mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-13 16:14:40 +00:00
(webconfigurator) optionally limit ciphers. closes https://github.com/opnsense/core/issues/1301
This commit is contained in:
Ad Schellevis
parent
5f7fa5900d
commit
99dac4ab7e
@ -1276,8 +1276,11 @@ EOD;
|
||||
|
||||
// Harden SSL a bit for PCI conformance testing
|
||||
$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
|
||||
|
||||
$lighty_config .= 'ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"' . PHP_EOL;
|
||||
if (empty($config['system']['webgui']['ssl-ciphers'])) {
|
||||
$lighty_config .= 'ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"' . PHP_EOL;
|
||||
} else {
|
||||
$lighty_config .= 'ssl.cipher-list = "'.$config['system']['webgui']['ssl-ciphers'].'"' . PHP_EOL;
|
||||
}
|
||||
|
||||
if(!(empty($ca) || (strlen(trim($ca)) == 0))) {
|
||||
$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
|
||||
|
||||
349
src/opnsense/scripts/system/rfc5246_cipher_suites.csv
Normal file
349
src/opnsense/scripts/system/rfc5246_cipher_suites.csv
Normal file
@ -0,0 +1,349 @@
|
||||
Value,Description,DTLS-OK,Reference
|
||||
"0x00,0x00",TLS_NULL_WITH_NULL_NULL,Y,[RFC5246]
|
||||
"0x00,0x01",TLS_RSA_WITH_NULL_MD5,Y,[RFC5246]
|
||||
"0x00,0x02",TLS_RSA_WITH_NULL_SHA,Y,[RFC5246]
|
||||
"0x00,0x03",TLS_RSA_EXPORT_WITH_RC4_40_MD5,N,[RFC4346][RFC6347]
|
||||
"0x00,0x04",TLS_RSA_WITH_RC4_128_MD5,N,[RFC5246][RFC6347]
|
||||
"0x00,0x05",TLS_RSA_WITH_RC4_128_SHA,N,[RFC5246][RFC6347]
|
||||
"0x00,0x06",TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,Y,[RFC4346]
|
||||
"0x00,0x07",TLS_RSA_WITH_IDEA_CBC_SHA,Y,[RFC5469]
|
||||
"0x00,0x08",TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
|
||||
"0x00,0x09",TLS_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
|
||||
"0x00,0x0A",TLS_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x0B",TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
|
||||
"0x00,0x0C",TLS_DH_DSS_WITH_DES_CBC_SHA,Y,[RFC5469]
|
||||
"0x00,0x0D",TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x0E",TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
|
||||
"0x00,0x0F",TLS_DH_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
|
||||
"0x00,0x10",TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x11",TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
|
||||
"0x00,0x12",TLS_DHE_DSS_WITH_DES_CBC_SHA,Y,[RFC5469]
|
||||
"0x00,0x13",TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x14",TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
|
||||
"0x00,0x15",TLS_DHE_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
|
||||
"0x00,0x16",TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x17",TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,N,[RFC4346][RFC6347]
|
||||
"0x00,0x18",TLS_DH_anon_WITH_RC4_128_MD5,N,[RFC5246][RFC6347]
|
||||
"0x00,0x19",TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
|
||||
"0x00,0x1A",TLS_DH_anon_WITH_DES_CBC_SHA,Y,[RFC5469]
|
||||
"0x00,0x1B",TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x1C-1D",Reserved to avoid conflicts with SSLv3,,[RFC5246]
|
||||
"0x00,0x1E",TLS_KRB5_WITH_DES_CBC_SHA,Y,[RFC2712]
|
||||
"0x00,0x1F",TLS_KRB5_WITH_3DES_EDE_CBC_SHA,Y,[RFC2712]
|
||||
"0x00,0x20",TLS_KRB5_WITH_RC4_128_SHA,N,[RFC2712][RFC6347]
|
||||
"0x00,0x21",TLS_KRB5_WITH_IDEA_CBC_SHA,Y,[RFC2712]
|
||||
"0x00,0x22",TLS_KRB5_WITH_DES_CBC_MD5,Y,[RFC2712]
|
||||
"0x00,0x23",TLS_KRB5_WITH_3DES_EDE_CBC_MD5,Y,[RFC2712]
|
||||
"0x00,0x24",TLS_KRB5_WITH_RC4_128_MD5,N,[RFC2712][RFC6347]
|
||||
"0x00,0x25",TLS_KRB5_WITH_IDEA_CBC_MD5,Y,[RFC2712]
|
||||
"0x00,0x26",TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,Y,[RFC2712]
|
||||
"0x00,0x27",TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,Y,[RFC2712]
|
||||
"0x00,0x28",TLS_KRB5_EXPORT_WITH_RC4_40_SHA,N,[RFC2712][RFC6347]
|
||||
"0x00,0x29",TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,Y,[RFC2712]
|
||||
"0x00,0x2A",TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,Y,[RFC2712]
|
||||
"0x00,0x2B",TLS_KRB5_EXPORT_WITH_RC4_40_MD5,N,[RFC2712][RFC6347]
|
||||
"0x00,0x2C",TLS_PSK_WITH_NULL_SHA,Y,[RFC4785]
|
||||
"0x00,0x2D",TLS_DHE_PSK_WITH_NULL_SHA,Y,[RFC4785]
|
||||
"0x00,0x2E",TLS_RSA_PSK_WITH_NULL_SHA,Y,[RFC4785]
|
||||
"0x00,0x2F",TLS_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x30",TLS_DH_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x31",TLS_DH_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x32",TLS_DHE_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x33",TLS_DHE_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x34",TLS_DH_anon_WITH_AES_128_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x35",TLS_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x36",TLS_DH_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x37",TLS_DH_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x38",TLS_DHE_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x39",TLS_DHE_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x3A",TLS_DH_anon_WITH_AES_256_CBC_SHA,Y,[RFC5246]
|
||||
"0x00,0x3B",TLS_RSA_WITH_NULL_SHA256,Y,[RFC5246]
|
||||
"0x00,0x3C",TLS_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x3D",TLS_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x3E",TLS_DH_DSS_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x3F",TLS_DH_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x40",TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x41",TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x42",TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x43",TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x44",TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x45",TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x46",TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x47-4F","Reserved to avoid conflicts with
|
||||
deployed implementations",,[Pasi_Eronen]
|
||||
"0x00,0x50-58",Reserved to avoid conflicts,,"[Pasi Eronen, <pasi.eronen&nokia.com>, 2008-04-04. 2008-04-04]"
|
||||
"0x00,0x59-5C","Reserved to avoid conflicts with
|
||||
deployed implementations",,[Pasi_Eronen]
|
||||
"0x00,0x5D-5F",Unassigned,,
|
||||
"0x00,0x60-66","Reserved to avoid conflicts with
|
||||
widely deployed implementations",,[Pasi_Eronen]
|
||||
"0x00,0x67",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x68",TLS_DH_DSS_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x69",TLS_DH_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x6A",TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x6B",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x6C",TLS_DH_anon_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x6D",TLS_DH_anon_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
|
||||
"0x00,0x6E-83",Unassigned,,
|
||||
"0x00,0x84",TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x85",TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x86",TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x87",TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x88",TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x89",TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
|
||||
"0x00,0x8A",TLS_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
|
||||
"0x00,0x8B",TLS_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x8C",TLS_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x8D",TLS_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x8E",TLS_DHE_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
|
||||
"0x00,0x8F",TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x90",TLS_DHE_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x91",TLS_DHE_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x92",TLS_RSA_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
|
||||
"0x00,0x93",TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x94",TLS_RSA_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x95",TLS_RSA_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
|
||||
"0x00,0x96",TLS_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
|
||||
"0x00,0x97",TLS_DH_DSS_WITH_SEED_CBC_SHA,Y,[RFC4162]
|
||||
"0x00,0x98",TLS_DH_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
|
||||
"0x00,0x99",TLS_DHE_DSS_WITH_SEED_CBC_SHA,Y,[RFC4162]
|
||||
"0x00,0x9A",TLS_DHE_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
|
||||
"0x00,0x9B",TLS_DH_anon_WITH_SEED_CBC_SHA,Y,[RFC4162]
|
||||
"0x00,0x9C",TLS_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
|
||||
"0x00,0x9D",TLS_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
|
||||
"0x00,0x9E",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
|
||||
"0x00,0x9F",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
|
||||
"0x00,0xA0",TLS_DH_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
|
||||
"0x00,0xA1",TLS_DH_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
|
||||
"0x00,0xA2",TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
|
||||
"0x00,0xA3",TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
|
||||
"0x00,0xA4",TLS_DH_DSS_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
|
||||
"0x00,0xA5",TLS_DH_DSS_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
|
||||
"0x00,0xA6",TLS_DH_anon_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
|
||||
"0x00,0xA7",TLS_DH_anon_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
|
||||
"0x00,0xA8",TLS_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
|
||||
"0x00,0xA9",TLS_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
|
||||
"0x00,0xAA",TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
|
||||
"0x00,0xAB",TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
|
||||
"0x00,0xAC",TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
|
||||
"0x00,0xAD",TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
|
||||
"0x00,0xAE",TLS_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
|
||||
"0x00,0xAF",TLS_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
|
||||
"0x00,0xB0",TLS_PSK_WITH_NULL_SHA256,Y,[RFC5487]
|
||||
"0x00,0xB1",TLS_PSK_WITH_NULL_SHA384,Y,[RFC5487]
|
||||
"0x00,0xB2",TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
|
||||
"0x00,0xB3",TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
|
||||
"0x00,0xB4",TLS_DHE_PSK_WITH_NULL_SHA256,Y,[RFC5487]
|
||||
"0x00,0xB5",TLS_DHE_PSK_WITH_NULL_SHA384,Y,[RFC5487]
|
||||
"0x00,0xB6",TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
|
||||
"0x00,0xB7",TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
|
||||
"0x00,0xB8",TLS_RSA_PSK_WITH_NULL_SHA256,Y,[RFC5487]
|
||||
"0x00,0xB9",TLS_RSA_PSK_WITH_NULL_SHA384,Y,[RFC5487]
|
||||
"0x00,0xBA",TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xBB",TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xBC",TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xBD",TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xBE",TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xBF",TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xC0",TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xC1",TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xC2",TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xC3",TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xC4",TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xC5",TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
|
||||
"0x00,0xC6-FE",Unassigned,,
|
||||
"0x00,0xFF",TLS_EMPTY_RENEGOTIATION_INFO_SCSV,Y,[RFC5746]
|
||||
"0x01-55,*",Unassigned,,
|
||||
"0x56,0x00",TLS_FALLBACK_SCSV,Y,[RFC7507]
|
||||
"0x56,0x01-0xC0,0x00",Unassigned,,
|
||||
"0xC0,0x01",TLS_ECDH_ECDSA_WITH_NULL_SHA,Y,[RFC4492]
|
||||
"0xC0,0x02",TLS_ECDH_ECDSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
|
||||
"0xC0,0x03",TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x04",TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x05",TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x06",TLS_ECDHE_ECDSA_WITH_NULL_SHA,Y,[RFC4492]
|
||||
"0xC0,0x07",TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
|
||||
"0xC0,0x08",TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x09",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x0A",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x0B",TLS_ECDH_RSA_WITH_NULL_SHA,Y,[RFC4492]
|
||||
"0xC0,0x0C",TLS_ECDH_RSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
|
||||
"0xC0,0x0D",TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x0E",TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x0F",TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x10",TLS_ECDHE_RSA_WITH_NULL_SHA,Y,[RFC4492]
|
||||
"0xC0,0x11",TLS_ECDHE_RSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
|
||||
"0xC0,0x12",TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x13",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x14",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x15",TLS_ECDH_anon_WITH_NULL_SHA,Y,[RFC4492]
|
||||
"0xC0,0x16",TLS_ECDH_anon_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
|
||||
"0xC0,0x17",TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x18",TLS_ECDH_anon_WITH_AES_128_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x19",TLS_ECDH_anon_WITH_AES_256_CBC_SHA,Y,[RFC4492]
|
||||
"0xC0,0x1A",TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x1B",TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x1C",TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x1D",TLS_SRP_SHA_WITH_AES_128_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x1E",TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x1F",TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x20",TLS_SRP_SHA_WITH_AES_256_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x21",TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x22",TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5054]
|
||||
"0xC0,0x23",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
|
||||
"0xC0,0x24",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
|
||||
"0xC0,0x25",TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
|
||||
"0xC0,0x26",TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
|
||||
"0xC0,0x27",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
|
||||
"0xC0,0x28",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
|
||||
"0xC0,0x29",TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
|
||||
"0xC0,0x2A",TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
|
||||
"0xC0,0x2B",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
|
||||
"0xC0,0x2C",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
|
||||
"0xC0,0x2D",TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
|
||||
"0xC0,0x2E",TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
|
||||
"0xC0,0x2F",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
|
||||
"0xC0,0x30",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
|
||||
"0xC0,0x31",TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
|
||||
"0xC0,0x32",TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
|
||||
"0xC0,0x33",TLS_ECDHE_PSK_WITH_RC4_128_SHA,N,[RFC5489][RFC6347]
|
||||
"0xC0,0x34",TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC5489]
|
||||
"0xC0,0x35",TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,Y,[RFC5489]
|
||||
"0xC0,0x36",TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,Y,[RFC5489]
|
||||
"0xC0,0x37",TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5489]
|
||||
"0xC0,0x38",TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5489]
|
||||
"0xC0,0x39",TLS_ECDHE_PSK_WITH_NULL_SHA,Y,[RFC5489]
|
||||
"0xC0,0x3A",TLS_ECDHE_PSK_WITH_NULL_SHA256,Y,[RFC5489]
|
||||
"0xC0,0x3B",TLS_ECDHE_PSK_WITH_NULL_SHA384,Y,[RFC5489]
|
||||
"0xC0,0x3C",TLS_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x3D",TLS_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x3E",TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x3F",TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x40",TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x41",TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x42",TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x43",TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x44",TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x45",TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x46",TLS_DH_anon_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x47",TLS_DH_anon_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x48",TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x49",TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x4A",TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x4B",TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x4C",TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x4D",TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x4E",TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x4F",TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x50",TLS_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x51",TLS_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x52",TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x53",TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x54",TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x55",TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x56",TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x57",TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x58",TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x59",TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x5A",TLS_DH_anon_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x5B",TLS_DH_anon_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x5C",TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x5D",TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x5E",TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x5F",TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x60",TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x61",TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x62",TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x63",TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x64",TLS_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x65",TLS_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x66",TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x67",TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x68",TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x69",TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x6A",TLS_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x6B",TLS_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x6C",TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x6D",TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x6E",TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x6F",TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x70",TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
|
||||
"0xC0,0x71",TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
|
||||
"0xC0,0x72",TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x73",TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x74",TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x75",TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x76",TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x77",TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x78",TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x79",TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x7A",TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x7B",TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x7C",TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x7D",TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x7E",TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x7F",TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x80",TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x81",TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x82",TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x83",TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x84",TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x85",TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x86",TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x87",TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x88",TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x89",TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x8A",TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x8B",TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x8C",TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x8D",TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x8E",TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x8F",TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x90",TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x91",TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x92",TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x93",TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x94",TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x95",TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x96",TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x97",TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x98",TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x99",TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x9A",TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
|
||||
"0xC0,0x9B",TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
|
||||
"0xC0,0x9C",TLS_RSA_WITH_AES_128_CCM,Y,[RFC6655]
|
||||
"0xC0,0x9D",TLS_RSA_WITH_AES_256_CCM,Y,[RFC6655]
|
||||
"0xC0,0x9E",TLS_DHE_RSA_WITH_AES_128_CCM,Y,[RFC6655]
|
||||
"0xC0,0x9F",TLS_DHE_RSA_WITH_AES_256_CCM,Y,[RFC6655]
|
||||
"0xC0,0xA0",TLS_RSA_WITH_AES_128_CCM_8,Y,[RFC6655]
|
||||
"0xC0,0xA1",TLS_RSA_WITH_AES_256_CCM_8,Y,[RFC6655]
|
||||
"0xC0,0xA2",TLS_DHE_RSA_WITH_AES_128_CCM_8,Y,[RFC6655]
|
||||
"0xC0,0xA3",TLS_DHE_RSA_WITH_AES_256_CCM_8,Y,[RFC6655]
|
||||
"0xC0,0xA4",TLS_PSK_WITH_AES_128_CCM,Y,[RFC6655]
|
||||
"0xC0,0xA5",TLS_PSK_WITH_AES_256_CCM,Y,[RFC6655]
|
||||
"0xC0,0xA6",TLS_DHE_PSK_WITH_AES_128_CCM,Y,[RFC6655]
|
||||
"0xC0,0xA7",TLS_DHE_PSK_WITH_AES_256_CCM,Y,[RFC6655]
|
||||
"0xC0,0xA8",TLS_PSK_WITH_AES_128_CCM_8,Y,[RFC6655]
|
||||
"0xC0,0xA9",TLS_PSK_WITH_AES_256_CCM_8,Y,[RFC6655]
|
||||
"0xC0,0xAA",TLS_PSK_DHE_WITH_AES_128_CCM_8,Y,[RFC6655]
|
||||
"0xC0,0xAB",TLS_PSK_DHE_WITH_AES_256_CCM_8,Y,[RFC6655]
|
||||
"0xC0,0xAC",TLS_ECDHE_ECDSA_WITH_AES_128_CCM,Y,[RFC7251]
|
||||
"0xC0,0xAD",TLS_ECDHE_ECDSA_WITH_AES_256_CCM,Y,[RFC7251]
|
||||
"0xC0,0xAE",TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,Y,[RFC7251]
|
||||
"0xC0,0xAF",TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,Y,[RFC7251]
|
||||
"0xC0,0xB0-FF",Unassigned,,
|
||||
"0xC1-CB,*",Unassigned,,
|
||||
"0xCC,0x00-A7",Unassigned,,
|
||||
"0xCC,0xA8",TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
|
||||
"0xCC,0xA9",TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
|
||||
"0xCC,0xAA",TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
|
||||
"0xCC,0xAB",TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
|
||||
"0xCC,0xAC",TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
|
||||
"0xCC,0xAD",TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
|
||||
"0xCC,0xAE",TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
|
||||
"0xCC,0xAF-FF",Unassigned,,
|
||||
"0xCD-FD,*",Unassigned,,
|
||||
"0xFE,0x00-FD",Unassigned,,
|
||||
"0xFE,0xFE-FF","Reserved to avoid conflicts with
|
||||
widely deployed implementations",,[Pasi_Eronen]
|
||||
"0xFF,0x00-FF",Reserved for Private Use,,[RFC5246]
|
||||
|
62
src/opnsense/scripts/system/ssl_ciphers.py
Executable file
62
src/opnsense/scripts/system/ssl_ciphers.py
Executable file
@ -0,0 +1,62 @@
|
||||
#!/usr/local/bin/python2.7
|
||||
|
||||
"""
|
||||
Copyright (c) 2016 Ad Schellevis
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
||||
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
--------------------------------------------------------------------------------------
|
||||
return all available ciphers
|
||||
"""
|
||||
import tempfile
|
||||
import subprocess
|
||||
import os
|
||||
import sys
|
||||
import ujson
|
||||
import csv
|
||||
|
||||
if __name__ == '__main__':
|
||||
# source http://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv
|
||||
rfc5246_file = '%s/rfc5246_cipher_suites.csv' % os.path.dirname(os.path.realpath(__file__))
|
||||
rfc5246 = dict()
|
||||
if os.path.isfile(rfc5246_file):
|
||||
with open(rfc5246_file, 'rb') as csvfile:
|
||||
for row in csv.reader(csvfile, delimiter=',', quotechar='"'):
|
||||
rfc5246[row[0]] = {'description': row[1]}
|
||||
|
||||
result = {}
|
||||
with tempfile.NamedTemporaryFile() as output_stream:
|
||||
subprocess.call(['/usr/bin/openssl', 'ciphers', '-V'], stdout=output_stream, stderr=open(os.devnull, 'wb'))
|
||||
output_stream.seek(0)
|
||||
for line in output_stream.read().strip().split('\n'):
|
||||
parts = line.strip().split()
|
||||
if len(parts) > 1:
|
||||
cipher_id = parts[0]
|
||||
cipher_key = parts[2]
|
||||
item = {'version': parts[3], 'id': cipher_id, 'description': ''}
|
||||
for part in parts[4:]:
|
||||
item[part.split('=')[0]] = part.split('=')[-1]
|
||||
if cipher_id in rfc5246:
|
||||
item['description'] = rfc5246[cipher_id]['description']
|
||||
result[cipher_key] = item
|
||||
print ujson.dumps(result)
|
||||
@ -3,3 +3,9 @@ command:/usr/local/opnsense/scripts/systemhealth/activity.py
|
||||
parameters:%s
|
||||
type:script_output
|
||||
message:show system activity
|
||||
|
||||
[ssl.ciphers]
|
||||
command:/usr/local/opnsense/scripts/system/ssl_ciphers.py
|
||||
parameters:
|
||||
type:script_output
|
||||
message:list ssl ciphers
|
||||
|
||||
@ -39,6 +39,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
|
||||
$pconfig['webguiport'] = $config['system']['webgui']['port'];
|
||||
$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
|
||||
if (!empty($config['system']['webgui']['ssl-ciphers'])) {
|
||||
$pconfig['ssl-ciphers'] = explode(':', $config['system']['webgui']['ssl-ciphers']);
|
||||
} else {
|
||||
$pconfig['ssl-ciphers'] = array();
|
||||
}
|
||||
$pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']);
|
||||
$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
|
||||
$pconfig['disableintegratedauth'] = !empty($config['system']['disableintegratedauth']);
|
||||
@ -84,9 +89,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
|
||||
if (count($input_errors) ==0) {
|
||||
// flag web ui for restart
|
||||
if (!empty($pconfig['ssl-ciphers'])) {
|
||||
$newciphers = implode(':', $pconfig['ssl-ciphers']);
|
||||
} else {
|
||||
$newciphers = '';
|
||||
}
|
||||
if ($config['system']['webgui']['protocol'] != $pconfig['webguiproto'] ||
|
||||
$config['system']['webgui']['port'] != $pconfig['webguiport'] ||
|
||||
$config['system']['webgui']['ssl-certref'] != $pconfig['ssl-certref'] ||
|
||||
$config['system']['webgui']['ssl-ciphers'] != $newciphers ||
|
||||
($pconfig['disablehttpredirect'] == "yes") != !empty($config['system']['webgui']['disablehttpredirect'])
|
||||
) {
|
||||
$restart_webgui = true;
|
||||
@ -97,6 +108,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$config['system']['webgui']['protocol'] = $pconfig['webguiproto'];
|
||||
$config['system']['webgui']['port'] = $pconfig['webguiport'];
|
||||
$config['system']['webgui']['ssl-certref'] = $pconfig['ssl-certref'];
|
||||
$config['system']['webgui']['ssl-ciphers'] = $newciphers;
|
||||
|
||||
if ($pconfig['disablehttpredirect'] == "yes") {
|
||||
$config['system']['webgui']['disablehttpredirect'] = true;
|
||||
@ -359,6 +371,24 @@ include("head.inc");
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="ssl_opts">
|
||||
<td><a id="help_for_sslciphers" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("limit SSL Ciphers (advanced)"); ?></td>
|
||||
<td>
|
||||
<select name="ssl-ciphers[]" class="selectpicker" multiple="multiple" data-live-search="true" title="<?=gettext("leave default");?>">
|
||||
<?php
|
||||
$ciphers = json_decode(configd_run("system ssl ciphers"), true);
|
||||
foreach ($ciphers as $cipher => $cipher_data):?>
|
||||
<option value="<?=$cipher;?>" <?=in_array($cipher, $pconfig['ssl-ciphers']) ? 'selected="selected"' : '';?>>
|
||||
<?=!empty($cipher_data['description']) ? $cipher_data['description'] : $cipher;?>
|
||||
</option>
|
||||
<?php
|
||||
endforeach;?>
|
||||
</select>
|
||||
<div class="hidden" for="help_for_sslciphers">
|
||||
<?=gettext("Limit SSL ciphers to selected ones, be **very** careful changing this option, invalid options could lead to an inaccessible user interface.");?>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_webguiport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("TCP port"); ?></td>
|
||||
<td>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user