researchtls and ssl cipher suites
TLS/SSL protocols support a large number of cipher suites. A cipher suite is a collection of symmetric and asymmetric encryption algorithms used by hosts to establish a secure communication. Supported cipher suites can be classified based on encryption algorithm strength, key length, key exchange and authentication mechanisms. Some cipher suites offer better level of security than others (e.g. Several weak cipher suites were developed for export to comply with US export law). There are more than 200 known cipher suites.
Terminology
The following are some of the terms useful in understanding the table below:
- cipher id
- a unique 2-3 byte cipher identifier. For example, SSL2_RC4_128_WITH_MD5 is identified as 0x010080 and TLS_RSA_WITH_3DES_EDE_CBC_SHA is identified as 0x00000A or simply 0x000A.
- Name
- common cipher suite name. TLS ciphers have //TLS_Kx_[Au]_FROM_Enc_MAC// format. SSL2 only use RSA for key exchange and authentication, so their names have //SSL2_Enc_WITH_MAC// format.
- Protocol
- Most ciphers suites fall into either //TLS// or //SSL/SSL2// protocols. The only exception is Microsoft's proprietary //PCT// protocol.
- Kx
- Key exchange algorithm. Most popular exchange methods are RSA and Diffie-Hellman (DH/DHE). Some of the more exotic methods include Kerberos (KRB5), Pre-Shared Key (PSK), and others.
- Au
- Authentication algorithm. RSA is commonly used for key authentication.
- Enc
- Symmetric encryption algorithm (e.g. DES, 3DES, AES, RC4, etc.)
- Bits
- Effective symmetric encryption key size in bits. Export for export outside US are limited to 40-56 bits.
- MAC
- Hashing algorithm used for TLS/SSL data packets integrity and authentication checks.
- Anon
- Anonymous cipher suites with no key authentication. Highly vulnerable to man in the middle attack.
- Export
- Intentionally crippled cipher suite to conform to US export laws. Symmetric cipher used in export cipher suites typically does not exceed 56bits.
- NULL
- Null cipher suites do not provide any data encryption and/or data integrity. //TLS_NULL_WITH_NULL_NULL (0x0000)// cipher suite is used during initial session establishment.
Key exchange and Authentication algorithms:
- RSA
- Rivest, Shamir, Adleman
- DH
- Diffie-Hellman
- DHE
- Diffie-Hellman Ephemeral
- ECDH
- Elliptic-Curve Diffie-Hellman
- KRB5
- Kerberos
- SRP
- Secure Remote Password Protocol
- PSK
- Pre-shared key
- DSA
- Digital Signature Algorithm
- ECDSA
- Elliptic Curve Digital Signature Algorithm
- DSS
- Digital Signature Standard
Encryption and MAC algorithms:
- 3DES
- Tripple Data Encryption Algorithm
- AES
- Advanced Encryption Standard
- Camelia
- Block cipher developed by Mitsubishi and NTT
- DES
- Data Encryption Standard
- Fortezza
- Security token based cipher
- GOST
- Block cipher developed in USSR
- IDEA
- International Data Encryption Algorithm
- RC2
- Rivest Cipher 4
- RC4
- Rivest Cipher 2
- SEED
- Block cipher developed by Korean Information Security Agency
- SHA
- Secure Hash Algorithm
- MD5
- Message Digiest algorithm 5
Known cipher suites
The table below contains an exhaustive list of cipher suites implemented or defined by RFCs and various TLS/SSL toolkits.
| Cipher ID | Name | Protocol | Kx | Au | Enc | Bits | Mac |
|---|---|---|---|---|---|---|---|
| 0x000000 | TLS_NULL_WITH_NULL_NULL | TLS | NULL | NULL | NULL | 0 | NULL |
| 0x000001 | TLS_RSA_WITH_NULL_MD5 | TLS | RSA | RSA | NULL | 0 | MD5 |
| 0x000002 | TLS_RSA_WITH_NULL_SHA | TLS | RSA | RSA | NULL | 0 | SHA |
| 0x000003 | TLS_RSA_EXPORT_WITH_RC4_40_MD5 | TLS | RSA_EXPORT | RSA_EXPORT | RC4_40 | 40 | MD5 |
| 0x000004 | TLS_RSA_WITH_RC4_128_MD5 | TLS | RSA | RSA | RC4_128 | 128 | MD5 |
| 0x000005 | TLS_RSA_WITH_RC4_128_SHA | TLS | RSA | RSA | RC4_128 | 128 | SHA |
| 0x000006 | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | TLS | RSA_EXPORT | RSA_EXPORT | RC2_CBC_40 | 40 | MD5 |
| 0x000007 | TLS_RSA_WITH_IDEA_CBC_SHA | TLS | RSA | RSA | IDEA_CBC | 128 | SHA |
| 0x000008 | TLS_RSA_EXPORT_WITH_DES40_CBC_SHA | TLS | RSA_EXPORT | RSA_EXPORT | DES40_CBC | 40 | SHA |
| 0x000009 | TLS_RSA_WITH_DES_CBC_SHA | TLS | RSA | RSA | DES_CBC | 56 | SHA |
| 0x00000A | TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS | RSA | RSA | 3DES_EDE_CBC | 168 | SHA |
| 0x00000B | TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA | TLS | DH | DSS | DES40_CBC | 40 | SHA |
| 0x00000C | TLS_DH_DSS_WITH_DES_CBC_SHA | TLS | DH | DSS | DES_CBC | 56 | SHA |
| 0x00000D | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA | TLS | DH | DSS | 3DES_EDE_CBC | 168 | SHA |
| 0x00000E | TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA | TLS | DH | RSA | DES40_CBC | 40 | SHA |
| 0x00000F | TLS_DH_RSA_WITH_DES_CBC_SHA | TLS | DH | RSA | DES_CBC | 56 | SHA |
| 0x000010 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA | TLS | DH | RSA | 3DES_EDE_CBC | 168 | SHA |
| 0x000011 | TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | TLS | DHE | DSS | DES40_CBC | 40 | SHA |
| 0x000012 | TLS_DHE_DSS_WITH_DES_CBC_SHA | TLS | DHE | DSS | DES_CBC | 56 | SHA |
| 0x000013 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | TLS | DHE | DSS | 3DES_EDE_CBC | 168 | SHA |
| 0x000014 | TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | TLS | DHE | RSA | DES40_CBC | 40 | SHA |
| 0x000015 | TLS_DHE_RSA_WITH_DES_CBC_SHA | TLS | DHE | RSA | DES_CBC | 56 | SHA |
| 0x000016 | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | TLS | DHE | RSA | 3DES_EDE_CBC | 168 | SHA |
| 0x000017 | TLS_DH_Anon_EXPORT_WITH_RC4_40_MD5 | TLS | DH | Anon | RC4_40 | 40 | MD5 |
| 0x000018 | TLS_DH_Anon_WITH_RC4_128_MD5 | TLS | DH | Anon | RC4_128 | 128 | MD5 |
| 0x000019 | TLS_DH_Anon_EXPORT_WITH_DES40_CBC_SHA | TLS | DH | Anon | DES40_CBC | 40 | SHA |
| 0x00001A | TLS_DH_Anon_WITH_DES_CBC_SHA | TLS | DH | Anon | DES_CBC | 56 | SHA |
| 0x00001B | TLS_DH_Anon_WITH_3DES_EDE_CBC_SHA | TLS | DH | Anon | 3DES_EDE_CBC | 168 | SHA |
| 0x00001C | SSL_FORTEZZA_KEA_WITH_NULL_SHA | SSL | FORTEZZA | KEA | NULL | 0 | SHA |
| 0x00001D | SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA | SSL | FORTEZZA | KEA | FORTEZZA_CBC | 80 | SHA |
| 0x00001E | TLS_KRB5_WITH_DES_CBC_SHA | TLS | KRB5 | KRB5 | DES_CBC | 56 | SHA |
| 0x00001F | TLS_KRB5_WITH_3DES_EDE_CBC_SHA | TLS | KRB5 | KRB5 | 3DES_EDE_CBC | 168 | SHA |
| 0x000020 | TLS_KRB5_WITH_RC4_128_SHA | TLS | KRB5 | KRB5 | RC4_128 | 128 | SHA |
| 0x000021 | TLS_KRB5_WITH_IDEA_CBC_SHA | TLS | KRB5 | KRB5 | IDEA_CBC | 128 | SHA |
| 0x000022 | TLS_KRB5_WITH_DES_CBC_MD5 | TLS | KRB5 | KRB5 | DES_CBC | 56 | MD5 |
| 0x000023 | TLS_KRB5_WITH_3DES_EDE_CBC_MD5 | TLS | KRB5 | KRB5 | 3DES_EDE_CBC | 168 | MD5 |
| 0x000024 | TLS_KRB5_WITH_RC4_128_MD5 | TLS | KRB5 | KRB5 | RC4_128 | 128 | MD5 |
| 0x000025 | TLS_KRB5_WITH_IDEA_CBC_MD5 | TLS | KRB5 | KRB5 | IDEA_CBC | 128 | MD5 |
| 0x000026 | TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA | TLS | KRB5_EXPORT | KRB5_EXPORT | DES_CBC_40 | 40 | SHA |
| 0x000027 | TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA | TLS | KRB5_EXPORT | KRB5_EXPORT | RC2_CBC_40 | 40 | SHA |
| 0x000028 | TLS_KRB5_EXPORT_WITH_RC4_40_SHA | TLS | KRB5_EXPORT | KRB5_EXPORT | RC4_40 | 40 | SHA |
| 0x000029 | TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 | TLS | KRB5_EXPORT | KRB5_EXPORT | DES_CBC_40 | 40 | MD5 |
| 0x00002A | TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 | TLS | KRB5_EXPORT | KRB5_EXPORT | RC2_CBC_40 | 40 | MD5 |
| 0x00002B | TLS_KRB5_EXPORT_WITH_RC4_40_MD5 | TLS | KRB5_EXPORT | KRB5_EXPORT | RC4_40 | 40 | MD5 |
| 0x00002C | TLS_PSK_WITH_NULL_SHA | TLS | PSK | PSK | NULL | 0 | SHA |
| 0x00002D | TLS_DHE_PSK_WITH_NULL_SHA | TLS | DHE | PSK | NULL | 0 | SHA |
| 0x00002E | TLS_RSA_PSK_WITH_NULL_SHA | TLS | RSA | PSK | NULL | 0 | SHA |
| 0x00002F | TLS_RSA_WITH_AES_128_CBC_SHA | TLS | RSA | RSA | AES_128_CBC | 128 | SHA |
| 0x000030 | TLS_DH_DSS_WITH_AES_128_CBC_SHA | TLS | DH | DSS | AES_128_CBC | 128 | SHA |
| 0x000031 | TLS_DH_RSA_WITH_AES_128_CBC_SHA | TLS | DH | RSA | AES_128_CBC | 128 | SHA |
| 0x000032 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA | TLS | DHE | DSS | AES_128_CBC | 128 | SHA |
| 0x000033 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | TLS | DHE | RSA | AES_128_CBC | 128 | SHA |
| 0x000034 | TLS_DH_Anon_WITH_AES_128_CBC_SHA | TLS | DH | Anon | AES_128_CBC | 128 | SHA |
| 0x000035 | TLS_RSA_WITH_AES_256_CBC_SHA | TLS | RSA | RSA | AES_256_CBC | 256 | SHA |
| 0x000036 | TLS_DH_DSS_WITH_AES_256_CBC_SHA | TLS | DH | DSS | AES_256_CBC | 256 | SHA |
| 0x000037 | TLS_DH_RSA_WITH_AES_256_CBC_SHA | TLS | DH | RSA | AES_256_CBC | 256 | SHA |
| 0x000038 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA | TLS | DHE | DSS | AES_256_CBC | 256 | SHA |
| 0x000039 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | TLS | DHE | RSA | AES_256_CBC | 256 | SHA |
| 0x00003A | TLS_DH_Anon_WITH_AES_256_CBC_SHA | TLS | DH | Anon | AES_256_CBC | 256 | SHA |
| 0x00003B | TLS_RSA_WITH_NULL_SHA256 | TLS | RSA | RSA | NULL | 0 | SHA256 |
| 0x00003C | TLS_RSA_WITH_AES_128_CBC_SHA256 | TLS | RSA | RSA | AES_128_CBC | 128 | SHA256 |
| 0x00003D | TLS_RSA_WITH_AES_256_CBC_SHA256 | TLS | RSA | RSA | AES_256_CBC | 256 | SHA256 |
| 0x00003E | TLS_DH_DSS_WITH_AES_128_CBC_SHA256 | TLS | DH | DSS | AES_128_CBC | 128 | SHA256 |
| 0x00003F | TLS_DH_RSA_WITH_AES_128_CBC_SHA256 | TLS | DH | RSA | AES_128_CBC | 128 | SHA256 |
| 0x000040 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | TLS | DHE | DSS | AES_128_CBC | 128 | SHA256 |
| 0x000041 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | TLS | RSA | RSA | CAMELLIA_128_CBC | 128 | SHA |
| 0x000042 | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA | TLS | DH | DSS | CAMELLIA_128_CBC | 128 | SHA |
| 0x000043 | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA | TLS | DH | RSA | CAMELLIA_128_CBC | 128 | SHA |
| 0x000044 | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA | TLS | DHE | DSS | CAMELLIA_128_CBC | 128 | SHA |
| 0x000045 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | TLS | DHE | RSA | CAMELLIA_128_CBC | 128 | SHA |
| 0x000046 | TLS_DH_Anon_WITH_CAMELLIA_128_CBC_SHA | TLS | DH | Anon | CAMELLIA_128_CBC | 128 | SHA |
| 0x000047 | TLS_ECDH_ECDSA_WITH_NULL_SHA | TLS | ECDH | ECDSA | NULL | 0 | SHA |
| 0x000048 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA | TLS | ECDH | ECDSA | RC4_128 | 128 | SHA |
| 0x000049 | TLS_ECDH_ECDSA_WITH_DES_CBC_SHA | TLS | ECDH | ECDSA | DES_CBC | 56 | SHA |
| 0x00004A | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | TLS | ECDH | ECDSA | 3DES_EDE_CBC | 168 | SHA |
| 0x00004B | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | TLS | ECDH | ECDSA | AES_128_CBC | 128 | SHA |
| 0x00004C | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | TLS | ECDH | ECDSA | AES_256_CBC | 256 | SHA |
| 0x000060 | TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 | TLS | RSA_EXPORT 1024 | RSA_EXPORT 1024 | RC4_56 | 56 | MD5 |
| 0x000061 | TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 | TLS | RSA_EXPORT 1024 | RSA_EXPORT 1024 | RC2_CBC_56 | 56 | MD5 |
| 0x000062 | TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA | TLS | RSA_EXPORT 1024 | RSA_EXPORT 1024 | DES_CBC | 56 | SHA |
| 0x000063 | TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA | TLS | DHE | DSS | DES_CBC | 56 | SHA |
| 0x000064 | TLS_RSA_EXPORT1024_WITH_RC4_56_SHA | TLS | RSA_EXPORT 1024 | RSA_EXPORT 1024 | RC4_56 | 56 | SHA |
| 0x000065 | TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA | TLS | DHE | DSS | RC4_56 | 56 | SHA |
| 0x000066 | TLS_DHE_DSS_WITH_RC4_128_SHA | TLS | DHE | DSS | RC4_128 | 128 | SHA |
| 0x000067 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | TLS | DHE | RSA | AES_128_CBC | 128 | SHA256 |
| 0x000068 | TLS_DH_DSS_WITH_AES_256_CBC_SHA256 | TLS | DH | DSS | AES_256_CBC | 256 | SHA256 |
| 0x000069 | TLS_DH_RSA_WITH_AES_256_CBC_SHA256 | TLS | DH | RSA | AES_256_CBC | 256 | SHA256 |
| 0x00006A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | TLS | DHE | DSS | AES_256_CBC | 256 | SHA256 |
| 0x00006B | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | TLS | DHE | RSA | AES_256_CBC | 256 | SHA256 |
| 0x00006C | TLS_DH_Anon_WITH_AES_128_CBC_SHA256 | TLS | DH | Anon | AES_128_CBC | 128 | SHA256 |
| 0x00006D | TLS_DH_Anon_WITH_AES_256_CBC_SHA256 | TLS | DH | Anon | AES_256_CBC | 256 | SHA256 |
| 0x000080 | TLS_GOSTR341094_WITH_28147_CNT_IMIT | TLS | VKO GOST R 34.10-94 | VKO GOST R 34.10-94 | GOST28147 | 256 | GOST28147 |
| 0x000081 | TLS_GOSTR341001_WITH_28147_CNT_IMIT | TLS | VKO GOST R 34.10-2001 | VKO GOST R 34.10-2001 | GOST28147 | 256 | GOST28147 |
| 0x000082 | TLS_GOSTR341094_WITH_NULL_GOSTR3411 | TLS | VKO GOST R 34.10-94 | VKO GOST R 34.10-94 | NULL | 0 | GOSTR3411 |
| 0x000083 | TLS_GOSTR341001_WITH_NULL_GOSTR3411 | TLS | VKO GOST R 34.10-2001 | VKO GOST R 34.10-2001 | NULL | 0 | GOSTR3411 |
| 0x000084 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | TLS | RSA | RSA | CAMELLIA_256_CBC | 256 | SHA |
| 0x000085 | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA | TLS | DH | DSS | CAMELLIA_256_CBC | 256 | SHA |
| 0x000086 | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA | TLS | DH | RSA | CAMELLIA_256_CBC | 256 | SHA |
| 0x000087 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA | TLS | DHE | DSS | CAMELLIA_256_CBC | 256 | SHA |
| 0x000088 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | TLS | DHE | RSA | CAMELLIA_256_CBC | 256 | SHA |
| 0x000089 | TLS_DH_Anon_WITH_CAMELLIA_256_CBC_SHA | TLS | DH | Anon | CAMELLIA_256_CBC | 256 | SHA |
| 0x00008A | TLS_PSK_WITH_RC4_128_SHA | TLS | PSK | PSK | RC4_128 | 128 | SHA |
| 0x00008B | TLS_PSK_WITH_3DES_EDE_CBC_SHA | TLS | PSK | PSK | 3DES_EDE_CBC | 168 | SHA |
| 0x00008C | TLS_PSK_WITH_AES_128_CBC_SHA | TLS | PSK | PSK | AES_128_CBC | 128 | SHA |
| 0x00008D | TLS_PSK_WITH_AES_256_CBC_SHA | TLS | PSK | PSK | AES_256_CBC | 256 | SHA |
| 0x00008E | TLS_DHE_PSK_WITH_RC4_128_SHA | TLS | DHE | PSK | RC4_128 | 128 | SHA |
| 0x00008F | TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA | TLS | DHE | PSK | 3DES_EDE_CBC | 168 | SHA |
| 0x000090 | TLS_DHE_PSK_WITH_AES_128_CBC_SHA | TLS | DHE | PSK | AES_128_CBC | 128 | SHA |
| 0x000091 | TLS_DHE_PSK_WITH_AES_256_CBC_SHA | TLS | DHE | PSK | AES_256_CBC | 256 | SHA |
| 0x000092 | TLS_RSA_PSK_WITH_RC4_128_SHA | TLS | RSA | PSK | RC4_128 | 128 | SHA |
| 0x000093 | TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA | TLS | RSA | PSK | 3DES_EDE_CBC | 168 | SHA |
| 0x000094 | TLS_RSA_PSK_WITH_AES_128_CBC_SHA | TLS | RSA | PSK | AES_128_CBC | 128 | SHA |
| 0x000095 | TLS_RSA_PSK_WITH_AES_256_CBC_SHA | TLS | RSA | PSK | AES_256_CBC | 256 | SHA |
| 0x000096 | TLS_RSA_WITH_SEED_CBC_SHA | TLS | RSA | RSA | SEED_CBC | 128 | SHA |
| 0x000097 | TLS_DH_DSS_WITH_SEED_CBC_SHA | TLS | DH | DSS | SEED_CBC | 128 | SHA |
| 0x000098 | TLS_DH_RSA_WITH_SEED_CBC_SHA | TLS | DH | RSA | SEED_CBC | 128 | SHA |
| 0x000099 | TLS_DHE_DSS_WITH_SEED_CBC_SHA | TLS | DHE | DSS | SEED_CBC | 128 | SHA |
| 0x00009A | TLS_DHE_RSA_WITH_SEED_CBC_SHA | TLS | DHE | RSA | SEED_CBC | 128 | SHA |
| 0x00009B | TLS_DH_Anon_WITH_SEED_CBC_SHA | TLS | DH | Anon | SEED_CBC | 128 | SHA |
| 0x00009C | TLS_RSA_WITH_AES_128_GCM_SHA256 | TLS | RSA | RSA | AES_128_GCM | 128 | SHA256 |
| 0x00009D | TLS_RSA_WITH_AES_256_GCM_SHA384 | TLS | RSA | RSA | AES_256_GCM | 256 | SHA384 |
| 0x00009E | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | TLS | DHE | RSA | AES_128_GCM | 128 | SHA256 |
| 0x00009F | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | TLS | DHE | RSA | AES_256_GCM | 256 | SHA384 |
| 0x0000A0 | TLS_DH_RSA_WITH_AES_128_GCM_SHA256 | TLS | DH | RSA | AES_128_GCM | 128 | SHA256 |
| 0x0000A1 | TLS_DH_RSA_WITH_AES_256_GCM_SHA384 | TLS | DH | RSA | AES_256_GCM | 256 | SHA384 |
| 0x0000A2 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | TLS | DHE | DSS | AES_128_GCM | 128 | SHA256 |
| 0x0000A3 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | TLS | DHE | DSS | AES_256_GCM | 256 | SHA384 |
| 0x0000A4 | TLS_DH_DSS_WITH_AES_128_GCM_SHA256 | TLS | DH | DSS | AES_128_GCM | 128 | SHA256 |
| 0x0000A5 | TLS_DH_DSS_WITH_AES_256_GCM_SHA384 | TLS | DH | DSS | AES_256_GCM | 256 | SHA384 |
| 0x0000A6 | TLS_DH_Anon_WITH_AES_128_GCM_SHA256 | TLS | DH | Anon | AES_128_GCM | 128 | SHA256 |
| 0x0000A7 | TLS_DH_Anon_WITH_AES_256_GCM_SHA384 | TLS | DH | Anon | AES_256_GCM | 256 | SHA384 |
| 0x0000A8 | TLS_PSK_WITH_AES_128_GCM_SHA256 | TLS | PSK | PSK | AES_128_GCM | 128 | SHA256 |
| 0x0000A9 | TLS_PSK_WITH_AES_256_GCM_SHA384 | TLS | PSK | PSK | AES_256_GCM | 256 | SHA384 |
| 0x0000AA | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | TLS | DHE | PSK | AES_128_GCM | 128 | SHA256 |
| 0x0000AB | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | TLS | DHE | PSK | AES_256_GCM | 256 | SHA384 |
| 0x0000AC | TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 | TLS | RSA | PSK | AES_128_GCM | 128 | SHA256 |
| 0x0000AD | TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 | TLS | RSA | PSK | AES_256_GCM | 256 | SHA384 |
| 0x0000AE | TLS_PSK_WITH_AES_128_CBC_SHA256 | TLS | PSK | PSK | AES_128_CBC | 128 | SHA256 |
| 0x0000AF | TLS_PSK_WITH_AES_256_CBC_SHA384 | TLS | PSK | PSK | AES_256_CBC | 256 | SHA384 |
| 0x0000B0 | TLS_PSK_WITH_NULL_SHA256 | TLS | PSK | PSK | NULL | 0 | SHA256 |
| 0x0000B1 | TLS_PSK_WITH_NULL_SHA384 | TLS | PSK | PSK | NULL | 0 | SHA384 |
| 0x0000B2 | TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 | TLS | DHE | PSK | AES_128_CBC | 128 | SHA256 |
| 0x0000B3 | TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 | TLS | DHE | PSK | AES_256_CBC | 256 | SHA384 |
| 0x0000B4 | TLS_DHE_PSK_WITH_NULL_SHA256 | TLS | DHE | PSK | NULL | 0 | SHA256 |
| 0x0000B5 | TLS_DHE_PSK_WITH_NULL_SHA384 | TLS | DHE | PSK | NULL | 0 | SHA384 |
| 0x0000B6 | TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 | TLS | RSA | PSK | AES_128_CBC | 128 | SHA256 |
| 0x0000B7 | TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 | TLS | RSA | PSK | AES_256_CBC | 256 | SHA384 |
| 0x0000B8 | TLS_RSA_PSK_WITH_NULL_SHA256 | TLS | RSA | PSK | NULL | 0 | SHA256 |
| 0x0000B9 | TLS_RSA_PSK_WITH_NULL_SHA384 | TLS | RSA | PSK | NULL | 0 | SHA384 |
| 0x00C001 | TLS_ECDH_ECDSA_WITH_NULL_SHA | TLS | ECDH | ECDSA | NULL | 0 | SHA |
| 0x00C002 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA | TLS | ECDH | ECDSA | RC4_128 | 128 | SHA |
| 0x00C003 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | TLS | ECDH | ECDSA | 3DES_EDE_CBC | 168 | SHA |
| 0x00C004 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | TLS | ECDH | ECDSA | AES_128_CBC | 128 | SHA |
| 0x00C005 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | TLS | ECDH | ECDSA | AES_256_CBC | 256 | SHA |
| 0x00C006 | TLS_ECDHE_ECDSA_WITH_NULL_SHA | TLS | ECDHE | ECDSA | NULL | 0 | SHA |
| 0x00C007 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | TLS | ECDHE | ECDSA | RC4_128 | 128 | SHA |
| 0x00C008 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | TLS | ECDHE | ECDSA | 3DES_EDE_CBC | 168 | SHA |
| 0x00C009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | TLS | ECDHE | ECDSA | AES_128_CBC | 128 | SHA |
| 0x00C00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | TLS | ECDHE | ECDSA | AES_256_CBC | 256 | SHA |
| 0x00C00B | TLS_ECDH_RSA_WITH_NULL_SHA | TLS | ECDH | RSA | NULL | 0 | SHA |
| 0x00C00C | TLS_ECDH_RSA_WITH_RC4_128_SHA | TLS | ECDH | RSA | RC4_128 | 128 | SHA |
| 0x00C00D | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | TLS | ECDH | RSA | 3DES_EDE_CBC | 168 | SHA |
| 0x00C00E | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | TLS | ECDH | RSA | AES_128_CBC | 128 | SHA |
| 0x00C00F | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | TLS | ECDH | RSA | AES_256_CBC | 256 | SHA |
| 0x00C010 | TLS_ECDHE_RSA_WITH_NULL_SHA | TLS | ECDHE | RSA | NULL | 0 | SHA |
| 0x00C011 | TLS_ECDHE_RSA_WITH_RC4_128_SHA | TLS | ECDHE | RSA | RC4_128 | 128 | SHA |
| 0x00C012 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | TLS | ECDHE | RSA | 3DES_EDE_CBC | 168 | SHA |
| 0x00C013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TLS | ECDHE | RSA | AES_128_CBC | 128 | SHA |
| 0x00C014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | TLS | ECDHE | RSA | AES_256_CBC | 256 | SHA |
| 0x00C015 | TLS_ECDH_Anon_WITH_NULL_SHA | TLS | ECDH | Anon | NULL | 0 | SHA |
| 0x00C016 | TLS_ECDH_Anon_WITH_RC4_128_SHA | TLS | ECDH | Anon | RC4_128 | 128 | SHA |
| 0x00C017 | TLS_ECDH_Anon_WITH_3DES_EDE_CBC_SHA | TLS | ECDH | Anon | 3DES_EDE_CBC | 168 | SHA |
| 0x00C018 | TLS_ECDH_Anon_WITH_AES_128_CBC_SHA | TLS | ECDH | Anon | AES_128_CBC | 128 | SHA |
| 0x00C019 | TLS_ECDH_Anon_WITH_AES_256_CBC_SHA | TLS | ECDH | Anon | AES_256_CBC | 256 | SHA |
| 0x00C01A | TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA | TLS | SRP | SHA | 3DES_EDE_CBC | 168 | SHA |
| 0x00C01B | TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA | TLS | SRP | SHA | 3DES_EDE_CBC | 168 | SHA |
| 0x00C01C | TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA | TLS | SRP | SHA | 3DES_EDE_CBC | 168 | SHA |
| 0x00C01D | TLS_SRP_SHA_WITH_AES_128_CBC_SHA | TLS | SRP | SHA | AES_128_CBC | 128 | SHA |
| 0x00C01E | TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA | TLS | SRP | SHA | AES_128_CBC | 128 | SHA |
| 0x00C01F | TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA | TLS | SRP | SHA | AES_128_CBC | 128 | SHA |
| 0x00C020 | TLS_SRP_SHA_WITH_AES_256_CBC_SHA | TLS | SRP | SHA | AES_256_CBC | 256 | SHA |
| 0x00C021 | TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA | TLS | SRP | SHA | AES_256_CBC | 256 | SHA |
| 0x00C022 | TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA | TLS | SRP | SHA | AES_256_CBC | 256 | SHA |
| 0x00C023 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | TLS | ECDHE | ECDSA | AES_128_CBC | 128 | SHA256 |
| 0x00C024 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | TLS | ECDHE | ECDSA | AES_256_CBC | 256 | SHA384 |
| 0x00C025 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | TLS | ECDH | ECDSA | AES_128_CBC | 128 | SHA256 |
| 0x00C026 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | TLS | ECDH | ECDSA | AES_256_CBC | 256 | SHA384 |
| 0x00C027 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | TLS | ECDHE | RSA | AES_128_CBC | 128 | SHA256 |
| 0x00C028 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | TLS | ECDHE | RSA | AES_256_CBC | 256 | SHA384 |
| 0x00C029 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | TLS | ECDH | RSA | AES_128_CBC | 128 | SHA256 |
| 0x00C02A | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | TLS | ECDH | RSA | AES_256_CBC | 256 | SHA384 |
| 0x00C02B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | TLS | ECDHE | ECDSA | AES_128_GCM | 128 | SHA256 |
| 0x00C02C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | TLS | ECDHE | ECDSA | AES_256_GCM | 256 | SHA384 |
| 0x00C02D | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | TLS | ECDH | ECDSA | AES_128_GCM | 128 | SHA256 |
| 0x00C02E | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | TLS | ECDH | ECDSA | AES_256_GCM | 256 | SHA384 |
| 0x00C02F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | TLS | ECDHE | RSA | AES_128_GCM | 128 | SHA256 |
| 0x00C030 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | TLS | ECDHE | RSA | AES_256_GCM | 256 | SHA384 |
| 0x00C031 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | TLS | ECDH | RSA | AES_128_GCM | 128 | SHA256 |
| 0x00C032 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | TLS | ECDH | RSA | AES_256_GCM | 256 | SHA384 |
| 0x00C033 | TLS_ECDHE_PSK_WITH_RC4_128_SHA | TLS | ECDHE | PSK | RC4_128 | 128 | SHA |
| 0x00C034 | TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA | TLS | ECDHE | PSK | 3DES_EDE_CBC | 168 | SHA |
| 0x00C035 | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA | TLS | ECDHE | PSK | AES_128_CBC | 128 | SHA |
| 0x00C036 | TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA | TLS | ECDHE | PSK | AES_256_CBC | 256 | SHA |
| 0x00C037 | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 | TLS | ECDHE | PSK | AES_128_CBC | 128 | SHA256 |
| 0x00C038 | TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 | TLS | ECDHE | PSK | AES_256_CBC | 256 | SHA384 |
| 0x00C039 | TLS_ECDHE_PSK_WITH_NULL_SHA | TLS | ECDHE | PSK | NULL | 0 | SHA |
| 0x00C03A | TLS_ECDHE_PSK_WITH_NULL_SHA256 | TLS | ECDHE | PSK | NULL | 0 | SHA256 |
| 0x00C03B | TLS_ECDHE_PSK_WITH_NULL_SHA384 | TLS | ECDHE | PSK | NULL | 0 | SHA384 |
| 0x00FEFE | SSL_RSA_FIPS_WITH_DES_CBC_SHA | SSL | RSA_FIPS | RSA_FIPS | DES_CBC | 56 | SHA |
| 0x00FEFF | SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | SSL | RSA_FIPS | RSA_FIPS | 3DES_EDE_CBC | 168 | SHA |
| 0x00FFE0 | SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | SSL | RSA_FIPS | RSA_FIPS | 3DES_EDE_CBC | 168 | SHA |
| 0x00FFE1 | SSL_RSA_FIPS_WITH_DES_CBC_SHA | SSL | RSA_FIPS | RSA_FIPS | DES_CBC | 56 | SHA |
| 0x010080 | SSL2_RC4_128_WITH_MD5 | SSL2 | RSA | RSA | RC4_128 | 128 | MD5 |
| 0x020080 | SSL2_RC4_128_EXPORT40_WITH_MD5 | SSL2 | RSA | RSA | RC4_128_EXPORT40 | 40 | MD5 |
| 0x030080 | SSL2_RC2_CBC_128_CBC_WITH_MD5 | SSL2 | RSA | RSA | RC2_CBC_128_CBC | 128 | MD5 |
| 0x040080 | SSL2_RC2_CBC_128_CBC_WITH_MD5 | SSL2 | RSA | RSA | RC2_CBC_128_CBC | 128 | MD5 |
| 0x050080 | SSL2_IDEA_128_CBC_WITH_MD5 | SSL2 | RSA | RSA | IDEA_128_CBC | 128 | MD5 |
| 0x060040 | SSL2_DES_64_CBC_WITH_MD5 | SSL2 | RSA | RSA | DES_64_CBC | 64 | MD5 |
| 0x0700C0 | SSL2_DES_192_EDE3_CBC_WITH_MD5 | SSL2 | RSA | RSA | DES_192_EDE3_CBC | 192 | MD5 |
| 0x080080 | SSL2_RC4_64_WITH_MD5 | SSL2 | RSA | RSA | RC4_64 | 64 | MD5 |
| 0x800001 | PCT_SSL_CERT_TYPE | PCT1_CERT_X509 | PCT | ||||
| 0x800003 | PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN | PCT | ||||
| 0x810001 | PCT_SSL_HASH_TYPE | PCT1_HASH_MD5 | PCT | ||||
| 0x810003 | PCT_SSL_HASH_TYPE | PCT1_HASH_SHA | PCT | ||||
| 0x820001 | PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1 | PCT | ||||
| 0x830004 | PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4 | PCT | ||||
| 0x842840 | PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS 128 | PCT | |||
| 0x848040 | PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS 128 | PCT | |||
| 0x8F8001 | PCT_SSL_COMPAT | PCT_VERSION_1 | PCT |
External Links
- SSL 0.2 Protocol Specification
- The SSL Protocol Version 3.0
- The TLS Protocol Version 1.0
- Addition of Kerberos Cipher Suites to Transport Layer
- Addition of Camellia Cipher Suites to Transport Layer
- Addition of SEED Cipher Suites to Transport Layer Security
- Pre-Shared Key Ciphersuites for Transport Layer Security
- The Transport Layer Security (TLS) Protocol Version 1
- Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security
- Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security
- Using the Secure Remote Password (SRP) Protocol for TLS Authentication
- The Transport Layer Security (TLS) Protocol Version 1.2
- AES Galois Counter Mode (GCM) Cipher Suites for TLS
- TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)
- Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode
- ECDHE_PSK Cipher Suites for Transport Layer Security (TLS)
- FIPS SSL CipherSuites
- 56-bit Export Cipher Suites For TLS
- Wireshark TLS/SSL Dissector
- Addition of GOST Ciphersuites to Transport Layer Security (TLS)
Published on September 20th, 2009 by iphelix
sprawlsimilar
sslmap
| Download | sslmap-0.2.0.py |
|---|---|
| Size | 58.8 KB |
| Date | January 27th, 2010 |
| Version | 0.2 |
SSLMap is a lightweight TLS/SSL cipher suite scanner.
- Uses custom TLS/SSL query engine for increased reliability/speed (No need for third-party libraries such as OpenSSL)
- Tests for 200+ known cipher suites.
- Capable of discovering undocumented cipher suites.
- Advises on cipher suite security based on Protocol, Key Exchange, Authentication, Encryption algorithm, and other parameters.
- Configurable handshake versions (e.g. TLSv1.1, SSLv2.0) Read more.
tls/ssl protocol
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are two closely related protocols designed to protect confidentiality and integrity of data in transit between two hosts. Read more.
decrypting tls/ssl traffic with wireshark
Wireshark is capable of decrypting TLS/SSL traffic. This article will discuss the required conditions necessary for the decryption and walk you through the exact steps. Read more.
openssl
OpenSSL is an open-source TLS/SSL toolkit implemented for a variety of platforms. In this article you will learn several openssl client and server commands useful in working with TLS/SSL protocol. Read more.
stunnel
Stunnel allows a user to tunnel any TCP based application protocol through a connection secured by TLS/SSL. Read more.
ios data interception
Network traffic analysis is an important ingredient of a good iOS app pentest. The article covers several common approaches to iOS specific data interception such as network proxying, defeating network encryption, traffic injection and others. Read more.
