diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse index eeedcca1e..8912ffbaa 100644 --- a/scripts/ssl-enum-ciphers.nse +++ b/scripts/ssl-enum-ciphers.nse @@ -171,219 +171,365 @@ COMPRESSORS = { -- Encryption Algorithms -- CIPHERS = { - ["TLS_NULL_WITH_NULL_NULL"] = 0x0000, - ["TLS_RSA_WITH_NULL_MD5"] = 0x0001, - ["TLS_RSA_WITH_NULL_SHA"] = 0x0002, - ["TLS_RSA_EXPORT_WITH_RC4_40_MD5"] = 0x0003, - ["TLS_RSA_WITH_RC4_128_MD5"] = 0x0004, - ["TLS_RSA_WITH_RC4_128_SHA"] = 0x0005, - ["TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x0006, - ["TLS_RSA_WITH_IDEA_CBC_SHA"] = 0x0007, - ["TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0008, - ["TLS_RSA_WITH_DES_CBC_SHA"] = 0x0009, - ["TLS_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x000A, - ["TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x000B, - ["TLS_DH_DSS_WITH_DES_CBC_SHA"] = 0x000C, - ["TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x000D, - ["TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x000E, - ["TLS_DH_RSA_WITH_DES_CBC_SHA"] = 0x000F, - ["TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0010, - ["TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x0011, - ["TLS_DHE_DSS_WITH_DES_CBC_SHA"] = 0x0012, - ["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x0013, - ["TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0014, - ["TLS_DHE_RSA_WITH_DES_CBC_SHA"] = 0x0015, - ["TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0016, - ["TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"] = 0x0017, - ["TLS_DH_anon_WITH_RC4_128_MD5"] = 0x0018, - ["TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"] = 0x0019, - ["TLS_DH_anon_WITH_DES_CBC_SHA"] = 0x001A, - ["TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"] = 0x001B, - ["SSL_FORTEZZA_KEA_WITH_NULL_SHA"] = 0x001C, - ["SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"] = 0x001D, - ["TLS_KRB5_WITH_DES_CBC_SHA"] = 0x001E, - ["TLS_KRB5_WITH_3DES_EDE_CBC_SHA"] = 0x001F, - ["TLS_KRB5_WITH_RC4_128_SHA"] = 0x0020, - ["TLS_KRB5_WITH_IDEA_CBC_SHA"] = 0x0021, - ["TLS_KRB5_WITH_DES_CBC_MD5"] = 0x0022, - ["TLS_KRB5_WITH_3DES_EDE_CBC_MD5"] = 0x0023, - ["TLS_KRB5_WITH_RC4_128_MD5"] = 0x0024, - ["TLS_KRB5_WITH_IDEA_CBC_MD5"] = 0x0025, - ["TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"] = 0x0026, - ["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"] = 0x0027, - ["TLS_KRB5_EXPORT_WITH_RC4_40_SHA"] = 0x0028, - ["TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"] = 0x0029, - ["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x002A, - ["TLS_KRB5_EXPORT_WITH_RC4_40_MD5"] = 0x002B, - ["TLS_PSK_WITH_NULL_SHA"] = 0x002C, - ["TLS_DHE_PSK_WITH_NULL_SHA"] = 0x002D, - ["TLS_RSA_PSK_WITH_NULL_SHA"] = 0x002E, - ["TLS_RSA_WITH_AES_128_CBC_SHA"] = 0x002F, - ["TLS_DH_DSS_WITH_AES_128_CBC_SHA"] = 0x0030, - ["TLS_DH_RSA_WITH_AES_128_CBC_SHA"] = 0x0031, - ["TLS_DHE_DSS_WITH_AES_128_CBC_SHA"] = 0x0032, - ["TLS_DHE_RSA_WITH_AES_128_CBC_SHA"] = 0x0033, - ["TLS_DH_anon_WITH_AES_128_CBC_SHA"] = 0x0034, - ["TLS_RSA_WITH_AES_256_CBC_SHA"] = 0x0035, - ["TLS_DH_DSS_WITH_AES_256_CBC_SHA"] = 0x0036, - ["TLS_DH_RSA_WITH_AES_256_CBC_SHA"] = 0x0037, - ["TLS_DHE_DSS_WITH_AES_256_CBC_SHA"] = 0x0038, - ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA"] = 0x0039, - ["TLS_DH_anon_WITH_AES_256_CBC_SHA"] = 0x003A, - ["TLS_RSA_WITH_NULL_SHA256"] = 0x003B, - ["TLS_RSA_WITH_AES_128_CBC_SHA256"] = 0x003C, - ["TLS_RSA_WITH_AES_256_CBC_SHA256"] = 0x003D, - ["TLS_DH_DSS_WITH_AES_128_CBC_SHA256"] = 0x003E, - ["TLS_DH_RSA_WITH_AES_128_CBC_SHA256"] = 0x003F, - ["TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"] = 0x0040, - ["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0041, - ["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0042, - ["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0043, - ["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0044, - ["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0045, - ["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"] = 0x0046, - ["TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"] = 0x0060, - ["TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"] = 0x0061, - ["TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0062, - ["TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0063, - ["TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"] = 0x0064, - ["TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"] = 0x0065, - ["TLS_DHE_DSS_WITH_RC4_128_SHA"] = 0x0066, - ["TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"] = 0x0067, - ["TLS_DH_DSS_WITH_AES_256_CBC_SHA256"] = 0x0068, - ["TLS_DH_RSA_WITH_AES_256_CBC_SHA256"] = 0x0069, - ["TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"] = 0x006A, - ["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"] = 0x006B, - ["TLS_DH_anon_WITH_AES_128_CBC_SHA256"] = 0x006C, - ["TLS_DH_anon_WITH_AES_256_CBC_SHA256"] = 0x006D, - ["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0084, - ["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0085, - ["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0086, - ["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0087, - ["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0088, - ["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"] = 0x0089, - ["TLS_PSK_WITH_RC4_128_SHA"] = 0x008A, - ["TLS_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008B, - ["TLS_PSK_WITH_AES_128_CBC_SHA"] = 0x008C, - ["TLS_PSK_WITH_AES_256_CBC_SHA"] = 0x008D, - ["TLS_DHE_PSK_WITH_RC4_128_SHA"] = 0x008E, - ["TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008F, - ["TLS_DHE_PSK_WITH_AES_128_CBC_SHA"] = 0x0090, - ["TLS_DHE_PSK_WITH_AES_256_CBC_SHA"] = 0x0091, - ["TLS_RSA_PSK_WITH_RC4_128_SHA"] = 0x0092, - ["TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x0093, - ["TLS_RSA_PSK_WITH_AES_128_CBC_SHA"] = 0x0094, - ["TLS_RSA_PSK_WITH_AES_256_CBC_SHA"] = 0x0095, - ["TLS_RSA_WITH_SEED_CBC_SHA"] = 0x0096, - ["TLS_DH_DSS_WITH_SEED_CBC_SHA"] = 0x0097, - ["TLS_DH_RSA_WITH_SEED_CBC_SHA"] = 0x0098, - ["TLS_DHE_DSS_WITH_SEED_CBC_SHA"] = 0x0099, - ["TLS_DHE_RSA_WITH_SEED_CBC_SHA"] = 0x009A, - ["TLS_DH_anon_WITH_SEED_CBC_SHA"] = 0x009B, - ["TLS_RSA_WITH_AES_128_GCM_SHA256"] = 0x009C, - ["TLS_RSA_WITH_AES_256_GCM_SHA384"] = 0x009D, - ["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"] = 0x009E, - ["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"] = 0x009F, - ["TLS_DH_RSA_WITH_AES_128_GCM_SHA256"] = 0x00A0, - ["TLS_DH_RSA_WITH_AES_256_GCM_SHA384"] = 0x00A1, - ["TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A2, - ["TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A3, - ["TLS_DH_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A4, - ["TLS_DH_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A5, - ["TLS_DH_anon_WITH_AES_128_GCM_SHA256"] = 0x00A6, - ["TLS_DH_anon_WITH_AES_256_GCM_SHA384"] = 0x00A7, - ["TLS_PSK_WITH_AES_128_GCM_SHA256"] = 0x00A8, - ["TLS_PSK_WITH_AES_256_GCM_SHA384"] = 0x00A9, - ["TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AA, - ["TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AB, - ["TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AC, - ["TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AD, - ["TLS_PSK_WITH_AES_128_CBC_SHA256"] = 0x00AE, - ["TLS_PSK_WITH_AES_256_CBC_SHA384"] = 0x00AF, - ["TLS_PSK_WITH_NULL_SHA256"] = 0x00B0, - ["TLS_PSK_WITH_NULL_SHA384"] = 0x00B1, - ["TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B2, - ["TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B3, - ["TLS_DHE_PSK_WITH_NULL_SHA256"] = 0x00B4, - ["TLS_DHE_PSK_WITH_NULL_SHA384"] = 0x00B5, - ["TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B6, - ["TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B7, - ["TLS_RSA_PSK_WITH_NULL_SHA256"] = 0x00B8, - ["TLS_RSA_PSK_WITH_NULL_SHA384"] = 0x00B9, - ["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BA, - ["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BB, - ["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BC, - ["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BD, - ["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BE, - ["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BF, - ["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C0, - ["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C1, - ["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C2, - ["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C3, - ["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C4, - ["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C5, - ["TLS_RENEGO_PROTECTION_REQUEST"] = 0x00FF, - ["TLS_ECDH_ECDSA_WITH_NULL_SHA"] = 0xC001, - ["TLS_ECDH_ECDSA_WITH_RC4_128_SHA"] = 0xC002, - ["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC003, - ["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC004, - ["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC005, - ["TLS_ECDHE_ECDSA_WITH_NULL_SHA"] = 0xC006, - ["TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"] = 0xC007, - ["TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC008, - ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC009, - ["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC00A, - ["TLS_ECDH_RSA_WITH_NULL_SHA"] = 0xC00B, - ["TLS_ECDH_RSA_WITH_RC4_128_SHA"] = 0xC00C, - ["TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC00D, - ["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"] = 0xC00E, - ["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"] = 0xC00F, - ["TLS_ECDHE_RSA_WITH_NULL_SHA"] = 0xC010, - ["TLS_ECDHE_RSA_WITH_RC4_128_SHA"] = 0xC011, - ["TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC012, - ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"] = 0xC013, - ["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"] = 0xC014, - ["TLS_ECDH_anon_WITH_NULL_SHA"] = 0xC015, - ["TLS_ECDH_anon_WITH_RC4_128_SHA"] = 0xC016, - ["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"] = 0xC017, - ["TLS_ECDH_anon_WITH_AES_128_CBC_SHA"] = 0xC018, - ["TLS_ECDH_anon_WITH_AES_256_CBC_SHA"] = 0xC019, - ["TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"] = 0xC01A, - ["TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC01B, - ["TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"] = 0xC01C, - ["TLS_SRP_SHA_WITH_AES_128_CBC_SHA"] = 0xC01D, - ["TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"] = 0xC01E, - ["TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"] = 0xC01F, - ["TLS_SRP_SHA_WITH_AES_256_CBC_SHA"] = 0xC020, - ["TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"] = 0xC021, - ["TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"] = 0xC022, - ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC023, - ["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC024, - ["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC025, - ["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC026, - ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"] = 0xC027, - ["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"] = 0xC028, - ["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"] = 0xC029, - ["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"] = 0xC02A, - ["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02B, - ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02C, - ["TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02D, - ["TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02E, - ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"] = 0xC02F, - ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"] = 0xC030, - ["TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"] = 0xC031, - ["TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"] = 0xC032, - ["TLS_ECDHE_PSK_WITH_RC4_128_SHA"] = 0xC033, - ["TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0xC034, - ["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"] = 0xC035, - ["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"] = 0xC036, - ["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"] = 0xC037, - ["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"] = 0xC038, - ["TLS_ECDHE_PSK_WITH_NULL_SHA"] = 0xC039, - ["TLS_ECDHE_PSK_WITH_NULL_SHA256"] = 0xC03A, - ["TLS_ECDHE_PSK_WITH_NULL_SHA384"] = 0xC03B, - ["SSL_RSA_FIPS_WITH_DES_CBC_SHA"] = 0xFEFE, - ["SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"] = 0xFEFF +["TLS_NULL_WITH_NULL_NULL"] = 0x0000, +["TLS_RSA_WITH_NULL_MD5"] = 0x0001, +["TLS_RSA_WITH_NULL_SHA"] = 0x0002, +["TLS_RSA_EXPORT_WITH_RC4_40_MD5"] = 0x0003, +["TLS_RSA_WITH_RC4_128_MD5"] = 0x0004, +["TLS_RSA_WITH_RC4_128_SHA"] = 0x0005, +["TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x0006, +["TLS_RSA_WITH_IDEA_CBC_SHA"] = 0x0007, +["TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0008, +["TLS_RSA_WITH_DES_CBC_SHA"] = 0x0009, +["TLS_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x000A, +["TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x000B, +["TLS_DH_DSS_WITH_DES_CBC_SHA"] = 0x000C, +["TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x000D, +["TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x000E, +["TLS_DH_RSA_WITH_DES_CBC_SHA"] = 0x000F, +["TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0010, +["TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x0011, +["TLS_DHE_DSS_WITH_DES_CBC_SHA"] = 0x0012, +["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x0013, +["TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0014, +["TLS_DHE_RSA_WITH_DES_CBC_SHA"] = 0x0015, +["TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0016, +["TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"] = 0x0017, +["TLS_DH_anon_WITH_RC4_128_MD5"] = 0x0018, +["TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"] = 0x0019, +["TLS_DH_anon_WITH_DES_CBC_SHA"] = 0x001A, +["TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"] = 0x001B, +["SSL_FORTEZZA_KEA_WITH_NULL_SHA"] = 0x001C, +["SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"] = 0x001D, +["TLS_KRB5_WITH_DES_CBC_SHA or SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"] = 0x001E, --TLS vs SSLv3 +["TLS_KRB5_WITH_3DES_EDE_CBC_SHA"] = 0x001F, +["TLS_KRB5_WITH_RC4_128_SHA"] = 0x0020, +["TLS_KRB5_WITH_IDEA_CBC_SHA"] = 0x0021, +["TLS_KRB5_WITH_DES_CBC_MD5"] = 0x0022, +["TLS_KRB5_WITH_3DES_EDE_CBC_MD5"] = 0x0023, +["TLS_KRB5_WITH_RC4_128_MD5"] = 0x0024, +["TLS_KRB5_WITH_IDEA_CBC_MD5"] = 0x0025, +["TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"] = 0x0026, +["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"] = 0x0027, +["TLS_KRB5_EXPORT_WITH_RC4_40_SHA"] = 0x0028, +["TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"] = 0x0029, +["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x002A, +["TLS_KRB5_EXPORT_WITH_RC4_40_MD5"] = 0x002B, +["TLS_PSK_WITH_NULL_SHA"] = 0x002C, +["TLS_DHE_PSK_WITH_NULL_SHA"] = 0x002D, +["TLS_RSA_PSK_WITH_NULL_SHA"] = 0x002E, +["TLS_RSA_WITH_AES_128_CBC_SHA"] = 0x002F, +["TLS_DH_DSS_WITH_AES_128_CBC_SHA"] = 0x0030, +["TLS_DH_RSA_WITH_AES_128_CBC_SHA"] = 0x0031, +["TLS_DHE_DSS_WITH_AES_128_CBC_SHA"] = 0x0032, +["TLS_DHE_RSA_WITH_AES_128_CBC_SHA"] = 0x0033, +["TLS_DH_anon_WITH_AES_128_CBC_SHA"] = 0x0034, +["TLS_RSA_WITH_AES_256_CBC_SHA"] = 0x0035, +["TLS_DH_DSS_WITH_AES_256_CBC_SHA"] = 0x0036, +["TLS_DH_RSA_WITH_AES_256_CBC_SHA"] = 0x0037, +["TLS_DHE_DSS_WITH_AES_256_CBC_SHA"] = 0x0038, +["TLS_DHE_RSA_WITH_AES_256_CBC_SHA"] = 0x0039, +["TLS_DH_anon_WITH_AES_256_CBC_SHA"] = 0x003A, +["TLS_RSA_WITH_NULL_SHA256"] = 0x003B, +["TLS_RSA_WITH_AES_128_CBC_SHA256"] = 0x003C, +["TLS_RSA_WITH_AES_256_CBC_SHA256"] = 0x003D, +["TLS_DH_DSS_WITH_AES_128_CBC_SHA256"] = 0x003E, +["TLS_DH_RSA_WITH_AES_128_CBC_SHA256"] = 0x003F, +["TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"] = 0x0040, +["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0041, +["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0042, +["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0043, +["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0044, +["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0045, +["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"] = 0x0046, +["TLS_ECDH_ECDSA_WITH_NULL_SHA-draft"] = 0x0047, --draft-ietf-tls-ecc-00 +["TLS_ECDH_ECDSA_WITH_RC4_128_SHA-draft"] = 0x0048, --draft-ietf-tls-ecc-00 +["TLS_ECDH_ECDSA_WITH_DES_CBC_SHA-draft"] = 0x0049, --draft-ietf-tls-ecc-00 +["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x004A, --draft-ietf-tls-ecc-00 +["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA-draft"] = 0x004B, --draft-ietf-tls-ecc-00 +["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA-draft"] = 0x004C, --draft-ietf-tls-ecc-00 +["TLS_ECDH_ECNRA_WITH_DES_CBC_SHA-draft"] = 0x004D, --draft-ietf-tls-ecc-00 +["TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x004E, --draft-ietf-tls-ecc-00 +["TLS_ECMQV_ECDSA_NULL_SHA-draft"] = 0x004F, --draft-ietf-tls-ecc-00 +["TLS_ECMQV_ECDSA_WITH_RC4_128_SHA-draft"] = 0x0050, --draft-ietf-tls-ecc-00 +["TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA-draft"] = 0x0051, --draft-ietf-tls-ecc-00 +["TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x0052, --draft-ietf-tls-ecc-00 +["TLS_ECMQV_ECNRA_NULL_SHA-draft"] = 0x0053, --draft-ietf-tls-ecc-00 +["TLS_ECMQV_ECNRA_WITH_RC4_128_SHA-draft"] = 0x0054, --draft-ietf-tls-ecc-00 +["TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA-draft"] = 0x0055, --draft-ietf-tls-ecc-00 +["TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x0056, --draft-ietf-tls-ecc-00 +["TLS_ECDH_anon_NULL_WITH_SHA-draft"] = 0x0057, --draft-ietf-tls-ecc-00 +["TLS_ECDH_anon_WITH_RC4_128_SHA-draft"] = 0x0058, --draft-ietf-tls-ecc-00 +["TLS_ECDH_anon_WITH_DES_CBC_SHA-draft"] = 0x0059, --draft-ietf-tls-ecc-00 +["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA-draft"] = 0x005A, --draft-ietf-tls-ecc-00 +["TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA-draft"] = 0x005B, --draft-ietf-tls-ecc-00 +["TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA-draft"] = 0x005C, --draft-ietf-tls-ecc-00 +["TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"] = 0x0060, +["TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"] = 0x0061, +["TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0062, +["TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0063, +["TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"] = 0x0064, +["TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"] = 0x0065, +["TLS_DHE_DSS_WITH_RC4_128_SHA"] = 0x0066, +["TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"] = 0x0067, +["TLS_DH_DSS_WITH_AES_256_CBC_SHA256"] = 0x0068, +["TLS_DH_RSA_WITH_AES_256_CBC_SHA256"] = 0x0069, +["TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"] = 0x006A, +["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"] = 0x006B, +["TLS_DH_anon_WITH_AES_128_CBC_SHA256"] = 0x006C, +["TLS_DH_anon_WITH_AES_256_CBC_SHA256"] = 0x006D, +["TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD"] = 0x0072, --draft-ietf-tls-openpgp-keys-05 +["TLS_DHE_DSS_WITH_AES_128_CBC_RMD"] = 0x0073, --draft-ietf-tls-openpgp-keys-05 +["TLS_DHE_DSS_WITH_AES_256_CBC_RMD"] = 0x0074, --draft-ietf-tls-openpgp-keys-05 +["TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD"] = 0x0077, --draft-ietf-tls-openpgp-keys-05 +["TLS_DHE_RSA_WITH_AES_128_CBC_RMD"] = 0x0078, --draft-ietf-tls-openpgp-keys-05 +["TLS_DHE_RSA_WITH_AES_256_CBC_RMD"] = 0x0079, --draft-ietf-tls-openpgp-keys-05 +["TLS_RSA_WITH_3DES_EDE_CBC_RMD"] = 0x007C, --draft-ietf-tls-openpgp-keys-05 +["TLS_RSA_WITH_AES_128_CBC_RMD"] = 0x007D, --draft-ietf-tls-openpgp-keys-05 +["TLS_RSA_WITH_AES_256_CBC_RMD"] = 0x007E, --draft-ietf-tls-openpgp-keys-05 +["TLS_GOSTR341094_WITH_28147_CNT_IMIT"] = 0x0080, --draft-chudov-cryptopro-cptls-04 +["TLS_GOSTR341001_WITH_28147_CNT_IMIT"] = 0x0081, --draft-chudov-cryptopro-cptls-04 +["TLS_GOSTR341094_WITH_NULL_GOSTR3411"] = 0x0082, --draft-chudov-cryptopro-cptls-04 +["TLS_GOSTR341001_WITH_NULL_GOSTR3411"] = 0x0083, --draft-chudov-cryptopro-cptls-04 +["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0084, +["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0085, +["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0086, +["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0087, +["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0088, +["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"] = 0x0089, +["TLS_PSK_WITH_RC4_128_SHA"] = 0x008A, +["TLS_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008B, +["TLS_PSK_WITH_AES_128_CBC_SHA"] = 0x008C, +["TLS_PSK_WITH_AES_256_CBC_SHA"] = 0x008D, +["TLS_DHE_PSK_WITH_RC4_128_SHA"] = 0x008E, +["TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008F, +["TLS_DHE_PSK_WITH_AES_128_CBC_SHA"] = 0x0090, +["TLS_DHE_PSK_WITH_AES_256_CBC_SHA"] = 0x0091, +["TLS_RSA_PSK_WITH_RC4_128_SHA"] = 0x0092, +["TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x0093, +["TLS_RSA_PSK_WITH_AES_128_CBC_SHA"] = 0x0094, +["TLS_RSA_PSK_WITH_AES_256_CBC_SHA"] = 0x0095, +["TLS_RSA_WITH_SEED_CBC_SHA"] = 0x0096, +["TLS_DH_DSS_WITH_SEED_CBC_SHA"] = 0x0097, +["TLS_DH_RSA_WITH_SEED_CBC_SHA"] = 0x0098, +["TLS_DHE_DSS_WITH_SEED_CBC_SHA"] = 0x0099, +["TLS_DHE_RSA_WITH_SEED_CBC_SHA"] = 0x009A, +["TLS_DH_anon_WITH_SEED_CBC_SHA"] = 0x009B, +["TLS_RSA_WITH_AES_128_GCM_SHA256"] = 0x009C, +["TLS_RSA_WITH_AES_256_GCM_SHA384"] = 0x009D, +["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"] = 0x009E, +["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"] = 0x009F, +["TLS_DH_RSA_WITH_AES_128_GCM_SHA256"] = 0x00A0, +["TLS_DH_RSA_WITH_AES_256_GCM_SHA384"] = 0x00A1, +["TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A2, +["TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A3, +["TLS_DH_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A4, +["TLS_DH_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A5, +["TLS_DH_anon_WITH_AES_128_GCM_SHA256"] = 0x00A6, +["TLS_DH_anon_WITH_AES_256_GCM_SHA384"] = 0x00A7, +["TLS_PSK_WITH_AES_128_GCM_SHA256"] = 0x00A8, +["TLS_PSK_WITH_AES_256_GCM_SHA384"] = 0x00A9, +["TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AA, +["TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AB, +["TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AC, +["TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AD, +["TLS_PSK_WITH_AES_128_CBC_SHA256"] = 0x00AE, +["TLS_PSK_WITH_AES_256_CBC_SHA384"] = 0x00AF, +["TLS_PSK_WITH_NULL_SHA256"] = 0x00B0, +["TLS_PSK_WITH_NULL_SHA384"] = 0x00B1, +["TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B2, +["TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B3, +["TLS_DHE_PSK_WITH_NULL_SHA256"] = 0x00B4, +["TLS_DHE_PSK_WITH_NULL_SHA384"] = 0x00B5, +["TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B6, +["TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B7, +["TLS_RSA_PSK_WITH_NULL_SHA256"] = 0x00B8, +["TLS_RSA_PSK_WITH_NULL_SHA384"] = 0x00B9, +["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BA, +["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BB, +["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BC, +["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BD, +["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BE, +["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BF, +["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C0, +["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C1, +["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C2, +["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C3, +["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C4, +["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C5, +["TLS_ECDH_ECDSA_WITH_NULL_SHA"] = 0xC001, +["TLS_ECDH_ECDSA_WITH_RC4_128_SHA"] = 0xC002, +["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC003, +["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC004, +["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC005, +["TLS_ECDHE_ECDSA_WITH_NULL_SHA"] = 0xC006, +["TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"] = 0xC007, +["TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC008, +["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC009, +["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC00A, +["TLS_ECDH_RSA_WITH_NULL_SHA"] = 0xC00B, +["TLS_ECDH_RSA_WITH_RC4_128_SHA"] = 0xC00C, +["TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC00D, +["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"] = 0xC00E, +["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"] = 0xC00F, +["TLS_ECDHE_RSA_WITH_NULL_SHA"] = 0xC010, +["TLS_ECDHE_RSA_WITH_RC4_128_SHA"] = 0xC011, +["TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC012, +["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"] = 0xC013, +["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"] = 0xC014, +["TLS_ECDH_anon_WITH_NULL_SHA"] = 0xC015, +["TLS_ECDH_anon_WITH_RC4_128_SHA"] = 0xC016, +["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"] = 0xC017, +["TLS_ECDH_anon_WITH_AES_128_CBC_SHA"] = 0xC018, +["TLS_ECDH_anon_WITH_AES_256_CBC_SHA"] = 0xC019, +["TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"] = 0xC01A, +["TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC01B, +["TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"] = 0xC01C, +["TLS_SRP_SHA_WITH_AES_128_CBC_SHA"] = 0xC01D, +["TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"] = 0xC01E, +["TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"] = 0xC01F, +["TLS_SRP_SHA_WITH_AES_256_CBC_SHA"] = 0xC020, +["TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"] = 0xC021, +["TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"] = 0xC022, +["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC023, +["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC024, +["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC025, +["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC026, +["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"] = 0xC027, +["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"] = 0xC028, +["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"] = 0xC029, +["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"] = 0xC02A, +["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02B, +["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02C, +["TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02D, +["TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02E, +["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"] = 0xC02F, +["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"] = 0xC030, +["TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"] = 0xC031, +["TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"] = 0xC032, +["TLS_ECDHE_PSK_WITH_RC4_128_SHA"] = 0xC033, +["TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0xC034, +["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"] = 0xC035, +["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"] = 0xC036, +["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"] = 0xC037, +["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"] = 0xC038, +["TLS_ECDHE_PSK_WITH_NULL_SHA"] = 0xC039, +["TLS_ECDHE_PSK_WITH_NULL_SHA256"] = 0xC03A, +["TLS_ECDHE_PSK_WITH_NULL_SHA384"] = 0xC03B, +["TLS_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC03C, +["TLS_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC03D, +["TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"] = 0xC03E, +["TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"] = 0xC03F, +["TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC040, +["TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC041, +["TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"] = 0xC042, +["TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"] = 0xC043, +["TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC044, +["TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC045, +["TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"] = 0xC046, +["TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"] = 0xC047, +["TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"] = 0xC048, +["TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"] = 0xC049, +["TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04A, +["TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04B, +["TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04C, +["TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04D, +["TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04E, +["TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04F, +["TLS_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC050, +["TLS_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC051, +["TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC052, +["TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC053, +["TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC054, +["TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC055, +["TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"] = 0xC056, +["TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"] = 0xC057, +["TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"] = 0xC058, +["TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"] = 0xC059, +["TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"] = 0xC05A, +["TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"] = 0xC05B, +["TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"] = 0xC05C, +["TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"] = 0xC05D, +["TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"] = 0xC05E, +["TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"] = 0xC05F, +["TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC060, +["TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC061, +["TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC062, +["TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC063, +["TLS_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC064, +["TLS_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC065, +["TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC066, +["TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC067, +["TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC068, +["TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC069, +["TLS_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06A, +["TLS_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06B, +["TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06C, +["TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06D, +["TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06E, +["TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06F, +["TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC070, +["TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC071, +["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC072, +["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC073, +["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC074, +["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC075, +["TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC076, +["TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC077, +["TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC078, +["TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC079, +["TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07A, +["TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07B, +["TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07C, +["TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07D, +["TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07E, +["TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07F, +["TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC080, +["TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC081, +["TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC082, +["TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC083, +["TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC084, +["TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC085, +["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC086, +["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC087, +["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC088, +["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC089, +["TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08A, +["TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08B, +["TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08C, +["TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08D, +["TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08E, +["TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08F, +["TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC090, +["TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC091, +["TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC092, +["TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC093, +["TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC094, +["TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC095, +["TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC096, +["TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC097, +["TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC098, +["TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC099, +["TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC09A, +["TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC09B, +["TLS_RSA_WITH_AES_128_CCM"] = 0xC09C, +["TLS_RSA_WITH_AES_256_CCM"] = 0xC09D, +["TLS_DHE_RSA_WITH_AES_128_CCM"] = 0xC09E, +["TLS_DHE_RSA_WITH_AES_256_CCM"] = 0xC09F, +["TLS_RSA_WITH_AES_128_CCM_8"] = 0xC0A0, +["TLS_RSA_WITH_AES_256_CCM_8"] = 0xC0A1, +["TLS_DHE_RSA_WITH_AES_128_CCM_8"] = 0xC0A2, +["TLS_DHE_RSA_WITH_AES_256_CCM_8"] = 0xC0A3, +["TLS_PSK_WITH_AES_128_CCM"] = 0xC0A4, +["TLS_PSK_WITH_AES_256_CCM"] = 0xC0A5, +["TLS_DHE_PSK_WITH_AES_128_CCM"] = 0xC0A6, +["TLS_DHE_PSK_WITH_AES_256_CCM"] = 0xC0A7, +["TLS_PSK_WITH_AES_128_CCM_8"] = 0xC0A8, +["TLS_PSK_WITH_AES_256_CCM_8"] = 0xC0A9, +["TLS_PSK_DHE_WITH_AES_128_CCM_8"] = 0xC0AA, +["TLS_PSK_DHE_WITH_AES_256_CCM_8"] = 0xC0AB, +["SSL_RSA_FIPS_WITH_DES_CBC_SHA"] = 0xFEFE, +["SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"] = 0xFEFF, } cipherstrength = { @@ -542,8 +688,11 @@ local function client_hello(t) if t["compressors"] ~= nil then -- Add specified compressors. for _, compressor in pairs(t["compressors"]) do - compressors = compressors .. bin.pack("C", COMPRESSORS[compressor]) + if compressor ~= "NULL" then + compressors = compressors .. bin.pack("C", COMPRESSORS[compressor]) + end end + compressors = compressors .. bin.pack("C", 0) -- Always include NULL as last choice else -- Add all known compressors. for _, compressor in pairs(COMPRESSORS) do @@ -569,9 +718,8 @@ local function client_hello(t) return record_write("handshake", t["protocol"], h .. b) end -local function try_params(host, port, t, name, records) +local function try_params(host, port, t) local buffer, err, i, record, req, resp, sock, status - local condvar = nmap.condvar(records) -- Create socket. sock = nmap.new_socket() @@ -580,7 +728,6 @@ local function try_params(host, port, t, name, records) if not status then stdnse.print_debug(1, "Can't connect: %s", err) sock:close() - condvar "signal" return nil end @@ -590,7 +737,6 @@ local function try_params(host, port, t, name, records) if not status then stdnse.print_debug(1, "Can't send: %s", err) sock:close() - condvar "signal" return nil end @@ -602,8 +748,7 @@ local function try_params(host, port, t, name, records) status, resp = sock:receive() if not status then sock:close() - condvar "signal" - return record + return nil end buffer = buffer .. resp @@ -612,159 +757,179 @@ local function try_params(host, port, t, name, records) i, record = record_read(buffer, i) if record ~= nil then sock:close() - record.name = name - table.insert(records, record) - condvar "signal" - return + return record end end end -local function try_protocol(host, port, protocol) - local ciphers, compressors, results +local function keys(t) + local ret = {} + for k, _ in pairs(t) do + ret[#ret+1] = k + end + return ret +end - local function find_ciphers() - local name, protocol_worked, record, results, t,cipherstr - local records, threads = {}, {} - local condvar = nmap.condvar(records) +local function keys_in_chunks(t) + local ret = {{}} + local c = 0 + local b = 1 + for k, _ in pairs(t) do + c = c+1 + ret[b][c] = k + if c > 64 then + c = 0 + b = b + 1 + ret[b] = {} + end + end + return ret +end - results = {} +local function remove(t, e) + for i, v in ipairs(t) do + if v == e then + table.remove(t, i) + return i + end + end + return nil +end - -- Try every cipher. - protocol_worked = false - for name, _ in pairs(CIPHERS) do +local function find_ciphers(host, port, protocol) + local name, protocol_worked, record, results, t,cipherstr + local ciphers = keys_in_chunks(CIPHERS) + + results = {} + + -- Try every cipher. + protocol_worked = false + for _, group in ipairs(ciphers) do + while (next(group)) do -- Create structure. t = { - ["ciphers"] = {name}, + ["ciphers"] = group, ["protocol"] = protocol } - -- Try connecting with cipher. - local co = stdnse.new_thread(try_params, host, port, t, name, records) - threads[co] = true - end + record = try_params(host, port, t) - repeat - for thread in pairs(threads) do - if coroutine.status(thread) == "dead" then threads[thread] = nil end - end - if ( next(threads) ) then - condvar "wait" - end - until next(threads) == nil - - - for _, record in ipairs(records) do - local name = record.name if record == nil then if protocol_worked then - stdnse.print_debug(2, "Cipher %s rejected.", name) + stdnse.print_debug(2, "%d ciphers rejected. (No handshake)", #group) else - stdnse.print_debug(2, "Cipher %s and/or protocol %s rejected.", name, protocol) + stdnse.print_debug(1, "%d ciphers and/or protocol %s rejected. (No handshake)", #group, protocol) end + break elseif record["protocol"] ~= protocol then stdnse.print_debug(1, "Protocol %s rejected.", protocol) + protocol_worked = nil break elseif record["type"] == "alert" and record["body"]["description"] == "handshake_failure" then protocol_worked = true - stdnse.print_debug(2, "Cipher %s rejected.", name) + stdnse.print_debug(2, "%d ciphers rejected.", #group) + break elseif record["type"] ~= "handshake" or record["body"]["type"] ~= "server_hello" then stdnse.print_debug(2, "Unexpected record received.") + break else protocol_worked = true + name = record["body"]["cipher"] stdnse.print_debug(2, "Cipher %s chosen.", name) + remove(group, name) -- Add cipher to the list of accepted ciphers. - name = record["body"]["cipher"] - if rankedciphersfilename and rankedciphers[name] then - cipherstr=rankedciphers[name] - else - cipherstr="unknown strength" - end - stdnse.print_debug(2, "Strength of %s rated %d.",cipherstr,cipherstrength[cipherstr]) - if mincipherstrength>cipherstrength[cipherstr] then - stdnse.print_debug(2, "Downgrading min cipher strength to %d.",cipherstrength[cipherstr]) - mincipherstrength=cipherstrength[cipherstr] - end - name=name.." - "..cipherstr table.insert(results, name) end end + if protocol_worked == nil then break end + end - return results - end + return results +end - local function find_compressors() - local name, protocol_worked, record, results, t - local records, threads = {}, {} - local condvar = nmap.condvar(records) +local function find_compressors(host, port, protocol, good_cipher) + local name, protocol_worked, record, results, t + local compressors = keys(COMPRESSORS) - results = {} + results = {} - -- Try every compressor. - protocol_worked = false - for name, _ in pairs(COMPRESSORS) do - -- Create structure. - t = { - ["compressors"] = {name}, - ["protocol"] = protocol - } + -- Try every compressor. + protocol_worked = false + while (next(compressors)) do + -- Create structure. + t = { + ["compressors"] = compressors, + ["ciphers"] = {good_cipher}, + ["protocol"] = protocol + } - -- Try connecting with compressor. - local co = stdnse.new_thread(try_params, host, port, t, name, records) - threads[co] = true - end - - repeat - for thread in pairs(threads) do - if coroutine.status(thread) == "dead" then threads[thread] = nil end - end - if ( next(threads) ) then - condvar "wait" - end - until next(threads) == nil - - for _, record in ipairs(records) do - local name = record.name - if record == nil then - if protocol_worked then - stdnse.print_debug(2, "Compressor %s rejected.", name) - else - stdnse.print_debug(2, "Compressor %s and/or protocol %s rejected.", name, protocol) - end - elseif record["protocol"] ~= protocol then - stdnse.print_debug(1, "Protocol %s rejected.", protocol) - break - elseif record["type"] == "alert" and record["body"]["description"] == "handshake_failure" then - protocol_worked = true - stdnse.print_debug(2, "Compressor %s rejected.", name) - elseif record["type"] ~= "handshake" or record["body"]["type"] ~= "server_hello" then - stdnse.print_debug(2, "Unexpected record received.") - elseif record["body"]["compressor"] ~= name then - protocol_worked = true - stdnse.print_debug(2, "Compressor %s rejected.", name) - else - protocol_worked = true - stdnse.print_debug(2, "Compressor %s chosen.", name) + -- Try connecting with compressor. + record = try_params(host, port, t) + + if record == nil then + if protocol_worked then + stdnse.print_debug(2, "%d compressors rejected. (No handshake)", #compressors) + else + stdnse.print_debug(1, "%d compressors and/or protocol %s rejected. (No handshake)", #compressors, protocol) + end + break + elseif record["protocol"] ~= protocol then + stdnse.print_debug(1, "Protocol %s rejected.", protocol) + break + elseif record["type"] == "alert" and record["body"]["description"] == "handshake_failure" then + protocol_worked = true + stdnse.print_debug(2, "%d compressors rejected.", #compressors) + break + elseif record["type"] ~= "handshake" or record["body"]["type"] ~= "server_hello" then + stdnse.print_debug(2, "Unexpected record received.") + break + else + protocol_worked = true + name = record["body"]["compressor"] + stdnse.print_debug(2, "Compressor %s chosen.", name) + remove(compressors, name) - -- Add compressor to the list of accepted compressors. - table.insert(results, name) - end - end + -- Add compressor to the list of accepted compressors. + table.insert(results, name) + if name == "NULL" then + break -- NULL is always last choice, and must be included + end + end + end - return results - end + return results +end + +local function try_protocol(host, port, protocol, upresults) + local ciphers, compressors, results + local condvar = nmap.condvar(upresults) results = {} -- Find all valid ciphers. - ciphers = find_ciphers() + ciphers = find_ciphers(host, port, protocol) if #ciphers == 0 then - return {} + condvar "signal" + return nil end - -- Find all valid compression methods. - compressors = find_compressors() + compressors = find_compressors(host, port, protocol, ciphers[1]) + + -- Add rankings to ciphers + for i, name in ipairs(ciphers) do + if rankedciphersfilename and rankedciphers[name] then + cipherstr=rankedciphers[name] + else + cipherstr="unknown strength" + end + stdnse.print_debug(2, "Strength of %s rated %d.",cipherstr,cipherstrength[cipherstr]) + if mincipherstrength>cipherstrength[cipherstr] then + stdnse.print_debug(2, "Downgrading min cipher strength to %d.",cipherstrength[cipherstr]) + mincipherstrength=cipherstrength[cipherstr] + end + ciphers[i]=name.." - "..cipherstr + end -- Format the cipher table. table.sort(ciphers) @@ -776,7 +941,12 @@ local function try_protocol(host, port, protocol) compressors["name"] = "Compressors (" .. #compressors .. ")" table.insert(results, compressors) - return results + if #results > 0 then + results["name"] = protocol + table.insert(upresults, results) + end + condvar "signal" + return nil end -- Shamelessly stolen from nselib/unpwdb.lua and changed a bit. (Gabriel Lawrence) @@ -830,15 +1000,24 @@ action = function(host, port) results = {} + local condvar = nmap.condvar(results) + local threads = {} + for name, _ in pairs(PROTOCOLS) do stdnse.print_debug(1, "Trying protocol %s.", name) - result = try_protocol(host.ip, port.number, name) - if #result > 0 then - result["name"] = name - table.insert(results, result) - end + local co = stdnse.new_thread(try_protocol, host.ip, port.number, name, results) + threads[co] = true end + repeat + for thread in pairs(threads) do + if coroutine.status(thread) == "dead" then threads[thread] = nil end + end + if ( next(threads) ) then + condvar "wait" + end + until next(threads) == nil + -- Sort protocol results by name. table.sort(results, function(a, b) return a["name"] < b["name"] end) if rankedciphersfilename then