl extends SSLEngine {
|
||||
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
|
||||
params.setEnableRetransmissions(enableRetransmissions);
|
||||
params.setMaximumPacketSize(maximumPacketSize);
|
||||
params.setApplicationProtocols(applicationProtocols);
|
||||
|
||||
return params;
|
||||
}
|
||||
@ -2174,11 +2188,13 @@ public final class SSLEngineImpl extends SSLEngine {
|
||||
if (matchers != null) {
|
||||
sniMatchers = matchers;
|
||||
}
|
||||
applicationProtocols = params.getApplicationProtocols();
|
||||
|
||||
if ((handshaker != null) && !handshaker.started()) {
|
||||
handshaker.setIdentificationProtocol(identificationProtocol);
|
||||
handshaker.setAlgorithmConstraints(algorithmConstraints);
|
||||
handshaker.setMaximumPacketSize(maximumPacketSize);
|
||||
handshaker.setApplicationProtocols(applicationProtocols);
|
||||
if (roleIsServer) {
|
||||
handshaker.setSNIMatchers(sniMatchers);
|
||||
handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites);
|
||||
@ -2188,6 +2204,19 @@ public final class SSLEngineImpl extends SSLEngine {
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized String getApplicationProtocol() {
|
||||
return applicationProtocol;
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized String getHandshakeApplicationProtocol() {
|
||||
if ((handshaker != null) && !handshaker.started()) {
|
||||
return handshaker.getHandshakeApplicationProtocol();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a printable representation of this end of the connection.
|
||||
*/
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -92,6 +92,9 @@ class SSLServerSocketImpl extends SSLServerSocket
|
||||
Collection<SNIMatcher> sniMatchers =
|
||||
Collections.<SNIMatcher>emptyList();
|
||||
|
||||
// Configured application protocol values
|
||||
String[] applicationProtocols = new String[0];
|
||||
|
||||
/*
|
||||
* Whether local cipher suites preference in server side should be
|
||||
* honored during handshaking?
|
||||
@ -311,7 +314,7 @@ class SSLServerSocketImpl extends SSLServerSocket
|
||||
params.setAlgorithmConstraints(algorithmConstraints);
|
||||
params.setSNIMatchers(sniMatchers);
|
||||
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
|
||||
|
||||
params.setApplicationProtocols(applicationProtocols);
|
||||
|
||||
return params;
|
||||
}
|
||||
@ -331,6 +334,7 @@ class SSLServerSocketImpl extends SSLServerSocket
|
||||
if (matchers != null) {
|
||||
sniMatchers = params.getSNIMatchers();
|
||||
}
|
||||
applicationProtocols = params.getApplicationProtocols();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -210,6 +210,14 @@ public final class SSLSocketImpl extends BaseSSLSocketImpl {
|
||||
Collection<SNIMatcher> sniMatchers =
|
||||
Collections.<SNIMatcher>emptyList();
|
||||
|
||||
// Configured application protocol values
|
||||
String[] applicationProtocols = new String[0];
|
||||
|
||||
// Negotiated application protocol value.
|
||||
//
|
||||
// The value under negotiation will be obtained from handshaker.
|
||||
String applicationProtocol = null;
|
||||
|
||||
/*
|
||||
* READ ME * READ ME * READ ME * READ ME * READ ME * READ ME *
|
||||
* IMPORTANT STUFF TO UNDERSTANDING THE SYNCHRONIZATION ISSUES.
|
||||
@ -1116,6 +1124,9 @@ public final class SSLSocketImpl extends BaseSSLSocketImpl {
|
||||
handshaker.isSecureRenegotiation();
|
||||
clientVerifyData = handshaker.getClientVerifyData();
|
||||
serverVerifyData = handshaker.getServerVerifyData();
|
||||
// set connection ALPN value
|
||||
applicationProtocol =
|
||||
handshaker.getHandshakeApplicationProtocol();
|
||||
|
||||
sess = handshaker.getSession();
|
||||
handshakeSession = null;
|
||||
@ -1314,6 +1325,7 @@ public final class SSLSocketImpl extends BaseSSLSocketImpl {
|
||||
} else { // cs_DATA
|
||||
connectionState = cs_RENEGOTIATE;
|
||||
}
|
||||
|
||||
if (roleIsServer) {
|
||||
handshaker = new ServerHandshaker(this, sslContext,
|
||||
enabledProtocols, doClientAuth,
|
||||
@ -1331,6 +1343,7 @@ public final class SSLSocketImpl extends BaseSSLSocketImpl {
|
||||
handshaker.setMaximumPacketSize(maximumPacketSize);
|
||||
handshaker.setEnabledCipherSuites(enabledCipherSuites);
|
||||
handshaker.setEnableSessionCreation(enableSessionCreation);
|
||||
handshaker.setApplicationProtocols(applicationProtocols);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2511,6 +2524,7 @@ public final class SSLSocketImpl extends BaseSSLSocketImpl {
|
||||
params.setServerNames(serverNames);
|
||||
params.setUseCipherSuitesOrder(preferLocalCipherSuites);
|
||||
params.setMaximumPacketSize(maximumPacketSize);
|
||||
params.setApplicationProtocols(applicationProtocols);
|
||||
|
||||
// DTLS handshake retransmissions parameter does not apply here.
|
||||
|
||||
@ -2549,10 +2563,13 @@ public final class SSLSocketImpl extends BaseSSLSocketImpl {
|
||||
sniMatchers = matchers;
|
||||
}
|
||||
|
||||
applicationProtocols = params.getApplicationProtocols();
|
||||
|
||||
if ((handshaker != null) && !handshaker.started()) {
|
||||
handshaker.setIdentificationProtocol(identificationProtocol);
|
||||
handshaker.setAlgorithmConstraints(algorithmConstraints);
|
||||
handshaker.setMaximumPacketSize(maximumPacketSize);
|
||||
handshaker.setApplicationProtocols(applicationProtocols);
|
||||
if (roleIsServer) {
|
||||
handshaker.setSNIMatchers(sniMatchers);
|
||||
handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites);
|
||||
@ -2562,6 +2579,19 @@ public final class SSLSocketImpl extends BaseSSLSocketImpl {
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized String getApplicationProtocol() {
|
||||
return applicationProtocol;
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized String getHandshakeApplicationProtocol() {
|
||||
if ((handshaker != null) && !handshaker.started()) {
|
||||
return handshaker.getHandshakeApplicationProtocol();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
//
|
||||
// We allocate a separate thread to deliver handshake completion
|
||||
// events. This ensures that the notifications don't block the
|
||||
|
||||
@ -528,6 +528,36 @@ final class ServerHandshaker extends Handshaker {
|
||||
}
|
||||
}
|
||||
|
||||
// check the ALPN extension
|
||||
ALPNExtension clientHelloALPN = (ALPNExtension)
|
||||
mesg.extensions.get(ExtensionType.EXT_ALPN);
|
||||
|
||||
if ((clientHelloALPN != null) && (localApl.length > 0)) {
|
||||
|
||||
// Intersect the requested and the locally supported,
|
||||
// and save for later.
|
||||
String negotiatedValue = null;
|
||||
List<String> protocols = clientHelloALPN.getPeerAPs();
|
||||
|
||||
// Use server preference order
|
||||
for (String ap : localApl) {
|
||||
if (protocols.contains(ap)) {
|
||||
negotiatedValue = ap;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (negotiatedValue == null) {
|
||||
fatalSE(Alerts.alert_no_application_protocol,
|
||||
new SSLHandshakeException(
|
||||
"No matching ALPN values"));
|
||||
}
|
||||
applicationProtocol = negotiatedValue;
|
||||
|
||||
} else {
|
||||
applicationProtocol = "";
|
||||
}
|
||||
|
||||
// cookie exchange
|
||||
if (isDTLS) {
|
||||
HelloCookieManager hcMgr = sslContext.getHelloCookieManager();
|
||||
@ -921,6 +951,11 @@ final class ServerHandshaker extends Handshaker {
|
||||
}
|
||||
}
|
||||
|
||||
// Prepare the ALPN response
|
||||
if (applicationProtocol != null && !applicationProtocol.isEmpty()) {
|
||||
m1.extensions.add(new ALPNExtension(applicationProtocol));
|
||||
}
|
||||
|
||||
if (debug != null && Debug.isOn("handshake")) {
|
||||
m1.print(System.out);
|
||||
System.out.println("Cipher suite: " + session.getSuite());
|
||||
|
||||
497
jdk/test/javax/net/ssl/ALPN/SSLEngineAlpnTest.java
Normal file
497
jdk/test/javax/net/ssl/ALPN/SSLEngineAlpnTest.java
Normal file
@ -0,0 +1,497 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
// SunJSSE does not support dynamic system properties, no way to re-use
|
||||
// system properties in samevm/agentvm mode.
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8051498
|
||||
* @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension
|
||||
* @run main/othervm SSLEngineAlpnTest h2 h2 h2
|
||||
* @run main/othervm SSLEngineAlpnTest h2 h2,http/1.1 h2
|
||||
* @run main/othervm SSLEngineAlpnTest h2,http/1.1 h2,http/1.1 h2
|
||||
* @run main/othervm SSLEngineAlpnTest http/1.1,h2 h2,http/1.1 http/1.1
|
||||
* @run main/othervm SSLEngineAlpnTest h4,h3,h2 h1,h2 h2
|
||||
* @run main/othervm SSLEngineAlpnTest EMPTY h2,http/1.1 NONE
|
||||
* @run main/othervm SSLEngineAlpnTest h2 EMPTY NONE
|
||||
* @run main/othervm SSLEngineAlpnTest H2 h2 ERROR
|
||||
* @run main/othervm SSLEngineAlpnTest h2 http/1.1 ERROR
|
||||
*/
|
||||
/**
|
||||
* A simple SSLEngine-based client/server that demonstrates the proposed API
|
||||
* changes for JEP 244 in support of the TLS ALPN extension (RFC 7301).
|
||||
*
|
||||
* This example is based on our standard SSLEngineTemplate.
|
||||
*
|
||||
* The immediate consumer of ALPN will be HTTP/2 (RFC 7540), aka H2. The H2 IETF
|
||||
* Working Group wanted to use TLSv1.3+ as the secure transport mechanism, but
|
||||
* TLSv1.3 wasn't ready. The H2 folk agreed to a compromise that only TLSv1.2+
|
||||
* can be used, and that if TLSv1.2 was selected, non-TLSv.1.3-approved
|
||||
* ciphersuites would be blacklisted and their use discouraged.
|
||||
*
|
||||
* In order to support connections that might negotiate either HTTP/1.1 and H2,
|
||||
* the guidance from the IETF Working Group is that the H2 ciphersuites be
|
||||
* prioritized/tried first.
|
||||
*/
|
||||
|
||||
/*
|
||||
* The original SSLEngineTemplate comments follow.
|
||||
*
|
||||
* A SSLEngine usage example which simplifies the presentation
|
||||
* by removing the I/O and multi-threading concerns.
|
||||
*
|
||||
* The test creates two SSLEngines, simulating a client and server.
|
||||
* The "transport" layer consists two byte buffers: think of them
|
||||
* as directly connected pipes.
|
||||
*
|
||||
* Note, this is a *very* simple example: real code will be much more
|
||||
* involved. For example, different threading and I/O models could be
|
||||
* used, transport mechanisms could close unexpectedly, and so on.
|
||||
*
|
||||
* When this application runs, notice that several messages
|
||||
* (wrap/unwrap) pass before any application data is consumed or
|
||||
* produced. (For more information, please see the SSL/TLS
|
||||
* specifications.) There may several steps for a successful handshake,
|
||||
* so it's typical to see the following series of operations:
|
||||
*
|
||||
* client server message
|
||||
* ====== ====== =======
|
||||
* wrap() ... ClientHello
|
||||
* ... unwrap() ClientHello
|
||||
* ... wrap() ServerHello/Certificate
|
||||
* unwrap() ... ServerHello/Certificate
|
||||
* wrap() ... ClientKeyExchange
|
||||
* wrap() ... ChangeCipherSpec
|
||||
* wrap() ... Finished
|
||||
* ... unwrap() ClientKeyExchange
|
||||
* ... unwrap() ChangeCipherSpec
|
||||
* ... unwrap() Finished
|
||||
* ... wrap() ChangeCipherSpec
|
||||
* ... wrap() Finished
|
||||
* unwrap() ... ChangeCipherSpec
|
||||
* unwrap() ... Finished
|
||||
*/
|
||||
import javax.net.ssl.*;
|
||||
import javax.net.ssl.SSLEngineResult.*;
|
||||
import java.io.*;
|
||||
import java.security.*;
|
||||
import java.nio.*;
|
||||
|
||||
public class SSLEngineAlpnTest {
|
||||
|
||||
/*
|
||||
* Enables logging of the SSLEngine operations.
|
||||
*/
|
||||
private static final boolean logging = true;
|
||||
|
||||
/*
|
||||
* Enables the JSSE system debugging system property:
|
||||
*
|
||||
* -Djavax.net.debug=all
|
||||
*
|
||||
* This gives a lot of low-level information about operations underway,
|
||||
* including specific handshake messages, and might be best examined
|
||||
* after gaining some familiarity with this application.
|
||||
*/
|
||||
private static final boolean debug = false;
|
||||
|
||||
private final SSLContext sslc;
|
||||
|
||||
private SSLEngine clientEngine; // client Engine
|
||||
private ByteBuffer clientOut; // write side of clientEngine
|
||||
private ByteBuffer clientIn; // read side of clientEngine
|
||||
|
||||
private SSLEngine serverEngine; // server Engine
|
||||
private ByteBuffer serverOut; // write side of serverEngine
|
||||
private ByteBuffer serverIn; // read side of serverEngine
|
||||
|
||||
/*
|
||||
* For data transport, this example uses local ByteBuffers. This
|
||||
* isn't really useful, but the purpose of this example is to show
|
||||
* SSLEngine concepts, not how to do network transport.
|
||||
*/
|
||||
private ByteBuffer cTOs; // "reliable" transport client->server
|
||||
private ByteBuffer sTOc; // "reliable" transport server->client
|
||||
|
||||
/*
|
||||
* The following is to set up the keystores.
|
||||
*/
|
||||
private static final String pathToStores = "../etc";
|
||||
private static final String keyStoreFile = "keystore";
|
||||
private static final String trustStoreFile = "truststore";
|
||||
private static final String passwd = "passphrase";
|
||||
|
||||
private static final String keyFilename
|
||||
= System.getProperty("test.src", ".") + "/" + pathToStores
|
||||
+ "/" + keyStoreFile;
|
||||
private static final String trustFilename
|
||||
= System.getProperty("test.src", ".") + "/" + pathToStores
|
||||
+ "/" + trustStoreFile;
|
||||
|
||||
/*
|
||||
* Main entry point for this test.
|
||||
*/
|
||||
public static void main(String args[]) throws Exception {
|
||||
if (debug) {
|
||||
System.setProperty("javax.net.debug", "all");
|
||||
}
|
||||
|
||||
// Validate parameters
|
||||
if (args.length != 3) {
|
||||
throw new Exception("Invalid number of test parameters");
|
||||
}
|
||||
|
||||
SSLEngineAlpnTest test = new SSLEngineAlpnTest();
|
||||
try {
|
||||
test.runTest(convert(args[0]), convert(args[1]), args[2]);
|
||||
} catch (SSLHandshakeException she) {
|
||||
if (args[2].equals("ERROR")) {
|
||||
System.out.println("Caught the expected exception: " + she);
|
||||
} else {
|
||||
throw she;
|
||||
}
|
||||
}
|
||||
|
||||
System.out.println("Test Passed.");
|
||||
}
|
||||
|
||||
/*
|
||||
* Create an initialized SSLContext to use for these tests.
|
||||
*/
|
||||
public SSLEngineAlpnTest() throws Exception {
|
||||
|
||||
KeyStore ks = KeyStore.getInstance("JKS");
|
||||
KeyStore ts = KeyStore.getInstance("JKS");
|
||||
|
||||
char[] passphrase = "passphrase".toCharArray();
|
||||
|
||||
ks.load(new FileInputStream(keyFilename), passphrase);
|
||||
ts.load(new FileInputStream(trustFilename), passphrase);
|
||||
|
||||
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
|
||||
kmf.init(ks, passphrase);
|
||||
|
||||
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
|
||||
tmf.init(ts);
|
||||
|
||||
SSLContext sslCtx = SSLContext.getInstance("TLS");
|
||||
|
||||
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
|
||||
|
||||
sslc = sslCtx;
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a comma-separated list into an array of strings.
|
||||
*/
|
||||
private static String[] convert(String list) {
|
||||
String[] strings = null;
|
||||
|
||||
if (list.equals("EMPTY")) {
|
||||
return new String[0];
|
||||
}
|
||||
|
||||
if (list.indexOf(',') > 0) {
|
||||
strings = list.split(",");
|
||||
} else {
|
||||
strings = new String[]{ list };
|
||||
}
|
||||
|
||||
return strings;
|
||||
}
|
||||
|
||||
/*
|
||||
* Run the test.
|
||||
*
|
||||
* Sit in a tight loop, both engines calling wrap/unwrap regardless
|
||||
* of whether data is available or not. We do this until both engines
|
||||
* report back they are closed.
|
||||
*
|
||||
* The main loop handles all of the I/O phases of the SSLEngine's
|
||||
* lifetime:
|
||||
*
|
||||
* initial handshaking
|
||||
* application data transfer
|
||||
* engine closing
|
||||
*
|
||||
* One could easily separate these phases into separate
|
||||
* sections of code.
|
||||
*/
|
||||
private void runTest(String[] serverAPs, String[] clientAPs,
|
||||
String expectedAP) throws Exception {
|
||||
|
||||
boolean dataDone = false;
|
||||
|
||||
createSSLEngines(serverAPs, clientAPs);
|
||||
createBuffers();
|
||||
|
||||
SSLEngineResult clientResult; // results from client's last operation
|
||||
SSLEngineResult serverResult; // results from server's last operation
|
||||
|
||||
/*
|
||||
* Examining the SSLEngineResults could be much more involved,
|
||||
* and may alter the overall flow of the application.
|
||||
*
|
||||
* For example, if we received a BUFFER_OVERFLOW when trying
|
||||
* to write to the output pipe, we could reallocate a larger
|
||||
* pipe, but instead we wait for the peer to drain it.
|
||||
*/
|
||||
while (!isEngineClosed(clientEngine)
|
||||
|| !isEngineClosed(serverEngine)) {
|
||||
|
||||
log("================");
|
||||
|
||||
clientResult = clientEngine.wrap(clientOut, cTOs);
|
||||
log("client wrap: ", clientResult);
|
||||
runDelegatedTasks(clientResult, clientEngine);
|
||||
checkAPResult(clientEngine, clientResult, expectedAP);
|
||||
|
||||
serverResult = serverEngine.wrap(serverOut, sTOc);
|
||||
log("server wrap: ", serverResult);
|
||||
runDelegatedTasks(serverResult, serverEngine);
|
||||
checkAPResult(serverEngine, serverResult, expectedAP);
|
||||
|
||||
cTOs.flip();
|
||||
sTOc.flip();
|
||||
|
||||
log("----");
|
||||
|
||||
clientResult = clientEngine.unwrap(sTOc, clientIn);
|
||||
log("client unwrap: ", clientResult);
|
||||
runDelegatedTasks(clientResult, clientEngine);
|
||||
checkAPResult(clientEngine, clientResult, expectedAP);
|
||||
|
||||
serverResult = serverEngine.unwrap(cTOs, serverIn);
|
||||
log("server unwrap: ", serverResult);
|
||||
runDelegatedTasks(serverResult, serverEngine);
|
||||
checkAPResult(serverEngine, serverResult, expectedAP);
|
||||
|
||||
cTOs.compact();
|
||||
sTOc.compact();
|
||||
|
||||
/*
|
||||
* After we've transfered all application data between the client
|
||||
* and server, we close the clientEngine's outbound stream.
|
||||
* This generates a close_notify handshake message, which the
|
||||
* server engine receives and responds by closing itself.
|
||||
*/
|
||||
if (!dataDone && (clientOut.limit() == serverIn.position())
|
||||
&& (serverOut.limit() == clientIn.position())) {
|
||||
|
||||
/*
|
||||
* A sanity check to ensure we got what was sent.
|
||||
*/
|
||||
checkTransfer(serverOut, clientIn);
|
||||
checkTransfer(clientOut, serverIn);
|
||||
|
||||
log("\tClosing clientEngine's *OUTBOUND*...");
|
||||
clientEngine.closeOutbound();
|
||||
dataDone = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Check that the resulting connection meets our defined ALPN
|
||||
* criteria. If we were connecting to a non-JSSE implementation,
|
||||
* the server might have negotiated something we shouldn't accept.
|
||||
*
|
||||
* If we were expecting an ALPN value from server, let's make sure
|
||||
* the conditions match.
|
||||
*/
|
||||
private static void checkAPResult(SSLEngine engine, SSLEngineResult result,
|
||||
String expectedAP) throws Exception {
|
||||
|
||||
if (result.getHandshakeStatus() != HandshakeStatus.FINISHED) {
|
||||
return;
|
||||
}
|
||||
|
||||
String ap = engine.getApplicationProtocol();
|
||||
System.out.println("Application Protocol: \"" + ap + "\"");
|
||||
|
||||
if (ap == null) {
|
||||
throw new Exception(
|
||||
"Handshake was completed but null was received");
|
||||
}
|
||||
if (expectedAP.equals("NONE")) {
|
||||
if (!ap.isEmpty()) {
|
||||
throw new Exception("Expected no ALPN value");
|
||||
} else {
|
||||
System.out.println("No ALPN value negotiated, as expected");
|
||||
}
|
||||
} else if (!expectedAP.equals(ap)) {
|
||||
throw new Exception(expectedAP +
|
||||
" ALPN value not available on negotiated connection");
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Using the SSLContext created during object creation,
|
||||
* create/configure the SSLEngines we'll use for this test.
|
||||
*/
|
||||
private void createSSLEngines(String[] serverAPs, String[] clientAPs)
|
||||
throws Exception {
|
||||
/*
|
||||
* Configure the serverEngine to act as a server in the SSL/TLS
|
||||
* handshake. Also, require SSL client authentication.
|
||||
*/
|
||||
serverEngine = sslc.createSSLEngine();
|
||||
serverEngine.setUseClientMode(false);
|
||||
|
||||
SSLParameters sslp = serverEngine.getSSLParameters();
|
||||
|
||||
sslp.setNeedClientAuth(true);
|
||||
|
||||
/*
|
||||
* The default ciphersuite ordering from the SSLContext may not
|
||||
* reflect "h2" ciphersuites as being preferred, additionally the
|
||||
* client may not send them in an appropriate order. We could resort
|
||||
* the suite list if so desired.
|
||||
*/
|
||||
String[] suites = sslp.getCipherSuites();
|
||||
sslp.setCipherSuites(suites);
|
||||
sslp.setApplicationProtocols(serverAPs);
|
||||
sslp.setUseCipherSuitesOrder(true); // Set server side order
|
||||
|
||||
serverEngine.setSSLParameters(sslp);
|
||||
|
||||
/*
|
||||
* Similar to above, but using client mode instead.
|
||||
*/
|
||||
clientEngine = sslc.createSSLEngine("client", 80);
|
||||
clientEngine.setUseClientMode(true);
|
||||
sslp = clientEngine.getSSLParameters();
|
||||
sslp.setApplicationProtocols(clientAPs);
|
||||
clientEngine.setSSLParameters(sslp);
|
||||
}
|
||||
|
||||
/*
|
||||
* Create and size the buffers appropriately.
|
||||
*/
|
||||
private void createBuffers() {
|
||||
|
||||
/*
|
||||
* We'll assume the buffer sizes are the same
|
||||
* between client and server.
|
||||
*/
|
||||
SSLSession session = clientEngine.getSession();
|
||||
int appBufferMax = session.getApplicationBufferSize();
|
||||
int netBufferMax = session.getPacketBufferSize();
|
||||
|
||||
/*
|
||||
* We'll make the input buffers a bit bigger than the max needed
|
||||
* size, so that unwrap()s following a successful data transfer
|
||||
* won't generate BUFFER_OVERFLOWS.
|
||||
*
|
||||
* We'll use a mix of direct and indirect ByteBuffers for
|
||||
* tutorial purposes only. In reality, only use direct
|
||||
* ByteBuffers when they give a clear performance enhancement.
|
||||
*/
|
||||
clientIn = ByteBuffer.allocate(appBufferMax + 50);
|
||||
serverIn = ByteBuffer.allocate(appBufferMax + 50);
|
||||
|
||||
cTOs = ByteBuffer.allocateDirect(netBufferMax);
|
||||
sTOc = ByteBuffer.allocateDirect(netBufferMax);
|
||||
|
||||
clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes());
|
||||
serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes());
|
||||
}
|
||||
|
||||
/*
|
||||
* If the result indicates that we have outstanding tasks to do,
|
||||
* go ahead and run them in this thread.
|
||||
*/
|
||||
private static void runDelegatedTasks(SSLEngineResult result,
|
||||
SSLEngine engine) throws Exception {
|
||||
|
||||
if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
|
||||
Runnable runnable;
|
||||
while ((runnable = engine.getDelegatedTask()) != null) {
|
||||
log("\trunning delegated task...");
|
||||
runnable.run();
|
||||
}
|
||||
HandshakeStatus hsStatus = engine.getHandshakeStatus();
|
||||
if (hsStatus == HandshakeStatus.NEED_TASK) {
|
||||
throw new Exception(
|
||||
"handshake shouldn't need additional tasks");
|
||||
}
|
||||
log("\tnew HandshakeStatus: " + hsStatus);
|
||||
}
|
||||
}
|
||||
|
||||
private static boolean isEngineClosed(SSLEngine engine) {
|
||||
return (engine.isOutboundDone() && engine.isInboundDone());
|
||||
}
|
||||
|
||||
/*
|
||||
* Simple check to make sure everything came across as expected.
|
||||
*/
|
||||
private static void checkTransfer(ByteBuffer a, ByteBuffer b)
|
||||
throws Exception {
|
||||
a.flip();
|
||||
b.flip();
|
||||
|
||||
if (!a.equals(b)) {
|
||||
throw new Exception("Data didn't transfer cleanly");
|
||||
} else {
|
||||
log("\tData transferred cleanly");
|
||||
}
|
||||
|
||||
a.position(a.limit());
|
||||
b.position(b.limit());
|
||||
a.limit(a.capacity());
|
||||
b.limit(b.capacity());
|
||||
}
|
||||
|
||||
/*
|
||||
* Logging code
|
||||
*/
|
||||
private static boolean resultOnce = true;
|
||||
|
||||
private static void log(String str, SSLEngineResult result) {
|
||||
if (!logging) {
|
||||
return;
|
||||
}
|
||||
if (resultOnce) {
|
||||
resultOnce = false;
|
||||
System.out.println("The format of the SSLEngineResult is: \n"
|
||||
+ "\t\"getStatus() / getHandshakeStatus()\" +\n"
|
||||
+ "\t\"bytesConsumed() / bytesProduced()\"\n");
|
||||
}
|
||||
HandshakeStatus hsStatus = result.getHandshakeStatus();
|
||||
log(str
|
||||
+ result.getStatus() + "/" + hsStatus + ", "
|
||||
+ result.bytesConsumed() + "/" + result.bytesProduced()
|
||||
+ " bytes");
|
||||
if (hsStatus == HandshakeStatus.FINISHED) {
|
||||
log("\t...ready for application data");
|
||||
}
|
||||
}
|
||||
|
||||
private static void log(String str) {
|
||||
if (logging) {
|
||||
System.out.println(str);
|
||||
}
|
||||
}
|
||||
}
|
||||
439
jdk/test/javax/net/ssl/ALPN/SSLSocketAlpnTest.java
Normal file
439
jdk/test/javax/net/ssl/ALPN/SSLSocketAlpnTest.java
Normal file
@ -0,0 +1,439 @@
|
||||
/*
|
||||
* Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
// SunJSSE does not support dynamic system properties, no way to re-use
|
||||
// system properties in samevm/agentvm mode.
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8051498
|
||||
* @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension
|
||||
* @run main/othervm SSLSocketAlpnTest h2 h2 h2
|
||||
* @run main/othervm SSLSocketAlpnTest h2 h2,http/1.1 h2
|
||||
* @run main/othervm SSLSocketAlpnTest h2,http/1.1 h2,http/1.1 h2
|
||||
* @run main/othervm SSLSocketAlpnTest http/1.1,h2 h2,http/1.1 http/1.1
|
||||
* @run main/othervm SSLSocketAlpnTest h4,h3,h2 h1,h2 h2
|
||||
* @run main/othervm SSLSocketAlpnTest EMPTY h2,http/1.1 NONE
|
||||
* @run main/othervm SSLSocketAlpnTest h2 EMPTY NONE
|
||||
* @run main/othervm SSLSocketAlpnTest H2 h2 ERROR
|
||||
* @run main/othervm SSLSocketAlpnTest h2 http/1.1 ERROR
|
||||
* @author Brad Wetmore
|
||||
*/
|
||||
import java.io.*;
|
||||
import javax.net.ssl.*;
|
||||
|
||||
public class SSLSocketAlpnTest {
|
||||
|
||||
/*
|
||||
* =============================================================
|
||||
* Set the various variables needed for the tests, then
|
||||
* specify what tests to run on each side.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Should we run the client or server in a separate thread?
|
||||
* Both sides can throw exceptions, but do you have a preference
|
||||
* as to which side should be the main thread.
|
||||
*/
|
||||
static boolean separateServerThread = false;
|
||||
|
||||
/*
|
||||
* Where do we find the keystores?
|
||||
*/
|
||||
static String pathToStores = "../etc";
|
||||
static String keyStoreFile = "keystore";
|
||||
static String trustStoreFile = "truststore";
|
||||
static String passwd = "passphrase";
|
||||
|
||||
/*
|
||||
* Is the server ready to serve?
|
||||
*/
|
||||
volatile static boolean serverReady = false;
|
||||
|
||||
/*
|
||||
* Turn on SSL debugging?
|
||||
*/
|
||||
static boolean debug = false;
|
||||
|
||||
static String[] serverAPs;
|
||||
static String[] clientAPs;
|
||||
static String expectedAP;
|
||||
|
||||
/*
|
||||
* If the client or server is doing some kind of object creation
|
||||
* that the other side depends on, and that thread prematurely
|
||||
* exits, you may experience a hang. The test harness will
|
||||
* terminate all hung threads after its timeout has expired,
|
||||
* currently 3 minutes by default, but you might try to be
|
||||
* smart about it....
|
||||
*/
|
||||
|
||||
/*
|
||||
* Define the server side of the test.
|
||||
*
|
||||
* If the server prematurely exits, serverReady will be set to true
|
||||
* to avoid infinite hangs.
|
||||
*/
|
||||
void doServerSide() throws Exception {
|
||||
SSLServerSocketFactory sslssf
|
||||
= (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
|
||||
SSLServerSocket sslServerSocket
|
||||
= (SSLServerSocket) sslssf.createServerSocket(serverPort);
|
||||
|
||||
serverPort = sslServerSocket.getLocalPort();
|
||||
|
||||
/*
|
||||
* Signal Client, we're ready for his connect.
|
||||
*/
|
||||
serverReady = true;
|
||||
|
||||
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
|
||||
|
||||
SSLParameters sslp = sslSocket.getSSLParameters();
|
||||
|
||||
/*
|
||||
* The default ciphersuite ordering from the SSLContext may not
|
||||
* reflect "h2" ciphersuites as being preferred, additionally the
|
||||
* client may not send them in an appropriate order. We could resort
|
||||
* the suite list if so desired.
|
||||
*/
|
||||
String[] suites = sslp.getCipherSuites();
|
||||
sslp.setCipherSuites(suites);
|
||||
sslp.setUseCipherSuitesOrder(true); // Set server side order
|
||||
|
||||
// Set the ALPN selection.
|
||||
sslp.setApplicationProtocols(serverAPs);
|
||||
sslSocket.setSSLParameters(sslp);
|
||||
|
||||
sslSocket.startHandshake();
|
||||
|
||||
String ap = sslSocket.getApplicationProtocol();
|
||||
System.out.println("Application Protocol: \"" + ap + "\"");
|
||||
|
||||
if (ap == null) {
|
||||
throw new Exception(
|
||||
"Handshake was completed but null was received");
|
||||
}
|
||||
if (expectedAP.equals("NONE")) {
|
||||
if (!ap.isEmpty()) {
|
||||
throw new Exception("Expected no ALPN value");
|
||||
} else {
|
||||
System.out.println("No ALPN value negotiated, as expected");
|
||||
}
|
||||
} else if (!expectedAP.equals(ap)) {
|
||||
throw new Exception(expectedAP +
|
||||
" ALPN value not available on negotiated connection");
|
||||
}
|
||||
|
||||
InputStream sslIS = sslSocket.getInputStream();
|
||||
OutputStream sslOS = sslSocket.getOutputStream();
|
||||
|
||||
sslIS.read();
|
||||
sslOS.write(85);
|
||||
sslOS.flush();
|
||||
|
||||
sslSocket.close();
|
||||
}
|
||||
|
||||
/*
|
||||
* Define the client side of the test.
|
||||
*
|
||||
* If the server prematurely exits, serverReady will be set to true
|
||||
* to avoid infinite hangs.
|
||||
*/
|
||||
void doClientSide() throws Exception {
|
||||
|
||||
/*
|
||||
* Wait for server to get started.
|
||||
*/
|
||||
while (!serverReady) {
|
||||
Thread.sleep(50);
|
||||
}
|
||||
|
||||
SSLSocketFactory sslsf
|
||||
= (SSLSocketFactory) SSLSocketFactory.getDefault();
|
||||
SSLSocket sslSocket
|
||||
= (SSLSocket) sslsf.createSocket("localhost", serverPort);
|
||||
|
||||
SSLParameters sslp = sslSocket.getSSLParameters();
|
||||
|
||||
/*
|
||||
* The default ciphersuite ordering from the SSLContext may not
|
||||
* reflect "h2" ciphersuites as being preferred, additionally the
|
||||
* client may not send them in an appropriate order. We could resort
|
||||
* the suite list if so desired.
|
||||
*/
|
||||
String[] suites = sslp.getCipherSuites();
|
||||
sslp.setCipherSuites(suites);
|
||||
sslp.setUseCipherSuitesOrder(true); // Set server side order
|
||||
|
||||
// Set the ALPN selection.
|
||||
sslp.setApplicationProtocols(clientAPs);
|
||||
sslSocket.setSSLParameters(sslp);
|
||||
|
||||
sslSocket.startHandshake();
|
||||
|
||||
/*
|
||||
* Check that the resulting connection meets our defined ALPN
|
||||
* criteria. If we were connecting to a non-JSSE implementation,
|
||||
* the server might have negotiated something we shouldn't accept.
|
||||
*
|
||||
* We were expecting H2 from server, let's make sure the
|
||||
* conditions match.
|
||||
*/
|
||||
String ap = sslSocket.getApplicationProtocol();
|
||||
System.out.println("Application Protocol: \"" + ap + "\"");
|
||||
|
||||
if (ap == null) {
|
||||
throw new Exception(
|
||||
"Handshake was completed but null was received");
|
||||
}
|
||||
if (expectedAP.equals("NONE")) {
|
||||
if (!ap.isEmpty()) {
|
||||
throw new Exception("Expected no ALPN value");
|
||||
} else {
|
||||
System.out.println("No ALPN value negotiated, as expected");
|
||||
}
|
||||
} else if (!expectedAP.equals(ap)) {
|
||||
throw new Exception(expectedAP +
|
||||
" ALPN value not available on negotiated connection");
|
||||
}
|
||||
|
||||
InputStream sslIS = sslSocket.getInputStream();
|
||||
OutputStream sslOS = sslSocket.getOutputStream();
|
||||
|
||||
sslOS.write(280);
|
||||
sslOS.flush();
|
||||
sslIS.read();
|
||||
|
||||
sslSocket.close();
|
||||
}
|
||||
|
||||
/*
|
||||
* =============================================================
|
||||
* The remainder is just support stuff
|
||||
*/
|
||||
// use any free port by default
|
||||
volatile int serverPort = 0;
|
||||
|
||||
volatile Exception serverException = null;
|
||||
volatile Exception clientException = null;
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
String keyFilename
|
||||
= System.getProperty("test.src", ".") + "/" + pathToStores
|
||||
+ "/" + keyStoreFile;
|
||||
String trustFilename
|
||||
= System.getProperty("test.src", ".") + "/" + pathToStores
|
||||
+ "/" + trustStoreFile;
|
||||
|
||||
System.setProperty("javax.net.ssl.keyStore", keyFilename);
|
||||
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
|
||||
System.setProperty("javax.net.ssl.trustStore", trustFilename);
|
||||
System.setProperty("javax.net.ssl.trustStorePassword", passwd);
|
||||
|
||||
if (debug) {
|
||||
System.setProperty("javax.net.debug", "all");
|
||||
}
|
||||
|
||||
// Validate parameters
|
||||
if (args.length != 3) {
|
||||
throw new Exception("Invalid number of test parameters");
|
||||
}
|
||||
serverAPs = convert(args[0]);
|
||||
clientAPs = convert(args[1]);
|
||||
expectedAP = args[2];
|
||||
|
||||
/*
|
||||
* Start the tests.
|
||||
*/
|
||||
try {
|
||||
new SSLSocketAlpnTest();
|
||||
} catch (SSLHandshakeException she) {
|
||||
if (args[2].equals("ERROR")) {
|
||||
System.out.println("Caught the expected exception: " + she);
|
||||
} else {
|
||||
throw she;
|
||||
}
|
||||
}
|
||||
|
||||
System.out.println("Test Passed.");
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a comma-separated list into an array of strings.
|
||||
*/
|
||||
private static String[] convert(String list) {
|
||||
String[] strings;
|
||||
|
||||
if (list.equals("EMPTY")) {
|
||||
return new String[0];
|
||||
}
|
||||
|
||||
if (list.indexOf(',') > 0) {
|
||||
strings = list.split(",");
|
||||
} else {
|
||||
strings = new String[]{ list };
|
||||
}
|
||||
|
||||
return strings;
|
||||
}
|
||||
|
||||
Thread clientThread = null;
|
||||
Thread serverThread = null;
|
||||
|
||||
/*
|
||||
* Primary constructor, used to drive remainder of the test.
|
||||
*
|
||||
* Fork off the other side, then do your work.
|
||||
*/
|
||||
SSLSocketAlpnTest() throws Exception {
|
||||
Exception startException = null;
|
||||
try {
|
||||
if (separateServerThread) {
|
||||
startServer(true);
|
||||
startClient(false);
|
||||
} else {
|
||||
startClient(true);
|
||||
startServer(false);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
startException = e;
|
||||
}
|
||||
|
||||
/*
|
||||
* Wait for other side to close down.
|
||||
*/
|
||||
if (separateServerThread) {
|
||||
if (serverThread != null) {
|
||||
serverThread.join();
|
||||
}
|
||||
} else {
|
||||
if (clientThread != null) {
|
||||
clientThread.join();
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* When we get here, the test is pretty much over.
|
||||
* Which side threw the error?
|
||||
*/
|
||||
Exception local;
|
||||
Exception remote;
|
||||
|
||||
if (separateServerThread) {
|
||||
remote = serverException;
|
||||
local = clientException;
|
||||
} else {
|
||||
remote = clientException;
|
||||
local = serverException;
|
||||
}
|
||||
|
||||
Exception exception = null;
|
||||
|
||||
/*
|
||||
* Check various exception conditions.
|
||||
*/
|
||||
if ((local != null) && (remote != null)) {
|
||||
// If both failed, return the curthread's exception.
|
||||
local.initCause(remote);
|
||||
exception = local;
|
||||
} else if (local != null) {
|
||||
exception = local;
|
||||
} else if (remote != null) {
|
||||
exception = remote;
|
||||
} else if (startException != null) {
|
||||
exception = startException;
|
||||
}
|
||||
|
||||
/*
|
||||
* If there was an exception *AND* a startException,
|
||||
* output it.
|
||||
*/
|
||||
if (exception != null) {
|
||||
if (exception != startException && startException != null) {
|
||||
exception.addSuppressed(startException);
|
||||
}
|
||||
throw exception;
|
||||
}
|
||||
|
||||
// Fall-through: no exception to throw!
|
||||
}
|
||||
|
||||
void startServer(boolean newThread) throws Exception {
|
||||
if (newThread) {
|
||||
serverThread = new Thread() {
|
||||
@Override
|
||||
public void run() {
|
||||
try {
|
||||
doServerSide();
|
||||
} catch (Exception e) {
|
||||
/*
|
||||
* Our server thread just died.
|
||||
*
|
||||
* Release the client, if not active already...
|
||||
*/
|
||||
System.err.println("Server died...");
|
||||
serverReady = true;
|
||||
serverException = e;
|
||||
}
|
||||
}
|
||||
};
|
||||
serverThread.start();
|
||||
} else {
|
||||
try {
|
||||
doServerSide();
|
||||
} catch (Exception e) {
|
||||
serverException = e;
|
||||
} finally {
|
||||
serverReady = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void startClient(boolean newThread) throws Exception {
|
||||
if (newThread) {
|
||||
clientThread = new Thread() {
|
||||
@Override
|
||||
public void run() {
|
||||
try {
|
||||
doClientSide();
|
||||
} catch (Exception e) {
|
||||
/*
|
||||
* Our client thread just died.
|
||||
*/
|
||||
System.err.println("Client died...");
|
||||
clientException = e;
|
||||
}
|
||||
}
|
||||
};
|
||||
clientThread.start();
|
||||
} else {
|
||||
try {
|
||||
doClientSide();
|
||||
} catch (Exception e) {
|
||||
clientException = e;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -78,7 +78,7 @@ public class SSLEngineTemplate {
|
||||
/*
|
||||
* Enables logging of the SSLEngine operations.
|
||||
*/
|
||||
private static boolean logging = true;
|
||||
private static final boolean logging = true;
|
||||
|
||||
/*
|
||||
* Enables the JSSE system debugging system property:
|
||||
@ -89,9 +89,9 @@ public class SSLEngineTemplate {
|
||||
* including specific handshake messages, and might be best examined
|
||||
* after gaining some familiarity with this application.
|
||||
*/
|
||||
private static boolean debug = false;
|
||||
private static final boolean debug = false;
|
||||
|
||||
private SSLContext sslc;
|
||||
private final SSLContext sslc;
|
||||
|
||||
private SSLEngine clientEngine; // client Engine
|
||||
private ByteBuffer clientOut; // write side of clientEngine
|
||||
@ -112,15 +112,15 @@ public class SSLEngineTemplate {
|
||||
/*
|
||||
* The following is to set up the keystores.
|
||||
*/
|
||||
private static String pathToStores = "../etc";
|
||||
private static String keyStoreFile = "keystore";
|
||||
private static String trustStoreFile = "truststore";
|
||||
private static String passwd = "passphrase";
|
||||
private static final String pathToStores = "../etc";
|
||||
private static final String keyStoreFile = "keystore";
|
||||
private static final String trustStoreFile = "truststore";
|
||||
private static final String passwd = "passphrase";
|
||||
|
||||
private static String keyFilename =
|
||||
private static final String keyFilename =
|
||||
System.getProperty("test.src", ".") + "/" + pathToStores +
|
||||
"/" + keyStoreFile;
|
||||
private static String trustFilename =
|
||||
private static final String trustFilename =
|
||||
System.getProperty("test.src", ".") + "/" + pathToStores +
|
||||
"/" + trustStoreFile;
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -86,7 +86,7 @@ public class SSLSocketSSLEngineTemplate {
|
||||
/*
|
||||
* Enables logging of the SSL/TLS operations.
|
||||
*/
|
||||
private static boolean logging = true;
|
||||
private static final boolean logging = true;
|
||||
|
||||
/*
|
||||
* Enables the JSSE system debugging system property:
|
||||
@ -97,8 +97,8 @@ public class SSLSocketSSLEngineTemplate {
|
||||
* including specific handshake messages, and might be best examined
|
||||
* after gaining some familiarity with this application.
|
||||
*/
|
||||
private static boolean debug = false;
|
||||
private SSLContext sslc;
|
||||
private static final boolean debug = false;
|
||||
private final SSLContext sslc;
|
||||
private SSLEngine serverEngine; // server-side SSLEngine
|
||||
private SSLSocket sslSocket; // client-side socket
|
||||
private ServerSocket serverSocket; // server-side Socket, generates the...
|
||||
@ -128,10 +128,10 @@ public class SSLSocketSSLEngineTemplate {
|
||||
private static final String keyStoreFile = "keystore";
|
||||
private static final String trustStoreFile = "truststore";
|
||||
private static final String passwd = "passphrase";
|
||||
private static String keyFilename =
|
||||
private static final String keyFilename =
|
||||
System.getProperty("test.src", ".") + "/" + pathToStores
|
||||
+ "/" + keyStoreFile;
|
||||
private static String trustFilename =
|
||||
private static final String trustFilename =
|
||||
System.getProperty("test.src", ".") + "/" + pathToStores
|
||||
+ "/" + trustStoreFile;
|
||||
|
||||
@ -252,7 +252,7 @@ public class SSLSocketSSLEngineTemplate {
|
||||
byte[] outbound = new byte[8192];
|
||||
|
||||
while (!isEngineClosed(serverEngine)) {
|
||||
int len = 0;
|
||||
int len;
|
||||
|
||||
// Inbound data
|
||||
log("================");
|
||||
@ -326,7 +326,6 @@ public class SSLSocketSSLEngineTemplate {
|
||||
serverIn.compact();
|
||||
}
|
||||
}
|
||||
return;
|
||||
} catch (Exception e) {
|
||||
serverException = e;
|
||||
} finally {
|
||||
@ -384,13 +383,12 @@ public class SSLSocketSSLEngineTemplate {
|
||||
int pos = 0;
|
||||
|
||||
int len;
|
||||
done:
|
||||
while ((len = is.read(inbound, pos, 2048 - pos)) != -1) {
|
||||
pos += len;
|
||||
// Let the client do the closing.
|
||||
if ((pos == serverMsg.length) && !serverClose) {
|
||||
sslSocket.close();
|
||||
break done;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -33,7 +33,6 @@
|
||||
*/
|
||||
|
||||
import java.io.*;
|
||||
import java.net.*;
|
||||
import javax.net.ssl.*;
|
||||
|
||||
public class SSLSocketTemplate {
|
||||
@ -162,8 +161,9 @@ public class SSLSocketTemplate {
|
||||
System.setProperty("javax.net.ssl.trustStore", trustFilename);
|
||||
System.setProperty("javax.net.ssl.trustStorePassword", passwd);
|
||||
|
||||
if (debug)
|
||||
if (debug) {
|
||||
System.setProperty("javax.net.debug", "all");
|
||||
}
|
||||
|
||||
/*
|
||||
* Start the tests.
|
||||
@ -255,6 +255,7 @@ public class SSLSocketTemplate {
|
||||
void startServer(boolean newThread) throws Exception {
|
||||
if (newThread) {
|
||||
serverThread = new Thread() {
|
||||
@Override
|
||||
public void run() {
|
||||
try {
|
||||
doServerSide();
|
||||
@ -285,6 +286,7 @@ public class SSLSocketTemplate {
|
||||
void startClient(boolean newThread) throws Exception {
|
||||
if (newThread) {
|
||||
clientThread = new Thread() {
|
||||
@Override
|
||||
public void run() {
|
||||
try {
|
||||
doClientSide();
|
||||
|
||||
@ -36,6 +36,6 @@ public class OptimalListSize {
|
||||
public static void main(String[] args) throws Throwable {
|
||||
OptimalCapacity.ofArrayList(
|
||||
Class.forName("sun.security.ssl.ExtensionType"),
|
||||
"knownExtensions", 14);
|
||||
"knownExtensions", 15);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user