-- | -- Module : Network.TLS.Extra.Cipher -- License : BSD-style -- Maintainer : Vincent Hanquez -- Stability : experimental -- Portability : unknown -- module Network.TLS.Extra.Cipher ( -- * cipher suite ciphersuite_default , ciphersuite_all , ciphersuite_medium , ciphersuite_strong , ciphersuite_unencrypted , ciphersuite_dhe_rsa , ciphersuite_dhe_dss -- * individual ciphers , cipher_null_SHA1 , cipher_AES128_SHA1 , cipher_AES256_SHA1 , cipher_AES128_SHA256 , cipher_AES256_SHA256 , cipher_AES128CCM_SHA256 , cipher_AES128CCM8_SHA256 , cipher_AES128GCM_SHA256 , cipher_AES256CCM_SHA256 , cipher_AES256CCM8_SHA256 , cipher_AES256GCM_SHA384 , cipher_DHE_RSA_AES128_SHA1 , cipher_DHE_RSA_AES256_SHA1 , cipher_DHE_RSA_AES128_SHA256 , cipher_DHE_RSA_AES256_SHA256 , cipher_DHE_DSS_AES128_SHA1 , cipher_DHE_DSS_AES256_SHA1 , cipher_DHE_RSA_AES128CCM_SHA256 , cipher_DHE_RSA_AES128CCM8_SHA256 , cipher_DHE_RSA_AES128GCM_SHA256 , cipher_DHE_RSA_AES256CCM_SHA256 , cipher_DHE_RSA_AES256CCM8_SHA256 , cipher_DHE_RSA_AES256GCM_SHA384 , cipher_DHE_RSA_CHACHA20POLY1305_SHA256 , cipher_ECDHE_RSA_AES128GCM_SHA256 , cipher_ECDHE_RSA_AES256GCM_SHA384 , cipher_ECDHE_RSA_AES128CBC_SHA256 , cipher_ECDHE_RSA_AES128CBC_SHA , cipher_ECDHE_RSA_AES256CBC_SHA , cipher_ECDHE_RSA_AES256CBC_SHA384 , cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 , cipher_ECDHE_ECDSA_AES128CBC_SHA , cipher_ECDHE_ECDSA_AES256CBC_SHA , cipher_ECDHE_ECDSA_AES128CBC_SHA256 , cipher_ECDHE_ECDSA_AES256CBC_SHA384 , cipher_ECDHE_ECDSA_AES128CCM_SHA256 , cipher_ECDHE_ECDSA_AES128CCM8_SHA256 , cipher_ECDHE_ECDSA_AES128GCM_SHA256 , cipher_ECDHE_ECDSA_AES256CCM_SHA256 , cipher_ECDHE_ECDSA_AES256CCM8_SHA256 , cipher_ECDHE_ECDSA_AES256GCM_SHA384 , cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 -- TLS 1.3 , cipher_TLS13_AES128GCM_SHA256 , cipher_TLS13_AES256GCM_SHA384 , cipher_TLS13_CHACHA20POLY1305_SHA256 , cipher_TLS13_AES128CCM_SHA256 , cipher_TLS13_AES128CCM8_SHA256 -- * obsolete and non-standard ciphers , cipher_RSA_3DES_EDE_CBC_SHA1 , cipher_RC4_128_MD5 , cipher_RC4_128_SHA1 , cipher_null_MD5 , cipher_DHE_DSS_RC4_SHA1 ) where import qualified Data.ByteString as B import Network.TLS.Types (Version(..)) import Network.TLS.Cipher import Network.TLS.Imports import Data.Tuple (swap) import Crypto.Cipher.AES import qualified Crypto.Cipher.ChaChaPoly1305 as ChaChaPoly1305 import qualified Crypto.Cipher.RC4 as RC4 import Crypto.Cipher.TripleDES import Crypto.Cipher.Types hiding (Cipher, cipherName) import Crypto.Error import qualified Crypto.MAC.Poly1305 as Poly1305 takelast :: Int -> B.ByteString -> B.ByteString takelast i b = B.drop (B.length b - i) b aes128cbc :: BulkDirection -> BulkKey -> BulkBlock aes128cbc BulkEncrypt key = let ctx = noFail (cipherInit key) :: AES128 in (\iv input -> let output = cbcEncrypt ctx (makeIV_ iv) input in (output, takelast 16 output)) aes128cbc BulkDecrypt key = let ctx = noFail (cipherInit key) :: AES128 in (\iv input -> let output = cbcDecrypt ctx (makeIV_ iv) input in (output, takelast 16 input)) aes256cbc :: BulkDirection -> BulkKey -> BulkBlock aes256cbc BulkEncrypt key = let ctx = noFail (cipherInit key) :: AES256 in (\iv input -> let output = cbcEncrypt ctx (makeIV_ iv) input in (output, takelast 16 output)) aes256cbc BulkDecrypt key = let ctx = noFail (cipherInit key) :: AES256 in (\iv input -> let output = cbcDecrypt ctx (makeIV_ iv) input in (output, takelast 16 input)) aes128ccm :: BulkDirection -> BulkKey -> BulkAEAD aes128ccm BulkEncrypt key = let ctx = noFail (cipherInit key) :: AES128 in (\nonce d ad -> let mode = AEAD_CCM (B.length d) CCM_M16 CCM_L3 aeadIni = noFail (aeadInit mode ctx nonce) in swap $ aeadSimpleEncrypt aeadIni ad d 16) aes128ccm BulkDecrypt key = let ctx = noFail (cipherInit key) :: AES128 in (\nonce d ad -> let mode = AEAD_CCM (B.length d) CCM_M16 CCM_L3 aeadIni = noFail (aeadInit mode ctx nonce) in simpleDecrypt aeadIni ad d 16) aes128ccm8 :: BulkDirection -> BulkKey -> BulkAEAD aes128ccm8 BulkEncrypt key = let ctx = noFail (cipherInit key) :: AES128 in (\nonce d ad -> let mode = AEAD_CCM (B.length d) CCM_M8 CCM_L3 aeadIni = noFail (aeadInit mode ctx nonce) in swap $ aeadSimpleEncrypt aeadIni ad d 8) aes128ccm8 BulkDecrypt key = let ctx = noFail (cipherInit key) :: AES128 in (\nonce d ad -> let mode = AEAD_CCM (B.length d) CCM_M8 CCM_L3 aeadIni = noFail (aeadInit mode ctx nonce) in simpleDecrypt aeadIni ad d 8) aes128gcm :: BulkDirection -> BulkKey -> BulkAEAD aes128gcm BulkEncrypt key = let ctx = noFail (cipherInit key) :: AES128 in (\nonce d ad -> let aeadIni = noFail (aeadInit AEAD_GCM ctx nonce) in swap $ aeadSimpleEncrypt aeadIni ad d 16) aes128gcm BulkDecrypt key = let ctx = noFail (cipherInit key) :: AES128 in (\nonce d ad -> let aeadIni = noFail (aeadInit AEAD_GCM ctx nonce) in simpleDecrypt aeadIni ad d 16) aes256ccm :: BulkDirection -> BulkKey -> BulkAEAD aes256ccm BulkEncrypt key = let ctx = noFail (cipherInit key) :: AES256 in (\nonce d ad -> let mode = AEAD_CCM (B.length d) CCM_M16 CCM_L3 aeadIni = noFail (aeadInit mode ctx nonce) in swap $ aeadSimpleEncrypt aeadIni ad d 16) aes256ccm BulkDecrypt key = let ctx = noFail (cipherInit key) :: AES256 in (\nonce d ad -> let mode = AEAD_CCM (B.length d) CCM_M16 CCM_L3 aeadIni = noFail (aeadInit mode ctx nonce) in simpleDecrypt aeadIni ad d 16) aes256ccm8 :: BulkDirection -> BulkKey -> BulkAEAD aes256ccm8 BulkEncrypt key = let ctx = noFail (cipherInit key) :: AES256 in (\nonce d ad -> let mode = AEAD_CCM (B.length d) CCM_M8 CCM_L3 aeadIni = noFail (aeadInit mode ctx nonce) in swap $ aeadSimpleEncrypt aeadIni ad d 8) aes256ccm8 BulkDecrypt key = let ctx = noFail (cipherInit key) :: AES256 in (\nonce d ad -> let mode = AEAD_CCM (B.length d) CCM_M8 CCM_L3 aeadIni = noFail (aeadInit mode ctx nonce) in simpleDecrypt aeadIni ad d 8) aes256gcm :: BulkDirection -> BulkKey -> BulkAEAD aes256gcm BulkEncrypt key = let ctx = noFail (cipherInit key) :: AES256 in (\nonce d ad -> let aeadIni = noFail (aeadInit AEAD_GCM ctx nonce) in swap $ aeadSimpleEncrypt aeadIni ad d 16) aes256gcm BulkDecrypt key = let ctx = noFail (cipherInit key) :: AES256 in (\nonce d ad -> let aeadIni = noFail (aeadInit AEAD_GCM ctx nonce) in simpleDecrypt aeadIni ad d 16) simpleDecrypt :: AEAD cipher -> B.ByteString -> B.ByteString -> Int -> (B.ByteString, AuthTag) simpleDecrypt aeadIni header input taglen = (output, tag) where aead = aeadAppendHeader aeadIni header (output, aeadFinal) = aeadDecrypt aead input tag = aeadFinalize aeadFinal taglen noFail :: CryptoFailable a -> a noFail = throwCryptoError makeIV_ :: BlockCipher a => B.ByteString -> IV a makeIV_ = fromMaybe (error "makeIV_") . makeIV tripledes_ede :: BulkDirection -> BulkKey -> BulkBlock tripledes_ede BulkEncrypt key = let ctx = noFail $ cipherInit key in (\iv input -> let output = cbcEncrypt ctx (tripledes_iv iv) input in (output, takelast 8 output)) tripledes_ede BulkDecrypt key = let ctx = noFail $ cipherInit key in (\iv input -> let output = cbcDecrypt ctx (tripledes_iv iv) input in (output, takelast 8 input)) tripledes_iv :: BulkIV -> IV DES_EDE3 tripledes_iv iv = fromMaybe (error "tripledes cipher iv internal error") $ makeIV iv rc4 :: BulkDirection -> BulkKey -> BulkStream rc4 _ bulkKey = BulkStream (combineRC4 $ RC4.initialize bulkKey) where combineRC4 ctx input = let (ctx', output) = RC4.combine ctx input in (output, BulkStream (combineRC4 ctx')) chacha20poly1305 :: BulkDirection -> BulkKey -> BulkAEAD chacha20poly1305 BulkEncrypt key nonce = let st = noFail (ChaChaPoly1305.nonce12 nonce >>= ChaChaPoly1305.initialize key) in (\input ad -> let st2 = ChaChaPoly1305.finalizeAAD (ChaChaPoly1305.appendAAD ad st) (output, st3) = ChaChaPoly1305.encrypt input st2 Poly1305.Auth tag = ChaChaPoly1305.finalize st3 in (output, AuthTag tag)) chacha20poly1305 BulkDecrypt key nonce = let st = noFail (ChaChaPoly1305.nonce12 nonce >>= ChaChaPoly1305.initialize key) in (\input ad -> let st2 = ChaChaPoly1305.finalizeAAD (ChaChaPoly1305.appendAAD ad st) (output, st3) = ChaChaPoly1305.decrypt input st2 Poly1305.Auth tag = ChaChaPoly1305.finalize st3 in (output, AuthTag tag)) -- | All AES and ChaCha20-Poly1305 ciphers supported ordered from strong to -- weak. This choice of ciphersuites should satisfy most normal needs. For -- otherwise strong ciphers we make little distinction between AES128 and -- AES256, and list each but the weakest of the AES128 ciphers ahead of the -- corresponding AES256 ciphers, with the ChaCha20-Poly1305 variant placed just -- after. -- -- The CCM ciphers all come together after the GCM variants due to their -- relative performance cost. ciphersuite_default :: [Cipher] ciphersuite_default = [ -- First the PFS + GCM + SHA2 ciphers cipher_ECDHE_ECDSA_AES128GCM_SHA256, cipher_ECDHE_ECDSA_AES256GCM_SHA384 , cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 , cipher_ECDHE_RSA_AES128GCM_SHA256, cipher_ECDHE_RSA_AES256GCM_SHA384 , cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 , cipher_DHE_RSA_AES128GCM_SHA256, cipher_DHE_RSA_AES256GCM_SHA384 , cipher_DHE_RSA_CHACHA20POLY1305_SHA256 , -- Next the PFS + CCM + SHA2 ciphers cipher_ECDHE_ECDSA_AES128CCM_SHA256, cipher_ECDHE_ECDSA_AES256CCM_SHA256 , cipher_DHE_RSA_AES128CCM_SHA256, cipher_DHE_RSA_AES256CCM_SHA256 -- Next the PFS + CBC + SHA2 ciphers , cipher_ECDHE_ECDSA_AES128CBC_SHA256, cipher_ECDHE_ECDSA_AES256CBC_SHA384 , cipher_ECDHE_RSA_AES128CBC_SHA256, cipher_ECDHE_RSA_AES256CBC_SHA384 , cipher_DHE_RSA_AES128_SHA256, cipher_DHE_RSA_AES256_SHA256 -- Next the PFS + CBC + SHA1 ciphers , cipher_ECDHE_ECDSA_AES128CBC_SHA, cipher_ECDHE_ECDSA_AES256CBC_SHA , cipher_ECDHE_RSA_AES128CBC_SHA, cipher_ECDHE_RSA_AES256CBC_SHA , cipher_DHE_RSA_AES128_SHA1, cipher_DHE_RSA_AES256_SHA1 -- Next the non-PFS + GCM + SHA2 ciphers , cipher_AES128GCM_SHA256, cipher_AES256GCM_SHA384 -- Next the non-PFS + CCM + SHA2 ciphers , cipher_AES128CCM_SHA256, cipher_AES256CCM_SHA256 -- Next the non-PFS + CBC + SHA2 ciphers , cipher_AES256_SHA256, cipher_AES128_SHA256 -- Next the non-PFS + CBC + SHA1 ciphers , cipher_AES256_SHA1, cipher_AES128_SHA1 -- Nobody uses or should use DSS, RC4, 3DES or MD5 -- , cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1 -- , cipher_DHE_DSS_RC4_SHA1, cipher_RC4_128_SHA1, cipher_RC4_128_MD5 -- , cipher_RSA_3DES_EDE_CBC_SHA1 -- TLS13 (listed at the end but version is negotiated first) , cipher_TLS13_AES128GCM_SHA256 , cipher_TLS13_AES256GCM_SHA384 , cipher_TLS13_CHACHA20POLY1305_SHA256 , cipher_TLS13_AES128CCM_SHA256 ] {-# WARNING ciphersuite_all "This ciphersuite list contains RC4. Use ciphersuite_strong or ciphersuite_default instead." #-} -- | The default ciphersuites + some not recommended last resort ciphers. ciphersuite_all :: [Cipher] ciphersuite_all = ciphersuite_default ++ [ cipher_ECDHE_ECDSA_AES128CCM8_SHA256, cipher_ECDHE_ECDSA_AES256CCM8_SHA256 , cipher_DHE_RSA_AES128CCM8_SHA256, cipher_DHE_RSA_AES256CCM8_SHA256 , cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1 , cipher_AES128CCM8_SHA256, cipher_AES256CCM8_SHA256 , cipher_RSA_3DES_EDE_CBC_SHA1 , cipher_RC4_128_SHA1 , cipher_TLS13_AES128CCM8_SHA256 ] {-# DEPRECATED ciphersuite_medium "Use ciphersuite_strong or ciphersuite_default instead." #-} -- | list of medium ciphers. ciphersuite_medium :: [Cipher] ciphersuite_medium = [ cipher_RC4_128_SHA1 , cipher_AES128_SHA1 ] -- | The strongest ciphers supported. For ciphers with PFS, AEAD and SHA2, we -- list each AES128 variant after the corresponding AES256 and ChaCha20-Poly1305 -- variants. For weaker constructs, we use just the AES256 form. -- -- The CCM ciphers come just after the corresponding GCM ciphers despite their -- relative performance cost. ciphersuite_strong :: [Cipher] ciphersuite_strong = [ -- If we have PFS + AEAD + SHA2, then allow AES128, else just 256 cipher_ECDHE_ECDSA_AES256GCM_SHA384, cipher_ECDHE_ECDSA_AES256CCM_SHA256 , cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 , cipher_ECDHE_ECDSA_AES128GCM_SHA256, cipher_ECDHE_ECDSA_AES128CCM_SHA256 , cipher_ECDHE_RSA_AES256GCM_SHA384 , cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 , cipher_ECDHE_RSA_AES128GCM_SHA256 , cipher_DHE_RSA_AES256GCM_SHA384, cipher_DHE_RSA_AES256CCM_SHA256 , cipher_DHE_RSA_CHACHA20POLY1305_SHA256 , cipher_DHE_RSA_AES128GCM_SHA256, cipher_DHE_RSA_AES128CCM_SHA256 -- No AEAD , cipher_ECDHE_ECDSA_AES256CBC_SHA384 , cipher_ECDHE_RSA_AES256CBC_SHA384 , cipher_DHE_RSA_AES256_SHA256 -- No SHA2 , cipher_ECDHE_ECDSA_AES256CBC_SHA , cipher_ECDHE_RSA_AES256CBC_SHA , cipher_DHE_RSA_AES256_SHA1 -- No PFS , cipher_AES256GCM_SHA384 , cipher_AES256CCM_SHA256 -- Neither PFS nor AEAD, just SHA2 , cipher_AES256_SHA256 -- Last resort no PFS, AEAD or SHA2 , cipher_AES256_SHA1 -- TLS13 (listed at the end but version is negotiated first) , cipher_TLS13_AES256GCM_SHA384 , cipher_TLS13_CHACHA20POLY1305_SHA256 , cipher_TLS13_AES128GCM_SHA256 , cipher_TLS13_AES128CCM_SHA256 ] -- | DHE-RSA cipher suite. This only includes ciphers bound specifically to -- DHE-RSA so TLS 1.3 ciphers must be added separately. ciphersuite_dhe_rsa :: [Cipher] ciphersuite_dhe_rsa = [ cipher_DHE_RSA_AES256GCM_SHA384, cipher_DHE_RSA_AES256CCM_SHA256 , cipher_DHE_RSA_CHACHA20POLY1305_SHA256 , cipher_DHE_RSA_AES128GCM_SHA256, cipher_DHE_RSA_AES128CCM_SHA256 , cipher_DHE_RSA_AES256_SHA256, cipher_DHE_RSA_AES128_SHA256 , cipher_DHE_RSA_AES256_SHA1, cipher_DHE_RSA_AES128_SHA1 ] ciphersuite_dhe_dss :: [Cipher] ciphersuite_dhe_dss = [cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1, cipher_DHE_DSS_RC4_SHA1] -- | all unencrypted ciphers, do not use on insecure network. ciphersuite_unencrypted :: [Cipher] ciphersuite_unencrypted = [cipher_null_MD5, cipher_null_SHA1] bulk_null, bulk_rc4, bulk_aes128, bulk_aes256, bulk_tripledes_ede, bulk_aes128gcm, bulk_aes256gcm :: Bulk bulk_aes128ccm, bulk_aes128ccm8, bulk_aes256ccm, bulk_aes256ccm8, bulk_chacha20poly1305 :: Bulk bulk_null = Bulk { bulkName = "null" , bulkKeySize = 0 , bulkIVSize = 0 , bulkExplicitIV = 0 , bulkAuthTagLen = 0 , bulkBlockSize = 0 , bulkF = BulkStreamF passThrough } where passThrough _ _ = BulkStream go where go inp = (inp, BulkStream go) bulk_rc4 = Bulk { bulkName = "RC4-128" , bulkKeySize = 16 , bulkIVSize = 0 , bulkExplicitIV = 0 , bulkAuthTagLen = 0 , bulkBlockSize = 0 , bulkF = BulkStreamF rc4 } bulk_aes128 = Bulk { bulkName = "AES128" , bulkKeySize = 16 , bulkIVSize = 16 , bulkExplicitIV = 0 , bulkAuthTagLen = 0 , bulkBlockSize = 16 , bulkF = BulkBlockF aes128cbc } bulk_aes128ccm = Bulk { bulkName = "AES128CCM" , bulkKeySize = 16 -- RFC 5116 Sec 5.1: K_LEN , bulkIVSize = 4 -- RFC 6655 CCMNonce.salt, fixed_iv_length , bulkExplicitIV = 8 , bulkAuthTagLen = 16 , bulkBlockSize = 0 -- dummy, not used , bulkF = BulkAeadF aes128ccm } bulk_aes128ccm8 = Bulk { bulkName = "AES128CCM8" , bulkKeySize = 16 -- RFC 5116 Sec 5.1: K_LEN , bulkIVSize = 4 -- RFC 6655 CCMNonce.salt, fixed_iv_length , bulkExplicitIV = 8 , bulkAuthTagLen = 8 , bulkBlockSize = 0 -- dummy, not used , bulkF = BulkAeadF aes128ccm8 } bulk_aes128gcm = Bulk { bulkName = "AES128GCM" , bulkKeySize = 16 -- RFC 5116 Sec 5.1: K_LEN , bulkIVSize = 4 -- RFC 5288 GCMNonce.salt, fixed_iv_length , bulkExplicitIV = 8 , bulkAuthTagLen = 16 , bulkBlockSize = 0 -- dummy, not used , bulkF = BulkAeadF aes128gcm } bulk_aes256ccm = Bulk { bulkName = "AES256CCM" , bulkKeySize = 32 -- RFC 5116 Sec 5.1: K_LEN , bulkIVSize = 4 -- RFC 6655 CCMNonce.salt, fixed_iv_length , bulkExplicitIV = 8 , bulkAuthTagLen = 16 , bulkBlockSize = 0 -- dummy, not used , bulkF = BulkAeadF aes256ccm } bulk_aes256ccm8 = Bulk { bulkName = "AES256CCM8" , bulkKeySize = 32 -- RFC 5116 Sec 5.1: K_LEN , bulkIVSize = 4 -- RFC 6655 CCMNonce.salt, fixed_iv_length , bulkExplicitIV = 8 , bulkAuthTagLen = 8 , bulkBlockSize = 0 -- dummy, not used , bulkF = BulkAeadF aes256ccm8 } bulk_aes256gcm = Bulk { bulkName = "AES256GCM" , bulkKeySize = 32 -- RFC 5116 Sec 5.1: K_LEN , bulkIVSize = 4 -- RFC 5288 GCMNonce.salt, fixed_iv_length , bulkExplicitIV = 8 , bulkAuthTagLen = 16 , bulkBlockSize = 0 -- dummy, not used , bulkF = BulkAeadF aes256gcm } bulk_aes256 = Bulk { bulkName = "AES256" , bulkKeySize = 32 , bulkIVSize = 16 , bulkExplicitIV = 0 , bulkAuthTagLen = 0 , bulkBlockSize = 16 , bulkF = BulkBlockF aes256cbc } bulk_tripledes_ede = Bulk { bulkName = "3DES-EDE-CBC" , bulkKeySize = 24 , bulkIVSize = 8 , bulkExplicitIV = 0 , bulkAuthTagLen = 0 , bulkBlockSize = 8 , bulkF = BulkBlockF tripledes_ede } bulk_chacha20poly1305 = Bulk { bulkName = "CHACHA20POLY1305" , bulkKeySize = 32 , bulkIVSize = 12 -- RFC 7905 section 2, fixed_iv_length , bulkExplicitIV = 0 , bulkAuthTagLen = 16 , bulkBlockSize = 0 -- dummy, not used , bulkF = BulkAeadF chacha20poly1305 } -- | unencrypted cipher using RSA for key exchange and MD5 for digest cipher_null_MD5 :: Cipher cipher_null_MD5 = Cipher { cipherID = 0x0001 , cipherName = "RSA-null-MD5" , cipherBulk = bulk_null , cipherHash = MD5 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Nothing } -- | unencrypted cipher using RSA for key exchange and SHA1 for digest cipher_null_SHA1 :: Cipher cipher_null_SHA1 = Cipher { cipherID = 0x0002 , cipherName = "RSA-null-SHA1" , cipherBulk = bulk_null , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Nothing } -- | RC4 cipher, RSA key exchange and MD5 for digest cipher_RC4_128_MD5 :: Cipher cipher_RC4_128_MD5 = Cipher { cipherID = 0x0004 , cipherName = "RSA-rc4-128-md5" , cipherBulk = bulk_rc4 , cipherHash = MD5 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Nothing } -- | RC4 cipher, RSA key exchange and SHA1 for digest cipher_RC4_128_SHA1 :: Cipher cipher_RC4_128_SHA1 = Cipher { cipherID = 0x0005 , cipherName = "RSA-rc4-128-sha1" , cipherBulk = bulk_rc4 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Nothing } -- | 3DES cipher (168 bit key), RSA key exchange and SHA1 for digest cipher_RSA_3DES_EDE_CBC_SHA1 :: Cipher cipher_RSA_3DES_EDE_CBC_SHA1 = Cipher { cipherID = 0x000A , cipherName = "RSA-3DES-EDE-CBC-SHA1" , cipherBulk = bulk_tripledes_ede , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Nothing } -- | AES cipher (128 bit key), RSA key exchange and SHA1 for digest cipher_AES128_SHA1 :: Cipher cipher_AES128_SHA1 = Cipher { cipherID = 0x002F , cipherName = "RSA-AES128-SHA1" , cipherBulk = bulk_aes128 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just SSL3 } -- | AES cipher (128 bit key), DHE key exchanged signed by DSA and SHA1 for digest cipher_DHE_DSS_AES128_SHA1 :: Cipher cipher_DHE_DSS_AES128_SHA1 = Cipher { cipherID = 0x0032 , cipherName = "DHE-DSA-AES128-SHA1" , cipherBulk = bulk_aes128 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_DHE_DSS , cipherMinVer = Nothing } -- | AES cipher (128 bit key), DHE key exchanged signed by RSA and SHA1 for digest cipher_DHE_RSA_AES128_SHA1 :: Cipher cipher_DHE_RSA_AES128_SHA1 = Cipher { cipherID = 0x0033 , cipherName = "DHE-RSA-AES128-SHA1" , cipherBulk = bulk_aes128 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_DHE_RSA , cipherMinVer = Nothing } -- | AES cipher (256 bit key), RSA key exchange and SHA1 for digest cipher_AES256_SHA1 :: Cipher cipher_AES256_SHA1 = Cipher { cipherID = 0x0035 , cipherName = "RSA-AES256-SHA1" , cipherBulk = bulk_aes256 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just SSL3 } -- | AES cipher (256 bit key), DHE key exchanged signed by DSA and SHA1 for digest cipher_DHE_DSS_AES256_SHA1 :: Cipher cipher_DHE_DSS_AES256_SHA1 = cipher_DHE_DSS_AES128_SHA1 { cipherID = 0x0038 , cipherName = "DHE-DSA-AES256-SHA1" , cipherBulk = bulk_aes256 } -- | AES cipher (256 bit key), DHE key exchanged signed by RSA and SHA1 for digest cipher_DHE_RSA_AES256_SHA1 :: Cipher cipher_DHE_RSA_AES256_SHA1 = cipher_DHE_RSA_AES128_SHA1 { cipherID = 0x0039 , cipherName = "DHE-RSA-AES256-SHA1" , cipherBulk = bulk_aes256 } -- | AES cipher (128 bit key), RSA key exchange and SHA256 for digest cipher_AES128_SHA256 :: Cipher cipher_AES128_SHA256 = Cipher { cipherID = 0x003C , cipherName = "RSA-AES128-SHA256" , cipherBulk = bulk_aes128 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just TLS12 } -- | AES cipher (256 bit key), RSA key exchange and SHA256 for digest cipher_AES256_SHA256 :: Cipher cipher_AES256_SHA256 = Cipher { cipherID = 0x003D , cipherName = "RSA-AES256-SHA256" , cipherBulk = bulk_aes256 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just TLS12 } -- This is not registered in IANA. -- So, this will be removed in the next major release. cipher_DHE_DSS_RC4_SHA1 :: Cipher cipher_DHE_DSS_RC4_SHA1 = cipher_DHE_DSS_AES128_SHA1 { cipherID = 0x0066 , cipherName = "DHE-DSA-RC4-SHA1" , cipherBulk = bulk_rc4 } cipher_DHE_RSA_AES128_SHA256 :: Cipher cipher_DHE_RSA_AES128_SHA256 = cipher_DHE_RSA_AES128_SHA1 { cipherID = 0x0067 , cipherName = "DHE-RSA-AES128-SHA256" , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherMinVer = Just TLS12 } cipher_DHE_RSA_AES256_SHA256 :: Cipher cipher_DHE_RSA_AES256_SHA256 = cipher_DHE_RSA_AES128_SHA256 { cipherID = 0x006B , cipherName = "DHE-RSA-AES256-SHA256" , cipherBulk = bulk_aes256 } -- | AESCCM cipher (128 bit key), RSA key exchange. -- The SHA256 digest is used as a PRF, not as a MAC. cipher_AES128CCM_SHA256 :: Cipher cipher_AES128CCM_SHA256 = Cipher { cipherID = 0xc09c , cipherName = "RSA-AES128CCM-SHA256" , cipherBulk = bulk_aes128ccm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 } -- | AESCCM8 cipher (128 bit key), RSA key exchange. -- The SHA256 digest is used as a PRF, not as a MAC. cipher_AES128CCM8_SHA256 :: Cipher cipher_AES128CCM8_SHA256 = Cipher { cipherID = 0xc0a0 , cipherName = "RSA-AES128CCM8-SHA256" , cipherBulk = bulk_aes128ccm8 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 } -- | AESGCM cipher (128 bit key), RSA key exchange. -- The SHA256 digest is used as a PRF, not as a MAC. cipher_AES128GCM_SHA256 :: Cipher cipher_AES128GCM_SHA256 = Cipher { cipherID = 0x009C , cipherName = "RSA-AES128GCM-SHA256" , cipherBulk = bulk_aes128gcm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just TLS12 } -- | AESCCM cipher (256 bit key), RSA key exchange. -- The SHA256 digest is used as a PRF, not as a MAC. cipher_AES256CCM_SHA256 :: Cipher cipher_AES256CCM_SHA256 = Cipher { cipherID = 0xc09d , cipherName = "RSA-AES256CCM-SHA256" , cipherBulk = bulk_aes256ccm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 } -- | AESCCM8 cipher (256 bit key), RSA key exchange. -- The SHA256 digest is used as a PRF, not as a MAC. cipher_AES256CCM8_SHA256 :: Cipher cipher_AES256CCM8_SHA256 = Cipher { cipherID = 0xc0a1 , cipherName = "RSA-AES256CCM8-SHA256" , cipherBulk = bulk_aes256ccm8 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 } -- | AESGCM cipher (256 bit key), RSA key exchange. -- The SHA384 digest is used as a PRF, not as a MAC. cipher_AES256GCM_SHA384 :: Cipher cipher_AES256GCM_SHA384 = Cipher { cipherID = 0x009D , cipherName = "RSA-AES256GCM-SHA384" , cipherBulk = bulk_aes256gcm , cipherHash = SHA384 , cipherPRFHash = Just SHA384 , cipherKeyExchange = CipherKeyExchange_RSA , cipherMinVer = Just TLS12 } cipher_DHE_RSA_AES128CCM_SHA256 :: Cipher cipher_DHE_RSA_AES128CCM_SHA256 = Cipher { cipherID = 0xc09e , cipherName = "DHE-RSA-AES128CCM-SHA256" , cipherBulk = bulk_aes128ccm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_DHE_RSA , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 } cipher_DHE_RSA_AES128CCM8_SHA256 :: Cipher cipher_DHE_RSA_AES128CCM8_SHA256 = Cipher { cipherID = 0xc0a2 , cipherName = "DHE-RSA-AES128CCM8-SHA256" , cipherBulk = bulk_aes128ccm8 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_DHE_RSA , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 } cipher_DHE_RSA_AES128GCM_SHA256 :: Cipher cipher_DHE_RSA_AES128GCM_SHA256 = Cipher { cipherID = 0x009E , cipherName = "DHE-RSA-AES128GCM-SHA256" , cipherBulk = bulk_aes128gcm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_DHE_RSA , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 } cipher_DHE_RSA_AES256CCM_SHA256 :: Cipher cipher_DHE_RSA_AES256CCM_SHA256 = Cipher { cipherID = 0xc09f , cipherName = "DHE-RSA-AES256CCM-SHA256" , cipherBulk = bulk_aes256ccm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_DHE_RSA , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 } cipher_DHE_RSA_AES256CCM8_SHA256 :: Cipher cipher_DHE_RSA_AES256CCM8_SHA256 = Cipher { cipherID = 0xc0a3 , cipherName = "DHE-RSA-AES256CCM8-SHA256" , cipherBulk = bulk_aes256ccm8 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_DHE_RSA , cipherMinVer = Just TLS12 -- RFC 6655 Sec 3 } cipher_DHE_RSA_AES256GCM_SHA384 :: Cipher cipher_DHE_RSA_AES256GCM_SHA384 = Cipher { cipherID = 0x009F , cipherName = "DHE-RSA-AES256GCM-SHA384" , cipherBulk = bulk_aes256gcm , cipherHash = SHA384 , cipherPRFHash = Just SHA384 , cipherKeyExchange = CipherKeyExchange_DHE_RSA , cipherMinVer = Just TLS12 } cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 :: Cipher cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 = Cipher { cipherID = 0xCCA8 , cipherName = "ECDHE-RSA-CHACHA20POLY1305-SHA256" , cipherBulk = bulk_chacha20poly1305 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA , cipherMinVer = Just TLS12 } cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 :: Cipher cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 = Cipher { cipherID = 0xCCA9 , cipherName = "ECDHE-ECDSA-CHACHA20POLY1305-SHA256" , cipherBulk = bulk_chacha20poly1305 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 } cipher_DHE_RSA_CHACHA20POLY1305_SHA256 :: Cipher cipher_DHE_RSA_CHACHA20POLY1305_SHA256 = Cipher { cipherID = 0xCCAA , cipherName = "DHE-RSA-CHACHA20POLY1305-SHA256" , cipherBulk = bulk_chacha20poly1305 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_DHE_RSA , cipherMinVer = Just TLS12 } cipher_TLS13_AES128GCM_SHA256 :: Cipher cipher_TLS13_AES128GCM_SHA256 = Cipher { cipherID = 0x1301 , cipherName = "AES128GCM-SHA256" , cipherBulk = bulk_aes128gcm , cipherHash = SHA256 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_TLS13 , cipherMinVer = Just TLS13 } cipher_TLS13_AES256GCM_SHA384 :: Cipher cipher_TLS13_AES256GCM_SHA384 = Cipher { cipherID = 0x1302 , cipherName = "AES256GCM-SHA384" , cipherBulk = bulk_aes256gcm , cipherHash = SHA384 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_TLS13 , cipherMinVer = Just TLS13 } cipher_TLS13_CHACHA20POLY1305_SHA256 :: Cipher cipher_TLS13_CHACHA20POLY1305_SHA256 = Cipher { cipherID = 0x1303 , cipherName = "CHACHA20POLY1305-SHA256" , cipherBulk = bulk_chacha20poly1305 , cipherHash = SHA256 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_TLS13 , cipherMinVer = Just TLS13 } cipher_TLS13_AES128CCM_SHA256 :: Cipher cipher_TLS13_AES128CCM_SHA256 = Cipher { cipherID = 0x1304 , cipherName = "AES128CCM-SHA256" , cipherBulk = bulk_aes128ccm , cipherHash = SHA256 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_TLS13 , cipherMinVer = Just TLS13 } cipher_TLS13_AES128CCM8_SHA256 :: Cipher cipher_TLS13_AES128CCM8_SHA256 = Cipher { cipherID = 0x1305 , cipherName = "AES128CCM8-SHA256" , cipherBulk = bulk_aes128ccm8 , cipherHash = SHA256 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_TLS13 , cipherMinVer = Just TLS13 } cipher_ECDHE_ECDSA_AES128CBC_SHA :: Cipher cipher_ECDHE_ECDSA_AES128CBC_SHA = Cipher { cipherID = 0xC009 , cipherName = "ECDHE-ECDSA-AES128CBC-SHA" , cipherBulk = bulk_aes128 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS10 } cipher_ECDHE_ECDSA_AES256CBC_SHA :: Cipher cipher_ECDHE_ECDSA_AES256CBC_SHA = Cipher { cipherID = 0xC00A , cipherName = "ECDHE-ECDSA-AES256CBC-SHA" , cipherBulk = bulk_aes256 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS10 } cipher_ECDHE_RSA_AES128CBC_SHA :: Cipher cipher_ECDHE_RSA_AES128CBC_SHA = Cipher { cipherID = 0xC013 , cipherName = "ECDHE-RSA-AES128CBC-SHA" , cipherBulk = bulk_aes128 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA , cipherMinVer = Just TLS10 } cipher_ECDHE_RSA_AES256CBC_SHA :: Cipher cipher_ECDHE_RSA_AES256CBC_SHA = Cipher { cipherID = 0xC014 , cipherName = "ECDHE-RSA-AES256CBC-SHA" , cipherBulk = bulk_aes256 , cipherHash = SHA1 , cipherPRFHash = Nothing , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA , cipherMinVer = Just TLS10 } cipher_ECDHE_RSA_AES128CBC_SHA256 :: Cipher cipher_ECDHE_RSA_AES128CBC_SHA256 = Cipher { cipherID = 0xC027 , cipherName = "ECDHE-RSA-AES128CBC-SHA256" , cipherBulk = bulk_aes128 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 } cipher_ECDHE_RSA_AES256CBC_SHA384 :: Cipher cipher_ECDHE_RSA_AES256CBC_SHA384 = Cipher { cipherID = 0xC028 , cipherName = "ECDHE-RSA-AES256CBC-SHA384" , cipherBulk = bulk_aes256 , cipherHash = SHA384 , cipherPRFHash = Just SHA384 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 } cipher_ECDHE_ECDSA_AES128CBC_SHA256 :: Cipher cipher_ECDHE_ECDSA_AES128CBC_SHA256 = Cipher { cipherID = 0xc023 , cipherName = "ECDHE-ECDSA-AES128CBC-SHA256" , cipherBulk = bulk_aes128 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 -- RFC 5289 } cipher_ECDHE_ECDSA_AES256CBC_SHA384 :: Cipher cipher_ECDHE_ECDSA_AES256CBC_SHA384 = Cipher { cipherID = 0xC024 , cipherName = "ECDHE-ECDSA-AES256CBC-SHA384" , cipherBulk = bulk_aes256 , cipherHash = SHA384 , cipherPRFHash = Just SHA384 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 -- RFC 5289 } cipher_ECDHE_ECDSA_AES128CCM_SHA256 :: Cipher cipher_ECDHE_ECDSA_AES128CCM_SHA256 = Cipher { cipherID = 0xc0ac , cipherName = "ECDHE-ECDSA-AES128CCM-SHA256" , cipherBulk = bulk_aes128ccm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 -- RFC 7251 } cipher_ECDHE_ECDSA_AES128CCM8_SHA256 :: Cipher cipher_ECDHE_ECDSA_AES128CCM8_SHA256 = Cipher { cipherID = 0xc0ae , cipherName = "ECDHE-ECDSA-AES128CCM8-SHA256" , cipherBulk = bulk_aes128ccm8 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 -- RFC 7251 } cipher_ECDHE_ECDSA_AES128GCM_SHA256 :: Cipher cipher_ECDHE_ECDSA_AES128GCM_SHA256 = Cipher { cipherID = 0xC02B , cipherName = "ECDHE-ECDSA-AES128GCM-SHA256" , cipherBulk = bulk_aes128gcm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 -- RFC 5289 } cipher_ECDHE_ECDSA_AES256CCM_SHA256 :: Cipher cipher_ECDHE_ECDSA_AES256CCM_SHA256 = Cipher { cipherID = 0xc0ad , cipherName = "ECDHE-ECDSA-AES256CCM-SHA256" , cipherBulk = bulk_aes256ccm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 -- RFC 7251 } cipher_ECDHE_ECDSA_AES256CCM8_SHA256 :: Cipher cipher_ECDHE_ECDSA_AES256CCM8_SHA256 = Cipher { cipherID = 0xc0af , cipherName = "ECDHE-ECDSA-AES256CCM8-SHA256" , cipherBulk = bulk_aes256ccm8 , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 -- RFC 7251 } cipher_ECDHE_ECDSA_AES256GCM_SHA384 :: Cipher cipher_ECDHE_ECDSA_AES256GCM_SHA384 = Cipher { cipherID = 0xC02C , cipherName = "ECDHE-ECDSA-AES256GCM-SHA384" , cipherBulk = bulk_aes256gcm , cipherHash = SHA384 , cipherPRFHash = Just SHA384 , cipherKeyExchange = CipherKeyExchange_ECDHE_ECDSA , cipherMinVer = Just TLS12 -- RFC 5289 } cipher_ECDHE_RSA_AES128GCM_SHA256 :: Cipher cipher_ECDHE_RSA_AES128GCM_SHA256 = Cipher { cipherID = 0xC02F , cipherName = "ECDHE-RSA-AES128GCM-SHA256" , cipherBulk = bulk_aes128gcm , cipherHash = SHA256 , cipherPRFHash = Just SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 } cipher_ECDHE_RSA_AES256GCM_SHA384 :: Cipher cipher_ECDHE_RSA_AES256GCM_SHA384 = Cipher { cipherID = 0xC030 , cipherName = "ECDHE-RSA-AES256GCM-SHA384" , cipherBulk = bulk_aes256gcm , cipherHash = SHA384 , cipherPRFHash = Just SHA384 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA , cipherMinVer = Just TLS12 -- RFC 5289 } -- A list of cipher suite is found from: -- https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4