From db1709b389eb3b2ea044f660427683ef942f126c Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 4 Nov 2016 14:27:50 -0400 Subject: [PATCH 1/8] Fix alignment in run_allciphers() This commit makes no changes to the code, it just corrects the indentation. --- testssl.sh | 126 ++++++++++++++++++++++++++--------------------------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/testssl.sh b/testssl.sh index d1ba2b3..4201680 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2051,70 +2051,70 @@ run_allciphers() { done for (( bundle_size/=4; bundle_size>=1; bundle_size/=4 )); do - # Note that since the number of ciphers isn't a power of 4, the number - # of bundles may be may be less than 4**(round_num+1), and the final - # bundle may have fewer than bundle_size ciphers. - num_bundles=$nr_ciphers/$bundle_size - mod_check=$nr_ciphers%$bundle_size - [[ $mod_check -ne 0 ]] && num_bundles=$num_bundles+1 - for ((i=0;i$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE Date: Fri, 4 Nov 2016 15:45:07 -0400 Subject: [PATCH 2/8] Use tls_sockets() in run_allciphers() The PR changes `run_allciphers()` to use `tls_sockets()` (and `sslv2_sockets()`)rather than `$OPENSSL` unless `$SSL_NATIVE` is set or `$STARTTLS` is non-empty. Using sockets allows `run_allciphers()` to test all ciphers, rather than just those supported by `$OPENSSL`. Using sockets results in `run_allciphers()` running more slowly, partially since it is testing more ciphers, but mostly since `tls_sockets()` is currently slower than `$OPENSSL` (as noted in #413). --- testssl.sh | 128 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 98 insertions(+), 30 deletions(-) diff --git a/testssl.sh b/testssl.sh index 4201680..59e805b 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2002,33 +2002,69 @@ test_just_one(){ # test for all ciphers locally configured (w/o distinguishing whether they are good or bad) run_allciphers() { local tmpfile - local -i nr_ciphers=0 - local n auth mac export - local -a hexcode ciph sslvers kx enc export2 + local -i nr_ciphers=0 ret + local n auth mac export hexc sslv2_ciphers="" + local -a normalized_hexcode hexcode ciph sslvers kx enc export2 local -i i j parent child end_of_bundle round_num bundle_size num_bundles mod_check local -a ciphers_found local dhlen local available local ciphers_to_test local sslv2_supported=false + local has_dh_bits="$HAS_DH_BITS" + local using_sockets=true - # get a list of all the cipher suites to test (only need the hexcode, ciph, sslvers, kx, enc, and export values) - while read hexcode[nr_ciphers] n ciph[nr_ciphers] sslvers[nr_ciphers] kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do - nr_ciphers=$nr_ciphers+1 - done < <($OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>>$ERRFILE) + if "$SSL_NATIVE" || [[ -n "$STARTTLS" ]]; then + using_sockets=false + fi + + if "$using_sockets"; then + # get a list of all the cipher suites to test (only need the hexcode, ciph, kx, enc, and export values) + for (( i=0; i < TLS_NR_CIPHERS; i++ )); do + hexc=$(echo "${TLS_CIPHER_HEXCODE[i]}" | tr 'A-Z' 'a-z') + ciph[i]="${TLS_CIPHER_OSSL_NAME[i]}" + sslvers[i]="${TLS_CIPHER_SSLVERS[i]}" + kx[i]="${TLS_CIPHER_KX[i]}" + enc[i]="${TLS_CIPHER_ENC[i]}" + export2[i]="${TLS_CIPHER_EXPORT[i]}" + if [[ ${#hexc} -eq 9 ]]; then + hexcode[i]="${hexc:2:2},${hexc:7:2}" + if [[ "${hexc:2:2}" == "00" ]]; then + normalized_hexcode[i]="x${hexc:7:2}" + else + normalized_hexcode[i]="x${hexc:2:2}${hexc:7:2}" + fi + else + hexcode[i]="${hexc:2:2},${hexc:7:2},${hexc:12:2}" + normalized_hexcode[i]="x${hexc:2:2}${hexc:7:2}${hexc:12:2}" + sslv2_ciphers="$sslv2_ciphers, ${hexcode[i]}" + fi + done + nr_ciphers=$TLS_NR_CIPHERS + + sslv2_sockets "${sslv2_ciphers:2}" "true" + if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then + sslv2_supported=true + fi + else + # get a list of all the cipher suites to test (only need the hexcode, ciph, sslvers, kx, enc, and export values) + while read hexcode[nr_ciphers] n ciph[nr_ciphers] sslvers[nr_ciphers] kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do + nr_ciphers=$nr_ciphers+1 + done < <($OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>>$ERRFILE) + + if "$HAS_SSL2"; then + $OPENSSL s_client $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE + fi + else + $OPENSSL s_client -cipher "${ciph[i]}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY -ssl2 >$TMPFILE 2>$ERRFILE Date: Tue, 8 Nov 2016 12:36:25 -0500 Subject: [PATCH 3/8] Find more extensions in run_server_defaults() This PR uses `tls_sockets()` to determine whether a server supports certain extensions that may not be supported by `$OPENSSL`. At the moment it checks for max_fragment_length, client_certificate_url, truncated_hmac, ALPN, signed_certificate_timestamp, encrypt_then_mac, and extended_master_secret. In https://github.com/dcooper16/testssl.sh/blob/extended_tls_sockets/testssl.sh, `run_server_defaults()` is re-written to use `tls_sockets()` instead of `$OPENSSL`, with just one call to `$OPENSSL s_client` to get the session ticket, which reduces the dependence on `$OPENSSL`, but this PR limits the number of calls to `tls_sockets()`, which is still slow. Note: I included ALPN in the `tls_sockets()` ClientHello since a single call to `tls_sockets()` cannot test for both NPN and ALPN, and since support for NPN was added to OpenSSL before support for ALPN was added, I figured it was more likely that `determine_tls_extensions()` had already determined whether the server supported NPN. --- testssl.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/testssl.sh b/testssl.sh index 8e43164..12534bf 100755 --- a/testssl.sh +++ b/testssl.sh @@ -839,6 +839,23 @@ asciihex_to_binary_file(){ return 0 } +# arg1: text string +# Output a comma-separated ASCII-HEX string resprestation of the input string. +string_to_asciihex() { + local string="$1" + local -i i eos + local output="" + + eos=${#string}-1 + for (( i=0; i Date: Wed, 9 Nov 2016 13:41:36 -0500 Subject: [PATCH 4/8] Extend TLS ServerHello parsing (part 3) This PR adds parsing of the Certificate message to `parse_tls_serverhello()`. If the caller requests that the "full" response be parsed, then the Certificate message is parsed, the server's certificate is placed in $HOSTCERT and the intermediate certificates are placed in $TEMPDIR/intermediatecerts.pem. The certificates are also added to $TMPFILE, in a manner similar to the output of `$OPENSSL s_client` when the `-showcerts` option is used. --- testssl.sh | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 104 insertions(+), 6 deletions(-) diff --git a/testssl.sh b/testssl.sh index 8e43164..adac8f0 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6079,18 +6079,20 @@ parse_tls_serverhello() { local process_full="$2" local tls_handshake_ascii="" tls_alert_ascii="" local -i tls_hello_ascii_len tls_handshake_ascii_len tls_alert_ascii_len msg_len - local tls_serverhello_ascii="" + local tls_serverhello_ascii="" tls_certificate_ascii="" local tls_serverkeyexchange_ascii="" - local -i tls_serverhello_ascii_len=0 + local -i tls_serverhello_ascii_len=0 tls_certificate_ascii_len=0 local -i tls_serverkeyexchange_ascii_len=0 - local tls_alert_descrip tls_sid_len_hex - local -i tls_sid_len offset extns_offset + local tls_alert_descrip tls_sid_len_hex issuerDN subjectDN CAissuerDN CAsubjectDN + local -i tls_sid_len offset extns_offset nr_certs=0 local tls_msg_type tls_content_type tls_protocol tls_protocol2 tls_hello_time local tls_err_level tls_err_descr tls_cipher_suite rfc_cipher_suite tls_compression_method local tls_extensions="" extension_type named_curve_str="" local -i i j extension_len tls_extensions_len + local -i certificate_list_len certificate_len local -i curve_type named_curve local -i dh_bits=0 msb mask + local tmp_der_certfile tmp_pem_certfile TLS_TIME="" DETECTED_TLS_VERSION="" @@ -6248,7 +6250,8 @@ parse_tls_serverhello() { done fi - # Now extract just the server hello and server key exchange handshake messages. + # Now extract just the server hello, certificate, + # and server key exchange handshake messages. tls_handshake_ascii_len=${#tls_handshake_ascii} if [[ $DEBUG -ge 2 ]] && [[ $tls_handshake_ascii_len -gt 0 ]]; then echo "TLS handshake messages:" @@ -6315,6 +6318,13 @@ parse_tls_serverhello() { fi tls_serverhello_ascii="${tls_handshake_ascii:i:msg_len}" tls_serverhello_ascii_len=$msg_len + elif [[ "$process_full" == "all" ]] && [[ "$tls_msg_type" == "0B" ]]; then + if [[ -n "$tls_certificate_ascii" ]]; then + debugme pr_warningln "Response contained more than one Certificate handshake message." + return 1 + fi + tls_certificate_ascii="${tls_handshake_ascii:i:msg_len}" + tls_certificate_ascii_len=$msg_len elif ( [[ "$process_full" == "all" ]] || [[ "$process_full" == "ephemeralkey" ]] ) && [[ "$tls_msg_type" == "0C" ]]; then if [[ -n "$tls_serverkeyexchange_ascii" ]]; then debugme pr_warningln "Response contained more than one ServerKeyExchange handshake message." @@ -6338,7 +6348,7 @@ parse_tls_serverhello() { return 1 fi - # Parse the server hello handshake message + # First parse the server hello handshake message # byte 0+1: 03, TLS version word see byte 1+2 # byte 2-5: TLS timestamp for OpenSSL <1.01f # byte 6-33: random, 28 bytes @@ -6492,6 +6502,94 @@ parse_tls_serverhello() { outln fi + # Now parse the Certificate message. + if [[ "$process_full" == "all" ]]; then + [[ -e "$HOSTCERT" ]] && rm "$HOSTCERT" + [[ -e "$TEMPDIR/intermediatecerts.pem" ]] && rm "$TEMPDIR/intermediatecerts.pem" + fi + if [[ $tls_certificate_ascii_len -ne 0 ]]; then + # The first certificate is the server's certificate. If there are anything + # subsequent certificates, they are intermediate certificates. + if [[ $tls_certificate_ascii_len -lt 12 ]]; then + debugme echo "Malformed Certificate Handshake message in ServerHello." + tmpfile_handle $FUNCNAME.txt + return 1 + fi + certificate_list_len=2*$(hex2dec "${tls_certificate_ascii:0:6}") + if [[ $certificate_list_len -ne $tls_certificate_ascii_len-6 ]]; then + debugme echo "Malformed Certificate Handshake message in ServerHello." + tmpfile_handle $FUNCNAME.txt + return 1 + fi + + # Place server's certificate in $HOSTCERT + certificate_len=2*$(hex2dec "${tls_certificate_ascii:6:6}") + if [[ $certificate_len -gt $tls_certificate_ascii_len-12 ]]; then + debugme echo "Malformed Certificate Handshake message in ServerHello." + tmpfile_handle $FUNCNAME.txt + return 1 + fi + tmp_der_certfile=$(mktemp $TEMPDIR/der_cert.XXXXXX) || return 1 + asciihex_to_binary_file "${tls_certificate_ascii:12:certificate_len}" "$tmp_der_certfile" + $OPENSSL x509 -inform DER -in "$tmp_der_certfile" -outform PEM -out "$HOSTCERT" 2>$ERRFILE + if [[ $? -ne 0 ]]; then + debugme echo "Malformed certificate in Certificate Handshake message in ServerHello." + rm "$tmp_der_certfile" + tmpfile_handle $FUNCNAME.txt + return 1 + fi + rm "$tmp_der_certfile" + get_pub_key_size + echo "===============================================================================" >> $TMPFILE + echo "---" >> $TMPFILE + echo "Certificate chain" >> $TMPFILE + subjectDN="$($OPENSSL x509 -in $HOSTCERT -noout -subject)" + issuerDN="$($OPENSSL x509 -in $HOSTCERT -noout -issuer)" + echo " $nr_certs s:${subjectDN:9}" >> $TMPFILE + echo " i:${issuerDN:8}" >> $TMPFILE + cat "$HOSTCERT" >> $TMPFILE + + echo "" > "$TEMPDIR/intermediatecerts.pem" + # Place and additional certificates in $TEMPDIR/intermediatecerts.pem + for (( i=12+certificate_len; i$ERRFILE + if [[ $? -ne 0 ]]; then + debugme echo "Malformed certificate in Certificate Handshake message in ServerHello." + rm "$tmp_der_certfile" "$tmp_pem_certfile" + tmpfile_handle $FUNCNAME.txt + return 1 + fi + nr_certs+=1 + CAsubjectDN="$($OPENSSL x509 -in $tmp_pem_certfile -noout -subject)" + CAissuerDN="$($OPENSSL x509 -in $tmp_pem_certfile -noout -issuer)" + echo " $nr_certs s:${CAsubjectDN:9}" >> $TMPFILE + echo " i:${CAissuerDN:8}" >> $TMPFILE + cat "$tmp_pem_certfile" >> $TMPFILE + cat "$tmp_pem_certfile" >> "$TEMPDIR/intermediatecerts.pem" + rm "$tmp_der_certfile" "$tmp_pem_certfile" + done + echo "---" >> $TMPFILE + echo "Server certificate" >> $TMPFILE + echo "subject=${subjectDN:9}" >> $TMPFILE + echo "issuer=${issuerDN:8}" >> $TMPFILE + echo "---" >> $TMPFILE + fi + # Now parse the server key exchange message if [[ $tls_serverkeyexchange_ascii_len -ne 0 ]]; then if [[ $rfc_cipher_suite =~ "TLS_ECDHE_" ]] || [[ $rfc_cipher_suite =~ "TLS_ECDH_anon" ]]; then From d4ed7466ce4aff0682d616d0f117182cd22aad03 Mon Sep 17 00:00:00 2001 From: Dirk Date: Tue, 15 Nov 2016 12:59:07 +0100 Subject: [PATCH 5/8] introducing --fast for the impatient --- testssl.sh | 50 +++++++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/testssl.sh b/testssl.sh index 7e1431c..c165a92 100755 --- a/testssl.sh +++ b/testssl.sh @@ -151,6 +151,7 @@ DEBUG=${DEBUG:-0} # 1: normal putput the files in /tmp/ ar # 4: display bytes sent via sockets # 5: display bytes received via sockets # 6: whole 9 yards +FAST=${FAST:-false} # preference: show only first cipher, run_allciphers with openssl instead of sockets WIDE=${WIDE:-false} # whether to display for some options just ciphers or a table w hexcode/KX,Enc,strength etc. LOGFILE=${LOGFILE:-""} # logfile if used JSONFILE=${JSONFILE:-""} # jsonfile if used @@ -2038,9 +2039,8 @@ run_allciphers() { local has_dh_bits="$HAS_DH_BITS" local using_sockets=true - if "$SSL_NATIVE" || [[ -n "$STARTTLS" ]]; then - using_sockets=false - fi + "$SSL_NATIVE" && using_sockets=false + "$FAST" && using_sockets=false if "$using_sockets"; then # get a list of all the cipher suites to test (only need the hexcode, ciph, kx, enc, and export values) @@ -2065,7 +2065,6 @@ run_allciphers() { fi done nr_ciphers=$TLS_NR_CIPHERS - sslv2_sockets "${sslv2_ciphers:2}" "true" if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then sslv2_supported=true @@ -3888,7 +3887,7 @@ run_server_preference() { fi fi - if $has_cipher_order; then + if "$has_cipher_order"; then cipher1=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/^ \+Cipher \+://' -e 's/ //g') addcmd2="" if [[ -n "$STARTTLS_OPTIMAL_PROTO" ]]; then @@ -4195,14 +4194,16 @@ cipher_pref_check() { out "$order" else out " $cipher" # this is the first cipher for protocol - while true; do - $OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $sni >$ERRFILE >$TMPFILE - sclient_connect_successful $? $TMPFILE || break - cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE) - out " $cipher" - order+=" $cipher" - tested_cipher="$tested_cipher:-$cipher" - done + if ! "$FAST"; then + while true; do + $OPENSSL s_client $STARTTLS -"$p" $BUGS -cipher "ALL:$tested_cipher" -connect $NODEIP:$PORT $PROXY $sni >$ERRFILE >$TMPFILE + sclient_connect_successful $? $TMPFILE || break + cipher=$(awk '/Cipher *:/ { print $3 }' $TMPFILE) + out " $cipher" + order+=" $cipher" + tested_cipher="$tested_cipher:-$cipher" + done + fi fi fi [[ -z "$order" ]] || fileout "order_$p" "INFO" "Default cipher order for protocol $p: $order" @@ -4220,14 +4221,16 @@ cipher_pref_check() { printf " %-10s %s " "$p:" "$cipher" tested_cipher="-"$cipher order="$cipher" - while true; do - $OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI >$ERRFILE >$TMPFILE - sclient_connect_successful $? $TMPFILE || break - cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) - out "$cipher " - tested_cipher="$tested_cipher:-$cipher" - order+=" $cipher" - done + if ! "$FAST"; then + while true; do + $OPENSSL s_client -cipher "ALL:$tested_cipher" $BUGS -nextprotoneg "$p" -connect $NODEIP:$PORT $SNI >$ERRFILE >$TMPFILE + sclient_connect_successful $? $TMPFILE || break + cipher=$(awk '/Cipher.*:/ { print $3 }' $TMPFILE) + out "$cipher " + tested_cipher="$tested_cipher:-$cipher" + order+=" $cipher" + done + fi outln [[ -n $order ]] && fileout "order_spdy_$p" "INFO" "Default cipher order for SPDY protocol $p: $order" done @@ -8605,6 +8608,8 @@ single check as ("$PROG_NAME URI" does everything except -E): -4, --rc4, --appelbaum which RC4 ciphers are being offered? tuning / connect options (most also can be preset via environment variables): + --fast omits some checks: using openssl for all ciphers (-e), show only first + preferred cipher --bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s --assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks --ssl-native fallback to checks with OpenSSL where sockets are normally used @@ -10197,6 +10202,9 @@ parse_cmd_line() { --show[-_]each) SHOW_EACH_C=true ;; + --fast) + FAST=true + ;; --bugs) BUGS="-bugs" ;; From e8ce1fcb748abf981e5f1dd5ec2e77d2f43eadbc Mon Sep 17 00:00:00 2001 From: Dirk Date: Tue, 15 Nov 2016 13:09:41 +0100 Subject: [PATCH 6/8] emphasize that we're using sockets in run_allciphers -- unless otherwise requested --- testssl.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index c165a92..d0ddbad 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2083,8 +2083,12 @@ run_allciphers() { fi outln - pr_headlineln " Testing all $nr_ciphers locally available ciphers against the server, ordered by encryption strength " - "$using_sockets" || "$HAS_DH_BITS" || pr_warningln " (Your $OPENSSL cannot show DH/ECDH bits)" + if "$using_sockets"; then + pr_headlineln " Testing $nr_ciphers via sockets against the server, ordered by encryption strength " + else + pr_headlineln " Testing all $nr_ciphers locally available ciphers against the server, ordered by encryption strength " + "$HAS_DH_BITS" || pr_warningln " (Your $OPENSSL cannot show DH/ECDH bits)" + fi outln neat_header From 08384920a97d929458cb9c2b3f1344a1f6532670 Mon Sep 17 00:00:00 2001 From: Dirk Date: Tue, 15 Nov 2016 15:20:48 +0100 Subject: [PATCH 7/8] Cipher mapping externalized by using David's extended mapping. Also implemented warnings and fallback to openssl if this file cannot be found and thus sockets can't be used --- etc/cipher-mapping.txt | 359 ++++++++++++++++++++++++++++++++++ etc/mapping-rfc.txt | 352 --------------------------------- testssl.sh | 428 ++++------------------------------------- 3 files changed, 393 insertions(+), 746 deletions(-) create mode 100644 etc/cipher-mapping.txt delete mode 100644 etc/mapping-rfc.txt diff --git a/etc/cipher-mapping.txt b/etc/cipher-mapping.txt new file mode 100644 index 0000000..96e88ab --- /dev/null +++ b/etc/cipher-mapping.txt @@ -0,0 +1,359 @@ + 0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305-OLD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD + 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305-OLD TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD + 0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305-OLD TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD + 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD + 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD + 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 + 0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 + 0xC0,0x14 - ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 + 0xC0,0x0A - ECDHE-ECDSA-AES256-SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 + 0xC0,0x22 - SRP-DSS-AES-256-CBC-SHA TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1 + 0xC0,0x21 - SRP-RSA-AES-256-CBC-SHA TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 + 0xC0,0x20 - SRP-AES-256-CBC-SHA TLS_SRP_SHA_WITH_AES_256_CBC_SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 + 0x00,0xB7 - RSA-PSK-AES256-CBC-SHA384 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 + 0x00,0xB3 - DHE-PSK-AES256-CBC-SHA384 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384 + 0x00,0x91 - DHE-PSK-AES256-CBC-SHA TLS_DHE_PSK_WITH_AES_256_CBC_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1 + 0xC0,0x9B - ECDHE-PSK-CAMELLIA256-SHA384 TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384 + 0xC0,0x99 - RSA-PSK-CAMELLIA256-SHA384 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(256) Mac=SHA384 + 0xC0,0x97 - DHE-PSK-CAMELLIA256-SHA384 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384 + 0x00,0xAF - PSK-AES256-CBC-SHA384 TLS_PSK_WITH_AES_256_CBC_SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384 + 0xC0,0x95 - PSK-CAMELLIA256-SHA384 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLSv1 Kx=PSK Au=PSK Enc=Camellia(256) Mac=SHA384 + 0x00,0xA5 - DH-DSS-AES256-GCM-SHA384 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD + 0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD + 0x00,0xA1 - DH-RSA-AES256-GCM-SHA384 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD + 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD + 0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD + 0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD + 0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD + 0xC0,0xAF - ECDHE-ECDSA-AES256-CCM8 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD + 0xC0,0xAD - ECDHE-ECDSA-AES256-CCM TLS_ECDHE_ECDSA_WITH_AES_256_CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD + 0xC0,0xA3 - DHE-RSA-AES256-CCM8 TLS_DHE_RSA_WITH_AES_256_CCM_8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD + 0xC0,0x9F - DHE-RSA-AES256-CCM TLS_DHE_RSA_WITH_AES_256_CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD + 0x00,0x6B - DHE-RSA-AES256-SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 + 0x00,0x6A - DHE-DSS-AES256-SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 + 0x00,0x69 - DH-RSA-AES256-SHA256 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256 + 0x00,0x68 - DH-DSS-AES256-SHA256 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256 + 0x00,0x39 - DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 + 0x00,0x38 - DHE-DSS-AES256-SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 + 0x00,0x37 - DH-RSA-AES256-SHA TLS_DH_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1 + 0x00,0x36 - DH-DSS-AES256-SHA TLS_DH_DSS_WITH_AES_256_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1 + 0xC0,0x77 - ECDHE-RSA-CAMELLIA256-SHA384 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 + 0xC0,0x73 - ECDHE-ECDSA-CAMELLIA256-SHA384 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 + 0x00,0xC4 - DHE-RSA-CAMELLIA256-SHA256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 + 0x00,0xC3 - DHE-DSS-CAMELLIA256-SHA256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256 + 0x00,0xC2 - DH-RSA-CAMELLIA256-SHA256 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA256 + 0x00,0xC1 - DH-DSS-CAMELLIA256-SHA256 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA256 + 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 + 0x00,0x87 - DHE-DSS-CAMELLIA256-SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 + 0x00,0x86 - DH-RSA-CAMELLIA256-SHA TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1 + 0x00,0x85 - DH-DSS-CAMELLIA256-SHA TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1 + 0xC0,0x19 - AECDH-AES256-SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1 + 0x00,0xA7 - ADH-AES256-GCM-SHA384 TLS_DH_anon_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD + 0x00,0x6D - ADH-AES256-SHA256 TLS_DH_anon_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256 + 0x00,0x3A - ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 + 0x00,0xC5 - ADH-CAMELLIA256-SHA256 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256 + 0x00,0x89 - ADH-CAMELLIA256-SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1 + 0x00,0xAD - RSA-PSK-AES256-GCM-SHA384 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD + 0x00,0xAB - DHE-PSK-AES256-GCM-SHA384 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD + 0xCC,0xAE - RSA-PSK-CHACHA20-POLY1305 TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ChaCha20(256) Mac=AEAD + 0xCC,0xAD - DHE-PSK-CHACHA20-POLY1305 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ChaCha20(256) Mac=AEAD + 0xCC,0xAC - ECDHE-PSK-CHACHA20-POLY1305 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=ChaCha20(256) Mac=AEAD + 0xC0,0xAB - DHE-PSK-AES256-CCM8 TLS_PSK_DHE_WITH_AES_256_CCM_8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD + 0xC0,0xA7 - DHE-PSK-AES256-CCM TLS_DHE_PSK_WITH_AES_256_CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD + 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD + 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD + 0xC0,0x2A - ECDH-RSA-AES256-SHA384 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 + 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 + 0xC0,0x0F - ECDH-RSA-AES256-SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 + 0xC0,0x05 - ECDH-ECDSA-AES256-SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 + 0xC0,0x79 - ECDH-RSA-CAMELLIA256-SHA384 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(256) Mac=SHA384 + 0xC0,0x75 - ECDH-ECDSA-CAMELLIA256-SHA384 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(256) Mac=SHA384 + 0x00,0x9D - AES256-GCM-SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD + 0xC0,0xA1 - AES256-CCM8 TLS_RSA_WITH_AES_256_CCM_8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD + 0xC0,0x9D - AES256-CCM TLS_RSA_WITH_AES_256_CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD + 0x00,0xA9 - PSK-AES256-GCM-SHA384 TLS_PSK_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD + 0xCC,0xAB - PSK-CHACHA20-POLY1305 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ChaCha20(256) Mac=AEAD + 0xC0,0xA9 - PSK-AES256-CCM8 TLS_PSK_WITH_AES_256_CCM_8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD + 0xC0,0xA5 - PSK-AES256-CCM TLS_PSK_WITH_AES_256_CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD + 0x00,0x3D - AES256-SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 + 0x00,0x35 - AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 + 0x00,0xC0 - CAMELLIA256-SHA256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 + 0xC0,0x38 - ECDHE-PSK-AES256-CBC-SHA384 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384 + 0xC0,0x36 - ECDHE-PSK-AES256-CBC-SHA TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1 + 0x00,0x84 - CAMELLIA256-SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 + 0x00,0x95 - RSA-PSK-AES256-CBC-SHA TLS_RSA_PSK_WITH_AES_256_CBC_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1 + 0x00,0x8D - PSK-AES256-CBC-SHA TLS_PSK_WITH_AES_256_CBC_SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 + 0xC0,0x3D - - TLS_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIA(256) Mac=SHA384 + 0xC0,0x3F - - TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=ARIA(256) Mac=SHA384 + 0xC0,0x41 - - TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=ARIA(256) Mac=SHA384 + 0xC0,0x43 - - TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIA(256) Mac=SHA384 + 0xC0,0x45 - - TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIA(256) Mac=SHA384 + 0xC0,0x47 - - TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH Au=None Enc=ARIA(256) Mac=SHA384 + 0xC0,0x49 - - TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIA(256) Mac=SHA384 + 0xC0,0x4B - - TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=ARIA(256) Mac=SHA384 + 0xC0,0x4D - - TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIA(256) Mac=SHA384 + 0xC0,0x4F - - TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=ARIA(256) Mac=SHA384 + 0xC0,0x51 - - TLS_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIA(256) Mac=AEAD + 0xC0,0x53 - - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIA(256) Mac=AEAD + 0xC0,0x55 - - TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=ARIA(256) Mac=AEAD + 0xC0,0x57 - - TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIA(256) Mac=AEAD + 0xC0,0x59 - - TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=ARIA(256) Mac=AEAD + 0xC0,0x5B - - TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=None Enc=ARIA(256) Mac=AEAD + 0xC0,0x5D - - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIA(256) Mac=AEAD + 0xC0,0x5F - - TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=ARIA(256) Mac=AEAD + 0xC0,0x61 - - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIA(256) Mac=AEAD + 0xC0,0x63 - - TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=ARIA(256) Mac=AEAD + 0xC0,0x65 - - TLS_PSK_WITH_ARIA_256_CBC_SHA384 TLSv1 Kx=PSK Au=PSK Enc=ARIA(256) Mac=SHA384 + 0xC0,0x67 - - TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=ARIA(256) Mac=SHA384 + 0xC0,0x69 - - TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=ARIA(256) Mac=SHA384 + 0xC0,0x6B - - TLS_PSK_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=ARIA(256) Mac=AEAD + 0xC0,0x6D - - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIA(256) Mac=AEAD + 0xC0,0x6F - - TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIA(256) Mac=AEAD + 0xC0,0x71 - - TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=ARIA(256) Mac=SHA384 + 0xC0,0x7B - - TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x7D - - TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=RSA Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x7F - - TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x81 - - TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=DSS Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x83 - - TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x85 - - TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=None Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x87 - - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x89 - - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x8B - - TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x8D - - TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x8F - - TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x91 - - TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CamelliaGCM(256) Mac=AEAD + 0xC0,0x93 - - TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CamelliaGCM(256) Mac=AEAD + 0x00,0x80 - GOST94-GOST89-GOST89 TLS_GOSTR341094_WITH_28147_CNT_IMIT TLSv1 Kx=GOST Au=GOST94 Enc=GOST(256) Mac=GOST89IMIT + 0x00,0x81 - GOST2001-GOST89-GOST89 TLS_GOSTR341001_WITH_28147_CNT_IMIT SSLv3 Kx=GOST Au=GOST01 Enc=GOST(256) Mac=GOST89IMIT + 0xFF,0x00 - GOST-MD5 TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5 TLSv1 Kx=RSA Au=RSA Enc=GOST(256) Mac=MD5 + 0xFF,0x01 - GOST-GOST94 TLS_RSA_WITH_28147_CNT_GOST94 TLSv1 Kx=RSA Au=RSA Enc=GOST(256) Mac=GOST94 + 0xFF,0x02 - GOST-GOST89MAC - TLSv1 Kx=RSA Au=RSA Enc=GOST(256) Mac=GOST89IMIT + 0xFF,0x03 - GOST-GOST89STREAM - TLSv1 Kx=RSA Au=RSA Enc=GOST(256) Mac=GOST89IMIT + 0xFF,0x85 - GOST2012256-GOST89-GOST89 - SSLv3 Kx=GOST Au=GOST01 Enc=GOST(256) Mac=GOST89IMIT + 0x16,0xB7 - - TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=CECPQ1 Au=RSA Enc=ChaCha20(256) Mac=AEAD + 0x16,0xB8 - - TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=CECPQ1 Au=ECDSA Enc=ChaCha20(256) Mac=AEAD + 0x16,0xB9 - - TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=CECPQ1 Au=RSA Enc=AESGCM(256) Mac=AEAD + 0x16,0xBA - - TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=CECPQ1 Au=ECDSA Enc=AESGCM(256) Mac=AEAD + 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD + 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD + 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 + 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 + 0xC0,0x13 - ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 + 0xC0,0x09 - ECDHE-ECDSA-AES128-SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 + 0xC0,0x1F - SRP-DSS-AES-128-CBC-SHA TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1 + 0xC0,0x1E - SRP-RSA-AES-128-CBC-SHA TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 + 0xC0,0x1D - SRP-AES-128-CBC-SHA TLS_SRP_SHA_WITH_AES_128_CBC_SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 + 0x00,0xA4 - DH-DSS-AES128-GCM-SHA256 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD + 0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD + 0x00,0xA0 - DH-RSA-AES128-GCM-SHA256 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD + 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD + 0xC0,0xAE - ECDHE-ECDSA-AES128-CCM8 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD + 0xC0,0xAC - ECDHE-ECDSA-AES128-CCM TLS_ECDHE_ECDSA_WITH_AES_128_CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD + 0xC0,0xA2 - DHE-RSA-AES128-CCM8 TLS_DHE_RSA_WITH_AES_128_CCM_8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD + 0xC0,0x9E - DHE-RSA-AES128-CCM TLS_DHE_RSA_WITH_AES_128_CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD + 0x00,0xAC - RSA-PSK-AES128-GCM-SHA256 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD + 0x00,0xAA - DHE-PSK-AES128-GCM-SHA256 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD + 0xC0,0xAA - DHE-PSK-AES128-CCM8 TLS_PSK_DHE_WITH_AES_128_CCM_8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD + 0xC0,0xA6 - DHE-PSK-AES128-CCM TLS_DHE_PSK_WITH_AES_128_CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD + 0xC0,0xA0 - AES128-CCM8 TLS_RSA_WITH_AES_128_CCM_8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD + 0xC0,0x9C - AES128-CCM TLS_RSA_WITH_AES_128_CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD + 0x00,0xA8 - PSK-AES128-GCM-SHA256 TLS_PSK_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD + 0xC0,0xA8 - PSK-AES128-CCM8 TLS_PSK_WITH_AES_128_CCM_8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD + 0xC0,0xA4 - PSK-AES128-CCM TLS_PSK_WITH_AES_128_CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD + 0x00,0x67 - DHE-RSA-AES128-SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 + 0x00,0x40 - DHE-DSS-AES128-SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 + 0x00,0x3F - DH-RSA-AES128-SHA256 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256 + 0x00,0x3E - DH-DSS-AES128-SHA256 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256 + 0x00,0x33 - DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 + 0x00,0x32 - DHE-DSS-AES128-SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 + 0x00,0x31 - DH-RSA-AES128-SHA TLS_DH_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1 + 0x00,0x30 - DH-DSS-AES128-SHA TLS_DH_DSS_WITH_AES_128_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1 + 0xC0,0x76 - ECDHE-RSA-CAMELLIA128-SHA256 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 + 0xC0,0x72 - ECDHE-ECDSA-CAMELLIA128-SHA256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 + 0x00,0xBE - DHE-RSA-CAMELLIA128-SHA256 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 + 0x00,0xBD - DHE-DSS-CAMELLIA128-SHA256 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256 + 0x00,0xBC - DH-RSA-CAMELLIA128-SHA256 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA256 + 0x00,0xBB - DH-DSS-CAMELLIA128-SHA256 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA256 + 0x00,0x9A - DHE-RSA-SEED-SHA TLS_DHE_RSA_WITH_SEED_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 + 0x00,0x99 - DHE-DSS-SEED-SHA TLS_DHE_DSS_WITH_SEED_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 + 0x00,0x98 - DH-RSA-SEED-SHA TLS_DH_RSA_WITH_SEED_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=SEED(128) Mac=SHA1 + 0x00,0x97 - DH-DSS-SEED-SHA TLS_DH_DSS_WITH_SEED_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=SEED(128) Mac=SHA1 + 0x00,0x45 - DHE-RSA-CAMELLIA128-SHA TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 + 0x00,0x44 - DHE-DSS-CAMELLIA128-SHA TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 + 0x00,0x43 - DH-RSA-CAMELLIA128-SHA TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1 + 0x00,0x42 - DH-DSS-CAMELLIA128-SHA TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1 + 0xC0,0x18 - AECDH-AES128-SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1 + 0x00,0xA6 - ADH-AES128-GCM-SHA256 TLS_DH_anon_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD + 0x00,0x6C - ADH-AES128-SHA256 TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256 + 0x00,0x34 - ADH-AES128-SHA TLS_DH_anon_WITH_AES_128_CBC_SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 + 0x00,0xBF - ADH-CAMELLIA128-SHA256 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256 + 0x00,0x9B - ADH-SEED-SHA TLS_DH_anon_WITH_SEED_CBC_SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1 + 0x00,0x46 - ADH-CAMELLIA128-SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1 + 0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD + 0xC0,0x2D - ECDH-ECDSA-AES128-GCM-SHA256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD + 0xC0,0x29 - ECDH-RSA-AES128-SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256 + 0xC0,0x25 - ECDH-ECDSA-AES128-SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 + 0xC0,0x0E - ECDH-RSA-AES128-SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 + 0xC0,0x04 - ECDH-ECDSA-AES128-SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 + 0xC0,0x78 - ECDH-RSA-CAMELLIA128-SHA256 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(128) Mac=SHA256 + 0xC0,0x74 - ECDH-ECDSA-CAMELLIA128-SHA256 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(128) Mac=SHA256 + 0x00,0x9C - AES128-GCM-SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD + 0x00,0x3C - AES128-SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 + 0x00,0x2F - AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 + 0x00,0xBA - CAMELLIA128-SHA256 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 + 0xC0,0x37 - ECDHE-PSK-AES128-CBC-SHA256 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 + 0xC0,0x35 - ECDHE-PSK-AES128-CBC-SHA TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1 + 0x00,0xB6 - RSA-PSK-AES128-CBC-SHA256 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 + 0x00,0xB2 - DHE-PSK-AES128-CBC-SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 + 0x00,0x90 - DHE-PSK-AES128-CBC-SHA TLS_DHE_PSK_WITH_AES_128_CBC_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1 + 0x00,0x96 - SEED-SHA TLS_RSA_WITH_SEED_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1 + 0x00,0x41 - CAMELLIA128-SHA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 + 0xC0,0x9A - ECDHE-PSK-CAMELLIA128-SHA256 TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256 + 0xC0,0x98 - RSA-PSK-CAMELLIA128-SHA256 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(128) Mac=SHA256 + 0xC0,0x96 - DHE-PSK-CAMELLIA128-SHA256 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256 + 0x00,0xAE - PSK-AES128-CBC-SHA256 TLS_PSK_WITH_AES_128_CBC_SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256 + 0xC0,0x94 - PSK-CAMELLIA128-SHA256 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLSv1 Kx=PSK Au=PSK Enc=Camellia(128) Mac=SHA256 + 0x00,0x07 - IDEA-CBC-SHA TLS_RSA_WITH_IDEA_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 + 0x05,0x00,0x80 - IDEA-CBC-MD5 SSL_CK_IDEA_128_CBC_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5 + 0x03,0x00,0x80 - RC2-CBC-MD5 SSL_CK_RC2_128_CBC_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 + 0x00,0x94 - RSA-PSK-AES128-CBC-SHA TLS_RSA_PSK_WITH_AES_128_CBC_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1 + 0x00,0x8C - PSK-AES128-CBC-SHA TLS_PSK_WITH_AES_128_CBC_SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 + 0x00,0x21 - KRB5-IDEA-CBC-SHA TLS_KRB5_WITH_IDEA_CBC_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=SHA1 + 0x00,0x25 - KRB5-IDEA-CBC-MD5 TLS_KRB5_WITH_IDEA_CBC_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=MD5 + 0xC0,0x3C - - TLS_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIA(128) Mac=SHA256 + 0xC0,0x3E - - TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=ARIA(128) Mac=SHA256 + 0xC0,0x40 - - TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=ARIA(128) Mac=SHA256 + 0xC0,0x42 - - TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIA(128) Mac=SHA256 + 0xC0,0x44 - - TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIA(128) Mac=SHA256 + 0xC0,0x46 - - TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=ARIA(128) Mac=SHA256 + 0xC0,0x48 - - TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIA(128) Mac=SHA256 + 0xC0,0x4A - - TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=ARIA(128) Mac=SHA256 + 0xC0,0x4C - - TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIA(128) Mac=SHA256 + 0xC0,0x4E - - TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=ARIA(128) Mac=SHA256 + 0xC0,0x50 - - TLS_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIA(128) Mac=AEAD + 0xC0,0x52 - - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIA(128) Mac=AEAD + 0xC0,0x54 - - TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=ARIA(128) Mac=AEAD + 0xC0,0x56 - - TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIA(128) Mac=AEAD + 0xC0,0x58 - - TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=ARIA(128) Mac=AEAD + 0xC0,0x5A - - TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=None Enc=ARIA(128) Mac=AEAD + 0xC0,0x5C - - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIA(128) Mac=AEAD + 0xC0,0x5E - - TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=ARIA(128) Mac=AEAD + 0xC0,0x60 - - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIA(128) Mac=AEAD + 0xC0,0x62 - - TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=ARIA(128) Mac=AEAD + 0xC0,0x64 - - TLS_PSK_WITH_ARIA_128_CBC_SHA256 TLSv1 Kx=PSK Au=PSK Enc=ARIA(128) Mac=SHA256 + 0xC0,0x66 - - TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=ARIA(128) Mac=SHA256 + 0xC0,0x68 - - TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=ARIA(128) Mac=SHA256 + 0xC0,0x6A - - TLS_PSK_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ARIA(128) Mac=AEAD + 0xC0,0x6C - - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIA(128) Mac=AEAD + 0xC0,0x6E - - TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIA(128) Mac=AEAD + 0xC0,0x70 - - TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=ARIA(128) Mac=SHA256 + 0xC0,0x7A - - TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x7C - - TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x7E - - TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x80 - - TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x82 - - TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x84 - - TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=None Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x86 - - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x88 - - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x8A - - TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x8C - - TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x8E - - TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x90 - - TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x92 - - TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CamelliaGCM(128) Mac=AEAD + 0xC0,0x11 - ECDHE-RSA-RC4-SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 + 0xC0,0x07 - ECDHE-ECDSA-RC4-SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 + 0x00,0x66 - DHE-DSS-RC4-SHA TLS_DHE_DSS_WITH_RC4_128_SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1 + 0xC0,0x16 - AECDH-RC4-SHA TLS_ECDH_anon_WITH_RC4_128_SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 + 0x00,0x18 - ADH-RC4-MD5 TLS_DH_anon_WITH_RC4_128_MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5 + 0xC0,0x0C - ECDH-RSA-RC4-SHA TLS_ECDH_RSA_WITH_RC4_128_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1 + 0xC0,0x02 - ECDH-ECDSA-RC4-SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1 + 0x00,0x05 - RC4-SHA TLS_RSA_WITH_RC4_128_SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 + 0x00,0x04 - RC4-MD5 TLS_RSA_WITH_RC4_128_MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 + 0x01,0x00,0x80 - RC4-MD5 SSL_CK_RC4_128_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 + 0x00,0x92 - RSA-PSK-RC4-SHA TLS_RSA_PSK_WITH_RC4_128_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=RC4(128) Mac=SHA1 + 0x00,0x8A - PSK-RC4-SHA TLS_PSK_WITH_RC4_128_SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1 + 0x00,0x20 - KRB5-RC4-SHA TLS_KRB5_WITH_RC4_128_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1 + 0x00,0x24 - KRB5-RC4-MD5 TLS_KRB5_WITH_RC4_128_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5 + 0xC0,0x33 - ECDHE-PSK-RC4-SHA TLS_ECDHE_PSK_WITH_RC4_128_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=RC4(128) Mac=SHA1 + 0x00,0x8E - DHE-PSK-RC4-SHA TLS_DHE_PSK_WITH_RC4_128_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=RC4(128) Mac=SHA1 + 0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1 + 0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 + 0xC0,0x1C - SRP-DSS-3DES-EDE-CBC-SHA TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1 + 0xC0,0x1B - SRP-RSA-3DES-EDE-CBC-SHA TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1 + 0xC0,0x1A - SRP-3DES-EDE-CBC-SHA TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1 + 0x00,0x16 - EDH-RSA-DES-CBC3-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 + 0x00,0x13 - EDH-DSS-DES-CBC3-SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 + 0x00,0x10 - DH-RSA-DES-CBC3-SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1 + 0x00,0x0D - DH-DSS-DES-CBC3-SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1 + 0xC0,0x17 - AECDH-DES-CBC3-SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168) Mac=SHA1 + 0x00,0x1B - ADH-DES-CBC3-SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1 + 0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 + 0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1 + 0x00,0x0A - DES-CBC3-SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 + 0x07,0x00,0xC0 - DES-CBC3-MD5 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 + 0x00,0x93 - RSA-PSK-3DES-EDE-CBC-SHA TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=3DES(168) Mac=SHA1 + 0x00,0x8B - PSK-3DES-EDE-CBC-SHA TLS_PSK_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1 + 0x00,0x1F - KRB5-DES-CBC3-SHA TLS_KRB5_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1 + 0x00,0x23 - KRB5-DES-CBC3-MD5 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5 + 0xC0,0x34 - ECDHE-PSK-3DES-EDE-CBC-SHA TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=3DES(168) Mac=SHA1 + 0x00,0x8F - DHE-PSK-3DES-EDE-CBC-SHA TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=3DES(168) Mac=SHA1 + 0xFE,0xFF - - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 + 0xFF,0xE0 - - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 + 0x08,0x00,0x80 - RC4-64-MD5 SSL_CK_RC4_64_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5 + 0x00,0x63 - EXP1024-DHE-DSS-DES-CBC-SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export + 0x00,0x15 - EDH-RSA-DES-CBC-SHA TLS_DHE_RSA_WITH_DES_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 + 0x00,0x12 - EDH-DSS-DES-CBC-SHA TLS_DHE_DSS_WITH_DES_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 + 0x00,0x0F - DH-RSA-DES-CBC-SHA TLS_DH_RSA_WITH_DES_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(56) Mac=SHA1 + 0x00,0x0C - DH-DSS-DES-CBC-SHA TLS_DH_DSS_WITH_DES_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(56) Mac=SHA1 + 0x00,0x1A - ADH-DES-CBC-SHA TLS_DH_anon_WITH_DES_CBC_SHA SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1 + 0x00,0x62 - EXP1024-DES-CBC-SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export + 0x00,0x09 - DES-CBC-SHA TLS_RSA_WITH_DES_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 + 0x00,0x61 - EXP1024-RC2-CBC-MD5 TLS_RSA_EXPORT1024_WITH_RC2_56_MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export + 0x06,0x00,0x40 - DES-CBC-MD5 SSL_CK_DES_64_CBC_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 + 0x00,0x1E - KRB5-DES-CBC-SHA TLS_KRB5_WITH_DES_CBC_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(56) Mac=SHA1 + 0x00,0x22 - KRB5-DES-CBC-MD5 TLS_KRB5_WITH_DES_CBC_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(56) Mac=MD5 + 0xFE,0xFE - - SSL_RSA_FIPS_WITH_DES_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 + 0xFF,0xE1 - - SSL_RSA_FIPS_WITH_DES_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 + 0x00,0x65 - EXP1024-DHE-DSS-RC4-SHA TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export + 0x00,0x64 - EXP1024-RC4-SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export + 0x00,0x60 - EXP1024-RC4-MD5 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export + 0x00,0x14 - EXP-EDH-RSA-DES-CBC-SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export + 0x00,0x11 - EXP-EDH-DSS-DES-CBC-SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export + 0x00,0x19 - EXP-ADH-DES-CBC-SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export + 0x00,0x08 - EXP-DES-CBC-SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export + 0x00,0x06 - EXP-RC2-CBC-MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export + 0x04,0x00,0x80 - EXP-RC2-CBC-MD5 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export + 0x00,0x27 - EXP-KRB5-RC2-CBC-SHA TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=SHA1 export + 0x00,0x26 - EXP-KRB5-DES-CBC-SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=SHA1 export + 0x00,0x2A - EXP-KRB5-RC2-CBC-MD5 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=MD5 export + 0x00,0x29 - EXP-KRB5-DES-CBC-MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=MD5 export + 0x00,0x0B - - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(40) Mac=SHA1 export + 0x00,0x0E - - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(40) Mac=SHA1 export + 0x00,0x17 - EXP-ADH-RC4-MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export + 0x00,0x03 - EXP-RC4-MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export + 0x02,0x00,0x80 - EXP-RC4-MD5 SSL_CK_RC4_128_EXPORT40_WITH_MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export + 0x00,0x28 - EXP-KRB5-RC4-SHA TLS_KRB5_EXPORT_WITH_RC4_40_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=SHA1 export + 0x00,0x2B - EXP-KRB5-RC4-MD5 TLS_KRB5_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=MD5 export + 0xC0,0x10 - ECDHE-RSA-NULL-SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1 + 0xC0,0x06 - ECDHE-ECDSA-NULL-SHA TLS_ECDHE_ECDSA_WITH_NULL_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1 + 0xC0,0x15 - AECDH-NULL-SHA TLS_ECDH_anon_WITH_NULL_SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1 + 0xC0,0x0B - ECDH-RSA-NULL-SHA TLS_ECDH_RSA_WITH_NULL_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=None Mac=SHA1 + 0xC0,0x01 - ECDH-ECDSA-NULL-SHA TLS_ECDH_ECDSA_WITH_NULL_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=None Mac=SHA1 + 0xC0,0x3B - ECDHE-PSK-NULL-SHA384 TLS_ECDHE_PSK_WITH_NULL_SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA384 + 0xC0,0x3A - ECDHE-PSK-NULL-SHA256 TLS_ECDHE_PSK_WITH_NULL_SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA256 + 0xC0,0x39 - ECDHE-PSK-NULL-SHA TLS_ECDHE_PSK_WITH_NULL_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA1 + 0x00,0xB9 - RSA-PSK-NULL-SHA384 TLS_RSA_PSK_WITH_NULL_SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA384 + 0x00,0xB8 - RSA-PSK-NULL-SHA256 TLS_RSA_PSK_WITH_NULL_SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA256 + 0x00,0xB5 - DHE-PSK-NULL-SHA384 TLS_DHE_PSK_WITH_NULL_SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA384 + 0x00,0xB4 - DHE-PSK-NULL-SHA256 TLS_DHE_PSK_WITH_NULL_SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA256 + 0x00,0x2E - RSA-PSK-NULL-SHA TLS_RSA_PSK_WITH_NULL_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=None Mac=SHA1 + 0x00,0x2D - DHE-PSK-NULL-SHA TLS_DHE_PSK_WITH_NULL_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=None Mac=SHA1 + 0x00,0xB1 - PSK-NULL-SHA384 TLS_PSK_WITH_NULL_SHA384 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA384 + 0x00,0xB0 - PSK-NULL-SHA256 TLS_PSK_WITH_NULL_SHA256 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA256 + 0x00,0x2C - PSK-NULL-SHA TLS_PSK_WITH_NULL_SHA SSLv3 Kx=PSK Au=PSK Enc=None Mac=SHA1 + 0x00,0x3B - NULL-SHA256 TLS_RSA_WITH_NULL_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=None Mac=SHA256 + 0x00,0x02 - NULL-SHA TLS_RSA_WITH_NULL_SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1 + 0x00,0x01 - NULL-MD5 TLS_RSA_WITH_NULL_MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5 + 0x00,0x82 - GOST94-NULL-GOST94 TLS_GOSTR341094_WITH_NULL_GOSTR3411 TLSv1 Kx=GOST Au=GOST94 Enc=None Mac=GOSTR3411 + 0x00,0x83 - GOST2001-NULL-GOST94 TLS_GOSTR341001_WITH_NULL_GOSTR3411 SSLv3 Kx=GOST Au=GOST01 Enc=None Mac=GOST94 + 0xFF,0x87 - GOST2012256-NULL-STREEBOG256 - SSLv3 Kx=GOST Au=GOST01 Enc=None Mac=STREEBOG256 diff --git a/etc/mapping-rfc.txt b/etc/mapping-rfc.txt deleted file mode 100644 index 4ed598f..0000000 --- a/etc/mapping-rfc.txt +++ /dev/null @@ -1,352 +0,0 @@ -x010080 SSL_CK_RC4_128_WITH_MD5 -x020080 SSL_CK_RC4_128_EXPORT40_WITH_MD5 -x030080 SSL_CK_RC2_128_CBC_WITH_MD5 -x040080 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 -x050080 SSL_CK_IDEA_128_CBC_WITH_MD5 -x060040 SSL_CK_DES_64_CBC_WITH_MD5 -x0700C0 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 -x080080 SSL_CK_RC4_64_WITH_MD5 -x00 TLS_NULL_WITH_NULL_NULL -x01 TLS_RSA_WITH_NULL_MD5 -x02 TLS_RSA_WITH_NULL_SHA -x03 TLS_RSA_EXPORT_WITH_RC4_40_MD5 -x04 TLS_RSA_WITH_RC4_128_MD5 -x05 TLS_RSA_WITH_RC4_128_SHA -x06 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 -x07 TLS_RSA_WITH_IDEA_CBC_SHA -x08 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA -x09 TLS_RSA_WITH_DES_CBC_SHA -x0A TLS_RSA_WITH_3DES_EDE_CBC_SHA -x0B TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA -x0C TLS_DH_DSS_WITH_DES_CBC_SHA -x0D TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA -x0E TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA -x0F TLS_DH_RSA_WITH_DES_CBC_SHA -x10 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA -x11 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA -x12 TLS_DHE_DSS_WITH_DES_CBC_SHA -x13 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA -x14 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA -x15 TLS_DHE_RSA_WITH_DES_CBC_SHA -x16 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA -x17 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 -x18 TLS_DH_anon_WITH_RC4_128_MD5 -x19 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA -x1A TLS_DH_anon_WITH_DES_CBC_SHA -x1B TLS_DH_anon_WITH_3DES_EDE_CBC_SHA -x1E TLS_KRB5_WITH_DES_CBC_SHA -x1F TLS_KRB5_WITH_3DES_EDE_CBC_SHA -x20 TLS_KRB5_WITH_RC4_128_SHA -x21 TLS_KRB5_WITH_IDEA_CBC_SHA -x22 TLS_KRB5_WITH_DES_CBC_MD5 -x23 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 -x24 TLS_KRB5_WITH_RC4_128_MD5 -x25 TLS_KRB5_WITH_IDEA_CBC_MD5 -x26 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA -x27 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA -x28 TLS_KRB5_EXPORT_WITH_RC4_40_SHA -x29 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 -x2A TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 -x2B TLS_KRB5_EXPORT_WITH_RC4_40_MD5 -x2C TLS_PSK_WITH_NULL_SHA -x2D TLS_DHE_PSK_WITH_NULL_SHA -x2E TLS_RSA_PSK_WITH_NULL_SHA -x2F TLS_RSA_WITH_AES_128_CBC_SHA -x30 TLS_DH_DSS_WITH_AES_128_CBC_SHA -x31 TLS_DH_RSA_WITH_AES_128_CBC_SHA -x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA -x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA -x34 TLS_DH_anon_WITH_AES_128_CBC_SHA -x35 TLS_RSA_WITH_AES_256_CBC_SHA -x36 TLS_DH_DSS_WITH_AES_256_CBC_SHA -x37 TLS_DH_RSA_WITH_AES_256_CBC_SHA -x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA -x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA -x3A TLS_DH_anon_WITH_AES_256_CBC_SHA -x3B TLS_RSA_WITH_NULL_SHA256 -x3C TLS_RSA_WITH_AES_128_CBC_SHA256 -x3D TLS_RSA_WITH_AES_256_CBC_SHA256 -x3E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 -x3F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 -x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 -x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA -x42 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA -x43 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA -x44 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA -x45 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA -x46 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA -x60 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 -x61 TLS_RSA_EXPORT1024_WITH_RC2_56_MD5 -x62 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA -x63 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA -x64 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA -x65 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA -x66 TLS_DHE_DSS_WITH_RC4_128_SHA -x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -x68 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 -x69 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 -x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 -x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 -x6C TLS_DH_anon_WITH_AES_128_CBC_SHA256 -x6D TLS_DH_anon_WITH_AES_256_CBC_SHA256 -x80 TLS_GOSTR341094_WITH_28147_CNT_IMIT -x81 TLS_GOSTR341001_WITH_28147_CNT_IMIT -x82 TLS_GOSTR341094_WITH_NULL_GOSTR3411 -x83 TLS_GOSTR341001_WITH_NULL_GOSTR3411 -x84 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA -x85 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA -x86 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA -x87 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA -x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA -x89 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA -x8A TLS_PSK_WITH_RC4_128_SHA -x8B TLS_PSK_WITH_3DES_EDE_CBC_SHA -x8C TLS_PSK_WITH_AES_128_CBC_SHA -x8D TLS_PSK_WITH_AES_256_CBC_SHA -x8E TLS_DHE_PSK_WITH_RC4_128_SHA -x8F TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA -x90 TLS_DHE_PSK_WITH_AES_128_CBC_SHA -x91 TLS_DHE_PSK_WITH_AES_256_CBC_SHA -x92 TLS_RSA_PSK_WITH_RC4_128_SHA -x93 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA -x94 TLS_RSA_PSK_WITH_AES_128_CBC_SHA -x95 TLS_RSA_PSK_WITH_AES_256_CBC_SHA -x96 TLS_RSA_WITH_SEED_CBC_SHA -x97 TLS_DH_DSS_WITH_SEED_CBC_SHA -x98 TLS_DH_RSA_WITH_SEED_CBC_SHA -x99 TLS_DHE_DSS_WITH_SEED_CBC_SHA -x9A TLS_DHE_RSA_WITH_SEED_CBC_SHA -x9B TLS_DH_anon_WITH_SEED_CBC_SHA -x9C TLS_RSA_WITH_AES_128_GCM_SHA256 -x9D TLS_RSA_WITH_AES_256_GCM_SHA384 -x9E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 -x9F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 -xA0 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 -xA1 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 -xA2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 -xA3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 -xA4 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 -xA5 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 -xA6 TLS_DH_anon_WITH_AES_128_GCM_SHA256 -xA7 TLS_DH_anon_WITH_AES_256_GCM_SHA384 -xA8 TLS_PSK_WITH_AES_128_GCM_SHA256 -xA9 TLS_PSK_WITH_AES_256_GCM_SHA384 -xAA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 -xAB TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 -xAC TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 -xAD TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 -xAE TLS_PSK_WITH_AES_128_CBC_SHA256 -xAF TLS_PSK_WITH_AES_256_CBC_SHA384 -xB0 TLS_PSK_WITH_NULL_SHA256 -xB1 TLS_PSK_WITH_NULL_SHA384 -xB2 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 -xB3 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 -xB4 TLS_DHE_PSK_WITH_NULL_SHA256 -xB5 TLS_DHE_PSK_WITH_NULL_SHA384 -xB6 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 -xB7 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 -xB8 TLS_RSA_PSK_WITH_NULL_SHA256 -xB9 TLS_RSA_PSK_WITH_NULL_SHA384 -xBA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 -xBB TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 -xBC TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 -xBD TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 -xBE TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 -xBF TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 -xC0 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 -xC1 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 -xC2 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 -xC3 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 -xC4 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 -xC5 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 -xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV -x5600 TLS_FALLBACK_SCSV -xC001 TLS_ECDH_ECDSA_WITH_NULL_SHA -xC002 TLS_ECDH_ECDSA_WITH_RC4_128_SHA -xC003 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -xC004 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -xC005 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -xC006 TLS_ECDHE_ECDSA_WITH_NULL_SHA -xC007 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -xC008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -xC009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -xC00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -xC00B TLS_ECDH_RSA_WITH_NULL_SHA -xC00C TLS_ECDH_RSA_WITH_RC4_128_SHA -xC00D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -xC00E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -xC00F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -xC010 TLS_ECDHE_RSA_WITH_NULL_SHA -xC011 TLS_ECDHE_RSA_WITH_RC4_128_SHA -xC012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -xC013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -xC014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -xC015 TLS_ECDH_anon_WITH_NULL_SHA -xC016 TLS_ECDH_anon_WITH_RC4_128_SHA -xC017 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA -xC018 TLS_ECDH_anon_WITH_AES_128_CBC_SHA -xC019 TLS_ECDH_anon_WITH_AES_256_CBC_SHA -xC01A TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA -xC01B TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA -xC01C TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA -xC01D TLS_SRP_SHA_WITH_AES_128_CBC_SHA -xC01E TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA -xC01F TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA -xC020 TLS_SRP_SHA_WITH_AES_256_CBC_SHA -xC021 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA -xC022 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA -xC023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -xC024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 -xC025 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -xC026 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 -xC027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -xC028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 -xC029 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -xC02A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 -xC02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -xC02C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -xC02D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 -xC02E TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 -xC02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -xC031 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 -xC032 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 -xC033 TLS_ECDHE_PSK_WITH_RC4_128_SHA -xC034 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA -xC035 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA -xC036 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA -xC037 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 -xC038 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 -xC039 TLS_ECDHE_PSK_WITH_NULL_SHA -xC03A TLS_ECDHE_PSK_WITH_NULL_SHA256 -xC03B TLS_ECDHE_PSK_WITH_NULL_SHA384 -xC03C TLS_RSA_WITH_ARIA_128_CBC_SHA256 -xC03D TLS_RSA_WITH_ARIA_256_CBC_SHA384 -xC03E TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 -xC03F TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 -xC040 TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 -xC041 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 -xC042 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 -xC043 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 -xC044 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 -xC045 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 -xC046 TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 -xC047 TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 -xC048 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 -xC049 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 -xC04A TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 -xC04B TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 -xC04C TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 -xC04D TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 -xC04E TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 -xC04F TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 -xC050 TLS_RSA_WITH_ARIA_128_GCM_SHA256 -xC051 TLS_RSA_WITH_ARIA_256_GCM_SHA384 -xC052 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 -xC053 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 -xC054 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 -xC055 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 -xC056 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 -xC057 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 -xC058 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 -xC059 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 -xC05A TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 -xC05B TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 -xC05C TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 -xC05D TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 -xC05E TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 -xC05F TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 -xC060 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 -xC061 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 -xC062 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 -xC063 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 -xC064 TLS_PSK_WITH_ARIA_128_CBC_SHA256 -xC065 TLS_PSK_WITH_ARIA_256_CBC_SHA384 -xC066 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 -xC067 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 -xC068 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 -xC069 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 -xC06A TLS_PSK_WITH_ARIA_128_GCM_SHA256 -xC06B TLS_PSK_WITH_ARIA_256_GCM_SHA384 -xC06C TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 -xC06D TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 -xC06E TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 -xC06F TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 -xC070 TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 -xC071 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 -xC072 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 -xC073 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 -xC074 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 -xC075 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 -xC076 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 -xC077 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 -xC078 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 -xC079 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 -xC07A TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 -xC07B TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 -xC07C TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 -xC07D TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 -xC07E TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 -xC07F TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 -xC080 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 -xC081 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 -xC082 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 -xC083 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 -xC084 TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 -xC085 TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 -xC086 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 -xC087 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 -xC088 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 -xC089 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 -xC08A TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 -xC08B TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 -xC08C TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 -xC08D TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 -xC08E TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 -xC08F TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 -xC090 TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 -xC091 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 -xC092 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 -xC093 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 -xC094 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 -xC095 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 -xC096 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 -xC097 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 -xC098 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 -xC099 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 -xC09A TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 -xC09B TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 -xC09C TLS_RSA_WITH_AES_128_CCM -xC09D TLS_RSA_WITH_AES_256_CCM -xC09E TLS_DHE_RSA_WITH_AES_128_CCM -xC09F TLS_DHE_RSA_WITH_AES_256_CCM -xC0A0 TLS_RSA_WITH_AES_128_CCM_8 -xC0A1 TLS_RSA_WITH_AES_256_CCM_8 -xC0A2 TLS_DHE_RSA_WITH_AES_128_CCM_8 -xC0A3 TLS_DHE_RSA_WITH_AES_256_CCM_8 -xC0A4 TLS_PSK_WITH_AES_128_CCM -xC0A5 TLS_PSK_WITH_AES_256_CCM -xC0A6 TLS_DHE_PSK_WITH_AES_128_CCM -xC0A7 TLS_DHE_PSK_WITH_AES_256_CCM -xC0A8 TLS_PSK_WITH_AES_128_CCM_8 -xC0A9 TLS_PSK_WITH_AES_256_CCM_8 -xC0AA TLS_PSK_DHE_WITH_AES_128_CCM_8 -xC0AB TLS_PSK_DHE_WITH_AES_256_CCM_8 -xC0AC TLS_ECDHE_ECDSA_WITH_AES_128_CCM -xC0AD TLS_ECDHE_ECDSA_WITH_AES_256_CCM -xC0AE TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 -xC0AF TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 -xCCA8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -xCCA9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -xCCAA TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -xCCAB TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 -xCCAC TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 -xCCAD TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 -xCCAE TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 -xCC13 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -xCC14 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -xCC15 OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -xFEFE SSL_RSA_FIPS_WITH_DES_CBC_SHA -xFEFF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA -xFFE0 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA -xFFE1 SSL_RSA_FIPS_WITH_DES_CBC_SHA diff --git a/testssl.sh b/testssl.sh index d0ddbad..1bd0750 100755 --- a/testssl.sh +++ b/testssl.sh @@ -93,7 +93,7 @@ readonly PROG_NAME=$(basename "$0") readonly RUN_DIR=$(dirname "$0") TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # if you run testssl.sh from a different path you can set either TESTSSL_INSTALL_DIR CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # or CA_BUNDLES_PATH to find the CA BUNDLES. TESTSSL_INSTALL_DIR helps you to find the RFC mapping also -MAPPING_FILE_RFC="" +CIPHERS_BY_STRENGTH_FILE="" OPENSSL_LOCATION="" HNAME="$(hostname)" HNAME="${HNAME%%.*}" @@ -344,7 +344,6 @@ c0,0d, c0,03, 00,0a, 00,63, 00,15, 00,12, 00,0f, 00,0c, 00,08, 00,06, 00,03, 00,ff" ###### Cipher suite information ##### -CIPHERS_BY_STRENGTH_FILE="" declare -i TLS_NR_CIPHERS=0 declare TLS_CIPHER_HEXCODE=() declare TLS_CIPHER_OSSL_NAME=() @@ -2041,8 +2040,9 @@ run_allciphers() { "$SSL_NATIVE" && using_sockets=false "$FAST" && using_sockets=false + [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false - if "$using_sockets"; then + if "$using_sockets"; then # get a list of all the cipher suites to test (only need the hexcode, ciph, kx, enc, and export values) for (( i=0; i < TLS_NR_CIPHERS; i++ )); do hexc=$(echo "${TLS_CIPHER_HEXCODE[i]}" | tr 'A-Z' 'a-z') @@ -2084,10 +2084,15 @@ run_allciphers() { outln if "$using_sockets"; then - pr_headlineln " Testing $nr_ciphers via sockets against the server, ordered by encryption strength " + pr_headlineln " Testing $nr_ciphers ciphers via sockets against the server, ordered by encryption strength " else pr_headlineln " Testing all $nr_ciphers locally available ciphers against the server, ordered by encryption strength " - "$HAS_DH_BITS" || pr_warningln " (Your $OPENSSL cannot show DH/ECDH bits)" + outln + [[ $TLS_NR_CIPHERS == 0 ]] && pr_warning " Cipher mapping not available, doing a fallback to openssl" + if ! "$HAS_DH_BITS"; then + [[ $TLS_NR_CIPHERS == 0 ]] && out "." + pr_warningln " Your $OPENSSL cannot show DH/ECDH bits" + fi fi outln neat_header @@ -3312,10 +3317,13 @@ run_client_simulation() { requiresSha2+=(false) outln + [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false if "$using_sockets"; then pr_headlineln " Running browser simulations via sockets (experimental) " else - pr_headlineln " Running browser simulations (experimental) " + pr_headline " Running browser simulations via openssl (experimental) " + [[ $TLS_NR_CIPHERS == 0 ]] && pr_warning ". Cipher mapping not available, Doing a fallback to openssl " + outln fi outln @@ -8360,42 +8368,38 @@ old_fart() { } # try very hard to determine the install path to get ahold of the mapping file and the CA bundles -# TESTSSL_INSTALL_DIR can be supplied via environment so that the RFC mapping and CA bundles can be found -# (mapping file provides "keycode/ RFC style name", see RFCs, cipher(1), +# TESTSSL_INSTALL_DIR can be supplied via environment so that the cipher mapping and CA bundles can be found # www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm get_install_dir() { [[ -z "$TESTSSL_INSTALL_DIR" ]] && TESTSSL_INSTALL_DIR="$(dirname ${BASH_SOURCE[0]})" - [[ -r "$RUN_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$RUN_DIR/etc/mapping-rfc.txt" - [[ -r "$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt" - if [[ ! -r "$MAPPING_FILE_RFC" ]]; then -# those will disapper: - [[ -r "$RUN_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$RUN_DIR/mapping-rfc.txt" - [[ -r "$TESTSSL_INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/mapping-rfc.txt" + [[ -r "$RUN_DIR/etc/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$RUN_DIR/etc/cipher-mapping.txt" + [[ -r "$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt" + if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]]; then + [[ -r "$RUN_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$RUN_DIR/cipher-mapping.txt" + [[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt" fi - # we haven't found the mapping file yet... + # we haven't found the cipher file yet... if [[ ! -r "$mapping_file_rfc" ]] && which readlink &>/dev/null ; then readlink -f ls &>/dev/null && \ TESTSSL_INSTALL_DIR=$(readlink -f $(basename ${BASH_SOURCE[0]})) || \ TESTSSL_INSTALL_DIR=$(readlink $(basename ${BASH_SOURCE[0]})) # not sure whether Darwin has -f TESTSSL_INSTALL_DIR=$(dirname $TESTSSL_INSTALL_DIR 2>/dev/null) - [[ -r "$TESTSSL_INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/mapping-rfc.txt" - [[ -r "$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt" -# will disappear: + [[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt" + [[ -r "$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt" fi - # still no mapping file: - if [[ ! -r "$MAPPING_FILE_RFC" ]] && which realpath &>/dev/null ; then + # still no cipher mapping file: + if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && which realpath &>/dev/null ; then TESTSSL_INSTALL_DIR=$(dirname $(realpath ${BASH_SOURCE[0]})) - MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt" -# will disappear - [[ -r "$TESTSSL_INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/mapping-rfc.txt" + CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt" + [[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt" fi - [[ ! -r "$mapping_file_rfc" ]] && pr_warningln "\nNo mapping file found" - debugme echo "$mapping_file_rfc" + [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && pr_warningln "\nNo cipher mapping file in \$TESTSSL_INSTALL_DIR/etc/ found" + debugme echo "$CIPHERS_BY_STRENGTH_FILE" } @@ -8747,374 +8751,12 @@ EOF $OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL' &>$TEMPDIR/all_local_ciphers.txt fi # see also $TEMPDIR/s_client_has.txt from find_openssl_binary - CIPHERS_BY_STRENGTH_FILE=$(mktemp $TEMPDIR/ciphers_by_strength.XXXXXX) -#FIXME: better externally: separation of code and data - cat >$CIPHERS_BY_STRENGTH_FILE << EOF - 0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305-OLD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD - 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305-OLD TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD - 0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305-OLD TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD - 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD - 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD - 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 - 0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 - 0xC0,0x14 - ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 - 0xC0,0x0A - ECDHE-ECDSA-AES256-SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 - 0xC0,0x22 - SRP-DSS-AES-256-CBC-SHA TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1 - 0xC0,0x21 - SRP-RSA-AES-256-CBC-SHA TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 - 0xC0,0x20 - SRP-AES-256-CBC-SHA TLS_SRP_SHA_WITH_AES_256_CBC_SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 - 0x00,0xB7 - RSA-PSK-AES256-CBC-SHA384 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 - 0x00,0xB3 - DHE-PSK-AES256-CBC-SHA384 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384 - 0x00,0x91 - DHE-PSK-AES256-CBC-SHA TLS_DHE_PSK_WITH_AES_256_CBC_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1 - 0xC0,0x9B - ECDHE-PSK-CAMELLIA256-SHA384 TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384 - 0xC0,0x99 - RSA-PSK-CAMELLIA256-SHA384 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(256) Mac=SHA384 - 0xC0,0x97 - DHE-PSK-CAMELLIA256-SHA384 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384 - 0x00,0xAF - PSK-AES256-CBC-SHA384 TLS_PSK_WITH_AES_256_CBC_SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384 - 0xC0,0x95 - PSK-CAMELLIA256-SHA384 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLSv1 Kx=PSK Au=PSK Enc=Camellia(256) Mac=SHA384 - 0x00,0xA5 - DH-DSS-AES256-GCM-SHA384 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD - 0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD - 0x00,0xA1 - DH-RSA-AES256-GCM-SHA384 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD - 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD - 0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD - 0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD - 0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD - 0xC0,0xAF - ECDHE-ECDSA-AES256-CCM8 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD - 0xC0,0xAD - ECDHE-ECDSA-AES256-CCM TLS_ECDHE_ECDSA_WITH_AES_256_CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD - 0xC0,0xA3 - DHE-RSA-AES256-CCM8 TLS_DHE_RSA_WITH_AES_256_CCM_8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD - 0xC0,0x9F - DHE-RSA-AES256-CCM TLS_DHE_RSA_WITH_AES_256_CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD - 0x00,0x6B - DHE-RSA-AES256-SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 - 0x00,0x6A - DHE-DSS-AES256-SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 - 0x00,0x69 - DH-RSA-AES256-SHA256 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256 - 0x00,0x68 - DH-DSS-AES256-SHA256 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256 - 0x00,0x39 - DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 - 0x00,0x38 - DHE-DSS-AES256-SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 - 0x00,0x37 - DH-RSA-AES256-SHA TLS_DH_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1 - 0x00,0x36 - DH-DSS-AES256-SHA TLS_DH_DSS_WITH_AES_256_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1 - 0xC0,0x77 - ECDHE-RSA-CAMELLIA256-SHA384 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 - 0xC0,0x73 - ECDHE-ECDSA-CAMELLIA256-SHA384 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 - 0x00,0xC4 - DHE-RSA-CAMELLIA256-SHA256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 - 0x00,0xC3 - DHE-DSS-CAMELLIA256-SHA256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256 - 0x00,0xC2 - DH-RSA-CAMELLIA256-SHA256 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA256 - 0x00,0xC1 - DH-DSS-CAMELLIA256-SHA256 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA256 - 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 - 0x00,0x87 - DHE-DSS-CAMELLIA256-SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 - 0x00,0x86 - DH-RSA-CAMELLIA256-SHA TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1 - 0x00,0x85 - DH-DSS-CAMELLIA256-SHA TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1 - 0xC0,0x19 - AECDH-AES256-SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1 - 0x00,0xA7 - ADH-AES256-GCM-SHA384 TLS_DH_anon_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD - 0x00,0x6D - ADH-AES256-SHA256 TLS_DH_anon_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256 - 0x00,0x3A - ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 - 0x00,0xC5 - ADH-CAMELLIA256-SHA256 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256 - 0x00,0x89 - ADH-CAMELLIA256-SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1 - 0x00,0xAD - RSA-PSK-AES256-GCM-SHA384 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD - 0x00,0xAB - DHE-PSK-AES256-GCM-SHA384 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD - 0xCC,0xAE - RSA-PSK-CHACHA20-POLY1305 TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ChaCha20(256) Mac=AEAD - 0xCC,0xAD - DHE-PSK-CHACHA20-POLY1305 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ChaCha20(256) Mac=AEAD - 0xCC,0xAC - ECDHE-PSK-CHACHA20-POLY1305 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=ChaCha20(256) Mac=AEAD - 0xC0,0xAB - DHE-PSK-AES256-CCM8 TLS_PSK_DHE_WITH_AES_256_CCM_8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD - 0xC0,0xA7 - DHE-PSK-AES256-CCM TLS_DHE_PSK_WITH_AES_256_CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD - 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD - 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD - 0xC0,0x2A - ECDH-RSA-AES256-SHA384 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 - 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 - 0xC0,0x0F - ECDH-RSA-AES256-SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 - 0xC0,0x05 - ECDH-ECDSA-AES256-SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 - 0xC0,0x79 - ECDH-RSA-CAMELLIA256-SHA384 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(256) Mac=SHA384 - 0xC0,0x75 - ECDH-ECDSA-CAMELLIA256-SHA384 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(256) Mac=SHA384 - 0x00,0x9D - AES256-GCM-SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD - 0xC0,0xA1 - AES256-CCM8 TLS_RSA_WITH_AES_256_CCM_8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD - 0xC0,0x9D - AES256-CCM TLS_RSA_WITH_AES_256_CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD - 0x00,0xA9 - PSK-AES256-GCM-SHA384 TLS_PSK_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD - 0xCC,0xAB - PSK-CHACHA20-POLY1305 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ChaCha20(256) Mac=AEAD - 0xC0,0xA9 - PSK-AES256-CCM8 TLS_PSK_WITH_AES_256_CCM_8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD - 0xC0,0xA5 - PSK-AES256-CCM TLS_PSK_WITH_AES_256_CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD - 0x00,0x3D - AES256-SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 - 0x00,0x35 - AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 - 0x00,0xC0 - CAMELLIA256-SHA256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 - 0xC0,0x38 - ECDHE-PSK-AES256-CBC-SHA384 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384 - 0xC0,0x36 - ECDHE-PSK-AES256-CBC-SHA TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1 - 0x00,0x84 - CAMELLIA256-SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 - 0x00,0x95 - RSA-PSK-AES256-CBC-SHA TLS_RSA_PSK_WITH_AES_256_CBC_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1 - 0x00,0x8D - PSK-AES256-CBC-SHA TLS_PSK_WITH_AES_256_CBC_SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 - 0xC0,0x3D - - TLS_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIA(256) Mac=SHA384 - 0xC0,0x3F - - TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=ARIA(256) Mac=SHA384 - 0xC0,0x41 - - TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=ARIA(256) Mac=SHA384 - 0xC0,0x43 - - TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIA(256) Mac=SHA384 - 0xC0,0x45 - - TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIA(256) Mac=SHA384 - 0xC0,0x47 - - TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=DH Au=None Enc=ARIA(256) Mac=SHA384 - 0xC0,0x49 - - TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIA(256) Mac=SHA384 - 0xC0,0x4B - - TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=ARIA(256) Mac=SHA384 - 0xC0,0x4D - - TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIA(256) Mac=SHA384 - 0xC0,0x4F - - TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=ARIA(256) Mac=SHA384 - 0xC0,0x51 - - TLS_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIA(256) Mac=AEAD - 0xC0,0x53 - - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIA(256) Mac=AEAD - 0xC0,0x55 - - TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=ARIA(256) Mac=AEAD - 0xC0,0x57 - - TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIA(256) Mac=AEAD - 0xC0,0x59 - - TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=ARIA(256) Mac=AEAD - 0xC0,0x5B - - TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=None Enc=ARIA(256) Mac=AEAD - 0xC0,0x5D - - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIA(256) Mac=AEAD - 0xC0,0x5F - - TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=ARIA(256) Mac=AEAD - 0xC0,0x61 - - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIA(256) Mac=AEAD - 0xC0,0x63 - - TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=ARIA(256) Mac=AEAD - 0xC0,0x65 - - TLS_PSK_WITH_ARIA_256_CBC_SHA384 TLSv1 Kx=PSK Au=PSK Enc=ARIA(256) Mac=SHA384 - 0xC0,0x67 - - TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=ARIA(256) Mac=SHA384 - 0xC0,0x69 - - TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=ARIA(256) Mac=SHA384 - 0xC0,0x6B - - TLS_PSK_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=ARIA(256) Mac=AEAD - 0xC0,0x6D - - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIA(256) Mac=AEAD - 0xC0,0x6F - - TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIA(256) Mac=AEAD - 0xC0,0x71 - - TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=ARIA(256) Mac=SHA384 - 0xC0,0x7B - - TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x7D - - TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=RSA Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x7F - - TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x81 - - TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=DSS Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x83 - - TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x85 - - TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DH Au=None Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x87 - - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x89 - - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x8B - - TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x8D - - TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x8F - - TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x91 - - TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CamelliaGCM(256) Mac=AEAD - 0xC0,0x93 - - TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CamelliaGCM(256) Mac=AEAD - 0x00,0x80 - GOST94-GOST89-GOST89 TLS_GOSTR341094_WITH_28147_CNT_IMIT TLSv1 Kx=GOST Au=GOST94 Enc=GOST(256) Mac=GOST89IMIT - 0x00,0x81 - GOST2001-GOST89-GOST89 TLS_GOSTR341001_WITH_28147_CNT_IMIT SSLv3 Kx=GOST Au=GOST01 Enc=GOST(256) Mac=GOST89IMIT - 0xFF,0x00 - GOST-MD5 TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5 TLSv1 Kx=RSA Au=RSA Enc=GOST(256) Mac=MD5 - 0xFF,0x01 - GOST-GOST94 TLS_RSA_WITH_28147_CNT_GOST94 TLSv1 Kx=RSA Au=RSA Enc=GOST(256) Mac=GOST94 - 0xFF,0x02 - GOST-GOST89MAC - TLSv1 Kx=RSA Au=RSA Enc=GOST(256) Mac=GOST89IMIT - 0xFF,0x03 - GOST-GOST89STREAM - TLSv1 Kx=RSA Au=RSA Enc=GOST(256) Mac=GOST89IMIT - 0xFF,0x85 - GOST2012256-GOST89-GOST89 - SSLv3 Kx=GOST Au=GOST01 Enc=GOST(256) Mac=GOST89IMIT - 0x16,0xB7 - - TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=CECPQ1 Au=RSA Enc=ChaCha20(256) Mac=AEAD - 0x16,0xB8 - - TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLSv1.2 Kx=CECPQ1 Au=ECDSA Enc=ChaCha20(256) Mac=AEAD - 0x16,0xB9 - - TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=CECPQ1 Au=RSA Enc=AESGCM(256) Mac=AEAD - 0x16,0xBA - - TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=CECPQ1 Au=ECDSA Enc=AESGCM(256) Mac=AEAD - 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD - 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD - 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 - 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 - 0xC0,0x13 - ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 - 0xC0,0x09 - ECDHE-ECDSA-AES128-SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 - 0xC0,0x1F - SRP-DSS-AES-128-CBC-SHA TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1 - 0xC0,0x1E - SRP-RSA-AES-128-CBC-SHA TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 - 0xC0,0x1D - SRP-AES-128-CBC-SHA TLS_SRP_SHA_WITH_AES_128_CBC_SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 - 0x00,0xA4 - DH-DSS-AES128-GCM-SHA256 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD - 0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD - 0x00,0xA0 - DH-RSA-AES128-GCM-SHA256 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD - 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD - 0xC0,0xAE - ECDHE-ECDSA-AES128-CCM8 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD - 0xC0,0xAC - ECDHE-ECDSA-AES128-CCM TLS_ECDHE_ECDSA_WITH_AES_128_CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD - 0xC0,0xA2 - DHE-RSA-AES128-CCM8 TLS_DHE_RSA_WITH_AES_128_CCM_8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD - 0xC0,0x9E - DHE-RSA-AES128-CCM TLS_DHE_RSA_WITH_AES_128_CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD - 0x00,0xAC - RSA-PSK-AES128-GCM-SHA256 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD - 0x00,0xAA - DHE-PSK-AES128-GCM-SHA256 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD - 0xC0,0xAA - DHE-PSK-AES128-CCM8 TLS_PSK_DHE_WITH_AES_128_CCM_8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD - 0xC0,0xA6 - DHE-PSK-AES128-CCM TLS_DHE_PSK_WITH_AES_128_CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD - 0xC0,0xA0 - AES128-CCM8 TLS_RSA_WITH_AES_128_CCM_8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD - 0xC0,0x9C - AES128-CCM TLS_RSA_WITH_AES_128_CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD - 0x00,0xA8 - PSK-AES128-GCM-SHA256 TLS_PSK_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD - 0xC0,0xA8 - PSK-AES128-CCM8 TLS_PSK_WITH_AES_128_CCM_8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD - 0xC0,0xA4 - PSK-AES128-CCM TLS_PSK_WITH_AES_128_CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD - 0x00,0x67 - DHE-RSA-AES128-SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 - 0x00,0x40 - DHE-DSS-AES128-SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 - 0x00,0x3F - DH-RSA-AES128-SHA256 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256 - 0x00,0x3E - DH-DSS-AES128-SHA256 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256 - 0x00,0x33 - DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 - 0x00,0x32 - DHE-DSS-AES128-SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 - 0x00,0x31 - DH-RSA-AES128-SHA TLS_DH_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1 - 0x00,0x30 - DH-DSS-AES128-SHA TLS_DH_DSS_WITH_AES_128_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1 - 0xC0,0x76 - ECDHE-RSA-CAMELLIA128-SHA256 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 - 0xC0,0x72 - ECDHE-ECDSA-CAMELLIA128-SHA256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 - 0x00,0xBE - DHE-RSA-CAMELLIA128-SHA256 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 - 0x00,0xBD - DHE-DSS-CAMELLIA128-SHA256 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256 - 0x00,0xBC - DH-RSA-CAMELLIA128-SHA256 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA256 - 0x00,0xBB - DH-DSS-CAMELLIA128-SHA256 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA256 - 0x00,0x9A - DHE-RSA-SEED-SHA TLS_DHE_RSA_WITH_SEED_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 - 0x00,0x99 - DHE-DSS-SEED-SHA TLS_DHE_DSS_WITH_SEED_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 - 0x00,0x98 - DH-RSA-SEED-SHA TLS_DH_RSA_WITH_SEED_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=SEED(128) Mac=SHA1 - 0x00,0x97 - DH-DSS-SEED-SHA TLS_DH_DSS_WITH_SEED_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=SEED(128) Mac=SHA1 - 0x00,0x45 - DHE-RSA-CAMELLIA128-SHA TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 - 0x00,0x44 - DHE-DSS-CAMELLIA128-SHA TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 - 0x00,0x43 - DH-RSA-CAMELLIA128-SHA TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1 - 0x00,0x42 - DH-DSS-CAMELLIA128-SHA TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1 - 0xC0,0x18 - AECDH-AES128-SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1 - 0x00,0xA6 - ADH-AES128-GCM-SHA256 TLS_DH_anon_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD - 0x00,0x6C - ADH-AES128-SHA256 TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256 - 0x00,0x34 - ADH-AES128-SHA TLS_DH_anon_WITH_AES_128_CBC_SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 - 0x00,0xBF - ADH-CAMELLIA128-SHA256 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256 - 0x00,0x9B - ADH-SEED-SHA TLS_DH_anon_WITH_SEED_CBC_SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1 - 0x00,0x46 - ADH-CAMELLIA128-SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1 - 0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD - 0xC0,0x2D - ECDH-ECDSA-AES128-GCM-SHA256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD - 0xC0,0x29 - ECDH-RSA-AES128-SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256 - 0xC0,0x25 - ECDH-ECDSA-AES128-SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 - 0xC0,0x0E - ECDH-RSA-AES128-SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 - 0xC0,0x04 - ECDH-ECDSA-AES128-SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 - 0xC0,0x78 - ECDH-RSA-CAMELLIA128-SHA256 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(128) Mac=SHA256 - 0xC0,0x74 - ECDH-ECDSA-CAMELLIA128-SHA256 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(128) Mac=SHA256 - 0x00,0x9C - AES128-GCM-SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD - 0x00,0x3C - AES128-SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 - 0x00,0x2F - AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 - 0x00,0xBA - CAMELLIA128-SHA256 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 - 0xC0,0x37 - ECDHE-PSK-AES128-CBC-SHA256 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 - 0xC0,0x35 - ECDHE-PSK-AES128-CBC-SHA TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1 - 0x00,0xB6 - RSA-PSK-AES128-CBC-SHA256 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 - 0x00,0xB2 - DHE-PSK-AES128-CBC-SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 - 0x00,0x90 - DHE-PSK-AES128-CBC-SHA TLS_DHE_PSK_WITH_AES_128_CBC_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1 - 0x00,0x96 - SEED-SHA TLS_RSA_WITH_SEED_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1 - 0x00,0x41 - CAMELLIA128-SHA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 - 0xC0,0x9A - ECDHE-PSK-CAMELLIA128-SHA256 TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256 - 0xC0,0x98 - RSA-PSK-CAMELLIA128-SHA256 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(128) Mac=SHA256 - 0xC0,0x96 - DHE-PSK-CAMELLIA128-SHA256 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256 - 0x00,0xAE - PSK-AES128-CBC-SHA256 TLS_PSK_WITH_AES_128_CBC_SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256 - 0xC0,0x94 - PSK-CAMELLIA128-SHA256 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLSv1 Kx=PSK Au=PSK Enc=Camellia(128) Mac=SHA256 - 0x00,0x07 - IDEA-CBC-SHA TLS_RSA_WITH_IDEA_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 - 0x05,0x00,0x80 - IDEA-CBC-MD5 SSL_CK_IDEA_128_CBC_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5 - 0x03,0x00,0x80 - RC2-CBC-MD5 SSL_CK_RC2_128_CBC_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 - 0x00,0x94 - RSA-PSK-AES128-CBC-SHA TLS_RSA_PSK_WITH_AES_128_CBC_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1 - 0x00,0x8C - PSK-AES128-CBC-SHA TLS_PSK_WITH_AES_128_CBC_SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 - 0x00,0x21 - KRB5-IDEA-CBC-SHA TLS_KRB5_WITH_IDEA_CBC_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=SHA1 - 0x00,0x25 - KRB5-IDEA-CBC-MD5 TLS_KRB5_WITH_IDEA_CBC_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=MD5 - 0xC0,0x3C - - TLS_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIA(128) Mac=SHA256 - 0xC0,0x3E - - TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=ARIA(128) Mac=SHA256 - 0xC0,0x40 - - TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=ARIA(128) Mac=SHA256 - 0xC0,0x42 - - TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIA(128) Mac=SHA256 - 0xC0,0x44 - - TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIA(128) Mac=SHA256 - 0xC0,0x46 - - TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=DH Au=None Enc=ARIA(128) Mac=SHA256 - 0xC0,0x48 - - TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIA(128) Mac=SHA256 - 0xC0,0x4A - - TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=ARIA(128) Mac=SHA256 - 0xC0,0x4C - - TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIA(128) Mac=SHA256 - 0xC0,0x4E - - TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=ARIA(128) Mac=SHA256 - 0xC0,0x50 - - TLS_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIA(128) Mac=AEAD - 0xC0,0x52 - - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIA(128) Mac=AEAD - 0xC0,0x54 - - TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=ARIA(128) Mac=AEAD - 0xC0,0x56 - - TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIA(128) Mac=AEAD - 0xC0,0x58 - - TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=ARIA(128) Mac=AEAD - 0xC0,0x5A - - TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=None Enc=ARIA(128) Mac=AEAD - 0xC0,0x5C - - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIA(128) Mac=AEAD - 0xC0,0x5E - - TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=ARIA(128) Mac=AEAD - 0xC0,0x60 - - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIA(128) Mac=AEAD - 0xC0,0x62 - - TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=ARIA(128) Mac=AEAD - 0xC0,0x64 - - TLS_PSK_WITH_ARIA_128_CBC_SHA256 TLSv1 Kx=PSK Au=PSK Enc=ARIA(128) Mac=SHA256 - 0xC0,0x66 - - TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=ARIA(128) Mac=SHA256 - 0xC0,0x68 - - TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=ARIA(128) Mac=SHA256 - 0xC0,0x6A - - TLS_PSK_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ARIA(128) Mac=AEAD - 0xC0,0x6C - - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIA(128) Mac=AEAD - 0xC0,0x6E - - TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIA(128) Mac=AEAD - 0xC0,0x70 - - TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=ARIA(128) Mac=SHA256 - 0xC0,0x7A - - TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x7C - - TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=RSA Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x7E - - TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x80 - - TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=DSS Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x82 - - TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x84 - - TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DH Au=None Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x86 - - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x88 - - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x8A - - TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x8C - - TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x8E - - TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x90 - - TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x92 - - TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CamelliaGCM(128) Mac=AEAD - 0xC0,0x11 - ECDHE-RSA-RC4-SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 - 0xC0,0x07 - ECDHE-ECDSA-RC4-SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 - 0x00,0x66 - DHE-DSS-RC4-SHA TLS_DHE_DSS_WITH_RC4_128_SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1 - 0xC0,0x16 - AECDH-RC4-SHA TLS_ECDH_anon_WITH_RC4_128_SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 - 0x00,0x18 - ADH-RC4-MD5 TLS_DH_anon_WITH_RC4_128_MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5 - 0xC0,0x0C - ECDH-RSA-RC4-SHA TLS_ECDH_RSA_WITH_RC4_128_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1 - 0xC0,0x02 - ECDH-ECDSA-RC4-SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1 - 0x00,0x05 - RC4-SHA TLS_RSA_WITH_RC4_128_SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 - 0x00,0x04 - RC4-MD5 TLS_RSA_WITH_RC4_128_MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 - 0x01,0x00,0x80 - RC4-MD5 SSL_CK_RC4_128_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 - 0x00,0x92 - RSA-PSK-RC4-SHA TLS_RSA_PSK_WITH_RC4_128_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=RC4(128) Mac=SHA1 - 0x00,0x8A - PSK-RC4-SHA TLS_PSK_WITH_RC4_128_SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1 - 0x00,0x20 - KRB5-RC4-SHA TLS_KRB5_WITH_RC4_128_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1 - 0x00,0x24 - KRB5-RC4-MD5 TLS_KRB5_WITH_RC4_128_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5 - 0xC0,0x33 - ECDHE-PSK-RC4-SHA TLS_ECDHE_PSK_WITH_RC4_128_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=RC4(128) Mac=SHA1 - 0x00,0x8E - DHE-PSK-RC4-SHA TLS_DHE_PSK_WITH_RC4_128_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=RC4(128) Mac=SHA1 - 0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1 - 0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 - 0xC0,0x1C - SRP-DSS-3DES-EDE-CBC-SHA TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1 - 0xC0,0x1B - SRP-RSA-3DES-EDE-CBC-SHA TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1 - 0xC0,0x1A - SRP-3DES-EDE-CBC-SHA TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1 - 0x00,0x16 - EDH-RSA-DES-CBC3-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 - 0x00,0x13 - EDH-DSS-DES-CBC3-SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 - 0x00,0x10 - DH-RSA-DES-CBC3-SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1 - 0x00,0x0D - DH-DSS-DES-CBC3-SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1 - 0xC0,0x17 - AECDH-DES-CBC3-SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168) Mac=SHA1 - 0x00,0x1B - ADH-DES-CBC3-SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1 - 0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 - 0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1 - 0x00,0x0A - DES-CBC3-SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 - 0x07,0x00,0xC0 - DES-CBC3-MD5 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 - 0x00,0x93 - RSA-PSK-3DES-EDE-CBC-SHA TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=3DES(168) Mac=SHA1 - 0x00,0x8B - PSK-3DES-EDE-CBC-SHA TLS_PSK_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1 - 0x00,0x1F - KRB5-DES-CBC3-SHA TLS_KRB5_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1 - 0x00,0x23 - KRB5-DES-CBC3-MD5 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5 - 0xC0,0x34 - ECDHE-PSK-3DES-EDE-CBC-SHA TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=3DES(168) Mac=SHA1 - 0x00,0x8F - DHE-PSK-3DES-EDE-CBC-SHA TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=3DES(168) Mac=SHA1 - 0xFE,0xFF - - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 - 0xFF,0xE0 - - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 - 0x08,0x00,0x80 - RC4-64-MD5 SSL_CK_RC4_64_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5 - 0x00,0x63 - EXP1024-DHE-DSS-DES-CBC-SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export - 0x00,0x15 - EDH-RSA-DES-CBC-SHA TLS_DHE_RSA_WITH_DES_CBC_SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 - 0x00,0x12 - EDH-DSS-DES-CBC-SHA TLS_DHE_DSS_WITH_DES_CBC_SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 - 0x00,0x0F - DH-RSA-DES-CBC-SHA TLS_DH_RSA_WITH_DES_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(56) Mac=SHA1 - 0x00,0x0C - DH-DSS-DES-CBC-SHA TLS_DH_DSS_WITH_DES_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(56) Mac=SHA1 - 0x00,0x1A - ADH-DES-CBC-SHA TLS_DH_anon_WITH_DES_CBC_SHA SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1 - 0x00,0x62 - EXP1024-DES-CBC-SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export - 0x00,0x09 - DES-CBC-SHA TLS_RSA_WITH_DES_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 - 0x00,0x61 - EXP1024-RC2-CBC-MD5 TLS_RSA_EXPORT1024_WITH_RC2_56_MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export - 0x06,0x00,0x40 - DES-CBC-MD5 SSL_CK_DES_64_CBC_WITH_MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 - 0x00,0x1E - KRB5-DES-CBC-SHA TLS_KRB5_WITH_DES_CBC_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(56) Mac=SHA1 - 0x00,0x22 - KRB5-DES-CBC-MD5 TLS_KRB5_WITH_DES_CBC_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(56) Mac=MD5 - 0xFE,0xFE - - SSL_RSA_FIPS_WITH_DES_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 - 0xFF,0xE1 - - SSL_RSA_FIPS_WITH_DES_CBC_SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 - 0x00,0x65 - EXP1024-DHE-DSS-RC4-SHA TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export - 0x00,0x64 - EXP1024-RC4-SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export - 0x00,0x60 - EXP1024-RC4-MD5 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export - 0x00,0x14 - EXP-EDH-RSA-DES-CBC-SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export - 0x00,0x11 - EXP-EDH-DSS-DES-CBC-SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export - 0x00,0x19 - EXP-ADH-DES-CBC-SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export - 0x00,0x08 - EXP-DES-CBC-SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export - 0x00,0x06 - EXP-RC2-CBC-MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export - 0x04,0x00,0x80 - EXP-RC2-CBC-MD5 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export - 0x00,0x27 - EXP-KRB5-RC2-CBC-SHA TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=SHA1 export - 0x00,0x26 - EXP-KRB5-DES-CBC-SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=SHA1 export - 0x00,0x2A - EXP-KRB5-RC2-CBC-MD5 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=MD5 export - 0x00,0x29 - EXP-KRB5-DES-CBC-MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=MD5 export - 0x00,0x0B - - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(40) Mac=SHA1 export - 0x00,0x0E - - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(40) Mac=SHA1 export - 0x00,0x17 - EXP-ADH-RC4-MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export - 0x00,0x03 - EXP-RC4-MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export - 0x02,0x00,0x80 - EXP-RC4-MD5 SSL_CK_RC4_128_EXPORT40_WITH_MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export - 0x00,0x28 - EXP-KRB5-RC4-SHA TLS_KRB5_EXPORT_WITH_RC4_40_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=SHA1 export - 0x00,0x2B - EXP-KRB5-RC4-MD5 TLS_KRB5_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=MD5 export - 0xC0,0x10 - ECDHE-RSA-NULL-SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1 - 0xC0,0x06 - ECDHE-ECDSA-NULL-SHA TLS_ECDHE_ECDSA_WITH_NULL_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1 - 0xC0,0x15 - AECDH-NULL-SHA TLS_ECDH_anon_WITH_NULL_SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1 - 0xC0,0x0B - ECDH-RSA-NULL-SHA TLS_ECDH_RSA_WITH_NULL_SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=None Mac=SHA1 - 0xC0,0x01 - ECDH-ECDSA-NULL-SHA TLS_ECDH_ECDSA_WITH_NULL_SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=None Mac=SHA1 - 0xC0,0x3B - ECDHE-PSK-NULL-SHA384 TLS_ECDHE_PSK_WITH_NULL_SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA384 - 0xC0,0x3A - ECDHE-PSK-NULL-SHA256 TLS_ECDHE_PSK_WITH_NULL_SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA256 - 0xC0,0x39 - ECDHE-PSK-NULL-SHA TLS_ECDHE_PSK_WITH_NULL_SHA SSLv3 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA1 - 0x00,0xB9 - RSA-PSK-NULL-SHA384 TLS_RSA_PSK_WITH_NULL_SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA384 - 0x00,0xB8 - RSA-PSK-NULL-SHA256 TLS_RSA_PSK_WITH_NULL_SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA256 - 0x00,0xB5 - DHE-PSK-NULL-SHA384 TLS_DHE_PSK_WITH_NULL_SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA384 - 0x00,0xB4 - DHE-PSK-NULL-SHA256 TLS_DHE_PSK_WITH_NULL_SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA256 - 0x00,0x2E - RSA-PSK-NULL-SHA TLS_RSA_PSK_WITH_NULL_SHA SSLv3 Kx=RSAPSK Au=RSA Enc=None Mac=SHA1 - 0x00,0x2D - DHE-PSK-NULL-SHA TLS_DHE_PSK_WITH_NULL_SHA SSLv3 Kx=DHEPSK Au=PSK Enc=None Mac=SHA1 - 0x00,0xB1 - PSK-NULL-SHA384 TLS_PSK_WITH_NULL_SHA384 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA384 - 0x00,0xB0 - PSK-NULL-SHA256 TLS_PSK_WITH_NULL_SHA256 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA256 - 0x00,0x2C - PSK-NULL-SHA TLS_PSK_WITH_NULL_SHA SSLv3 Kx=PSK Au=PSK Enc=None Mac=SHA1 - 0x00,0x3B - NULL-SHA256 TLS_RSA_WITH_NULL_SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=None Mac=SHA256 - 0x00,0x02 - NULL-SHA TLS_RSA_WITH_NULL_SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1 - 0x00,0x01 - NULL-MD5 TLS_RSA_WITH_NULL_MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5 - 0x00,0x82 - GOST94-NULL-GOST94 TLS_GOSTR341094_WITH_NULL_GOSTR3411 TLSv1 Kx=GOST Au=GOST94 Enc=None Mac=GOSTR3411 - 0x00,0x83 - GOST2001-NULL-GOST94 TLS_GOSTR341001_WITH_NULL_GOSTR3411 SSLv3 Kx=GOST Au=GOST01 Enc=None Mac=GOST94 - 0xFF,0x87 - GOST2012256-NULL-STREEBOG256 - SSLv3 Kx=GOST Au=GOST01 Enc=None Mac=STREEBOG256 -EOF - - while read TLS_CIPHER_HEXCODE[TLS_NR_CIPHERS] n TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS] TLS_CIPHER_RFC_NAME[TLS_NR_CIPHERS] TLS_CIPHER_SSLVERS[TLS_NR_CIPHERS] TLS_CIPHER_KX[TLS_NR_CIPHERS] TLS_CIPHER_AUTH[TLS_NR_CIPHERS] TLS_CIPHER_ENC[TLS_NR_CIPHERS] TLS_CIPHER_EXPORT[TLS_NR_CIPHERS]; do - TLS_NR_CIPHERS+=1 - done < $CIPHERS_BY_STRENGTH_FILE + if [[ -e $CIPHERS_BY_STRENGTH_FILE ]]; then + while read TLS_CIPHER_HEXCODE[TLS_NR_CIPHERS] n TLS_CIPHER_OSSL_NAME[TLS_NR_CIPHERS] TLS_CIPHER_RFC_NAME[TLS_NR_CIPHERS] TLS_CIPHER_SSLVERS[TLS_NR_CIPHERS] TLS_CIPHER_KX[TLS_NR_CIPHERS] TLS_CIPHER_AUTH[TLS_NR_CIPHERS] TLS_CIPHER_ENC[TLS_NR_CIPHERS] TLS_CIPHER_EXPORT[TLS_NR_CIPHERS]; do + TLS_NR_CIPHERS+=1 + done < $CIPHERS_BY_STRENGTH_FILE + fi } @@ -10518,5 +10160,3 @@ fi exit $? - -# $Id: testssl.sh,v 1.562 2016/11/05 13:55:29 dirkw Exp $ From a18dd45f1f1f62a6cefd1f8ff17c32720056e079 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 17 Nov 2016 12:04:24 -0500 Subject: [PATCH 8/8] Extend TLS ServerHello parsing (part 4) This PR adds parsing of the CertificateStatus message to `parse_tls_serverhello()`. If the caller requests that the "full" response be parsed, then the CertificateStatus message is parsed, and the OCSP response is added to $TMPFILE, in a manner similar to the output of `$OPENSSL s_client` when the `-status` option is used. --- testssl.sh | 74 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 7 deletions(-) diff --git a/testssl.sh b/testssl.sh index 1bd0750..0bd22de 100755 --- a/testssl.sh +++ b/testssl.sh @@ -6224,19 +6224,19 @@ parse_tls_serverhello() { local tls_handshake_ascii="" tls_alert_ascii="" local -i tls_hello_ascii_len tls_handshake_ascii_len tls_alert_ascii_len msg_len local tls_serverhello_ascii="" tls_certificate_ascii="" - local tls_serverkeyexchange_ascii="" + local tls_serverkeyexchange_ascii="" tls_certificate_status_ascii="" local -i tls_serverhello_ascii_len=0 tls_certificate_ascii_len=0 - local -i tls_serverkeyexchange_ascii_len=0 + local -i tls_serverkeyexchange_ascii_len=0 tls_certificate_status_ascii_len=0 local tls_alert_descrip tls_sid_len_hex issuerDN subjectDN CAissuerDN CAsubjectDN local -i tls_sid_len offset extns_offset nr_certs=0 local tls_msg_type tls_content_type tls_protocol tls_protocol2 tls_hello_time local tls_err_level tls_err_descr tls_cipher_suite rfc_cipher_suite tls_compression_method local tls_extensions="" extension_type named_curve_str="" - local -i i j extension_len tls_extensions_len + local -i i j extension_len tls_extensions_len ocsp_response_len ocsp_response_list_len local -i certificate_list_len certificate_len local -i curve_type named_curve local -i dh_bits=0 msb mask - local tmp_der_certfile tmp_pem_certfile + local tmp_der_certfile tmp_pem_certfile hostcert_issuer="" ocsp_response="" TLS_TIME="" DETECTED_TLS_VERSION="" @@ -6394,7 +6394,7 @@ parse_tls_serverhello() { done fi - # Now extract just the server hello, certificate, + # Now extract just the server hello, certificate, certificate status, # and server key exchange handshake messages. tls_handshake_ascii_len=${#tls_handshake_ascii} if [[ $DEBUG -ge 2 ]] && [[ $tls_handshake_ascii_len -gt 0 ]]; then @@ -6476,6 +6476,13 @@ parse_tls_serverhello() { fi tls_serverkeyexchange_ascii="${tls_handshake_ascii:i:msg_len}" tls_serverkeyexchange_ascii_len=$msg_len + elif [[ "$process_full" == "all" ]] && [[ "$tls_msg_type" == "16" ]]; then + if [[ -n "$tls_certificate_status_ascii" ]]; then + debugme pr_warningln "Response contained more than one certificate_status handshake message." + return 1 + fi + tls_certificate_status_ascii="${tls_handshake_ascii:i:msg_len}" + tls_certificate_status_ascii_len=$msg_len fi done @@ -6694,7 +6701,7 @@ parse_tls_serverhello() { cat "$HOSTCERT" >> $TMPFILE echo "" > "$TEMPDIR/intermediatecerts.pem" - # Place and additional certificates in $TEMPDIR/intermediatecerts.pem + # Place any additional certificates in $TEMPDIR/intermediatecerts.pem for (( i=12+certificate_len; i> $TMPFILE cat "$tmp_pem_certfile" >> $TMPFILE cat "$tmp_pem_certfile" >> "$TEMPDIR/intermediatecerts.pem" - rm "$tmp_der_certfile" "$tmp_pem_certfile" + rm "$tmp_der_certfile" + if [[ -n "$hostcert_issuer" ]] || [[ $tls_certificate_status_ascii_len -eq 0 ]]; then + rm "$tmp_pem_certfile" + else + hostcert_issuer="$tmp_pem_certfile" + fi done echo "---" >> $TMPFILE echo "Server certificate" >> $TMPFILE @@ -6734,6 +6746,54 @@ parse_tls_serverhello() { echo "---" >> $TMPFILE fi + # Now parse the certificate status message + if [[ $tls_certificate_status_ascii_len -ne 0 ]] && [[ $tls_certificate_status_ascii_len -lt 8 ]]; then + debugme echo "Malformed certificate status Handshake message in ServerHello." + tmpfile_handle $FUNCNAME.txt + return 1 + elif [[ $tls_certificate_status_ascii_len -ne 0 ]] && [[ "${tls_certificate_status_ascii:0:2}" == "01" ]]; then + # This is a certificate status message of type "ocsp" + ocsp_response_len=2*$(hex2dec "${tls_certificate_status_ascii:2:6}") + if [[ $ocsp_response_len -ne $tls_certificate_status_ascii_len-8 ]]; then + debugme echo "Malformed certificate status Handshake message in ServerHello." + tmpfile_handle $FUNCNAME.txt + return 1 + fi + ocsp_response=$(mktemp $TEMPDIR/ocsp_response.XXXXXX) || return 1 + asciihex_to_binary_file "${tls_certificate_status_ascii:8:ocsp_response_len}" "$ocsp_response" + elif [[ $tls_certificate_status_ascii_len -ne 0 ]] && [[ "${tls_certificate_status_ascii:0:2}" == "02" ]]; then + # This is a list of OCSP responses, but only the first one is needed + # since the first one corresponds to the server's certificate. + ocsp_response_list_len=2*$(hex2dec "${tls_certificate_status_ascii:2:6}") + if [[ $ocsp_response_list_len -ne $tls_certificate_status_ascii_len-8 ]] || [[ $ocsp_response_list_len -lt 6 ]]; then + debugme echo "Malformed certificate status Handshake message in ServerHello." + tmpfile_handle $FUNCNAME.txt + return 1 + fi + ocsp_response_len=2*$(hex2dec "${tls_certificate_status_ascii:8:6}") + if [[ $ocsp_response_len -gt $ocsp_response_list_len-6 ]]; then + debugme echo "Malformed certificate status Handshake message in ServerHello." + tmpfile_handle $FUNCNAME.txt + return 1 + fi + ocsp_response=$(mktemp $TEMPDIR/ocsp_response.XXXXXX) || return 1 + asciihex_to_binary_file "${tls_certificate_status_ascii:14:ocsp_response_len}" "$ocsp_response" + fi + if [[ -n "$ocsp_response" ]]; then + echo "OCSP response:" >> $TMPFILE + echo "===============================================================================" >> $TMPFILE + if [[ -n "$hostcert_issuer" ]]; then + $OPENSSL ocsp -no_nonce -CAfile $TEMPDIR/intermediatecerts.pem -issuer $hostcert_issuer -cert $HOSTCERT -respin $ocsp_response -resp_text >> $TMPFILE 2>$ERRFILE + rm "$hostcert_issuer" + else + $OPENSSL ocsp -respin $ocsp_response -resp_text >> $TMPFILE 2>$ERRFILE + fi + echo "===============================================================================" >> $TMPFILE + elif [[ "$process_full" == "all" ]]; then + echo "OCSP response: no response sent" >> $TMPFILE + echo "===============================================================================" >> $TMPFILE + fi + # Now parse the server key exchange message if [[ $tls_serverkeyexchange_ascii_len -ne 0 ]]; then if [[ $rfc_cipher_suite =~ "TLS_ECDHE_" ]] || [[ $rfc_cipher_suite =~ "TLS_ECDH_anon" ]]; then