Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 897144 Details for
Bug 1078204
SSL connector fails to start if cipher-suite="ALL"
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to add support for OpenSSL syntax in defining ciphers
bz-1078204.patch (text/plain), 108.38 KB, created by
Emmanuel Hugonnet (ehsavoie)
on 2014-05-19 13:19:12 UTC
(
hide
)
Description:
Patch to add support for OpenSSL syntax in defining ciphers
Filename:
MIME Type:
Creator:
Emmanuel Hugonnet (ehsavoie)
Created:
2014-05-19 13:19:12 UTC
Size:
108.38 KB
patch
obsolete
>Index: src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (révision 2412) >+++ src/main/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (copie de travail) >@@ -205,59 +205,9 @@ > String[] enabledCiphers = null; > > if (requestedCiphers != null) { >- Vector vec = null; >- String cipher = requestedCiphers; >- int index = requestedCiphers.indexOf(','); >- if (index != -1) { >- int fromIndex = 0; >- while (index != -1) { >- cipher = requestedCiphers.substring(fromIndex, index).trim(); >- if (cipher.length() > 0) { >- /* >- * Check to see if the requested cipher is among the >- * supported ciphers, i.e., may be enabled >- */ >- for (int i=0; supportedCiphers != null >- && i<supportedCiphers.length; i++) { >- if (supportedCiphers[i].equals(cipher)) { >- if (vec == null) { >- vec = new Vector(); >- } >- vec.addElement(cipher); >- break; >- } >- } >- } >- fromIndex = index+1; >- index = requestedCiphers.indexOf(',', fromIndex); >- } // while >- cipher = requestedCiphers.substring(fromIndex); >- } >- >- if (cipher != null) { >- cipher = cipher.trim(); >- if (cipher.length() > 0) { >- /* >- * Check to see if the requested cipher is among the >- * supported ciphers, i.e., may be enabled >- */ >- for (int i=0; supportedCiphers != null >- && i<supportedCiphers.length; i++) { >- if (supportedCiphers[i].equals(cipher)) { >- if (vec == null) { >- vec = new Vector(); >- } >- vec.addElement(cipher); >- break; >- } >- } >- } >- } >- >- if (vec != null) { >- enabledCiphers = new String[vec.size()]; >- vec.copyInto(enabledCiphers); >- } else { >+ String[] ciphers = requestedCiphers.split(","); >+ enabledCiphers = JSSEUtils.getEnabledCiphers(ciphers, supportedCiphers); >+ if(enabledCiphers == null || enabledCiphers.length == 0) { > throw new IOException(MESSAGES.noCipherMatch()); // Like openssl. > } > } else { >Index: src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/JSSEUtils.java (copie de travail) >@@ -0,0 +1,58 @@ >+/* >+ * JBoss, Home of Professional Open Source. >+ * >+ * Copyright 2011 Red Hat, Inc. and/or its affiliates, and individual >+ * contributors as indicated by the @author tags. >+ * >+ * Licensed under the Apache License, Version 2.0 (the "License"); >+ * you may not use this file except in compliance with the License. >+ * You may obtain a copy of the License at >+ * >+ * http://www.apache.org/licenses/LICENSE-2.0 >+ * >+ * Unless required by applicable law or agreed to in writing, software >+ * distributed under the License is distributed on an "AS IS" BASIS, >+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >+ * See the License for the specific language governing permissions and >+ * limitations under the License. >+ */ >+package org.apache.tomcat.util.net.jsse; >+ >+import java.util.Arrays; >+import java.util.HashSet; >+import java.util.LinkedHashSet; >+import java.util.List; >+import java.util.Set; >+import org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationParser; >+ >+/** >+ * Utility methods. >+ * >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+public final class JSSEUtils { >+ >+ public static String[] getEnabledCiphers(final String[] cipherSuites, final String[] supportedCiphers) { >+ return resolveEnabledCipherSuite(cipherSuites, new HashSet<String>(Arrays.asList(supportedCiphers))); >+ } >+ >+ static String[] resolveEnabledCipherSuite(final String[] cipherSuites, final Set<String> supportedCiphers) { >+ Set<String> result = new LinkedHashSet<String>(); >+ if (cipherSuites.length == 1) { >+ List<String> enabledCiphers = OpenSSLCipherConfigurationParser.convertForJSSE(OpenSSLCipherConfigurationParser.parse(cipherSuites[0])); >+ for (String enabledCipher : enabledCiphers) { >+ if (supportedCiphers.contains(enabledCipher)) { >+ result.add(enabledCipher); >+ } >+ } >+ } else { >+ for (String enabledCipher : cipherSuites) { >+ if (supportedCiphers.contains(enabledCipher)) { >+ result.add(enabledCipher); >+ } >+ } >+ } >+ return result.toArray(new String[result.size()]); >+ } >+ >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/NioJSSESocketChannelFactory.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/NioJSSESocketChannelFactory.java (révision 2412) >+++ src/main/java/org/apache/tomcat/util/net/jsse/NioJSSESocketChannelFactory.java (copie de travail) >@@ -345,61 +345,13 @@ > String[] enabledCiphers = null; > SSLServerSocketFactory sslProxy = sslContext.getServerSocketFactory(); > if (requestedCiphers != null) { >- Vector<Object> vec = null; >- String cipher = requestedCiphers; >- int index = requestedCiphers.indexOf(','); >- if (index != -1) { >- int fromIndex = 0; >- while (index != -1) { >- cipher = requestedCiphers.substring(fromIndex, index).trim(); >- if (cipher.length() > 0) { >- /* >- * Check to see if the requested cipher is among the >- * supported ciphers, i.e., may be enabled >- */ >- for (int i = 0; supportedCiphers != null && i < supportedCiphers.length; i++) { >- if (supportedCiphers[i].equals(cipher)) { >- if (vec == null) { >- vec = new Vector<Object>(); >- } >- vec.addElement(cipher); >- break; >- } >- } >- } >- fromIndex = index + 1; >- index = requestedCiphers.indexOf(',', fromIndex); >- } // while >- cipher = requestedCiphers.substring(fromIndex); >- } >- >- if (cipher != null) { >- cipher = cipher.trim(); >- if (cipher.length() > 0) { >- /* >- * Check to see if the requested cipher is among the >- * supported ciphers, i.e., may be enabled >- */ >- for (int i = 0; supportedCiphers != null && i < supportedCiphers.length; i++) { >- if (supportedCiphers[i].equals(cipher)) { >- if (vec == null) { >- vec = new Vector<Object>(); >- } >- vec.addElement(cipher); >- break; >- } >- } >- } >- } >- >- if (vec != null) { >- enabledCiphers = new String[vec.size()]; >- vec.copyInto(enabledCiphers); >- } else { >- throw new IOException(MESSAGES.noCipherMatch()); // Like openssl. >- } >+ String[] ciphers = requestedCiphers.split(","); >+ enabledCiphers = JSSEUtils.getEnabledCiphers(ciphers, supportedCiphers); >+ if(enabledCiphers == null || enabledCiphers.length == 0) { >+ throw new IOException(MESSAGES.noCipherMatch()); // Like openssl. >+ } > } else { >- enabledCiphers = sslProxy.getDefaultCipherSuites(); >+ enabledCiphers = sslProxy.getDefaultCipherSuites(); > } > > return enabledCiphers; >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java (copie de travail) >@@ -0,0 +1,39 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse.openssl; >+ >+/** >+ * >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+public enum Authentication { >+ RSA /* RSA auth */, >+ DSS /* DSS auth */, >+ aNULL /* no auth (i.e. use ADH or AECDH) */, >+ DH /* Fixed DH auth (kDHd or kDHr) */, >+ ECDH /* Fixed ECDH auth (kECDHe or kECDHr) */, >+ KRB5 /* KRB5 auth */, >+ ECDSA/* ECDSA auth*/, >+ PSK /* PSK auth */, >+ GOST94 /* GOST R 34.10-94 signature auth */, >+ GOST01 /* GOST R 34.10-2001 */, >+ FZA /* Fortezza */; >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java (copie de travail) >@@ -0,0 +1,2304 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse.openssl; >+ >+/** >+ * All Ciphers for SSL/TSL. >+ * >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+public enum Ciphers { >+ /* The RSA ciphers */ >+ // Cipher 01 >+ SSL_RSA_WITH_NULL_MD5("NULL-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.eNULL, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ false, >+ 0, >+ 0), >+ // Cipher 02 >+ SSL_RSA_WITH_NULL_SHA("NULL-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.eNULL, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ true, >+ 0, >+ 0), >+ // Cipher 03 >+ SL_RSA_EXPORT_WITH_RC4_40_MD5("EXP-RC4-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128), >+ // Cipher 04 >+ SSL_RSA_WITH_RC4_128_MD5("RC4-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 05 >+ SSL_RSA_WITH_RC4_128_SHA("RC4-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 06 >+ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5("EXP-RC2-CBC-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC2, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128), >+ // Cipher 07 >+ SSL_RSA_WITH_IDEA_CBC_SHA("IDEA-CBC-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.IDEA, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 08 >+ SSL_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-DES-CBC-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 56), >+ // Cipher 09 >+ SSL_RSA_WITH_DES_CBC_SHA("DES-CBC-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56), >+ // Cipher 0A >+ SSL_RSA_WITH_3DES_EDE_CBC_SHA("DES-CBC3-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168), >+ /* The DH ciphers */ >+ // Cipher 0B >+ SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA("EXP-DH-DSS-DES-CBC-SHA", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 56), >+ // Cipher 0C >+ SSL_DH_DSS_WITH_DES_CBC_SHA("DH-DSS-DES-CBC-SHA", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56), >+ // Cipher 0D >+ SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA("DH-DSS-DES-CBC3-SHA", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168), >+ // Cipher 0E >+ SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-DH-RSA-DES-CBC-SHA", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 56), >+ // Cipher 0F >+ SSL_DH_RSA_WITH_DES_CBC_SHA("DH-RSA-DES-CBC-SHA", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56), >+ // Cipher 10 >+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA("DH-RSA-DES-CBC3-SHA", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168), >+ /* The Ephemeral DH ciphers */ >+ // Cipher 11 >+ SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA("EXP-EDH-DSS-DES-CBC-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 56), >+ // Cipher 12 >+ SSL_DHE_DSS_WITH_DES_CBC_SHA("EDH-DSS-DES-CBC-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56), >+ // Cipher 13 >+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA("EDH-DSS-DES-CBC3-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168), >+ // Cipher 14 >+ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-EDH-RSA-DES-CBC-SHA", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 56), >+ // Cipher 15 >+ TLS_DHE_RSA_WITH_DES_CBC_SHA("EDH-RSA-DES-CBC-SHA", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56), >+ // Cipher 16 >+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA("EDH-RSA-DES-CBC3-SHA", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168), >+ // Cipher 17 >+ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5("EXP-ADH-RC4-MD5", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128), >+ // Cipher 18 >+ TLS_DH_anon_WITH_RC4_128_MD5("ADH-RC4-MD5", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 19 >+ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA("EXP-ADH-DES-CBC-SHA", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128), >+ // Cipher 1A >+ TLS_DH_anon_WITH_DES_CBC_SHA("ADH-DES-CBC-SHA", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56), >+ // Cipher 1B >+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA("ADH-DES-CBC3-SHA", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168), >+ /* Fortezza ciphersuite from SSL 3.0 spec */ >+ // Cipher 1C >+ SSL_FORTEZZA_DMS_WITH_NULL_SHA("FZA-NULL-SHA", >+ KeyExchange.FZA, >+ Authentication.FZA, >+ Encryption.eNULL, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ false, >+ 0, >+ 0), >+ // Cipher 1D >+ SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA("FZA-FZA-CBC-SHA", >+ KeyExchange.FZA, >+ Authentication.FZA, >+ Encryption.FZA, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ false, >+ 0, >+ 0), >+ // Cipher 1E >+ SSL_FORTEZZA_DMS_WITH_RC4_128_SHA("FZA-RC4-SHA", >+ KeyExchange.FZA, >+ Authentication.FZA, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ /* The Kerberos ciphers*/ >+ // Cipher 1E >+ /*TLS_KRB5_WITH_DES_CBC_SHA("KRB5-DES-CBC-SHA", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56), >+ // Cipher 1F >+ TLS_KRB5_WITH_3DES_EDE_CBC_SHA("KRB5-DES-CBC3-SHA", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168), >+ // Cipher 20 >+ TLS_KRB5_WITH_RC4_128_SHA("KRB5-RC4-SHA", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 21 >+ TLS_KRB5_WITH_IDEA_CBC_SHA("KRB5-IDEA-CBC-SHA", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.IDEA, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 22 >+ TLS_KRB5_WITH_DES_CBC_MD5("KRB5-DES-CBC-MD5", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.DES, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56), >+ // Cipher 23 >+ TLS_KRB5_WITH_3DES_EDE_CBC_MD5("KRB5-DES-CBC3-MD5", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.TRIPLE_DES, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 168, >+ 168), >+ // Cipher 24 >+ TLS_KRB5_WITH_RC4_128_MD5("KRB5-RC4-MD5", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 25 >+ TLS_KRB5_WITH_IDEA_CBC_MD5("KRB5-IDEA-CBC-MD5", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.IDEA, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 26 >+ TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA("EXP-KRB5-DES-CBC-SHA", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 56), >+ // Cipher 27 >+ TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA("EXP-KRB5-RC2-CBC-SHA", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.RC2, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128), >+ // Cipher 28 >+ TLS_KRB5_EXPORT_WITH_RC4_40_SHA("EXP-KRB5-RC4-SHA", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128), >+ // Cipher 29 >+ TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5("EXP-KRB5-DES-CBC-MD5", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.DES, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 56), >+ // Cipher 2A >+ TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5("EXP-KRB5-RC2-CBC-MD5", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.RC2, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128), >+ // Cipher 2B >+ TLS_KRB5_EXPORT_WITH_RC4_40_MD5("EXP-KRB5-RC4-MD5", >+ KeyExchange.KRB5, >+ Authentication.KRB5, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.SSLv3, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128),*/ >+ /* New AES ciphersuites */ >+ // Cipher 2F >+ TLS_RSA_WITH_AES_128_CBC_SHA("AES128-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 30 >+ TLS_DH_DSS_WITH_AES_128_CBC_SHA("DH-DSS-AES128-SHA", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 31 >+ TLS_DH_RSA_WITH_AES_128_CBC_SHA("DH-RSA-AES128-SHA", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 32 >+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA("DHE-DSS-AES128-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 33 >+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA("DHE-RSA-AES128-SHA", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 34 >+ TLS_DH_anon_WITH_AES_128_CBC_SHA("ADH-AES128-SHA", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 35 >+ TLS_RSA_WITH_AES_256_CBC_SHA("AES256-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 36 >+ TLS_DH_DSS_WITH_AES_256_CBC_SHA("DH-DSS-AES256-SHA", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 37 >+ TLS_DH_RSA_WITH_AES_256_CBC_SHA("DH-RSA-AES256-SHA", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 38 >+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA("DHE-DSS-AES256-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 39 >+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA("DHE-RSA-AES256-SHA", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), // Cipher 3A >+ TLS_DH_anon_WITH_AES_256_CBC_SHA("ADH-AES256-SHA", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ /* TLS v1.2 ciphersuites */ >+ // Cipher 3B >+ TLS_RSA_WITH_NULL_SHA256("NULL-SHA256", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.eNULL, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ true, >+ 0, >+ 0), >+ // Cipher 3C >+ TLS_RSA_WITH_AES_128_CBC_SHA256("AES128-SHA256", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 3D >+ TLS_RSA_WITH_AES_256_CBC_SHA256("AES256-SHA256", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.AES256, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 3E >+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256("DH-DSS-AES128-SHA256", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 3F >+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256("DH-RSA-AES128-SHA256", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 40 >+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256("DHE-DSS-AES128-SHA256", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ /* Camellia ciphersuites from RFC4132 (128-bit portion) */ >+ // Cipher 41 >+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA("CAMELLIA128-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.CAMELLIA128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128), >+ // Cipher 42 >+ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA("DH-DSS-CAMELLIA128-SHA", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.CAMELLIA128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128), >+ // Cipher 43 >+ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA("DH-RSA-CAMELLIA128-SHA", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.CAMELLIA128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128), >+ // Cipher 44 >+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA("DHE-DSS-CAMELLIA128-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.CAMELLIA128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128), >+ // Cipher 45 >+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA("DHE-RSA-CAMELLIA128-SHA", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.CAMELLIA128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128), >+ // Cipher 46 >+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA("ADH-CAMELLIA128-SHA", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.CAMELLIA128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128), >+ /* New TLS Export CipherSuites from expired ID */ >+ // Cipher 60 >+ SSL_RSA_EXPORT1024_WITH_RC4_56_MD5("EXP1024-RC4-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.TLSv1, >+ true, >+ EncryptionLevel.EXP56, >+ false, >+ 56, >+ 128), >+ // Cipher 61 >+ SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD("EXP1024-RC2-CBC-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC2, >+ MessageDigest.MD5, >+ Protocol.TLSv1, >+ true, >+ EncryptionLevel.EXP56, >+ false, >+ 56, >+ 128), >+ // Cipher 62 >+ SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA("EXP1024-DES-CBC-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ true, >+ EncryptionLevel.EXP56, >+ false, >+ 56, >+ 56), >+ // Cipher 63 >+ SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA("EXP1024-DHE-DSS-DES-CBC-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ true, >+ EncryptionLevel.EXP56, >+ false, >+ 56, >+ 56), >+ // Cipher 64 >+ SSL_RSA_EXPORT1024_WITH_RC4_56_SHA("EXP1024-RC4-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ true, >+ EncryptionLevel.EXP56, >+ false, >+ 56, >+ 128), >+ // Cipher 65 >+ SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA("EXP1024-DHE-DSS-RC4-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ true, >+ EncryptionLevel.EXP56, >+ false, >+ 56, >+ 128), >+ // Cipher 66 >+ SSL_DHE_DSS_WITH_RC4_128_SHA("DHE-DSS-RC4-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ /* TLS v1.2 ciphersuites */ >+ // Cipher 67 >+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256("DHE-RSA-AES128-SHA256", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128), >+ // Cipher 68 >+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256("DH-DSS-AES256-SHA256", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.AES256, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 69 >+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256("DH-RSA-AES256-SHA256", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.AES256, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 6A >+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256("DHE-DSS-AES256-SHA256", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.AES256, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 6B >+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256("DHE-RSA-AES256-SHA256", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.AES256, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ // Cipher 6C >+ TLS_DH_anon_WITH_AES_128_CBC_SHA256("ADH-AES128-SHA256", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher 6D >+ TLS_DH_anon_WITH_AES_256_CBC_SHA256("ADH-AES256-SHA256", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.AES256, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256), >+ /* GOST Ciphersuites */ >+ TLS_GOSTR341094_WITH_28147_CNT_IMIT("GOST94-GOST89-GOST89", >+ KeyExchange.GOST, >+ Authentication.GOST94, >+ Encryption.eGOST2814789CNT, >+ MessageDigest.GOST89MAC, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256), >+ TLS_GOSTR341001_WITH_28147_CNT_IMIT("GOST2001-GOST89-GOST89", >+ KeyExchange.GOST, >+ Authentication.GOST01, >+ Encryption.eGOST2814789CNT, >+ MessageDigest.GOST89MAC, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256), >+ TLS_GOSTR341094_WITH_NULL_GOSTR3411("GOST94-NULL-GOST94", >+ KeyExchange.GOST, >+ Authentication.GOST94, >+ Encryption.eNULL, >+ MessageDigest.GOST94, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ false, >+ 0, >+ 0), >+ TLS_GOSTR341001_WITH_NULL_GOSTR3411("GOST2001-NULL-GOST94", >+ KeyExchange.GOST, >+ Authentication.GOST01, >+ Encryption.eNULL, >+ MessageDigest.GOST94, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ false, >+ 0, >+ 0), >+ /* Camellia ciphersuites from RFC4132 (256-bit portion) */ >+ // Cipher 84 >+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA("CAMELLIA256-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.CAMELLIA256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256), >+ // Cipher 85 >+ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA("DH-DSS-CAMELLIA256-SHA", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.CAMELLIA256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256), >+ // Cipher 86 >+ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SH("DH-RSA-CAMELLIA256-SHA", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.CAMELLIA256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256), >+ // Cipher 87 >+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA("DHE-DSS-CAMELLIA256-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.CAMELLIA256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256), >+ // Cipher 88 >+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA("DHE-RSA-CAMELLIA256-SHA", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.CAMELLIA256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256), // Cipher 89 >+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA("ADH-CAMELLIA256-SHA", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.CAMELLIA256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256), >+ // Cipher 8A >+ TLS_PSK_WITH_RC4_128_SHA("PSK-RC4-SHA", >+ KeyExchange.PSK, >+ Authentication.PSK, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128), >+ // Cipher 8B >+ TLS_PSK_WITH_3DES_EDE_CBC_SHA("PSK-3DES-EDE-CBC-SHA", >+ KeyExchange.PSK, >+ Authentication.PSK, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168 >+ ), >+ // Cipher 8C >+ TLS_PSK_WITH_AES_128_CBC_SHA("PSK-AES128-CBC-SHA", >+ KeyExchange.PSK, >+ Authentication.PSK, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher 8D >+ TLS_PSK_WITH_AES_256_CBC_SHA("PSK-AES256-CBC-SHA", >+ KeyExchange.PSK, >+ Authentication.PSK, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ /* SEED ciphersuites from RFC4162 */ >+ // Cipher 96 >+ TLS_RSA_WITH_SEED_CBC_SHA("SEED-SHA", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.SEED, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher 97 >+ TLS_DH_DSS_WITH_SEED_CBC_SHA("DH-DSS-SEED-SHA", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.SEED, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher 98 >+ TLS_DH_RSA_WITH_SEED_CBC_SHA("DH-RSA-SEED-SHA", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.SEED, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher 99 >+ TLS_DHE_DSS_WITH_SEED_CBC_SHA("DHE-DSS-SEED-SHA", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.SEED, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher 9A >+ TLS_DHE_RSA_WITH_SEED_CBC_SHA("DHE-RSA-SEED-SHA", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.SEED, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher 9B >+ TLS_DH_anon_WITH_SEED_CBC_SHA("ADH-SEED-SHA", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.SEED, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ /* GCM ciphersuites from RFC5288 */ >+ // Cipher 9C >+ TLS_RSA_WITH_AES_128_GCM_SHA256("AES128-GCM-SHA256", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher 9D >+ TLS_RSA_WITH_AES_256_GCM_SHA384("AES256-GCM-SHA384", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher 9E >+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256("DHE-RSA-AES128-GCM-SHA256", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher 9F >+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384("DHE-RSA-AES256-GCM-SHA384", >+ KeyExchange.EDH, >+ Authentication.RSA, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher A0 >+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256("DH-RSA-AES128-GCM-SHA256", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher A1 >+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384("DH-RSA-AES256-GCM-SHA384", >+ KeyExchange.DHr, >+ Authentication.DH, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher A2 >+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256("DHE-DSS-AES128-GCM-SHA256", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher A3 >+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384("DHE-DSS-AES256-GCM-SHA384", >+ KeyExchange.EDH, >+ Authentication.DSS, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher A4 >+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256("DH-DSS-AES128-GCM-SHA256", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher A5 >+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384("DH-DSS-AES256-GCM-SHA384", >+ KeyExchange.DHd, >+ Authentication.DH, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher A6 >+ TLS_DH_anon_WITH_AES_128_GCM_SHA256("ADH-AES128-GCM-SHA256", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher A7 >+ TLS_DH_anon_WITH_AES_256_GCM_SHA384("ADH-AES256-GCM-SHA384", >+ KeyExchange.EDH, >+ Authentication.aNULL, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ >+ // Cipher C001 >+ TLS_ECDH_ECDSA_WITH_NULL_SHA("ECDH-ECDSA-NULL-SHA", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.eNULL, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ true, >+ 0, >+ 0 >+ ), >+ // Cipher C002 >+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA("ECDH-ECDSA-RC4-SHA", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher C003 >+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA("ECDH-ECDSA-DES-CBC3-SHA", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168 >+ ), >+ // Cipher C004 >+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA("ECDH-ECDSA-AES128-SHA", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C005 >+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA("ECDH-ECDSA-AES256-SHA", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C006 >+ TLS_ECDHE_ECDSA_WITH_NULL_SHA("ECDHE-ECDSA-NULL-SHA", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.eNULL, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ true, >+ 0, >+ 0 >+ ), >+ // Cipher C007 >+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA("ECDHE-ECDSA-RC4-SHA", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher C008 >+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA("ECDHE-ECDSA-DES-CBC3-SHA", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168 >+ ), >+ // Cipher C009 >+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA("ECDHE-ECDSA-AES128-SHA", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C00A >+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA("ECDHE-ECDSA-AES256-SHA", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C00B >+ TLS_ECDH_RSA_WITH_NULL_SHA("ECDH-RSA-NULL-SHA", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.eNULL, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ true, >+ 0, >+ 0 >+ ), >+ // Cipher C00C >+ TLS_ECDH_RSA_WITH_RC4_128_SHA("ECDH-RSA-RC4-SHA", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher C00D >+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA("ECDH-RSA-DES-CBC3-SHA", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168 >+ ), >+ // Cipher C00E >+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA("ECDH-RSA-AES128-SHA", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C00F >+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA("ECDH-RSA-AES256-SHA", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ TLS_ECDHE_RSA_WITH_NULL_SHA("ECDHE-RSA-NULL-SHA", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.eNULL, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ true, >+ 0, >+ 0 >+ ), >+ // Cipher C011 >+ TLS_ECDHE_RSA_WITH_RC4_128_SHA("ECDHE-RSA-RC4-SHA", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher C012 >+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA("ECDHE-RSA-DES-CBC3-SHA", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168 >+ ), >+ // Cipher C013 >+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA("ECDHE-RSA-AES128-SHA", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C014 >+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA("ECDHE-RSA-AES256-SHA", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C015 >+ TLS_ECDH_anon_WITH_NULL_SHA("AECDH-NULL-SHA", >+ KeyExchange.EECDH, >+ Authentication.aNULL, >+ Encryption.eNULL, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.STRONG_NONE, >+ true, >+ 0, >+ 0 >+ ), >+ // Cipher C016 >+ TLS_ECDH_anon_WITH_RC4_128_SHA("AECDH-RC4-SHA", >+ KeyExchange.EECDH, >+ Authentication.aNULL, >+ Encryption.RC4, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher C017 >+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA("AECDH-DES-CBC3-SHA", >+ KeyExchange.EECDH, >+ Authentication.aNULL, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 168, >+ 168 >+ ), >+ // Cipher C018 >+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA("AECDH-AES128-SHA", >+ KeyExchange.EECDH, >+ Authentication.aNULL, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C019 >+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA("AECDH-AES256-SHA", >+ KeyExchange.EECDH, >+ Authentication.aNULL, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ /* SRP ciphersuite from RFC 5054 */ >+ // Cipher C01A >+ TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA("SRP-3DES-EDE-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.aNULL, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 168, >+ 168 >+ ), >+ // Cipher C01B >+ TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA("SRP-RSA-3DES-EDE-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.RSA, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 168, >+ 168 >+ ), >+ // Cipher C01C >+ TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA("SRP-DSS-3DES-EDE-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.DSS, >+ Encryption.TRIPLE_DES, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 168, >+ 168 >+ ), >+ // Cipher C01D >+ TLS_SRP_SHA_WITH_AES_128_CBC_SHA("SRP-AES-128-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.aNULL, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher C01E >+ TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA("SRP-RSA-AES-128-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.RSA, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher C01F >+ TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA("SRP-DSS-AES-128-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.DSS, >+ Encryption.AES128, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 128, >+ 128 >+ ), >+ // Cipher C020 >+ TLS_SRP_SHA_WITH_AES_256_CBC_SHA("SRP-AES-256-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.aNULL, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256 >+ ), >+ // Cipher C021 >+ TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA("SRP-RSA-AES-256-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.RSA, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256 >+ ), >+ // Cipher C022 >+ TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA("SRP-DSS-AES-256-CBC-SHA", >+ KeyExchange.SRP, >+ Authentication.DSS, >+ Encryption.AES256, >+ MessageDigest.SHA1, >+ Protocol.TLSv1, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 256, >+ 256 >+ ), >+ /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ >+ // Cipher C023 >+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256("ECDHE-ECDSA-AES128-SHA256", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C024 >+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384("ECDHE-ECDSA-AES256-SHA384", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.AES256, >+ MessageDigest.SHA384, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C025 >+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256("ECDH-ECDSA-AES128-SHA256", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C026 >+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384("ECDH-ECDSA-AES256-SHA384", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.AES256, >+ MessageDigest.SHA384, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C027 >+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256("ECDHE-RSA-AES128-SHA256", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C028 >+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384("ECDHE-RSA-AES256-SHA384", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.AES256, >+ MessageDigest.SHA384, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C029 >+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256("ECDH-RSA-AES128-SHA256", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.AES128, >+ MessageDigest.SHA256, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C02A >+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384("ECDH-RSA-AES256-SHA384", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.AES256, >+ MessageDigest.SHA384, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ /* GCM based TLS v1.2 ciphersuites from RFC5289 */ >+ // Cipher C02B >+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256("ECDHE-ECDSA-AES128-GCM-SHA256", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C02C >+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384("ECDHE-ECDSA-AES256-GCM-SHA384", >+ KeyExchange.EECDH, >+ Authentication.ECDSA, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C02D >+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256("ECDH-ECDSA-AES128-GCM-SHA256", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C02E >+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384("ECDH-ECDSA-AES256-GCM-SHA384", >+ KeyExchange.ECDHe, >+ Authentication.ECDH, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C02F >+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256("ECDHE-RSA-AES128-GCM-SHA256", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C030 >+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("ECDHE-RSA-AES256-GCM-SHA384", >+ KeyExchange.EECDH, >+ Authentication.RSA, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // Cipher C031 >+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("ECDH-RSA-AES128-GCM-SHA256", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.AES128GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 128, >+ 128 >+ ), >+ // Cipher C032 >+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("ECDH-RSA-AES256-GCM-SHA384", >+ KeyExchange.ECDHr, >+ Authentication.ECDH, >+ Encryption.AES256GCM, >+ MessageDigest.AEAD, >+ Protocol.TLSv1_2, >+ false, >+ EncryptionLevel.HIGH, >+ true, >+ 256, >+ 256 >+ ), >+ // RC4_128_WITH_MD5 >+ SSL_CK_RC4_128_WITH_MD5("RC4-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.SSLv2, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // RC4_128_EXPORT40_WITH_MD5 >+ SSL_CK_RC4_128_EXPORT40_WITH_MD5("EXP-RC4-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC4, >+ MessageDigest.MD5, >+ Protocol.SSLv2, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128 >+ ), >+ // RC2_128_CBC_WITH_MD5 >+ SSL_CK_RC2_128_CBC_WITH_MD5("RC2-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC2, >+ MessageDigest.MD5, >+ Protocol.SSLv2, >+ false, >+ EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // RC2_128_CBC_EXPORT40_WITH_MD5 >+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5("EXP-RC2-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.RC2, >+ MessageDigest.MD5, >+ Protocol.SSLv2, >+ true, >+ EncryptionLevel.EXP40, >+ false, >+ 40, >+ 128 >+ ), >+ // IDEA_128_CBC_WITH_MD5 >+ SSL_CK_IDEA_128_CBC_WITH_MD5("IDEA-CBC-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.IDEA, >+ MessageDigest.MD5, >+ Protocol.SSLv2, >+ false, EncryptionLevel.MEDIUM, >+ false, >+ 128, >+ 128 >+ ), >+ // DES_64_CBC_WITH_MD5 >+ SSL_CK_DES_64_CBC_WITH_MD5("DES-CBC-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.DES, >+ MessageDigest.MD5, >+ Protocol.SSLv2, >+ false, >+ EncryptionLevel.LOW, >+ false, >+ 56, >+ 56 >+ ), >+ // DES_192_EDE3_CBC_WITH_MD5 >+ SSL_CK_DES_192_EDE3_CBC_WITH_MD5("DES-CBC3-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.TRIPLE_DES, >+ MessageDigest.MD5, >+ Protocol.SSLv2, >+ false, >+ EncryptionLevel.HIGH, >+ false, >+ 168, >+ 168 >+ ); >+ >+ /* TEMP_GOST_TLS*/ >+ /* >+ // Cipher FF00 >+ TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5("GOST-MD5", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.eGOST2814789CNT, >+ MessageDigest.MD5, >+ Protocol.TLSv1, >+ false, EncryptionLevel.HIGH,false, >+ >+ 256, >+ 256, >+ ), >+ TLS_RSA_WITH_28147_CNT_GOST94( >+ "GOST-GOST94", >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.eGOST2814789CNT, >+ MessageDigest.GOST94, >+ Protocol.TLSv1, >+ false, EncryptionLevel.HIGH,false, >+ >+ 256, >+ 256 >+ ), >+ { >+ 1, >+ "GOST-GOST89MAC", >+ 0x0300ff02, >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.eGOST2814789CNT, >+ MessageDigest.GOST89MAC, >+ Protocol.TLSv1, >+ false, EncryptionLevel.HIGH,false, >+ >+ 256, >+ 256 >+ ), >+ { >+ 1, >+ "GOST-GOST89STREAM", >+ 0x0300ff03, >+ KeyExchange.RSA, >+ Authentication.RSA, >+ Encryption.eGOST2814789CNT, >+ MessageDigest.GOST89MAC, >+ Protocol.TLSv1, >+ false, EncryptionLevel.HIGH,false, >+ >+ 256, >+ 256 >+ };*/ >+ private final String openSSLAlias; >+ private final KeyExchange kx; >+ private final Authentication au; >+ private final Encryption enc; >+ private final MessageDigest mac; >+ private final Protocol protocol; >+ private final boolean export; >+ private final EncryptionLevel level; >+ private final boolean fipsCompatible; >+ /** >+ * Number of bits really used >+ */ >+ private final int strength_bits; >+ /** >+ * Number of bits for algorithm >+ */ >+ private final int alg_bits; >+ >+ Ciphers(String openSSLAlias, KeyExchange kx, Authentication au, >+ Encryption enc, MessageDigest mac, Protocol protocol, boolean export, >+ EncryptionLevel level, boolean fipsCompatible, int strength_bits, >+ int alg_bits) { >+ this.openSSLAlias = openSSLAlias; >+ this.kx = kx; >+ this.au = au; >+ this.enc = enc; >+ this.mac = mac; >+ this.protocol = protocol; >+ this.export = export; >+ this.level = level; >+ this.fipsCompatible = fipsCompatible; >+ this.strength_bits = strength_bits; >+ this.alg_bits = alg_bits; >+ } >+ >+ public String getOpenSSLAlias() { >+ return openSSLAlias; >+ } >+ >+ public KeyExchange getKx() { >+ return kx; >+ } >+ >+ public Authentication getAu() { >+ return au; >+ } >+ >+ public Encryption getEnc() { >+ return enc; >+ } >+ >+ public MessageDigest getMac() { >+ return mac; >+ } >+ >+ public Protocol getProtocol() { >+ return protocol; >+ } >+ >+ public boolean isExport() { >+ return export; >+ } >+ >+ public EncryptionLevel getLevel() { >+ return level; >+ } >+ >+ public boolean isFipsCompatible() { >+ return fipsCompatible; >+ } >+ >+ public int getStrength_bits() { >+ return strength_bits; >+ } >+ >+ public int getAlg_bits() { >+ return alg_bits; >+ } >+ >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java (copie de travail) >@@ -0,0 +1,35 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse.openssl; >+ >+/** >+ * >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 >+ * Red Hat, inc. >+ */ >+public enum Encryption { >+ >+ AES256GCM, AES256, AES128GCM, AES128, CAMELLIA256, CAMELLIA128, TRIPLE_DES, DES, IDEA, eGOST2814789CNT, SEED, FZA, RC4, RC2, eNULL; >+ >+ public boolean isAES() { >+ return this == AES128 || this == AES256 || this == AES128GCM || this == AES256GCM; >+ } >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java (copie de travail) >@@ -0,0 +1,29 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse.openssl; >+ >+/** >+ * >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+public enum EncryptionLevel { >+ STRONG_NONE, EXP40, EXP56, LOW, MEDIUM, HIGH, FIPS; >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java (copie de travail) >@@ -0,0 +1,40 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse.openssl; >+ >+/** >+ * >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+public enum KeyExchange { >+ EECDH /* ephemeral ECDH */, >+ RSA /* RSA key exchange */, >+ DHr /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */, >+ DHd /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */, >+ EDH /* tmp DH key no DH cert */, >+ PSK /* PSK */, >+ FZA /* Fortezza */ /* no such ciphersuite supported! */, >+ KRB5 /* Kerberos 5 key exchange */, >+ ECDHr /* ECDH cert, RSA CA cert */, >+ ECDHe /* ECDH cert, ECDSA CA cert */, >+ GOST /* GOST key exchange */, >+ SRP /* SRP */; >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java (copie de travail) >@@ -0,0 +1,29 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse.openssl; >+ >+/** >+ * >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+public enum MessageDigest { >+ MD5, SHA1, GOST94, GOST89MAC, SHA256, SHA384, AEAD; >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java (copie de travail) >@@ -0,0 +1,572 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse.openssl; >+ >+import java.util.ArrayList; >+import java.util.Arrays; >+import java.util.Collection; >+import java.util.Collections; >+import java.util.HashSet; >+import java.util.LinkedHashMap; >+import java.util.LinkedHashSet; >+import java.util.List; >+import java.util.Map; >+import java.util.Set; >+ >+/** >+ * Class in charge with parsing openSSL expressions to define a list of ciphers. >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+public class OpenSSLCipherConfigurationParser { >+ >+ /** >+ * System property key to define the DEFAULT ciphers. >+ */ >+ public static final String DEFAULT_EXPRESSION_KEY = "openssl.default.ciphers"; >+ >+ private static boolean initialized = false; >+ >+ private static final String SEPARATOR = ":"; >+ /** >+ * If ! is used then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list >+ * even if they are explicitly stated. >+ */ >+ private final static String EXCLUDE = "!"; >+ /** >+ * If - is used then the ciphers are deleted from the list, but some or all of the ciphers can be added again by later >+ * options. >+ */ >+ private static final String DELETE = "-"; >+ /** >+ * If + is used then the ciphers are moved to the end of the list. This option doesn't add any new ciphers it just moves >+ * matching existing ones. >+ */ >+ private static final String TO_END = "+"; >+ /** >+ * All ciphers by their openssl alias name. >+ */ >+ private static final Map<String, List<Ciphers>> aliases = new LinkedHashMap<String, List<Ciphers>>(); >+ >+ /** >+ * the 'NULL' ciphers that is those offering no encryption. Because these offer no encryption at all and are a security risk >+ * they are disabled unless explicitly included. >+ */ >+ private static final String eNULL = "eNULL"; >+ /** >+ * The cipher suites offering no authentication. This is currently the anonymous DH algorithms. T These cipher suites are >+ * vulnerable to a 'man in the middle' attack and so their use is normally discouraged. >+ */ >+ private static final String aNULL = "aNULL"; >+ >+ /** >+ * 'high' encryption cipher suites. This currently means those with key lengths larger than 128 bits, and some cipher suites >+ * with 128-bit keys. >+ */ >+ private static final String HIGH = "HIGH"; >+ /** >+ * 'medium' encryption cipher suites, currently some of those using 128 bit encryption. >+ */ >+ private static final String MEDIUM = "MEDIUM"; >+ /** >+ * 'low' encryption cipher suites, currently those using 64 or 56 bit encryption algorithms but excluding export cipher >+ * suites. >+ */ >+ private static final String LOW = "LOW"; >+ /** >+ * Export encryption algorithms. Including 40 and 56 bits algorithms. >+ */ >+ private static final String EXPORT = "EXPORT"; >+ /** >+ * 40 bit export encryption algorithms. >+ */ >+ private static final String EXPORT40 = "EXPORT40"; >+ /** >+ * 56 bit export encryption algorithms. >+ */ >+ private static final String EXPORT56 = "EXPORT56"; >+ /** >+ * Cipher suites using RSA key exchange. >+ */ >+ private static final String kRSA = "kRSA"; >+ /** >+ * Cipher suites using RSA authentication. >+ */ >+ private static final String aRSA = "aRSA"; >+ /** >+ * Cipher suites using RSA for key exchange or for authentication. >+ */ >+ private static final String RSA = "RSA"; >+ /** >+ * Cipher suites using ephemeral DH key agreement. >+ */ >+ private static final String kEDH = "kEDH"; >+ /** >+ * Cipher suites using ephemeral DH key agreement. equivalent to kEDH:-ADH >+ */ >+ private static final String EDH = "EDH"; >+ /** >+ * Cipher suites using DH key agreement and DH certificates signed by CAs with RSA keys. >+ */ >+ private static final String kDHr = "kDHr"; >+ /** >+ * Cipher suites using DH key agreement and DH certificates signed by CAs with DSS keys. >+ */ >+ private static final String kDHd = "kDHd"; >+ /** >+ * Cipher suites using DH key agreement and DH certificates signed by CAs with RSA or DSS keys. >+ */ >+ private static final String kDH = "kDH"; >+ /** >+ * Cipher suites using DSS authentication, i.e. the certificates carry DSS keys. >+ */ >+ private static final String aDSS = "aDSS"; >+ /** >+ * Cipher suites effectively using DH authentication, i.e. the certificates carry DH keys. >+ */ >+ private static final String aDH = "aDH"; >+ /** >+ * Ciphers suites using FORTEZZA key exchange algorithms. >+ */ >+ private static final String kFZA = "kFZA"; >+ /** >+ * Ciphers suites using FORTEZZA authentication algorithms. >+ */ >+ private static final String aFZA = "aFZA"; >+ /** >+ * Ciphers suites using FORTEZZA encryption algorithms. >+ */ >+ private static final String eFZA = "eFZA"; >+ /** >+ * Ciphers suites using all FORTEZZA algorithms. >+ */ >+ private static final String FZA = "FZA"; >+ /** >+ * TLS v1.2 cipher suites. Note: there are no cipher suites specific to TLS v1.1. >+ */ >+ private static final String TLSv1_2 = "TLSv1_2"; >+ /** >+ * TLS v1.0 cipher suites. >+ */ >+ private static final String TLSv1 = "TLSv1"; >+ /** >+ * SSL v2.0 cipher suites. >+ */ >+ private static final String SSLv2 = "SSLv2"; >+ /** >+ * SSL v3.0 cipher suites. >+ */ >+ private static final String SSLv3 = "SSLv3"; >+ /** >+ * Cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH. >+ */ >+ private static final String DH = "DH"; >+ /** >+ * Anonymous DH cipher suites. >+ */ >+ private static final String ADH = "ADH"; >+ /** >+ * Cipher suites using 128 bit AES. >+ */ >+ private static final String AES128 = "AES128"; >+ /** >+ * Cipher suites using 256 bit AE. >+ */ >+ private static final String AES256 = "AES256"; >+ /** >+ * Cipher suites using either 128 or 256 bit AES. >+ */ >+ private static final String AES = "AES"; >+ /** >+ * AES in Galois Counter Mode (GCM): these cipher suites are only supported in TLS v1.2. >+ */ >+ private static final String AESGCM = "AESGCM"; >+ /** >+ * Cipher suites using 128 bit CAMELLIA. >+ */ >+ private static final String CAMELLIA128 = "CAMELLIA128"; >+ /** >+ * Cipher suites using 256 bit CAMELLIA. >+ */ >+ private static final String CAMELLIA256 = "CAMELLIA256"; >+ /** >+ * Cipher suites using either 128 or 256 bit CAMELLIA. >+ */ >+ private static final String CAMELLIA = "CAMELLIA"; >+ /** >+ * Cipher suites using triple DES. >+ */ >+ private static final String TRIPLE_DES = "3DES"; >+ /** >+ * Cipher suites using DES (not triple DES). >+ */ >+ private static final String DES = "DES"; >+ /** >+ * Cipher suites using RC4. >+ */ >+ private static final String RC4 = "RC4"; >+ /** >+ * Cipher suites using RC2. >+ */ >+ private static final String RC2 = "RC2"; >+ /** >+ * Cipher suites using IDEA. >+ */ >+ private static final String IDEA = "IDEA"; >+ /** >+ * Cipher suites using SEED. >+ */ >+ private static final String SEED = "SEED"; >+ /** >+ * Cipher suites using MD5. >+ */ >+ private static final String MD5 = "MD5"; >+ /** >+ * Cipher suites using SHA1. >+ */ >+ private static final String SHA1 = "SHA1"; >+ /** >+ * Cipher suites using SHA1. >+ */ >+ private static final String SHA = "SHA"; >+ /** >+ * Cipher suites using SHA256. >+ */ >+ private static final String SHA256 = "SHA256"; >+ /** >+ * Cipher suites using SHA384. >+ */ >+ private static final String SHA384 = "SHA384"; >+ /** >+ * Cipher suites using KRB5. >+ */ >+ private static final String KRB5 = "KRB5"; >+ /** >+ * Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication. >+ */ >+ private static final String aGOST = "aGOST"; >+ /** >+ * Cipher suites using GOST R 34.10-2001 for authentication. >+ */ >+ private static final String aGOST01 = "aGOST01"; >+ /** >+ * Cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94 standard has been expired so use GOST R >+ * 34.10-2001) >+ */ >+ private static final String aGOST94 = "aGOST94"; >+ /** >+ * Cipher suites using using VKO 34.10 key exchange, specified in the RFC 4357. >+ */ >+ private static final String kGOST = "kGOST"; >+ /** >+ * Cipher suites, using HMAC based on GOST R 34.11-94. >+ */ >+ private static final String GOST94 = "GOST94"; >+ /** >+ * Cipher suites using GOST 28147-89 MAC instead of HMAC. >+ */ >+ private static final String GOST89MAC = "GOST89MAC"; >+ /** >+ * Cipher suites using pre-shared keys (PSK). >+ */ >+ private static final String PSK = "PSK"; >+ >+ private static final String DEFAULT = "DEFAULT"; >+ private static final String COMPLEMENTOFDEFAULT = "COMPLEMENTOFDEFAULT"; >+ >+ private static final String ALL = "ALL"; >+ private static final String COMPLEMENTOFALL = "COMPLEMENTOFALL"; >+ >+ private static final void init() { >+ >+ for (Ciphers cipher : Ciphers.values()) { >+ String alias = cipher.getOpenSSLAlias(); >+ if (aliases.containsKey(alias)) { >+ aliases.get(alias).add(cipher); >+ } else { >+ List<Ciphers> list = new ArrayList<Ciphers>(); >+ list.add(cipher); >+ aliases.put(alias, list); >+ } >+ aliases.put(cipher.name(), Collections.singletonList(cipher)); >+ } >+ List<Ciphers> allCiphers = Arrays.asList(Ciphers.values()); >+ Collections.reverse(allCiphers); >+ LinkedHashSet<Ciphers> all = defaultSort(new LinkedHashSet<Ciphers>(allCiphers)); >+ addListAlias(ALL, all); >+ addListAlias(HIGH, filterByEncryptionLevel(all, Collections.singleton(EncryptionLevel.HIGH))); >+ addListAlias(MEDIUM, filterByEncryptionLevel(all, Collections.singleton(EncryptionLevel.MEDIUM))); >+ addListAlias(LOW, filterByEncryptionLevel(all, Collections.singleton(EncryptionLevel.LOW))); >+ addListAlias(EXPORT, filterByEncryptionLevel(all, new HashSet<EncryptionLevel>(Arrays.asList(EncryptionLevel.EXP40, EncryptionLevel.EXP56)))); >+ aliases.put("EXP", aliases.get(EXPORT)); >+ addListAlias(EXPORT40, filterByEncryptionLevel(all, Collections.singleton(EncryptionLevel.EXP40))); >+ addListAlias(EXPORT56, filterByEncryptionLevel(all, Collections.singleton(EncryptionLevel.EXP56))); >+ addListAlias(eNULL, filterByEncryption(all, Collections.singleton(Encryption.eNULL))); >+ aliases.put("NULL", aliases.get(eNULL)); >+ aliases.put(COMPLEMENTOFALL, aliases.get(eNULL)); >+ addListAlias(aNULL, filterByAuthentication(all, Collections.singleton(Authentication.aNULL))); >+ addListAlias(kRSA, filterByKeyExchange(all, Collections.singleton(KeyExchange.RSA))); >+ addListAlias(aRSA, filterByAuthentication(all, Collections.singleton(Authentication.RSA))); >+ addListAlias(RSA, filter(all, null, Collections.singleton(KeyExchange.RSA), Collections.singleton(Authentication.RSA), null, null, null)); >+ addListAlias(kEDH, filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH))); >+ Set<Ciphers> edh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)); >+ edh.removeAll(filterByAuthentication(all, Collections.singleton(Authentication.DH))); >+ addListAlias(EDH, edh); >+ addListAlias(kDHr, filterByKeyExchange(all, Collections.singleton(KeyExchange.DHr))); >+ addListAlias(kDHd, filterByKeyExchange(all, Collections.singleton(KeyExchange.DHd))); >+ addListAlias(kDH, filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd)))); >+ addListAlias(aDSS, filterByAuthentication(all, Collections.singleton(Authentication.DSS))); >+ aliases.put("DSS", aliases.get(aDSS)); >+ addListAlias(aDH, filterByAuthentication(all, Collections.singleton(Authentication.DH))); >+ addListAlias(kFZA, filterByKeyExchange(all, Collections.singleton(KeyExchange.FZA))); >+ addListAlias(aFZA, filterByAuthentication(all, Collections.singleton(Authentication.FZA))); >+ addListAlias(eFZA, filterByEncryption(all, Collections.singleton(Encryption.FZA))); >+ addListAlias(FZA, filter(all, null, Collections.singleton(KeyExchange.FZA), Collections.singleton(Authentication.FZA), Collections.singleton(Encryption.FZA), null, null)); >+ addListAlias(TLSv1_2, filterByProtocol(all, Collections.singleton(Protocol.TLSv1_2))); >+ addListAlias("TLSv1.1", filterByProtocol(all, Collections.singleton(Protocol.SSLv3))); >+ addListAlias(TLSv1, filterByProtocol(all, Collections.singleton(Protocol.TLSv1))); >+ addListAlias(SSLv3, filterByProtocol(all, Collections.singleton(Protocol.SSLv3))); >+ addListAlias(SSLv2, filterByProtocol(all, Collections.singleton(Protocol.SSLv2))); >+ addListAlias(DH, filterByKeyExchange(all, new HashSet<KeyExchange>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd, KeyExchange.EDH)))); >+ Set<Ciphers> adh = filterByKeyExchange(all, Collections.singleton(KeyExchange.EDH)); >+ adh.retainAll(filterByAuthentication(all, Collections.singleton(Authentication.aNULL))); >+ addListAlias(ADH, adh); >+ addListAlias(AES128, filterByEncryption(all, new HashSet<Encryption>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM)))); >+ addListAlias(AES256, filterByEncryption(all, new HashSet<Encryption>(Arrays.asList(Encryption.AES256, Encryption.AES256GCM)))); >+ addListAlias(AES, filterByEncryption(all, new HashSet<Encryption>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM, Encryption.AES256, Encryption.AES256GCM)))); >+ addListAlias(AESGCM, filterByEncryption(all, new HashSet<Encryption>(Arrays.asList(Encryption.AES128GCM, Encryption.AES256GCM)))); >+ addListAlias(CAMELLIA, filterByEncryption(all, new HashSet<Encryption>(Arrays.asList(Encryption.CAMELLIA128, Encryption.CAMELLIA256)))); >+ addListAlias(CAMELLIA128, filterByEncryption(all, Collections.singleton(Encryption.CAMELLIA128))); >+ addListAlias(CAMELLIA256, filterByEncryption(all, Collections.singleton(Encryption.CAMELLIA256))); >+ addListAlias(TRIPLE_DES, filterByEncryption(all, Collections.singleton(Encryption.TRIPLE_DES))); >+ addListAlias(DES, filterByEncryption(all, Collections.singleton(Encryption.DES))); >+ addListAlias(RC4, filterByEncryption(all, Collections.singleton(Encryption.RC4))); >+ addListAlias(RC2, filterByEncryption(all, Collections.singleton(Encryption.RC2))); >+ addListAlias(IDEA, filterByEncryption(all, Collections.singleton(Encryption.IDEA))); >+ addListAlias(SEED, filterByEncryption(all, Collections.singleton(Encryption.SEED))); >+ addListAlias(MD5, filterByMessageDigest(all, Collections.singleton(MessageDigest.MD5))); >+ addListAlias(SHA1, filterByMessageDigest(all, Collections.singleton(MessageDigest.SHA1))); >+ aliases.put(SHA, aliases.get(SHA1)); >+ addListAlias(SHA256, filterByMessageDigest(all, Collections.singleton(MessageDigest.SHA256))); >+ addListAlias(SHA384, filterByMessageDigest(all, Collections.singleton(MessageDigest.SHA384))); >+ addListAlias(aGOST, filterByAuthentication(all, new HashSet<Authentication>(Arrays.asList(Authentication.GOST01, Authentication.GOST94)))); >+ addListAlias(aGOST01, filterByAuthentication(all, Collections.singleton(Authentication.GOST01))); >+ addListAlias(aGOST94, filterByAuthentication(all, Collections.singleton(Authentication.GOST94))); >+ addListAlias(kGOST, filterByKeyExchange(all, Collections.singleton(KeyExchange.GOST))); >+ addListAlias(GOST94, filterByMessageDigest(all, Collections.singleton(MessageDigest.GOST94))); >+ addListAlias(GOST89MAC, filterByMessageDigest(all, Collections.singleton(MessageDigest.GOST89MAC))); >+ addListAlias(PSK, filter(all, null, Collections.singleton(KeyExchange.PSK), Collections.singleton(Authentication.PSK), null, null, null)); >+ addListAlias(KRB5, filter(all, null, Collections.singleton(KeyExchange.KRB5), Collections.singleton(Authentication.KRB5), null, null, null)); >+ initialized = true; >+ String defaultExpression = System.getProperty(DEFAULT_EXPRESSION_KEY, "ALL:!eNULL:!aNULL"); >+ addListAlias(DEFAULT, parse(defaultExpression)); >+ LinkedHashSet<Ciphers> complementOfDefault = new LinkedHashSet<Ciphers>(all); >+ complementOfDefault.removeAll(aliases.get(DEFAULT)); >+ addListAlias(COMPLEMENTOFDEFAULT, complementOfDefault); >+ } >+ >+ static void addListAlias(String alias, Set<Ciphers> ciphers) { >+ aliases.put(alias, new ArrayList<Ciphers>(ciphers)); >+ } >+ >+ static void moveToEnd(final LinkedHashSet<Ciphers> ciphers, final String alias) { >+ moveToEnd(ciphers, aliases.get(alias)); >+ } >+ >+ static void moveToEnd(final LinkedHashSet<Ciphers> ciphers, final Collection<Ciphers> toBeMovedCiphers) { >+ ciphers.removeAll(toBeMovedCiphers); >+ ciphers.addAll(toBeMovedCiphers); >+ } >+ >+ static void add(final LinkedHashSet<Ciphers> ciphers, final String alias) { >+ ciphers.addAll(aliases.get(alias)); >+ } >+ >+ static void remove(final LinkedHashSet<Ciphers> ciphers, final String alias) { >+ ciphers.removeAll(aliases.get(alias)); >+ } >+ >+ static LinkedHashSet<Ciphers> strengthSort(final LinkedHashSet<Ciphers> ciphers) { >+ /* >+ * This routine sorts the ciphers with descending strength. The sorting >+ * must keep the pre-sorted sequence, so we apply the normal sorting >+ * routine as '+' movement to the end of the list. >+ */ >+ Set<Integer> keySizes = new HashSet<Integer>(); >+ for (Ciphers cipher : ciphers) { >+ keySizes.add(cipher.getStrength_bits()); >+ } >+ List<Integer> strength_bits = new ArrayList<Integer>(keySizes); >+ Collections.sort(strength_bits); >+ Collections.reverse(strength_bits); >+ final LinkedHashSet<Ciphers> result = new LinkedHashSet<Ciphers>(ciphers); >+ for (int strength : strength_bits) { >+ moveToEnd(result, filterByStrengthBits(ciphers, strength)); >+ } >+ return result; >+ } >+ >+ static LinkedHashSet<Ciphers> defaultSort(final LinkedHashSet<Ciphers> ciphers) { >+ final LinkedHashSet<Ciphers> result = new LinkedHashSet<Ciphers>(ciphers.size()); >+ /* Now arrange all ciphers by preference: */ >+ >+ /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ >+ result.addAll(filterByKeyExchange(ciphers, Collections.singleton(KeyExchange.EECDH))); >+ /* AES is our preferred symmetric cipher */ >+ result.addAll(filterByEncryption(ciphers, new HashSet<Encryption>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM, >+ Encryption.AES256, Encryption.AES256GCM)))); >+ /* Temporarily enable everything else for sorting */ >+ result.addAll(ciphers); >+ >+ >+ /* Low priority for MD5 */ >+ moveToEnd(result, filterByMessageDigest(result, Collections.singleton(MessageDigest.MD5))); >+ >+ /* Move anonymous ciphers to the end. Usually, these will remain disabled. >+ * (For applications that allow them, they aren't too bad, but we prefer >+ * authenticated ciphers.) */ >+ moveToEnd(result, filterByAuthentication(result, Collections.singleton(Authentication.aNULL))); >+ >+ /* Move ciphers without forward secrecy to the end */ >+ moveToEnd(result, filterByAuthentication(result, Collections.singleton(Authentication.ECDH))); >+ moveToEnd(result, filterByKeyExchange(result, Collections.singleton(KeyExchange.RSA))); >+ moveToEnd(result, filterByKeyExchange(result, Collections.singleton(KeyExchange.PSK))); >+ moveToEnd(result, filterByKeyExchange(result, Collections.singleton(KeyExchange.KRB5))); >+ /* RC4 is sort-of broken -- move the the end */ >+ moveToEnd(result, filterByEncryption(result, Collections.singleton(Encryption.RC4))); >+ return strengthSort(result); >+ } >+ >+ static Set<Ciphers> filterByStrengthBits(Set<Ciphers> ciphers, int strength_bits) { >+ Set<Ciphers> result = new LinkedHashSet<Ciphers>(ciphers.size()); >+ for (Ciphers cipher : ciphers) { >+ if (cipher.getStrength_bits() == strength_bits) { >+ result.add(cipher); >+ } >+ } >+ return result; >+ } >+ >+ static Set<Ciphers> filterByProtocol(Set<Ciphers> ciphers, Set<Protocol> protocol) { >+ return filter(ciphers, protocol, null, null, null, null, null); >+ } >+ >+ static Set<Ciphers> filterByKeyExchange(Set<Ciphers> ciphers, Set<KeyExchange> kx) { >+ return filter(ciphers, null, kx, null, null, null, null); >+ } >+ >+ static Set<Ciphers> filterByAuthentication(Set<Ciphers> ciphers, Set<Authentication> au) { >+ return filter(ciphers, null, null, au, null, null, null); >+ } >+ >+ static Set<Ciphers> filterByEncryption(Set<Ciphers> ciphers, Set<Encryption> enc) { >+ return filter(ciphers, null, null, null, enc, null, null); >+ } >+ >+ static Set<Ciphers> filterByEncryptionLevel(Set<Ciphers> ciphers, Set<EncryptionLevel> level) { >+ return filter(ciphers, null, null, null, null, level, null); >+ } >+ >+ static Set<Ciphers> filterByMessageDigest(Set<Ciphers> ciphers, Set<MessageDigest> mac) { >+ return filter(ciphers, null, null, null, null, null, mac); >+ } >+ >+ static Set<Ciphers> filter(Set<Ciphers> ciphers, Set<Protocol> protocol, Set<KeyExchange> kx, >+ Set<Authentication> au, Set<Encryption> enc, Set<EncryptionLevel> level, Set<MessageDigest> mac) { >+ Set<Ciphers> result = new LinkedHashSet<Ciphers>(ciphers.size()); >+ for (Ciphers cipher : ciphers) { >+ if (protocol != null && protocol.contains(cipher.getProtocol())) { >+ result.add(cipher); >+ } >+ if (kx != null && kx.contains(cipher.getKx())) { >+ result.add(cipher); >+ } >+ if (au != null && au.contains(cipher.getAu())) { >+ result.add(cipher); >+ } >+ if (enc != null && enc.contains(cipher.getEnc())) { >+ result.add(cipher); >+ } >+ if (level != null && level.contains(cipher.getLevel())) { >+ result.add(cipher); >+ } >+ if (mac != null && mac.contains(cipher.getMac())) { >+ result.add(cipher); >+ } >+ } >+ return result; >+ } >+ >+ public static LinkedHashSet<Ciphers> parse(String expression) { >+ if (!initialized) { >+ init(); >+ } >+ String[] elements = expression.split(SEPARATOR); >+ LinkedHashSet<Ciphers> ciphers = new LinkedHashSet<Ciphers>(); >+ Set<Ciphers> removedCiphers = new HashSet<Ciphers>(); >+ for (String element : elements) { >+ if (element.startsWith(DELETE)) { >+ String alias = element.substring(1); >+ if (aliases.containsKey(alias)) { >+ remove(ciphers, alias); >+ } >+ } else if (element.startsWith(EXCLUDE)) { >+ String alias = element.substring(1); >+ if (aliases.containsKey(alias)) { >+ removedCiphers.addAll(aliases.get(alias)); >+ } else { >+ System.out.println("Unknown element " + alias); >+ } >+ } else if (element.startsWith(TO_END)) { >+ String alias = element.substring(1); >+ if (aliases.containsKey(alias)) { >+ moveToEnd(ciphers, alias); >+ } >+ } else if ("@STRENGTH".equals(element)) { >+ strengthSort(ciphers); >+ break; >+ } else if (aliases.containsKey(element)) { >+ add(ciphers, element); >+ } >+ } >+ ciphers.removeAll(removedCiphers); >+ return defaultSort(ciphers); >+ } >+ >+ public static List<String> convertForJSSE(Collection<Ciphers> ciphers) { >+ List<String> result = new ArrayList<String>(ciphers.size()); >+ for (Ciphers cipher : ciphers) { >+ result.add(cipher.name()); >+ } >+ return result; >+ } >+ >+ static String displayResult(Set<Ciphers> ciphers, String separator) { >+ if (ciphers.isEmpty()) { >+ return ""; >+ } >+ StringBuilder builder = new StringBuilder(ciphers.size() * 16); >+ for (Ciphers cipher : ciphers) { >+ builder.append(cipher.getOpenSSLAlias()); >+ builder.append(separator); >+ } >+ return builder.toString().substring(0, builder.length() - 1); >+ } >+} >Index: src/main/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java >=================================================================== >--- src/main/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java (révision 0) >+++ src/main/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java (copie de travail) >@@ -0,0 +1,34 @@ >+/* >+ * Copyright (C) 2014 Red Hat, inc., and individual contributors >+ * as indicated by the @author tags. See the copyright.txt file in the >+ * distribution for a full listing of individual contributors. >+ * >+ * This library is free software; you can redistribute it and/or >+ * modify it under the terms of the GNU Lesser General Public >+ * License as published by the Free Software Foundation; either >+ * version 2.1 of the License, or (at your option) any later version. >+ * >+ * This library is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >+ * Lesser General Public License for more details. >+ * >+ * You should have received a copy of the GNU Lesser General Public >+ * License along with this library; if not, write to the Free Software >+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, >+ * MA 02110-1301 USA >+ */ >+package org.apache.tomcat.util.net.jsse.openssl; >+ >+/** >+ * >+ * @author <a href="mailto:ehugonne@redhat.com">Emmanuel Hugonnet</a> (c) 2014 Red Hat, inc. >+ */ >+public enum Protocol { >+ >+ SSLv3, SSLv2, TLSv1, TLSv1_2; >+ >+ public static Protocol parseProtocol(String value) { >+ return valueOf(value.replace('.', '_')); >+ } >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=897144">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1078204
:
893253
|
897144
|
898220
|
898235
|
910709
|
911706
|
911968
|
912705
|
912734
|
912744
|
913335
|
914449
|
914450