net/third_party/nss/ssl/sslenum.c

   1 /*
   2  * Table enumerating all implemented cipher suites
   3  * Part of public API.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   8 /* $Id: sslenum.c,v 1.19 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
   9
  10 #include "ssl.h"
  11 #include "sslproto.h"
  12
  13 /*
  14  * The ciphers are listed in the following order:
  15  * - stronger ciphers before weaker ciphers
  16  * - national ciphers before international ciphers
  17  * - faster ciphers before slower ciphers
  18  *
  19  * National ciphers such as Camellia are listed before international ciphers
  20  * such as AES and RC4 to allow servers that prefer Camellia to negotiate
  21  * Camellia without having to disable AES and RC4, which are needed for
  22  * interoperability with clients that don't yet implement Camellia.
  23  *
  24  * The ordering of cipher suites in this table must match the ordering in
  25  * the cipherSuites table in ssl3con.c.
  26  *
  27  * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
  28  * in ssl3ecc.c.
  29  */
  30 const PRUint16 SSL_ImplementedCiphers[] = {
  31     /* 256-bit */
  32 #ifdef NSS_ENABLE_ECC
  33     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
  34     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
  35 #endif /* NSS_ENABLE_ECC */
  36     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
  37     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
  38     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
  39     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
  40 #ifdef NSS_ENABLE_ECC
  41     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
  42     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
  43 #endif /* NSS_ENABLE_ECC */
  44     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
  45     TLS_RSA_WITH_AES_256_CBC_SHA,
  46
  47     /* 128-bit */
  48 #ifdef NSS_ENABLE_ECC
  49     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
  50     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
  51     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
  52     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
  53 #endif /* NSS_ENABLE_ECC */
  54     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
  55     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
  56     TLS_DHE_DSS_WITH_RC4_128_SHA,
  57     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
  58     TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
  59 #ifdef NSS_ENABLE_ECC
  60     TLS_ECDH_RSA_WITH_RC4_128_SHA,
  61     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
  62     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
  63     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
  64 #endif /* NSS_ENABLE_ECC */
  65     TLS_RSA_WITH_SEED_CBC_SHA,
  66     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
  67     SSL_RSA_WITH_RC4_128_SHA,
  68     SSL_RSA_WITH_RC4_128_MD5,
  69     TLS_RSA_WITH_AES_128_CBC_SHA,
  70
  71     /* 112-bit 3DES */
  72 #ifdef NSS_ENABLE_ECC
  73     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
  74     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
  75 #endif /* NSS_ENABLE_ECC */
  76     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
  77     SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
  78 #ifdef NSS_ENABLE_ECC
  79     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
  80     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
  81 #endif /* NSS_ENABLE_ECC */
  82     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
  83     SSL_RSA_WITH_3DES_EDE_CBC_SHA,
  84
  85     /* 56-bit DES "domestic" cipher suites */
  86     SSL_DHE_RSA_WITH_DES_CBC_SHA,
  87     SSL_DHE_DSS_WITH_DES_CBC_SHA,
  88     SSL_RSA_FIPS_WITH_DES_CBC_SHA,
  89     SSL_RSA_WITH_DES_CBC_SHA,
  90
  91     /* export ciphersuites with 1024-bit public key exchange keys */
  92     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
  93     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
  94
  95     /* export ciphersuites with 512-bit public key exchange keys */
  96     SSL_RSA_EXPORT_WITH_RC4_40_MD5,
  97     SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
  98
  99     /* ciphersuites with no encryption */
 100 #ifdef NSS_ENABLE_ECC
 101     TLS_ECDHE_ECDSA_WITH_NULL_SHA,
 102     TLS_ECDHE_RSA_WITH_NULL_SHA,
 103     TLS_ECDH_RSA_WITH_NULL_SHA,
 104     TLS_ECDH_ECDSA_WITH_NULL_SHA,
 105 #endif /* NSS_ENABLE_ECC */
 106     SSL_RSA_WITH_NULL_SHA,
 107     SSL_RSA_WITH_NULL_MD5,
 108
 109     /* SSL2 cipher suites. */
 110     SSL_EN_RC4_128_WITH_MD5,
 111     SSL_EN_RC2_128_CBC_WITH_MD5,
 112     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,  /* actually 112, not 192 */
 113     SSL_EN_DES_64_CBC_WITH_MD5,
 114     SSL_EN_RC4_128_EXPORT40_WITH_MD5,
 115     SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,
 116
 117     0
 118
 119 };
 120
 121 const PRUint16 SSL_NumImplementedCiphers =
 122     (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
 123
 124 const PRUint16 *
 125 SSL_GetImplementedCiphers(void)
 126 {
 127     return SSL_ImplementedCiphers;
 128 }
 129
 130 PRUint16
 131 SSL_GetNumImplementedCiphers(void)
 132 {
 133     return SSL_NumImplementedCiphers;
 134 }