aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2016-12-18 01:08:55 +0100
committerDaniel Stenberg <daniel@haxx.se>2016-12-18 01:08:55 +0100
commit6bc1051608a03da2e7a457839e7d21a1b3cfb911 (patch)
tree72462660a5a5b7df2a0c40dc693e210de86ce904 /docs
parent4c9567e3949cb0bb85927e3f0bcb64d45cbc2674 (diff)
CIPHERS.md: attempt to document TLS cipher names
As the official docs seems really hard to keep track of and link to over time
Diffstat (limited to 'docs')
-rw-r--r--docs/CIPHERS.md250
1 files changed, 250 insertions, 0 deletions
diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
new file mode 100644
index 000000000..f00c50859
--- /dev/null
+++ b/docs/CIPHERS.md
@@ -0,0 +1,250 @@
+# Ciphers
+
+With curl's options `CURLOPT_SSL_CIPHER_LIST` and `--ciphers` users can
+control which ciphers to consider when negotiating TLS connections.
+
+The names of the known ciphers differ depending on which TLS backend that
+libcurl was built to use. This is an attempt to list known cipher names.
+
+## OpenSSL
+
+(based on [OpenSSL docs](https://www.openssl.org/docs/man1.1.0/apps/ciphers.html))
+
+### SSL3 cipher suites
+
+NULL-MD5
+NULL-SHA
+RC4-MD5
+RC4-SHA
+IDEA-CBC-SHA
+DES-CBC3-SHA
+DH-DSS-DES-CBC3-SHA
+DH-RSA-DES-CBC3-SHA
+DHE-DSS-DES-CBC3-SHA
+DHE-RSA-DES-CBC3-SHA
+ADH-RC4-MD5
+ADH-DES-CBC3-SHA
+
+### TLS v1.0 cipher suites
+
+NULL-MD5
+NULL-SHA
+RC4-MD5
+RC4-SHA
+IDEA-CBC-SHA
+DES-CBC3-SHA
+DHE-DSS-DES-CBC3-SHA
+DHE-RSA-DES-CBC3-SHA
+ADH-RC4-MD5
+ADH-DES-CBC3-SHA
+
+### AES ciphersuites from RFC3268, extending TLS v1.0
+
+AES128-SHA
+AES256-SHA
+DH-DSS-AES128-SHA
+DH-DSS-AES256-SHA
+DH-RSA-AES128-SHA
+DH-RSA-AES256-SHA
+DHE-DSS-AES128-SHA
+DHE-DSS-AES256-SHA
+DHE-RSA-AES128-SHA
+DHE-RSA-AES256-SHA
+ADH-AES128-SHA
+ADH-AES256-SHA
+
+### SEED ciphersuites from RFC4162, extending TLS v1.0
+
+SEED-SHA
+DH-DSS-SEED-SHA
+DH-RSA-SEED-SHA
+DHE-DSS-SEED-SHA
+DHE-RSA-SEED-SHA
+ADH-SEED-SHA
+
+### GOST ciphersuites, extending TLS v1.0
+
+GOST94-GOST89-GOST89
+GOST2001-GOST89-GOST89
+GOST94-NULL-GOST94
+GOST2001-NULL-GOST94
+
+### Elliptic curve cipher suites
+
+ECDHE-RSA-NULL-SHA
+ECDHE-RSA-RC4-SHA
+ECDHE-RSA-DES-CBC3-SHA
+ECDHE-RSA-AES128-SHA
+ECDHE-RSA-AES256-SHA
+ECDHE-ECDSA-NULL-SHA
+ECDHE-ECDSA-RC4-SHA
+ECDHE-ECDSA-DES-CBC3-SHA
+ECDHE-ECDSA-AES128-SHA
+ECDHE-ECDSA-AES256-SHA
+AECDH-NULL-SHA
+AECDH-RC4-SHA
+AECDH-DES-CBC3-SHA
+AECDH-AES128-SHA
+AECDH-AES256-SHA
+
+### TLS v1.2 cipher suites
+
+NULL-SHA256
+
+AES128-SHA256
+AES256-SHA256
+AES128-GCM-SHA256
+AES256-GCM-SHA384
+DH-RSA-AES128-SHA256
+DH-RSA-AES256-SHA256
+DH-RSA-AES128-GCM-SHA256
+DH-RSA-AES256-GCM-SHA384
+DH-DSS-AES128-SHA256
+DH-DSS-AES256-SHA256
+DH-DSS-AES128-GCM-SHA256
+DH-DSS-AES256-GCM-SHA384
+DHE-RSA-AES128-SHA256
+DHE-RSA-AES256-SHA256
+DHE-RSA-AES128-GCM-SHA256
+DHE-RSA-AES256-GCM-SHA384
+DHE-DSS-AES128-SHA256
+DHE-DSS-AES256-SHA256
+DHE-DSS-AES128-GCM-SHA256
+DHE-DSS-AES256-GCM-SHA384
+ECDHE-RSA-AES128-SHA256
+ECDHE-RSA-AES256-SHA384
+ECDHE-RSA-AES128-GCM-SHA256
+ECDHE-RSA-AES256-GCM-SHA384
+ECDHE-ECDSA-AES128-SHA256
+ECDHE-ECDSA-AES256-SHA384
+ECDHE-ECDSA-AES128-GCM-SHA256
+ECDHE-ECDSA-AES256-GCM-SHA384
+ADH-AES128-SHA256
+ADH-AES256-SHA256
+ADH-AES128-GCM-SHA256
+ADH-AES256-GCM-SHA384
+AES128-CCM
+AES256-CCM
+DHE-RSA-AES128-CCM
+DHE-RSA-AES256-CCM
+AES128-CCM8
+AES256-CCM8
+DHE-RSA-AES128-CCM8
+DHE-RSA-AES256-CCM8
+ECDHE-ECDSA-AES128-CCM
+ECDHE-ECDSA-AES256-CCM
+ECDHE-ECDSA-AES128-CCM8
+ECDHE-ECDSA-AES256-CCM8
+
+### Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2
+
+ECDHE-ECDSA-CAMELLIA128-SHA256
+ECDHE-ECDSA-CAMELLIA256-SHA384
+ECDHE-RSA-CAMELLIA128-SHA256
+ECDHE-RSA-CAMELLIA256-SHA384
+
+## NSS
+
+### Totally insecure
+
+rc4
+rc4-md5
+rc4export
+rc2
+rc2export
+des
+desede3
+
+### SSL3/TLS cipher suites
+
+rsa_rc4_128_md5
+rsa_rc4_128_sha
+rsa_3des_sha
+rsa_des_sha
+rsa_rc4_40_md5
+rsa_rc2_40_md5
+rsa_null_md5
+rsa_null_sha
+fips_3des_sha
+fips_des_sha
+fortezza
+fortezza_rc4_128_sha
+fortezza_null
+
+### TLS 1.0 Exportable 56-bit Cipher Suites
+
+rsa_des_56_sha
+rsa_rc4_56_sha
+
+### AES ciphers
+
+dhe_dss_aes_128_cbc_sha
+dhe_dss_aes_256_cbc_sha
+dhe_rsa_aes_128_cbc_sha
+dhe_rsa_aes_256_cbc_sha
+rsa_aes_128_sha
+rsa_aes_256_sha
+
+### ECC ciphers
+
+ecdh_ecdsa_null_sha
+ecdh_ecdsa_rc4_128_sha
+ecdh_ecdsa_3des_sha
+ecdh_ecdsa_aes_128_sha
+ecdh_ecdsa_aes_256_sha
+ecdhe_ecdsa_null_sha
+ecdhe_ecdsa_rc4_128_sha
+ecdhe_ecdsa_3des_sha
+ecdhe_ecdsa_aes_128_sha
+ecdhe_ecdsa_aes_256_sha
+ecdh_rsa_null_sha
+ecdh_rsa_128_sha
+ecdh_rsa_3des_sha
+ecdh_rsa_aes_128_sha
+ecdh_rsa_aes_256_sha
+ecdhe_rsa_null
+ecdhe_rsa_rc4_128_sha
+ecdhe_rsa_3des_sha
+ecdhe_rsa_aes_128_sha
+ecdhe_rsa_aes_256_sha
+ecdh_anon_null_sha
+ecdh_anon_rc4_128sha
+ecdh_anon_3des_sha
+ecdh_anon_aes_128_sha
+ecdh_anon_aes_256_sha
+
+### HMAC-SHA256 cipher suites
+
+rsa_null_sha_256
+rsa_aes_128_cbc_sha_256
+rsa_aes_256_cbc_sha_256
+dhe_rsa_aes_128_cbc_sha_256
+dhe_rsa_aes_256_cbc_sha_256
+ecdhe_ecdsa_aes_128_cbc_sha_256
+ecdhe_rsa_aes_128_cbc_sha_256
+
+### AES GCM cipher suites in RFC 5288 and RFC 5289
+
+rsa_aes_128_gcm_sha_256
+dhe_rsa_aes_128_gcm_sha_256
+dhe_dss_aes_128_gcm_sha_256
+ecdhe_ecdsa_aes_128_gcm_sha_256
+ecdh_ecdsa_aes_128_gcm_sha_256
+ecdhe_rsa_aes_128_gcm_sha_256
+ecdh_rsa_aes_128_gcm_sha_256
+
+### cipher suites using SHA384
+
+rsa_aes_256_gcm_sha_384
+dhe_rsa_aes_256_gcm_sha_384
+dhe_dss_aes_256_gcm_sha_384
+ecdhe_ecdsa_aes_256_sha_384
+ecdhe_rsa_aes_256_sha_384
+ecdhe_ecdsa_aes_256_gcm_sha_384
+ecdhe_rsa_aes_256_gcm_sha_384
+
+### chacha20-poly1305 cipher suites
+
+ecdhe_rsa_chacha20_poly1305_sha_256
+ecdhe_ecdsa_chacha20_poly1305_sha_256
+dhe_rsa_chacha20_poly1305_sha_256