diff options
Diffstat (limited to 'nss/lib/ssl/sslenum.c')
-rw-r--r-- | nss/lib/ssl/sslenum.c | 59 |
1 files changed, 28 insertions, 31 deletions
diff --git a/nss/lib/ssl/sslenum.c b/nss/lib/ssl/sslenum.c index f69aed2..b5272d4 100644 --- a/nss/lib/ssl/sslenum.c +++ b/nss/lib/ssl/sslenum.c @@ -22,7 +22,11 @@ * * No-encryption cipher suites last * * Export/weak/obsolete cipher suites before no-encryption cipher suites * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA. - * * Within key agreement sections, order by symmetric encryption algorithm: + * * Within key agreement sections, prefer AEAD over non-AEAD cipher suites. + * * Within AEAD sections, order by symmetric encryption algorithm which + * integrates message authentication algorithm: AES-128-GCM, then + * ChaCha20-Poly1305, then AES-256-GCM, + * * Within non-AEAD sections, order by symmetric encryption algorithm: * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED, * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a * strong cipher internationally, and is often hardware-accelerated. @@ -30,16 +34,20 @@ * organizations. SEED is only recommended by the Korean government. 3DES * only provides 112 bits of security. RC4 is now deprecated or forbidden * by many standards organizations. + * * Within non-AEAD symmetric algorithm sections, order by message + * authentication algorithm: HMAC-SHA256, then HMAC-SHA384, then HMAC-SHA1, + * then HMAC-MD5. * * Within symmetric algorithm sections, order by message authentication * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. * * Within message authentication algorithm sections, order by asymmetric * signature algorithm: ECDSA, then RSA, then DSS. + * * As a special case, the PSK ciphers, which are only enabled when + * TLS 1.3 PSK-resumption is in use, come first. * * Exception: Because some servers ignore the high-order byte of the cipher * suite ID, we must be careful about adding cipher suites with IDs larger - * than 0x00ff; see bug 946147. For these broken servers, the first four cipher - * suites, with the MSB zeroed, look like: - * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } + * than 0x00ff; see bug 946147. For these broken servers, the first three + * cipher suites, with the MSB zeroed, look like: * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } @@ -47,9 +55,16 @@ * the third one. */ const PRUint16 SSL_ImplementedCiphers[] = { -#ifndef NSS_DISABLE_ECC + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. */ @@ -59,14 +74,18 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif /* NSS_DISABLE_ECC */ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, @@ -83,7 +102,6 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, -#ifndef NSS_DISABLE_ECC TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, @@ -92,9 +110,9 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, -#endif /* NSS_DISABLE_ECC */ TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, @@ -102,7 +120,6 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, @@ -110,44 +127,24 @@ const PRUint16 SSL_ImplementedCiphers[] = { /* 56-bit DES "domestic" cipher suites */ TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA, - SSL_RSA_FIPS_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, - /* export ciphersuites with 1024-bit public key exchange keys */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - - /* export ciphersuites with 512-bit public key exchange keys */ - TLS_RSA_EXPORT_WITH_RC4_40_MD5, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - /* ciphersuites with no encryption */ -#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, -#endif /* NSS_DISABLE_ECC */ TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_RSA_WITH_NULL_MD5, - /* SSL2 cipher suites. */ - SSL_EN_RC4_128_WITH_MD5, - SSL_EN_RC2_128_CBC_WITH_MD5, - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* actually 112, not 192 */ - SSL_EN_DES_64_CBC_WITH_MD5, - SSL_EN_RC4_128_EXPORT40_WITH_MD5, - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, - 0 - }; -const PRUint16 SSL_NumImplementedCiphers = +const PRUint16 SSL_NumImplementedCiphers = (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1; -const PRUint16 * +const PRUint16* SSL_GetImplementedCiphers(void) { return SSL_ImplementedCiphers; |