diff options
author | Daniel Stenberg <daniel@haxx.se> | 2016-12-18 01:08:55 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-12-18 01:08:55 +0100 |
commit | 6bc1051608a03da2e7a457839e7d21a1b3cfb911 (patch) | |
tree | 72462660a5a5b7df2a0c40dc693e210de86ce904 /docs | |
parent | 4c9567e3949cb0bb85927e3f0bcb64d45cbc2674 (diff) |
CIPHERS.md: attempt to document TLS cipher names
As the official docs seems really hard to keep track of and link to over
time
Diffstat (limited to 'docs')
-rw-r--r-- | docs/CIPHERS.md | 250 |
1 files changed, 250 insertions, 0 deletions
diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md new file mode 100644 index 000000000..f00c50859 --- /dev/null +++ b/docs/CIPHERS.md @@ -0,0 +1,250 @@ +# Ciphers + +With curl's options `CURLOPT_SSL_CIPHER_LIST` and `--ciphers` users can +control which ciphers to consider when negotiating TLS connections. + +The names of the known ciphers differ depending on which TLS backend that +libcurl was built to use. This is an attempt to list known cipher names. + +## OpenSSL + +(based on [OpenSSL docs](https://www.openssl.org/docs/man1.1.0/apps/ciphers.html)) + +### SSL3 cipher suites + +NULL-MD5 +NULL-SHA +RC4-MD5 +RC4-SHA +IDEA-CBC-SHA +DES-CBC3-SHA +DH-DSS-DES-CBC3-SHA +DH-RSA-DES-CBC3-SHA +DHE-DSS-DES-CBC3-SHA +DHE-RSA-DES-CBC3-SHA +ADH-RC4-MD5 +ADH-DES-CBC3-SHA + +### TLS v1.0 cipher suites + +NULL-MD5 +NULL-SHA +RC4-MD5 +RC4-SHA +IDEA-CBC-SHA +DES-CBC3-SHA +DHE-DSS-DES-CBC3-SHA +DHE-RSA-DES-CBC3-SHA +ADH-RC4-MD5 +ADH-DES-CBC3-SHA + +### AES ciphersuites from RFC3268, extending TLS v1.0 + +AES128-SHA +AES256-SHA +DH-DSS-AES128-SHA +DH-DSS-AES256-SHA +DH-RSA-AES128-SHA +DH-RSA-AES256-SHA +DHE-DSS-AES128-SHA +DHE-DSS-AES256-SHA +DHE-RSA-AES128-SHA +DHE-RSA-AES256-SHA +ADH-AES128-SHA +ADH-AES256-SHA + +### SEED ciphersuites from RFC4162, extending TLS v1.0 + +SEED-SHA +DH-DSS-SEED-SHA +DH-RSA-SEED-SHA +DHE-DSS-SEED-SHA +DHE-RSA-SEED-SHA +ADH-SEED-SHA + +### GOST ciphersuites, extending TLS v1.0 + +GOST94-GOST89-GOST89 +GOST2001-GOST89-GOST89 +GOST94-NULL-GOST94 +GOST2001-NULL-GOST94 + +### Elliptic curve cipher suites + +ECDHE-RSA-NULL-SHA +ECDHE-RSA-RC4-SHA +ECDHE-RSA-DES-CBC3-SHA +ECDHE-RSA-AES128-SHA +ECDHE-RSA-AES256-SHA +ECDHE-ECDSA-NULL-SHA +ECDHE-ECDSA-RC4-SHA +ECDHE-ECDSA-DES-CBC3-SHA +ECDHE-ECDSA-AES128-SHA +ECDHE-ECDSA-AES256-SHA +AECDH-NULL-SHA +AECDH-RC4-SHA +AECDH-DES-CBC3-SHA +AECDH-AES128-SHA +AECDH-AES256-SHA + +### TLS v1.2 cipher suites + +NULL-SHA256 + +AES128-SHA256 +AES256-SHA256 +AES128-GCM-SHA256 +AES256-GCM-SHA384 +DH-RSA-AES128-SHA256 +DH-RSA-AES256-SHA256 +DH-RSA-AES128-GCM-SHA256 +DH-RSA-AES256-GCM-SHA384 +DH-DSS-AES128-SHA256 +DH-DSS-AES256-SHA256 +DH-DSS-AES128-GCM-SHA256 +DH-DSS-AES256-GCM-SHA384 +DHE-RSA-AES128-SHA256 +DHE-RSA-AES256-SHA256 +DHE-RSA-AES128-GCM-SHA256 +DHE-RSA-AES256-GCM-SHA384 +DHE-DSS-AES128-SHA256 +DHE-DSS-AES256-SHA256 +DHE-DSS-AES128-GCM-SHA256 +DHE-DSS-AES256-GCM-SHA384 +ECDHE-RSA-AES128-SHA256 +ECDHE-RSA-AES256-SHA384 +ECDHE-RSA-AES128-GCM-SHA256 +ECDHE-RSA-AES256-GCM-SHA384 +ECDHE-ECDSA-AES128-SHA256 +ECDHE-ECDSA-AES256-SHA384 +ECDHE-ECDSA-AES128-GCM-SHA256 +ECDHE-ECDSA-AES256-GCM-SHA384 +ADH-AES128-SHA256 +ADH-AES256-SHA256 +ADH-AES128-GCM-SHA256 +ADH-AES256-GCM-SHA384 +AES128-CCM +AES256-CCM +DHE-RSA-AES128-CCM +DHE-RSA-AES256-CCM +AES128-CCM8 +AES256-CCM8 +DHE-RSA-AES128-CCM8 +DHE-RSA-AES256-CCM8 +ECDHE-ECDSA-AES128-CCM +ECDHE-ECDSA-AES256-CCM +ECDHE-ECDSA-AES128-CCM8 +ECDHE-ECDSA-AES256-CCM8 + +### Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2 + +ECDHE-ECDSA-CAMELLIA128-SHA256 +ECDHE-ECDSA-CAMELLIA256-SHA384 +ECDHE-RSA-CAMELLIA128-SHA256 +ECDHE-RSA-CAMELLIA256-SHA384 + +## NSS + +### Totally insecure + +rc4 +rc4-md5 +rc4export +rc2 +rc2export +des +desede3 + +### SSL3/TLS cipher suites + +rsa_rc4_128_md5 +rsa_rc4_128_sha +rsa_3des_sha +rsa_des_sha +rsa_rc4_40_md5 +rsa_rc2_40_md5 +rsa_null_md5 +rsa_null_sha +fips_3des_sha +fips_des_sha +fortezza +fortezza_rc4_128_sha +fortezza_null + +### TLS 1.0 Exportable 56-bit Cipher Suites + +rsa_des_56_sha +rsa_rc4_56_sha + +### AES ciphers + +dhe_dss_aes_128_cbc_sha +dhe_dss_aes_256_cbc_sha +dhe_rsa_aes_128_cbc_sha +dhe_rsa_aes_256_cbc_sha +rsa_aes_128_sha +rsa_aes_256_sha + +### ECC ciphers + +ecdh_ecdsa_null_sha +ecdh_ecdsa_rc4_128_sha +ecdh_ecdsa_3des_sha +ecdh_ecdsa_aes_128_sha +ecdh_ecdsa_aes_256_sha +ecdhe_ecdsa_null_sha +ecdhe_ecdsa_rc4_128_sha +ecdhe_ecdsa_3des_sha +ecdhe_ecdsa_aes_128_sha +ecdhe_ecdsa_aes_256_sha +ecdh_rsa_null_sha +ecdh_rsa_128_sha +ecdh_rsa_3des_sha +ecdh_rsa_aes_128_sha +ecdh_rsa_aes_256_sha +ecdhe_rsa_null +ecdhe_rsa_rc4_128_sha +ecdhe_rsa_3des_sha +ecdhe_rsa_aes_128_sha +ecdhe_rsa_aes_256_sha +ecdh_anon_null_sha +ecdh_anon_rc4_128sha +ecdh_anon_3des_sha +ecdh_anon_aes_128_sha +ecdh_anon_aes_256_sha + +### HMAC-SHA256 cipher suites + +rsa_null_sha_256 +rsa_aes_128_cbc_sha_256 +rsa_aes_256_cbc_sha_256 +dhe_rsa_aes_128_cbc_sha_256 +dhe_rsa_aes_256_cbc_sha_256 +ecdhe_ecdsa_aes_128_cbc_sha_256 +ecdhe_rsa_aes_128_cbc_sha_256 + +### AES GCM cipher suites in RFC 5288 and RFC 5289 + +rsa_aes_128_gcm_sha_256 +dhe_rsa_aes_128_gcm_sha_256 +dhe_dss_aes_128_gcm_sha_256 +ecdhe_ecdsa_aes_128_gcm_sha_256 +ecdh_ecdsa_aes_128_gcm_sha_256 +ecdhe_rsa_aes_128_gcm_sha_256 +ecdh_rsa_aes_128_gcm_sha_256 + +### cipher suites using SHA384 + +rsa_aes_256_gcm_sha_384 +dhe_rsa_aes_256_gcm_sha_384 +dhe_dss_aes_256_gcm_sha_384 +ecdhe_ecdsa_aes_256_sha_384 +ecdhe_rsa_aes_256_sha_384 +ecdhe_ecdsa_aes_256_gcm_sha_384 +ecdhe_rsa_aes_256_gcm_sha_384 + +### chacha20-poly1305 cipher suites + +ecdhe_rsa_chacha20_poly1305_sha_256 +ecdhe_ecdsa_chacha20_poly1305_sha_256 +dhe_rsa_chacha20_poly1305_sha_256 |