github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/tls/cipher_suites.go (about) 1 // Copyright 2010 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "crypto/aes" 9 "crypto/cipher" 10 "crypto/des" 11 "crypto/hmac" 12 "crypto/md5" 13 "crypto/rc4" 14 "crypto/sha1" 15 "crypto/sha256" 16 "crypto/sha512" 17 "hash" 18 19 "github.com/zmap/rc2" 20 "github.com/zmap/zcrypto/x509" 21 "golang.org/x/crypto/chacha20poly1305" 22 ) 23 24 // a keyAgreement implements the client and server side of a TLS key agreement 25 // protocol by generating and processing key exchange messages. 26 type keyAgreement interface { 27 // On the server side, the first two methods are called in order. 28 29 // In the case that the key agreement protocol doesn't use a 30 // ServerKeyExchange message, generateServerKeyExchange can return nil, 31 // nil. 32 generateServerKeyExchange(*Config, *Certificate, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error) 33 processClientKeyExchange(*Config, *Certificate, *clientKeyExchangeMsg) ([]byte, error) 34 35 // On the client side, the next two methods are called in order. 36 37 // This method may not be called if the server doesn't send a 38 // ServerKeyExchange message. 39 processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) error 40 generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) 41 } 42 43 const ( 44 // suiteECDH indicates that the cipher suite involves elliptic curve 45 // Diffie-Hellman. This means that it should only be selected when the 46 // client indicates that it supports ECC with a curve and point format 47 // that we're happy with. 48 suiteECDHE = 1 << iota 49 // suiteECDSA indicates that the cipher suite involves an ECDSA 50 // signature and therefore may only be selected when the server's 51 // certificate is ECDSA. If this is not set then the cipher suite is 52 // RSA based. 53 suiteECDSA 54 // suiteTLS12 indicates that the cipher suite should only be advertised 55 // and accepted when using TLS 1.2. 56 suiteTLS12 57 58 // suiteSHA384 indicates that the cipher suite uses SHA384 as the 59 // handshake hash. 60 suiteSHA384 61 62 // suiteNoDTLS indicates that the cipher suite cannot be used 63 // in DTLS. 64 suiteNoDTLS 65 66 // suitePSK indicates that the cipher suite authenticates with 67 // a pre-shared key rather than a server private key. 68 suitePSK 69 70 // suiteExport indicates that the cipher suite is an export suite 71 suiteExport 72 73 // suiteAnon indicates the cipher suite is anonymous 74 suiteAnon 75 76 // suiteDSS indicates the cipher suite uses DSS signatures and requires a 77 // DSA server key 78 suiteDSS 79 ) 80 81 // A cipherSuite is a specific combination of key agreement, cipher and MAC 82 // function. All cipher suites currently assume RSA key agreement. 83 type cipherSuite struct { 84 id uint16 85 // the lengths, in bytes, of the key material needed for each component. 86 keyLen int 87 macLen int 88 ivLen int 89 90 // used by export ciphers 91 expandedKeyLen int 92 93 ka func(version uint16) keyAgreement 94 // flags is a bitmask of the suite* values, above. 95 flags int 96 cipher func(key, iv []byte, isRead bool) interface{} 97 mac func(version uint16, macKey []byte) macFunction 98 aead func(key, fixedNonce []byte) tlsAead 99 } 100 101 type tlsAead interface { 102 cipher.AEAD 103 explicitNonce() bool 104 } 105 106 // Incidences of unsupported cipher-suites are annotated in-line with comments 107 // The following guidelines should be noted: 108 // - DSS Suites: certificates are not supported (Certificate) 109 // - PSK Suites: Not supported/implemented (Symmetric Key) 110 // - Non-ephemeral, Anonymous DH: Not supported/implemented (Kex) 111 var implementedCipherSuites = []*cipherSuite{ 112 {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, 113 {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, 32, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, 114 {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, 115 {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM}, 116 {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, 117 {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, 118 {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, 16, ecdheRSAKA, suiteECDHE | suiteNoDTLS, cipherRC4, macSHA1, nil}, 119 {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteNoDTLS, cipherRC4, macSHA1, nil}, 120 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, ecdheRSAKA, suiteECDHE | suiteTLS12, cipherAES, macSHA256, nil}, 121 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, cipherAES, macSHA256, nil}, 122 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, 123 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, 124 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, 32, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil}, 125 {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil}, 126 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, 127 {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, 128 {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, 32, dheRSAKA, suiteTLS12, nil, nil, aeadCHACHA20POLY1305}, 129 {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, dheRSAKA, suiteTLS12, nil, nil, aeadAESGCM}, 130 {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, dheRSAKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, 131 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, dheRSAKA, suiteTLS12, cipherAES, macSHA256, nil}, 132 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, 32, dheRSAKA, suiteTLS12, cipherAES, macSHA256, nil}, 133 {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, dheRSAKA, 0, cipherAES, macSHA1, nil}, 134 {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, dheRSAKA, 0, cipherAES, macSHA1, nil}, 135 {TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, rsaKA, suiteTLS12, nil, nil, aeadAESGCM}, 136 {TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, 137 {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, 16, rsaKA, suiteNoDTLS, cipherRC4, macSHA1, nil}, 138 {TLS_RSA_WITH_RC4_128_MD5, 16, 16, 0, 16, rsaKA, suiteNoDTLS, cipherRC4, macMD5, nil}, 139 {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, rsaKA, suiteTLS12, cipherAES, macSHA256, nil}, 140 {TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, 32, rsaKA, suiteTLS12, cipherAES, macSHA256, nil}, 141 {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, rsaKA, 0, cipherAES, macSHA1, nil}, 142 {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, rsaKA, 0, cipherAES, macSHA1, nil}, 143 {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, 144 {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, dheRSAKA, 0, cipher3DES, macSHA1, nil}, 145 {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, rsaKA, 0, cipher3DES, macSHA1, nil}, 146 // WARN: PSK: Not supported/implemented 147 //{TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdhePSKKA, suiteECDHE | suiteTLS12 | suitePSK, nil, nil, aeadAESGCM}, 148 //{TLS_PSK_WITH_RC4_128_SHA, 16, 20, 0, pskKA, suiteNoDTLS | suitePSK, cipherRC4, macSHA1, nil}, 149 //{TLS_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil}, 150 //{TLS_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil}, 151 //{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil}, 152 //{TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil}, 153 {TLS_RSA_EXPORT_WITH_RC4_40_MD5, 5, 16, 0, 16, rsaEphemeralKA, suiteExport, cipherRC4, macMD5, nil}, 154 {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, 8, rsaEphemeralKA, suiteExport, cipherDES, macSHA1, nil}, 155 {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 5, 16, 8, 16, rsaEphemeralKA, suiteExport, cipherRC2, macMD5, nil}, 156 {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, 8, dheRSAKA, suiteExport, cipherDES, macSHA1, nil}, 157 // WARN: DSS: Certificate not supported/implemented 158 {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, 8, dheDSSKA, suiteExport | suiteDSS, cipherDES, macSHA1, nil}, 159 // WARN: Non-ephemeral, Anonymous DH: Not supported/implemented 160 {TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, 5, 20, 8, 8, dhAnonKA, suiteExport | suiteAnon, cipherDES, macSHA1, nil}, 161 {TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, 5, 16, 0, 16, dhAnonKA, suiteExport | suiteAnon, cipherRC4, macMD5, nil}, 162 // WARN DSS: Certificate not supported/implemented 163 {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, dheDSSKA, suiteDSS, cipherAES, macSHA1, nil}, 164 {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipher3DES, macSHA1, nil}, 165 // WARN: DSS: Certificate not supported/implemented 166 {TLS_DHE_DSS_WITH_DES_CBC_SHA, 8, 20, 8, 8, dheDSSKA, suiteDSS, cipherDES, macSHA1, nil}, 167 {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, dheDSSKA, suiteDSS, cipher3DES, macSHA1, nil}, 168 {TLS_DHE_RSA_WITH_DES_CBC_SHA, 8, 20, 8, 8, dheRSAKA, 0, cipherDES, macSHA1, nil}, 169 // WARN: DSS: Certificate not supported/implemented 170 {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, dheDSSKA, suiteDSS, cipherAES, macSHA1, nil}, 171 {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 16, 32, 16, 16, dheDSSKA, suiteDSS | suiteTLS12, cipherAES, macSHA256, nil}, 172 {TLS_DHE_DSS_WITH_RC4_128_SHA, 16, 20, 0, 16, dheDSSKA, suiteDSS, cipherRC4, macSHA1, nil}, 173 {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 32, 32, 16, 32, dheDSSKA, suiteDSS | suiteTLS12, cipherAES, macSHA256, nil}, 174 {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, dheDSSKA, suiteDSS | suiteTLS12, nil, nil, aeadAESGCM}, 175 {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, 32, 0, 4, 32, dheDSSKA, suiteDSS | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, 176 } 177 178 var stdlibCipherSuites = []*cipherSuite{ 179 // Ciphersuite order is chosen so that ECDHE comes before plain RSA 180 // and RC4 comes before AES (because of the Lucky13 attack). 181 {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, 182 {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM}, 183 {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, 16, ecdheRSAKA, suiteECDHE, cipherRC4, macSHA1, nil}, 184 {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherRC4, macSHA1, nil}, 185 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, 186 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, 187 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, 188 {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, 189 {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, 16, rsaKA, 0, cipherRC4, macSHA1, nil}, 190 {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, 16, rsaKA, 0, cipherAES, macSHA1, nil}, 191 {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, 32, rsaKA, 0, cipherAES, macSHA1, nil}, 192 {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, 193 {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, 24, rsaKA, 0, cipher3DES, macSHA1, nil}, 194 } 195 196 func cipherDES(key, iv []byte, isRead bool) interface{} { 197 block, _ := des.NewCipher(key) 198 if isRead { 199 return cipher.NewCBCDecrypter(block, iv) 200 } 201 return cipher.NewCBCEncrypter(block, iv) 202 } 203 204 func cipherRC2(key, iv []byte, isRead bool) interface{} { 205 block, _ := rc2.NewCipher(key) 206 if isRead { 207 return cipher.NewCBCDecrypter(block, iv) 208 } 209 return cipher.NewCBCEncrypter(block, iv) 210 } 211 212 func cipherRC4(key, iv []byte, isRead bool) interface{} { 213 cipher, _ := rc4.NewCipher(key) 214 return cipher 215 } 216 217 func cipher3DES(key, iv []byte, isRead bool) interface{} { 218 block, _ := des.NewTripleDESCipher(key) 219 if isRead { 220 return cipher.NewCBCDecrypter(block, iv) 221 } 222 return cipher.NewCBCEncrypter(block, iv) 223 } 224 225 func cipherAES(key, iv []byte, isRead bool) interface{} { 226 block, _ := aes.NewCipher(key) 227 if isRead { 228 return cipher.NewCBCDecrypter(block, iv) 229 } 230 return cipher.NewCBCEncrypter(block, iv) 231 } 232 233 // macSHA1 returns a macFunction for the given protocol version. 234 func macSHA1(version uint16, key []byte) macFunction { 235 if version == VersionSSL30 { 236 mac := ssl30MAC{ 237 h: sha1.New(), 238 key: make([]byte, len(key)), 239 } 240 copy(mac.key, key) 241 return mac 242 } 243 return tls10MAC{hmac.New(sha1.New, key)} 244 } 245 246 func macMD5(version uint16, key []byte) macFunction { 247 if version == VersionSSL30 { 248 mac := ssl30MAC{ 249 h: md5.New(), 250 key: make([]byte, len(key)), 251 } 252 copy(mac.key, key) 253 return mac 254 } 255 return tls10MAC{hmac.New(md5.New, key)} 256 } 257 258 func macSHA256(version uint16, key []byte) macFunction { 259 if version == VersionSSL30 { 260 mac := ssl30MAC{ 261 h: sha256.New(), 262 key: make([]byte, len(key)), 263 } 264 copy(mac.key, key) 265 return mac 266 } 267 return tls10MAC{hmac.New(sha256.New, key)} 268 } 269 270 func macSHA384(version uint16, key []byte) macFunction { 271 if version == VersionSSL30 { 272 mac := ssl30MAC{ 273 h: sha512.New384(), 274 key: make([]byte, len(key)), 275 } 276 copy(mac.key, key) 277 return mac 278 } 279 return tls10MAC{hmac.New(sha512.New384, key)} 280 } 281 282 type macFunction interface { 283 Size() int 284 MAC(digestBuf, seq, header, length, data []byte) []byte 285 } 286 287 // fixedNonceAEAD wraps an AEAD and prefixes a fixed portion of the nonce to 288 // each call. 289 type fixedNonceAEAD struct { 290 // sealNonce and openNonce are buffers where the larger nonce will be 291 // constructed. Since a seal and open operation may be running 292 // concurrently, there is a separate buffer for each. 293 sealNonce, openNonce []byte 294 aead cipher.AEAD 295 } 296 297 func (f *fixedNonceAEAD) NonceSize() int { return 8 } 298 func (f *fixedNonceAEAD) Overhead() int { return f.aead.Overhead() } 299 300 func (f *fixedNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { 301 copy(f.sealNonce[len(f.sealNonce)-8:], nonce) 302 return f.aead.Seal(out, f.sealNonce, plaintext, additionalData) 303 } 304 305 func (f *fixedNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) { 306 copy(f.openNonce[len(f.openNonce)-8:], nonce) 307 return f.aead.Open(out, f.openNonce, plaintext, additionalData) 308 } 309 310 func (f *fixedNonceAEAD) explicitNonce() bool { return true } 311 312 func aeadAESGCM(key, fixedNonce []byte) tlsAead { 313 aes, err := aes.NewCipher(key) 314 if err != nil { 315 panic(err) 316 } 317 aead, err := cipher.NewGCM(aes) 318 if err != nil { 319 panic(err) 320 } 321 322 nonce1, nonce2 := make([]byte, 12), make([]byte, 12) 323 copy(nonce1, fixedNonce) 324 copy(nonce2, fixedNonce) 325 326 return &fixedNonceAEAD{nonce1, nonce2, aead} 327 } 328 329 // xoredNonceAEAD wraps an AEAD by XORing in a fixed pattern to the nonce 330 // before each call. 331 type xorNonceAEAD struct { 332 nonceMask [aeadNonceLength]byte 333 aead cipher.AEAD 334 } 335 336 func (f *xorNonceAEAD) NonceSize() int { return 8 } // 64-bit sequence number 337 func (f *xorNonceAEAD) Overhead() int { return f.aead.Overhead() } 338 func (f *xorNonceAEAD) explicitNonceLen() int { return 0 } 339 func (f *xorNonceAEAD) explicitNonce() bool { return false } 340 341 func (f *xorNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { 342 for i, b := range nonce { 343 f.nonceMask[4+i] ^= b 344 } 345 result := f.aead.Seal(out, f.nonceMask[:], plaintext, additionalData) 346 for i, b := range nonce { 347 f.nonceMask[4+i] ^= b 348 } 349 350 return result 351 } 352 353 func (f *xorNonceAEAD) Open(out, nonce, ciphertext, additionalData []byte) ([]byte, error) { 354 for i, b := range nonce { 355 f.nonceMask[4+i] ^= b 356 } 357 result, err := f.aead.Open(out, f.nonceMask[:], ciphertext, additionalData) 358 for i, b := range nonce { 359 f.nonceMask[4+i] ^= b 360 } 361 362 return result, err 363 } 364 365 const ( 366 aeadNonceLength = 12 367 ) 368 369 func aeadCHACHA20POLY1305(key, fixedNonce []byte) tlsAead { 370 if len(fixedNonce) != aeadNonceLength { 371 panic("tls: internal error: wrong nonce length") 372 } 373 aead, err := chacha20poly1305.New(key) 374 if err != nil { 375 panic(err) 376 } 377 378 ret := &xorNonceAEAD{aead: aead} 379 copy(ret.nonceMask[:], fixedNonce) 380 return ret 381 } 382 383 // ssl30MAC implements the SSLv3 MAC function, as defined in 384 // www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt section 5.2.3.1 385 type ssl30MAC struct { 386 h hash.Hash 387 key []byte 388 } 389 390 func (s ssl30MAC) Size() int { 391 return s.h.Size() 392 } 393 394 var ssl30Pad1 = [48]byte{0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36} 395 396 var ssl30Pad2 = [48]byte{0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c} 397 398 func (s ssl30MAC) MAC(digestBuf, seq, header, length, data []byte) []byte { 399 padLength := 48 400 if s.h.Size() == 20 { 401 padLength = 40 402 } 403 404 s.h.Reset() 405 s.h.Write(s.key) 406 s.h.Write(ssl30Pad1[:padLength]) 407 s.h.Write(seq) 408 s.h.Write(header[:1]) 409 s.h.Write(length) 410 s.h.Write(data) 411 digestBuf = s.h.Sum(digestBuf[:0]) 412 413 s.h.Reset() 414 s.h.Write(s.key) 415 s.h.Write(ssl30Pad2[:padLength]) 416 s.h.Write(digestBuf) 417 return s.h.Sum(digestBuf[:0]) 418 } 419 420 // tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3. 421 type tls10MAC struct { 422 h hash.Hash 423 } 424 425 func (s tls10MAC) Size() int { 426 return s.h.Size() 427 } 428 429 func (s tls10MAC) MAC(digestBuf, seq, header, length, data []byte) []byte { 430 s.h.Reset() 431 s.h.Write(seq) 432 s.h.Write(header) 433 s.h.Write(length) 434 s.h.Write(data) 435 return s.h.Sum(digestBuf[:0]) 436 } 437 438 func rsaKA(version uint16) keyAgreement { 439 return &rsaKeyAgreement{ 440 version: version, 441 auth: &signedKeyAgreement{ 442 sigType: signatureRSA, 443 version: version, 444 }, 445 } 446 } 447 448 func rsaEphemeralKA(version uint16) keyAgreement { 449 return &rsaKeyAgreement{ 450 version: version, 451 ephemeral: true, 452 auth: &signedKeyAgreement{ 453 sigType: signatureRSA, 454 version: version, 455 }, 456 } 457 } 458 459 func ecdheECDSAKA(version uint16) keyAgreement { 460 return &ecdheKeyAgreement{ 461 auth: &signedKeyAgreement{ 462 sigType: signatureECDSA, 463 version: version, 464 }, 465 } 466 } 467 468 func ecdheRSAKA(version uint16) keyAgreement { 469 return &ecdheKeyAgreement{ 470 auth: &signedKeyAgreement{ 471 sigType: signatureRSA, 472 version: version, 473 }, 474 } 475 } 476 477 func dheRSAKA(version uint16) keyAgreement { 478 return &dheKeyAgreement{ 479 auth: &signedKeyAgreement{ 480 sigType: signatureRSA, 481 version: version, 482 }, 483 } 484 } 485 486 func dheDSSKA(version uint16) keyAgreement { 487 return &dheKeyAgreement{ 488 auth: &signedKeyAgreement{ 489 sigType: signatureDSA, 490 version: version, 491 }, 492 } 493 } 494 495 func dhAnonKA(version uint16) keyAgreement { 496 return &dheKeyAgreement{ 497 auth: &nilKeyAgreementAuthentication{}, 498 } 499 } 500 501 // mutualCipherSuite returns a cipherSuite given a list of supported 502 // ciphersuites and the id requested by the peer. 503 func mutualCipherSuite(have []uint16, want uint16) *cipherSuite { 504 for _, id := range have { 505 if id == want { 506 for _, suite := range implementedCipherSuites { 507 if suite.id == want { 508 return suite 509 } 510 } 511 return nil 512 } 513 } 514 return nil 515 } 516 517 // A list of the possible cipher suite ids. Taken from 518 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 519 const ( 520 TLS_NULL_WITH_NULL_NULL = 0x0000 521 TLS_RSA_WITH_NULL_MD5 = 0x0001 522 TLS_RSA_WITH_NULL_SHA = 0x0002 523 TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003 524 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 525 TLS_RSA_WITH_RC4_128_SHA = 0x0005 526 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006 527 TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007 528 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008 529 TLS_RSA_WITH_DES_CBC_SHA = 0x0009 530 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A 531 TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B 532 TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C 533 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D 534 TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E 535 TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F 536 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010 537 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011 538 TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012 539 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013 540 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014 541 TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015 542 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 543 TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017 544 TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018 545 TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019 546 TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A 547 TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B 548 SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C 549 SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D 550 TLS_KRB5_WITH_DES_CBC_SHA = 0x001E 551 TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F 552 TLS_KRB5_WITH_RC4_128_SHA = 0x0020 553 TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021 554 TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022 555 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023 556 TLS_KRB5_WITH_RC4_128_MD5 = 0x0024 557 TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025 558 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026 559 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027 560 TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028 561 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029 562 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A 563 TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B 564 TLS_PSK_WITH_NULL_SHA = 0x002C 565 TLS_DHE_PSK_WITH_NULL_SHA = 0x002D 566 TLS_RSA_PSK_WITH_NULL_SHA = 0x002E 567 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F 568 TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030 569 TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031 570 TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032 571 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 572 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 573 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 574 TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036 575 TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037 576 TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038 577 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 578 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A 579 TLS_RSA_WITH_NULL_SHA256 = 0x003B 580 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C 581 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D 582 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E 583 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F 584 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040 585 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041 586 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042 587 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043 588 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044 589 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045 590 TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046 591 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060 592 TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061 593 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062 594 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063 595 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064 596 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065 597 TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066 598 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 599 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068 600 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069 601 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A 602 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B 603 TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C 604 TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D 605 TLS_GOSTR341094_WITH_28147_CNT_IMIT = 0x0080 606 TLS_GOSTR341001_WITH_28147_CNT_IMIT = 0x0081 607 TLS_GOSTR341094_WITH_NULL_GOSTR3411 = 0x0082 608 TLS_GOSTR341001_WITH_NULL_GOSTR3411 = 0x0083 609 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084 610 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085 611 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086 612 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087 613 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088 614 TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089 615 TLS_PSK_WITH_RC4_128_SHA = 0x008A 616 TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B 617 TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C 618 TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D 619 TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E 620 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F 621 TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090 622 TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091 623 TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092 624 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093 625 TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094 626 TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095 627 TLS_RSA_WITH_SEED_CBC_SHA = 0x0096 628 TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097 629 TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098 630 TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099 631 TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A 632 TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B 633 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C 634 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D 635 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E 636 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F 637 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0 638 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1 639 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2 640 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3 641 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4 642 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5 643 TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6 644 TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7 645 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8 646 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9 647 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA 648 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB 649 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC 650 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD 651 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE 652 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF 653 TLS_PSK_WITH_NULL_SHA256 = 0x00B0 654 TLS_PSK_WITH_NULL_SHA384 = 0x00B1 655 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2 656 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3 657 TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4 658 TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5 659 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6 660 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7 661 TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8 662 TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9 663 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA 664 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB 665 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC 666 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD 667 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE 668 TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF 669 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0 670 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1 671 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2 672 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3 673 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4 674 TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5 675 TLS_RENEGO_PROTECTION_REQUEST = 0x00FF 676 TLS_FALLBACK_SCSV = 0x5600 677 TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001 678 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002 679 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003 680 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004 681 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005 682 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006 683 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007 684 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008 685 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009 686 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A 687 TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B 688 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C 689 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D 690 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E 691 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F 692 TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010 693 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011 694 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012 695 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013 696 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014 697 TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015 698 TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016 699 TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017 700 TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018 701 TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019 702 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A 703 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B 704 TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C 705 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D 706 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E 707 TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F 708 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 709 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 710 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022 711 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023 712 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024 713 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025 714 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026 715 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027 716 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028 717 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029 718 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A 719 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B 720 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C 721 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D 722 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E 723 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F 724 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030 725 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031 726 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032 727 TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033 728 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034 729 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035 730 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036 731 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037 732 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038 733 TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039 734 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A 735 TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B 736 TLS_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC03C 737 TLS_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC03D 738 TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC03E 739 TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC03F 740 TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC040 741 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC041 742 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC042 743 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC043 744 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC044 745 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC045 746 TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 = 0xC046 747 TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 = 0xC047 748 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC048 749 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC049 750 TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC04A 751 TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC04B 752 TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04C 753 TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04D 754 TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04E 755 TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04F 756 TLS_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC050 757 TLS_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC051 758 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052 759 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053 760 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC054 761 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC055 762 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056 763 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057 764 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC058 765 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC059 766 TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 = 0xC05A 767 TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 = 0xC05B 768 TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C 769 TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D 770 TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05E 771 TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05F 772 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060 773 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061 774 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC062 775 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC063 776 TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC064 777 TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC065 778 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC066 779 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC067 780 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC068 781 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC069 782 TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06A 783 TLS_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06B 784 TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C 785 TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D 786 TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06E 787 TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06F 788 TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC070 789 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC071 790 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072 791 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073 792 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074 793 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075 794 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076 795 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077 796 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078 797 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079 798 TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A 799 TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B 800 TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C 801 TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D 802 TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E 803 TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F 804 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080 805 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081 806 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082 807 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083 808 TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084 809 TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085 810 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086 811 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087 812 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088 813 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089 814 TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A 815 TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B 816 TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C 817 TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D 818 TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E 819 TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F 820 TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090 821 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091 822 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092 823 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093 824 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094 825 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095 826 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096 827 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097 828 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098 829 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099 830 TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A 831 TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B 832 TLS_RSA_WITH_AES_128_CCM = 0xC09C 833 TLS_RSA_WITH_AES_256_CCM = 0xC09D 834 TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E 835 TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F 836 TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0 837 TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1 838 TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2 839 TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3 840 TLS_PSK_WITH_AES_128_CCM = 0xC0A4 841 TLS_PSK_WITH_AES_256_CCM = 0xC0A5 842 TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6 843 TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7 844 TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8 845 TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9 846 TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA 847 TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB 848 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC 849 TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD 850 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE 851 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF 852 TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xCAFE 853 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8 854 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9 855 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAA 856 // Old ids for Chacha20 ciphers 857 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC13 858 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC14 859 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC15 860 //SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE 861 //SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF 862 //SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFFE0 863 //SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFFE1 864 SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80 865 SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81 866 SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82 867 SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83 868 SSL_EN_RC2_128_CBC_WITH_MD5 = 0xFF03 869 OP_PCL_TLS10_AES_128_CBC_SHA512 = 0xFF85 870 ) 871 872 // RSA Ciphers 873 var RSACiphers = []uint16{ 874 TLS_RSA_WITH_RC4_128_SHA, 875 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 876 TLS_RSA_WITH_AES_128_CBC_SHA, 877 TLS_RSA_WITH_AES_256_CBC_SHA, 878 TLS_RSA_WITH_AES_128_GCM_SHA256, 879 } 880 881 // WARN: DSS: Certificate not supported/implemented 882 var DHECiphers []uint16 = []uint16{ 883 TLS_DHE_DSS_WITH_DES_CBC_SHA, 884 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 885 TLS_DHE_RSA_WITH_DES_CBC_SHA, 886 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 887 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 888 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 889 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 890 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 891 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 892 TLS_DHE_DSS_WITH_RC4_128_SHA, 893 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 894 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 895 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 896 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 897 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 898 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 899 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, 900 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 901 } 902 903 var ECDHECiphers []uint16 = []uint16{ 904 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 905 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 906 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 907 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 908 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 909 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 910 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 911 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 912 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 913 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 914 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 915 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 916 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 917 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 918 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 919 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 920 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 921 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 922 } 923 924 // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented 925 // WARN: DSS: Certificate not supported/implemented 926 // WARN: KRB5: Supported? 927 var ExportCiphers []uint16 = []uint16{ 928 TLS_RSA_EXPORT_WITH_RC4_40_MD5, 929 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 930 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 931 TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 932 TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 933 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 934 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 935 TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, 936 TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, 937 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, 938 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, 939 TLS_KRB5_EXPORT_WITH_RC4_40_SHA, 940 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, 941 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, 942 TLS_KRB5_EXPORT_WITH_RC4_40_MD5, 943 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, 944 TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 945 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 946 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 947 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 948 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 949 } 950 951 var RSAExportCiphers []uint16 = []uint16{ 952 TLS_RSA_EXPORT_WITH_RC4_40_MD5, 953 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 954 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 955 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, 956 TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 957 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 958 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 959 } 960 961 var RSA512ExportCiphers []uint16 = []uint16{ 962 TLS_RSA_EXPORT_WITH_RC4_40_MD5, 963 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 964 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 965 } 966 967 var DHEExportCiphers []uint16 = []uint16{ 968 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 969 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 970 TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, 971 TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, 972 } 973 974 var ChromeCiphers []uint16 = []uint16{ 975 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 976 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 977 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 978 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 979 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 980 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 981 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 982 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 983 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 984 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 985 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 986 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 987 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 988 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 989 TLS_RSA_WITH_AES_256_GCM_SHA384, 990 TLS_RSA_WITH_AES_128_GCM_SHA256, 991 TLS_RSA_WITH_AES_256_CBC_SHA, 992 TLS_RSA_WITH_AES_128_CBC_SHA, 993 TLS_RSA_WITH_RC4_128_SHA, 994 TLS_RSA_WITH_RC4_128_MD5, 995 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 996 } 997 998 var ChromeNoDHECiphers []uint16 = []uint16{ 999 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1000 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1001 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1002 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1003 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1004 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1005 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1006 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1007 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 1008 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 1009 TLS_RSA_WITH_AES_128_GCM_SHA256, 1010 TLS_RSA_WITH_AES_256_CBC_SHA, 1011 TLS_RSA_WITH_AES_128_CBC_SHA, 1012 TLS_RSA_WITH_RC4_128_SHA, 1013 TLS_RSA_WITH_RC4_128_MD5, 1014 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 1015 } 1016 1017 var FirefoxCiphers []uint16 = []uint16{ 1018 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1019 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1020 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1021 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1022 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1023 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1024 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1025 // WARN: DSS: Certificate not supported/implemented 1026 // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1027 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1028 TLS_RSA_WITH_AES_128_CBC_SHA, 1029 TLS_RSA_WITH_AES_256_CBC_SHA, 1030 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 1031 } 1032 1033 var FirefoxNoDHECiphers []uint16 = []uint16{ 1034 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1035 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1036 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1037 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1038 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1039 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1040 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1041 // WARN: DSS: Certificate not supported/implemented 1042 // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1043 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1044 TLS_RSA_WITH_AES_128_CBC_SHA, 1045 TLS_RSA_WITH_AES_256_CBC_SHA, 1046 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 1047 } 1048 1049 var SafariCiphers []uint16 = []uint16{ 1050 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 1051 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 1052 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1053 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1054 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 1055 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 1056 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 1057 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1058 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1059 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 1060 // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented 1061 // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 1062 // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 1063 // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1064 // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1065 // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 1066 // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 1067 // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 1068 // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 1069 // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 1070 // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 1071 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 1072 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 1073 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1074 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1075 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1076 TLS_RSA_WITH_AES_256_CBC_SHA256, 1077 TLS_RSA_WITH_AES_128_CBC_SHA256, 1078 TLS_RSA_WITH_AES_256_CBC_SHA, 1079 TLS_RSA_WITH_AES_128_CBC_SHA, 1080 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 1081 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 1082 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 1083 TLS_RSA_WITH_RC4_128_SHA, 1084 TLS_RSA_WITH_RC4_128_MD5, 1085 } 1086 1087 var SafariNoDHECiphers []uint16 = []uint16{ 1088 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 1089 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 1090 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1091 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1092 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 1093 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 1094 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 1095 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1096 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1097 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 1098 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 1099 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 1100 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1101 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1102 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 1103 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 1104 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 1105 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 1106 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 1107 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 1108 TLS_RSA_WITH_AES_256_CBC_SHA256, 1109 TLS_RSA_WITH_AES_128_CBC_SHA256, 1110 TLS_RSA_WITH_AES_256_CBC_SHA, 1111 TLS_RSA_WITH_AES_128_CBC_SHA, 1112 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 1113 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 1114 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 1115 // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented 1116 // TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 1117 // TLS_ECDH_RSA_WITH_RC4_128_SHA, 1118 TLS_RSA_WITH_RC4_128_SHA, 1119 TLS_RSA_WITH_RC4_128_MD5, 1120 } 1121 1122 var PortableCiphers []uint16 = []uint16{ 1123 // stdlibCiphers, to preserve the default behavior for common cipher-suites that may be present 1124 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1125 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1126 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 1127 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 1128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1129 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1130 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1131 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1132 TLS_RSA_WITH_RC4_128_SHA, 1133 TLS_RSA_WITH_AES_128_CBC_SHA, 1134 TLS_RSA_WITH_AES_256_CBC_SHA, 1135 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 1136 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 1137 // Most of the other implemented ciphers, in a somewhat reasonable order 1138 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 1139 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 1140 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 1141 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 1142 TLS_RSA_WITH_AES_256_GCM_SHA384, 1143 TLS_RSA_WITH_AES_128_GCM_SHA256, 1144 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 1145 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 1146 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1147 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1148 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1149 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 1150 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 1151 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1152 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1153 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1154 TLS_RSA_WITH_AES_256_CBC_SHA256, 1155 TLS_RSA_WITH_AES_128_CBC_SHA256, 1156 TLS_RSA_WITH_RC4_128_MD5, 1157 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 1158 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 1159 TLS_DHE_RSA_WITH_DES_CBC_SHA, 1160 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1161 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1162 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 1163 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 1164 TLS_RSA_EXPORT_WITH_RC4_40_MD5, 1165 // WARN: Anonymous, Non-ephemeral DH Kex: Not supported/implemented 1166 // TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, 1167 // TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, 1168 // TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 1169 // TLS_ECDH_RSA_WITH_RC4_128_SHA, 1170 // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 1171 // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 1172 // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 1173 // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 1174 // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 1175 // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 1176 // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 1177 // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 1178 // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1179 // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1180 // WARN: DSS: Certificate not supported/implemented 1181 // TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1182 // TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 1183 // TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1184 // TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 1185 // TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 1186 // TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1187 // TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 1188 // TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, 1189 // TLS_DHE_DSS_WITH_DES_CBC_SHA, 1190 // TLS_DHE_DSS_WITH_RC4_128_SHA, 1191 } 1192 1193 func cipherIDInCipherIDList(cipher uint16, cipherIDList []uint16) bool { 1194 for _, val := range cipherIDList { 1195 if cipher == val { 1196 return true 1197 } 1198 } 1199 return false 1200 } 1201 1202 func cipherIDInCipherList(cipherID uint16, cipherList []*cipherSuite) bool { 1203 for _, cipher := range cipherList { 1204 if cipherID == cipher.id { 1205 return true 1206 } 1207 } 1208 return false 1209 } 1210 1211 var SChannelSuites []uint16 = []uint16{ 1212 TLS_RSA_WITH_AES_128_GCM_SHA256, 1213 TLS_RSA_WITH_RC4_128_SHA, 1214 }