Modify ssl-enum-ciphers for speed and thoroughness

Send large groups of ciphers and eliminate chosen ones until the server gives up. This results in far fewer exchanges than trying every cipher individually. Also fixed a bug introduced in r26521 where failing to send NULL compressor results in a rejected handshake, and updated the list of ciphers from 213 to 359. http://seclists.org/nmap-dev/2012/q3/156
2025-12-09 14:11:29 +00:00 · 2012-07-13 22:40:00 +00:00
parent a2f308a8f8
commit 4463296bf7
1 changed files with 512 additions and 333 deletions
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -171,219 +171,365 @@ COMPRESSORS = {
 -- Encryption Algorithms
 --
 CIPHERS = {
-	["TLS_NULL_WITH_NULL_NULL"]			= 0x0000,
+["TLS_NULL_WITH_NULL_NULL"]                        =  0x0000,
-	["TLS_RSA_WITH_NULL_MD5"]			= 0x0001,
+["TLS_RSA_WITH_NULL_MD5"]                          =  0x0001,
-	["TLS_RSA_WITH_NULL_SHA"]			= 0x0002,
+["TLS_RSA_WITH_NULL_SHA"]                          =  0x0002,
-	["TLS_RSA_EXPORT_WITH_RC4_40_MD5"]		= 0x0003,
+["TLS_RSA_EXPORT_WITH_RC4_40_MD5"]                 =  0x0003,
-	["TLS_RSA_WITH_RC4_128_MD5"]			= 0x0004,
+["TLS_RSA_WITH_RC4_128_MD5"]                       =  0x0004,
-	["TLS_RSA_WITH_RC4_128_SHA"]			= 0x0005,
+["TLS_RSA_WITH_RC4_128_SHA"]                       =  0x0005,
-	["TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"]		= 0x0006,
+["TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"]             =  0x0006,
-	["TLS_RSA_WITH_IDEA_CBC_SHA"]			= 0x0007,
+["TLS_RSA_WITH_IDEA_CBC_SHA"]                      =  0x0007,
-	["TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"]		= 0x0008,
+["TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"]              =  0x0008,
-	["TLS_RSA_WITH_DES_CBC_SHA"]			= 0x0009,
+["TLS_RSA_WITH_DES_CBC_SHA"]                       =  0x0009,
-	["TLS_RSA_WITH_3DES_EDE_CBC_SHA"]		= 0x000A,
+["TLS_RSA_WITH_3DES_EDE_CBC_SHA"]                  =  0x000A,
-	["TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"]	= 0x000B,
+["TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"]           =  0x000B,
-	["TLS_DH_DSS_WITH_DES_CBC_SHA"]			= 0x000C,
+["TLS_DH_DSS_WITH_DES_CBC_SHA"]                    =  0x000C,
-	["TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"]		= 0x000D,
+["TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"]               =  0x000D,
-	["TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"]	= 0x000E,
+["TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"]           =  0x000E,
-	["TLS_DH_RSA_WITH_DES_CBC_SHA"]			= 0x000F,
+["TLS_DH_RSA_WITH_DES_CBC_SHA"]                    =  0x000F,
-	["TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"]		= 0x0010,
+["TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"]               =  0x0010,
-	["TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"]	= 0x0011,
+["TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"]          =  0x0011,
-	["TLS_DHE_DSS_WITH_DES_CBC_SHA"]		= 0x0012,
+["TLS_DHE_DSS_WITH_DES_CBC_SHA"]                   =  0x0012,
-	["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"]		= 0x0013,
+["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"]              =  0x0013,
-	["TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"]	= 0x0014,
+["TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"]          =  0x0014,
-	["TLS_DHE_RSA_WITH_DES_CBC_SHA"]		= 0x0015,
+["TLS_DHE_RSA_WITH_DES_CBC_SHA"]                   =  0x0015,
-	["TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"]		= 0x0016,
+["TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"]              =  0x0016,
-	["TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"]		= 0x0017,
+["TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"]             =  0x0017,
-	["TLS_DH_anon_WITH_RC4_128_MD5"]		= 0x0018,
+["TLS_DH_anon_WITH_RC4_128_MD5"]                   =  0x0018,
-	["TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"]	= 0x0019,
+["TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"]          =  0x0019,
-	["TLS_DH_anon_WITH_DES_CBC_SHA"]		= 0x001A,
+["TLS_DH_anon_WITH_DES_CBC_SHA"]                   =  0x001A,
-	["TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"]		= 0x001B,
+["TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"]              =  0x001B,
-	["SSL_FORTEZZA_KEA_WITH_NULL_SHA"]              = 0x001C,
+["SSL_FORTEZZA_KEA_WITH_NULL_SHA"]                 =  0x001C,
-	["SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"]      = 0x001D,
+["SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"]         =  0x001D,
-	["TLS_KRB5_WITH_DES_CBC_SHA"]			= 0x001E,
+["TLS_KRB5_WITH_DES_CBC_SHA or SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"] = 0x001E, --TLS vs SSLv3
-	["TLS_KRB5_WITH_3DES_EDE_CBC_SHA"]		= 0x001F,
+["TLS_KRB5_WITH_3DES_EDE_CBC_SHA"]                 =  0x001F,
-	["TLS_KRB5_WITH_RC4_128_SHA"]			= 0x0020,
+["TLS_KRB5_WITH_RC4_128_SHA"]                      =  0x0020,
-	["TLS_KRB5_WITH_IDEA_CBC_SHA"]			= 0x0021,
+["TLS_KRB5_WITH_IDEA_CBC_SHA"]                     =  0x0021,
-	["TLS_KRB5_WITH_DES_CBC_MD5"]			= 0x0022,
+["TLS_KRB5_WITH_DES_CBC_MD5"]                      =  0x0022,
-	["TLS_KRB5_WITH_3DES_EDE_CBC_MD5"]		= 0x0023,
+["TLS_KRB5_WITH_3DES_EDE_CBC_MD5"]                 =  0x0023,
-	["TLS_KRB5_WITH_RC4_128_MD5"]			= 0x0024,
+["TLS_KRB5_WITH_RC4_128_MD5"]                      =  0x0024,
-	["TLS_KRB5_WITH_IDEA_CBC_MD5"]			= 0x0025,
+["TLS_KRB5_WITH_IDEA_CBC_MD5"]                     =  0x0025,
-	["TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"]		= 0x0026,
+["TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"]            =  0x0026,
-	["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"]		= 0x0027,
+["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"]            =  0x0027,
-	["TLS_KRB5_EXPORT_WITH_RC4_40_SHA"]		= 0x0028,
+["TLS_KRB5_EXPORT_WITH_RC4_40_SHA"]                =  0x0028,
-	["TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"]		= 0x0029,
+["TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"]            =  0x0029,
-	["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"]		= 0x002A,
+["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"]            =  0x002A,
-	["TLS_KRB5_EXPORT_WITH_RC4_40_MD5"]		= 0x002B,
+["TLS_KRB5_EXPORT_WITH_RC4_40_MD5"]                =  0x002B,
-	["TLS_PSK_WITH_NULL_SHA"]			= 0x002C,
+["TLS_PSK_WITH_NULL_SHA"]                          =  0x002C,
-	["TLS_DHE_PSK_WITH_NULL_SHA"]			= 0x002D,
+["TLS_DHE_PSK_WITH_NULL_SHA"]                      =  0x002D,
-	["TLS_RSA_PSK_WITH_NULL_SHA"]			= 0x002E,
+["TLS_RSA_PSK_WITH_NULL_SHA"]                      =  0x002E,
-	["TLS_RSA_WITH_AES_128_CBC_SHA"]		= 0x002F,
+["TLS_RSA_WITH_AES_128_CBC_SHA"]                   =  0x002F,
-	["TLS_DH_DSS_WITH_AES_128_CBC_SHA"]		= 0x0030,
+["TLS_DH_DSS_WITH_AES_128_CBC_SHA"]                =  0x0030,
-	["TLS_DH_RSA_WITH_AES_128_CBC_SHA"]		= 0x0031,
+["TLS_DH_RSA_WITH_AES_128_CBC_SHA"]                =  0x0031,
-	["TLS_DHE_DSS_WITH_AES_128_CBC_SHA"]		= 0x0032,
+["TLS_DHE_DSS_WITH_AES_128_CBC_SHA"]               =  0x0032,
-	["TLS_DHE_RSA_WITH_AES_128_CBC_SHA"]		= 0x0033,
+["TLS_DHE_RSA_WITH_AES_128_CBC_SHA"]               =  0x0033,
-	["TLS_DH_anon_WITH_AES_128_CBC_SHA"]		= 0x0034,
+["TLS_DH_anon_WITH_AES_128_CBC_SHA"]               =  0x0034,
-	["TLS_RSA_WITH_AES_256_CBC_SHA"]		= 0x0035,
+["TLS_RSA_WITH_AES_256_CBC_SHA"]                   =  0x0035,
-	["TLS_DH_DSS_WITH_AES_256_CBC_SHA"]		= 0x0036,
+["TLS_DH_DSS_WITH_AES_256_CBC_SHA"]                =  0x0036,
-	["TLS_DH_RSA_WITH_AES_256_CBC_SHA"]		= 0x0037,
+["TLS_DH_RSA_WITH_AES_256_CBC_SHA"]                =  0x0037,
-	["TLS_DHE_DSS_WITH_AES_256_CBC_SHA"]		= 0x0038,
+["TLS_DHE_DSS_WITH_AES_256_CBC_SHA"]               =  0x0038,
-	["TLS_DHE_RSA_WITH_AES_256_CBC_SHA"]		= 0x0039,
+["TLS_DHE_RSA_WITH_AES_256_CBC_SHA"]               =  0x0039,
-	["TLS_DH_anon_WITH_AES_256_CBC_SHA"]		= 0x003A,
+["TLS_DH_anon_WITH_AES_256_CBC_SHA"]               =  0x003A,
-	["TLS_RSA_WITH_NULL_SHA256"]			= 0x003B,
+["TLS_RSA_WITH_NULL_SHA256"]                       =  0x003B,
-	["TLS_RSA_WITH_AES_128_CBC_SHA256"]		= 0x003C,
+["TLS_RSA_WITH_AES_128_CBC_SHA256"]                =  0x003C,
-	["TLS_RSA_WITH_AES_256_CBC_SHA256"]		= 0x003D,
+["TLS_RSA_WITH_AES_256_CBC_SHA256"]                =  0x003D,
-	["TLS_DH_DSS_WITH_AES_128_CBC_SHA256"]		= 0x003E,
+["TLS_DH_DSS_WITH_AES_128_CBC_SHA256"]             =  0x003E,
-	["TLS_DH_RSA_WITH_AES_128_CBC_SHA256"]		= 0x003F,
+["TLS_DH_RSA_WITH_AES_128_CBC_SHA256"]             =  0x003F,
-	["TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"]		= 0x0040,
+["TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"]            =  0x0040,
-	["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"]		= 0x0041,
+["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"]              =  0x0041,
-	["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"]	= 0x0042,
+["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"]           =  0x0042,
-	["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"]	= 0x0043,
+["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"]           =  0x0043,
-	["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"]	= 0x0044,
+["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"]          =  0x0044,
-	["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"]	= 0x0045,
+["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"]          =  0x0045,
-	["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"]	= 0x0046,
+["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"]          =  0x0046,
-	["TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"]		= 0x0060,
+["TLS_ECDH_ECDSA_WITH_NULL_SHA-draft"]             =  0x0047,  --draft-ietf-tls-ecc-00
-	["TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"]	= 0x0061,
+["TLS_ECDH_ECDSA_WITH_RC4_128_SHA-draft"]          =  0x0048,  --draft-ietf-tls-ecc-00
-	["TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"]		= 0x0062,
+["TLS_ECDH_ECDSA_WITH_DES_CBC_SHA-draft"]          =  0x0049,  --draft-ietf-tls-ecc-00
-	["TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"]	= 0x0063,
+["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"]     =  0x004A,  --draft-ietf-tls-ecc-00
-	["TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"]		= 0x0064,
+["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA-draft"]      =  0x004B,  --draft-ietf-tls-ecc-00
-	["TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"]	= 0x0065,
+["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA-draft"]      =  0x004C,  --draft-ietf-tls-ecc-00
-	["TLS_DHE_DSS_WITH_RC4_128_SHA"]		= 0x0066,
+["TLS_ECDH_ECNRA_WITH_DES_CBC_SHA-draft"]          =  0x004D,  --draft-ietf-tls-ecc-00
-	["TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"]		= 0x0067,
+["TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"]     =  0x004E,  --draft-ietf-tls-ecc-00
-	["TLS_DH_DSS_WITH_AES_256_CBC_SHA256"]		= 0x0068,
+["TLS_ECMQV_ECDSA_NULL_SHA-draft"]                 =  0x004F,  --draft-ietf-tls-ecc-00
-	["TLS_DH_RSA_WITH_AES_256_CBC_SHA256"]		= 0x0069,
+["TLS_ECMQV_ECDSA_WITH_RC4_128_SHA-draft"]         =  0x0050,  --draft-ietf-tls-ecc-00
-	["TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"]		= 0x006A,
+["TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA-draft"]         =  0x0051,  --draft-ietf-tls-ecc-00
-	["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"]		= 0x006B,
+["TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"]    =  0x0052,  --draft-ietf-tls-ecc-00
-	["TLS_DH_anon_WITH_AES_128_CBC_SHA256"]		= 0x006C,
+["TLS_ECMQV_ECNRA_NULL_SHA-draft"]                 =  0x0053,  --draft-ietf-tls-ecc-00
-	["TLS_DH_anon_WITH_AES_256_CBC_SHA256"]		= 0x006D,
+["TLS_ECMQV_ECNRA_WITH_RC4_128_SHA-draft"]         =  0x0054,  --draft-ietf-tls-ecc-00
-	["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"]		= 0x0084,
+["TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA-draft"]         =  0x0055,  --draft-ietf-tls-ecc-00
-	["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"]	= 0x0085,
+["TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"]    =  0x0056,  --draft-ietf-tls-ecc-00
-	["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"]	= 0x0086,
+["TLS_ECDH_anon_NULL_WITH_SHA-draft"]              =  0x0057,  --draft-ietf-tls-ecc-00
-	["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"]	= 0x0087,
+["TLS_ECDH_anon_WITH_RC4_128_SHA-draft"]           =  0x0058,  --draft-ietf-tls-ecc-00
-	["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"]	= 0x0088,
+["TLS_ECDH_anon_WITH_DES_CBC_SHA-draft"]           =  0x0059,  --draft-ietf-tls-ecc-00
-	["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"]	= 0x0089,
+["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA-draft"]      =  0x005A,  --draft-ietf-tls-ecc-00
-	["TLS_PSK_WITH_RC4_128_SHA"]			= 0x008A,
+["TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA-draft"]  =  0x005B,  --draft-ietf-tls-ecc-00
-	["TLS_PSK_WITH_3DES_EDE_CBC_SHA"]		= 0x008B,
+["TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA-draft"]     =  0x005C,  --draft-ietf-tls-ecc-00
-	["TLS_PSK_WITH_AES_128_CBC_SHA"]		= 0x008C,
+["TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"]             =  0x0060,
-	["TLS_PSK_WITH_AES_256_CBC_SHA"]		= 0x008D,
+["TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"]         =  0x0061,
-	["TLS_DHE_PSK_WITH_RC4_128_SHA"]		= 0x008E,
+["TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"]            =  0x0062,
-	["TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"]		= 0x008F,
+["TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"]        =  0x0063,
-	["TLS_DHE_PSK_WITH_AES_128_CBC_SHA"]		= 0x0090,
+["TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"]             =  0x0064,
-	["TLS_DHE_PSK_WITH_AES_256_CBC_SHA"]		= 0x0091,
+["TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"]         =  0x0065,
-	["TLS_RSA_PSK_WITH_RC4_128_SHA"]		= 0x0092,
+["TLS_DHE_DSS_WITH_RC4_128_SHA"]                   =  0x0066,
-	["TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"]		= 0x0093,
+["TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"]            =  0x0067,
-	["TLS_RSA_PSK_WITH_AES_128_CBC_SHA"]		= 0x0094,
+["TLS_DH_DSS_WITH_AES_256_CBC_SHA256"]             =  0x0068,
-	["TLS_RSA_PSK_WITH_AES_256_CBC_SHA"]		= 0x0095,
+["TLS_DH_RSA_WITH_AES_256_CBC_SHA256"]             =  0x0069,
-	["TLS_RSA_WITH_SEED_CBC_SHA"]			= 0x0096,
+["TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"]            =  0x006A,
-	["TLS_DH_DSS_WITH_SEED_CBC_SHA"]		= 0x0097,
+["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"]            =  0x006B,
-	["TLS_DH_RSA_WITH_SEED_CBC_SHA"]		= 0x0098,
+["TLS_DH_anon_WITH_AES_128_CBC_SHA256"]            =  0x006C,
-	["TLS_DHE_DSS_WITH_SEED_CBC_SHA"]		= 0x0099,
+["TLS_DH_anon_WITH_AES_256_CBC_SHA256"]            =  0x006D,
-	["TLS_DHE_RSA_WITH_SEED_CBC_SHA"]		= 0x009A,
+["TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD"]       =  0x0072,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_DH_anon_WITH_SEED_CBC_SHA"]		= 0x009B,
+["TLS_DHE_DSS_WITH_AES_128_CBC_RMD"]        =  0x0073,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_RSA_WITH_AES_128_GCM_SHA256"]		= 0x009C,
+["TLS_DHE_DSS_WITH_AES_256_CBC_RMD"]        =  0x0074,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_RSA_WITH_AES_256_GCM_SHA384"]		= 0x009D,
+["TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD"]       =  0x0077,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"]		= 0x009E,
+["TLS_DHE_RSA_WITH_AES_128_CBC_RMD"]        =  0x0078,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]		= 0x009F,
+["TLS_DHE_RSA_WITH_AES_256_CBC_RMD"]        =  0x0079,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_DH_RSA_WITH_AES_128_GCM_SHA256"]		= 0x00A0,
+["TLS_RSA_WITH_3DES_EDE_CBC_RMD"]           =  0x007C,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_DH_RSA_WITH_AES_256_GCM_SHA384"]		= 0x00A1,
+["TLS_RSA_WITH_AES_128_CBC_RMD"]            =  0x007D,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"]		= 0x00A2,
+["TLS_RSA_WITH_AES_256_CBC_RMD"]            =  0x007E,  --draft-ietf-tls-openpgp-keys-05
-	["TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"]		= 0x00A3,
+["TLS_GOSTR341094_WITH_28147_CNT_IMIT"]     =  0x0080,  --draft-chudov-cryptopro-cptls-04
-	["TLS_DH_DSS_WITH_AES_128_GCM_SHA256"]		= 0x00A4,
+["TLS_GOSTR341001_WITH_28147_CNT_IMIT"]     =  0x0081,  --draft-chudov-cryptopro-cptls-04
-	["TLS_DH_DSS_WITH_AES_256_GCM_SHA384"]		= 0x00A5,
+["TLS_GOSTR341094_WITH_NULL_GOSTR3411"]     =  0x0082,  --draft-chudov-cryptopro-cptls-04
-	["TLS_DH_anon_WITH_AES_128_GCM_SHA256"]		= 0x00A6,
+["TLS_GOSTR341001_WITH_NULL_GOSTR3411"]     =  0x0083,  --draft-chudov-cryptopro-cptls-04
-	["TLS_DH_anon_WITH_AES_256_GCM_SHA384"]		= 0x00A7,
+["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"]              =  0x0084,
-	["TLS_PSK_WITH_AES_128_GCM_SHA256"]		= 0x00A8,
+["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"]           =  0x0085,
-	["TLS_PSK_WITH_AES_256_GCM_SHA384"]		= 0x00A9,
+["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"]           =  0x0086,
-	["TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"]		= 0x00AA,
+["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"]          =  0x0087,
-	["TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"]		= 0x00AB,
+["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"]          =  0x0088,
-	["TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"]		= 0x00AC,
+["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"]          =  0x0089,
-	["TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"]		= 0x00AD,
+["TLS_PSK_WITH_RC4_128_SHA"]                       =  0x008A,
-	["TLS_PSK_WITH_AES_128_CBC_SHA256"]		= 0x00AE,
+["TLS_PSK_WITH_3DES_EDE_CBC_SHA"]                  =  0x008B,
-	["TLS_PSK_WITH_AES_256_CBC_SHA384"]		= 0x00AF,
+["TLS_PSK_WITH_AES_128_CBC_SHA"]                   =  0x008C,
-	["TLS_PSK_WITH_NULL_SHA256"]			= 0x00B0,
+["TLS_PSK_WITH_AES_256_CBC_SHA"]                   =  0x008D,
-	["TLS_PSK_WITH_NULL_SHA384"]			= 0x00B1,
+["TLS_DHE_PSK_WITH_RC4_128_SHA"]                   =  0x008E,
-	["TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"]		= 0x00B2,
+["TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"]              =  0x008F,
-	["TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"]		= 0x00B3,
+["TLS_DHE_PSK_WITH_AES_128_CBC_SHA"]               =  0x0090,
-	["TLS_DHE_PSK_WITH_NULL_SHA256"]		= 0x00B4,
+["TLS_DHE_PSK_WITH_AES_256_CBC_SHA"]               =  0x0091,
-	["TLS_DHE_PSK_WITH_NULL_SHA384"]		= 0x00B5,
+["TLS_RSA_PSK_WITH_RC4_128_SHA"]                   =  0x0092,
-	["TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"]		= 0x00B6,
+["TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"]              =  0x0093,
-	["TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"]		= 0x00B7,
+["TLS_RSA_PSK_WITH_AES_128_CBC_SHA"]               =  0x0094,
-	["TLS_RSA_PSK_WITH_NULL_SHA256"]		= 0x00B8,
+["TLS_RSA_PSK_WITH_AES_256_CBC_SHA"]               =  0x0095,
-	["TLS_RSA_PSK_WITH_NULL_SHA384"]		= 0x00B9,
+["TLS_RSA_WITH_SEED_CBC_SHA"]                      =  0x0096,
-	["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"]        = 0x00BA,
+["TLS_DH_DSS_WITH_SEED_CBC_SHA"]                   =  0x0097,
-	["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"]     = 0x00BB,
+["TLS_DH_RSA_WITH_SEED_CBC_SHA"]                   =  0x0098,
-	["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"]     = 0x00BC,
+["TLS_DHE_DSS_WITH_SEED_CBC_SHA"]                  =  0x0099,
-	["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"]    = 0x00BD,
+["TLS_DHE_RSA_WITH_SEED_CBC_SHA"]                  =  0x009A,
-	["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"]    = 0x00BE,
+["TLS_DH_anon_WITH_SEED_CBC_SHA"]                  =  0x009B,
-	["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"]    = 0x00BF,
+["TLS_RSA_WITH_AES_128_GCM_SHA256"]                =  0x009C,
-	["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"]        = 0x00C0,
+["TLS_RSA_WITH_AES_256_GCM_SHA384"]                =  0x009D,
-	["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"]     = 0x00C1,
+["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"]            =  0x009E,
-	["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"]     = 0x00C2,
+["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]            =  0x009F,
-	["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"]    = 0x00C3,
+["TLS_DH_RSA_WITH_AES_128_GCM_SHA256"]             =  0x00A0,
-	["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"]    = 0x00C4,
+["TLS_DH_RSA_WITH_AES_256_GCM_SHA384"]             =  0x00A1,
-	["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"]    = 0x00C5,
+["TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"]            =  0x00A2,
-	["TLS_RENEGO_PROTECTION_REQUEST"]		= 0x00FF,
+["TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"]            =  0x00A3,
-	["TLS_ECDH_ECDSA_WITH_NULL_SHA"]		= 0xC001,
+["TLS_DH_DSS_WITH_AES_128_GCM_SHA256"]             =  0x00A4,
-	["TLS_ECDH_ECDSA_WITH_RC4_128_SHA"]		= 0xC002,
+["TLS_DH_DSS_WITH_AES_256_GCM_SHA384"]             =  0x00A5,
-	["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"]	= 0xC003,
+["TLS_DH_anon_WITH_AES_128_GCM_SHA256"]            =  0x00A6,
-	["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"]		= 0xC004,
+["TLS_DH_anon_WITH_AES_256_GCM_SHA384"]            =  0x00A7,
-	["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"]		= 0xC005,
+["TLS_PSK_WITH_AES_128_GCM_SHA256"]                =  0x00A8,
-	["TLS_ECDHE_ECDSA_WITH_NULL_SHA"]		= 0xC006,
+["TLS_PSK_WITH_AES_256_GCM_SHA384"]                =  0x00A9,
-	["TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"]		= 0xC007,
+["TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"]            =  0x00AA,
-	["TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"]	= 0xC008,
+["TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"]            =  0x00AB,
-	["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"]	= 0xC009,
+["TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"]            =  0x00AC,
-	["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"]	= 0xC00A,
+["TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"]            =  0x00AD,
-	["TLS_ECDH_RSA_WITH_NULL_SHA"]			= 0xC00B,
+["TLS_PSK_WITH_AES_128_CBC_SHA256"]                =  0x00AE,
-	["TLS_ECDH_RSA_WITH_RC4_128_SHA"]		= 0xC00C,
+["TLS_PSK_WITH_AES_256_CBC_SHA384"]                =  0x00AF,
-	["TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"]		= 0xC00D,
+["TLS_PSK_WITH_NULL_SHA256"]                       =  0x00B0,
-	["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"]		= 0xC00E,
+["TLS_PSK_WITH_NULL_SHA384"]                       =  0x00B1,
-	["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"]		= 0xC00F,
+["TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"]            =  0x00B2,
-	["TLS_ECDHE_RSA_WITH_NULL_SHA"]			= 0xC010,
+["TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"]            =  0x00B3,
-	["TLS_ECDHE_RSA_WITH_RC4_128_SHA"]		= 0xC011,
+["TLS_DHE_PSK_WITH_NULL_SHA256"]                   =  0x00B4,
-	["TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"]		= 0xC012,
+["TLS_DHE_PSK_WITH_NULL_SHA384"]                   =  0x00B5,
-	["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"]		= 0xC013,
+["TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"]            =  0x00B6,
-	["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"]		= 0xC014,
+["TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"]            =  0x00B7,
-	["TLS_ECDH_anon_WITH_NULL_SHA"]			= 0xC015,
+["TLS_RSA_PSK_WITH_NULL_SHA256"]                   =  0x00B8,
-	["TLS_ECDH_anon_WITH_RC4_128_SHA"]		= 0xC016,
+["TLS_RSA_PSK_WITH_NULL_SHA384"]                   =  0x00B9,
-	["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"]		= 0xC017,
+["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"]           =  0x00BA,
-	["TLS_ECDH_anon_WITH_AES_128_CBC_SHA"]		= 0xC018,
+["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"]        =  0x00BB,
-	["TLS_ECDH_anon_WITH_AES_256_CBC_SHA"]		= 0xC019,
+["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"]        =  0x00BC,
-	["TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"]		= 0xC01A,
+["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"]       =  0x00BD,
-	["TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"]	= 0xC01B,
+["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"]       =  0x00BE,
-	["TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"]	= 0xC01C,
+["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"]       =  0x00BF,
-	["TLS_SRP_SHA_WITH_AES_128_CBC_SHA"]		= 0xC01D,
+["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"]           =  0x00C0,
-	["TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"]	= 0xC01E,
+["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"]        =  0x00C1,
-	["TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"]	= 0xC01F,
+["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"]        =  0x00C2,
-	["TLS_SRP_SHA_WITH_AES_256_CBC_SHA"]		= 0xC020,
+["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"]       =  0x00C3,
-	["TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"]	= 0xC021,
+["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"]       =  0x00C4,
-	["TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"]	= 0xC022,
+["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"]       =  0x00C5,
-	["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]	= 0xC023,
+["TLS_ECDH_ECDSA_WITH_NULL_SHA"]                   =  0xC001,
-	["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"]	= 0xC024,
+["TLS_ECDH_ECDSA_WITH_RC4_128_SHA"]                =  0xC002,
-	["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"]	= 0xC025,
+["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"]           =  0xC003,
-	["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"]	= 0xC026,
+["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"]            =  0xC004,
-	["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"]	= 0xC027,
+["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"]            =  0xC005,
-	["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"]	= 0xC028,
+["TLS_ECDHE_ECDSA_WITH_NULL_SHA"]                  =  0xC006,
-	["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"]	= 0xC029,
+["TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"]               =  0xC007,
-	["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"]	= 0xC02A,
+["TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"]          =  0xC008,
-	["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"]	= 0xC02B,
+["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"]           =  0xC009,
-	["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"]	= 0xC02C,
+["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"]           =  0xC00A,
-	["TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"]	= 0xC02D,
+["TLS_ECDH_RSA_WITH_NULL_SHA"]                     =  0xC00B,
-	["TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"]	= 0xC02E,
+["TLS_ECDH_RSA_WITH_RC4_128_SHA"]                  =  0xC00C,
-	["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"]	= 0xC02F,
+["TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"]             =  0xC00D,
-	["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]	= 0xC030,
+["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"]              =  0xC00E,
-	["TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"]	= 0xC031,
+["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"]              =  0xC00F,
-	["TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"]	= 0xC032,
+["TLS_ECDHE_RSA_WITH_NULL_SHA"]                    =  0xC010,
-	["TLS_ECDHE_PSK_WITH_RC4_128_SHA"]		= 0xC033,
+["TLS_ECDHE_RSA_WITH_RC4_128_SHA"]                 =  0xC011,
-	["TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"]		= 0xC034,
+["TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"]            =  0xC012,
-	["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"]		= 0xC035,
+["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"]             =  0xC013,
-	["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"]		= 0xC036,
+["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"]             =  0xC014,
-	["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"]	= 0xC037,
+["TLS_ECDH_anon_WITH_NULL_SHA"]                    =  0xC015,
-	["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"]	= 0xC038,
+["TLS_ECDH_anon_WITH_RC4_128_SHA"]                 =  0xC016,
-	["TLS_ECDHE_PSK_WITH_NULL_SHA"]			= 0xC039,
+["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"]            =  0xC017,
-	["TLS_ECDHE_PSK_WITH_NULL_SHA256"]		= 0xC03A,
+["TLS_ECDH_anon_WITH_AES_128_CBC_SHA"]             =  0xC018,
-	["TLS_ECDHE_PSK_WITH_NULL_SHA384"]		= 0xC03B,
+["TLS_ECDH_anon_WITH_AES_256_CBC_SHA"]             =  0xC019,
-	["SSL_RSA_FIPS_WITH_DES_CBC_SHA"]		= 0xFEFE,
+["TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"]              =  0xC01A,
-	["SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"]		= 0xFEFF
+["TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"]          =  0xC01B,
 ["TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"]          =  0xC01C,
 ["TLS_SRP_SHA_WITH_AES_128_CBC_SHA"]               =  0xC01D,
 ["TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"]           =  0xC01E,
 ["TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"]           =  0xC01F,
 ["TLS_SRP_SHA_WITH_AES_256_CBC_SHA"]               =  0xC020,
 ["TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"]           =  0xC021,
 ["TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"]           =  0xC022,
 ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]        =  0xC023,
 ["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"]        =  0xC024,
 ["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"]         =  0xC025,
 ["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"]         =  0xC026,
 ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"]          =  0xC027,
 ["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"]          =  0xC028,
 ["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"]           =  0xC029,
 ["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"]           =  0xC02A,
 ["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"]        =  0xC02B,
 ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"]        =  0xC02C,
 ["TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"]         =  0xC02D,
 ["TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"]         =  0xC02E,
 ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"]          =  0xC02F,
 ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]          =  0xC030,
 ["TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"]           =  0xC031,
 ["TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"]           =  0xC032,
 ["TLS_ECDHE_PSK_WITH_RC4_128_SHA"]                 =  0xC033,
 ["TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"]            =  0xC034,
 ["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"]             =  0xC035,
 ["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"]             =  0xC036,
 ["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"]          =  0xC037,
 ["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"]          =  0xC038,
 ["TLS_ECDHE_PSK_WITH_NULL_SHA"]                    =  0xC039,
 ["TLS_ECDHE_PSK_WITH_NULL_SHA256"]                 =  0xC03A,
 ["TLS_ECDHE_PSK_WITH_NULL_SHA384"]                 =  0xC03B,
 ["TLS_RSA_WITH_ARIA_128_CBC_SHA256"]               =  0xC03C,
 ["TLS_RSA_WITH_ARIA_256_CBC_SHA384"]               =  0xC03D,
 ["TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"]            =  0xC03E,
 ["TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"]            =  0xC03F,
 ["TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"]            =  0xC040,
 ["TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"]            =  0xC041,
 ["TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"]           =  0xC042,
 ["TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"]           =  0xC043,
 ["TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"]           =  0xC044,
 ["TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"]           =  0xC045,
 ["TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"]           =  0xC046,
 ["TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"]           =  0xC047,
 ["TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"]       =  0xC048,
 ["TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"]       =  0xC049,
 ["TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"]        =  0xC04A,
 ["TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"]        =  0xC04B,
 ["TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"]         =  0xC04C,
 ["TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"]         =  0xC04D,
 ["TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"]          =  0xC04E,
 ["TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"]          =  0xC04F,
 ["TLS_RSA_WITH_ARIA_128_GCM_SHA256"]               =  0xC050,
 ["TLS_RSA_WITH_ARIA_256_GCM_SHA384"]               =  0xC051,
 ["TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"]           =  0xC052,
 ["TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"]           =  0xC053,
 ["TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"]            =  0xC054,
 ["TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"]            =  0xC055,
 ["TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"]           =  0xC056,
 ["TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"]           =  0xC057,
 ["TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"]            =  0xC058,
 ["TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"]            =  0xC059,
 ["TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"]           =  0xC05A,
 ["TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"]           =  0xC05B,
 ["TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"]       =  0xC05C,
 ["TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"]       =  0xC05D,
 ["TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"]        =  0xC05E,
 ["TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"]        =  0xC05F,
 ["TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"]         =  0xC060,
 ["TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"]         =  0xC061,
 ["TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"]          =  0xC062,
 ["TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"]          =  0xC063,
 ["TLS_PSK_WITH_ARIA_128_CBC_SHA256"]               =  0xC064,
 ["TLS_PSK_WITH_ARIA_256_CBC_SHA384"]               =  0xC065,
 ["TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"]           =  0xC066,
 ["TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"]           =  0xC067,
 ["TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"]           =  0xC068,
 ["TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"]           =  0xC069,
 ["TLS_PSK_WITH_ARIA_128_GCM_SHA256"]               =  0xC06A,
 ["TLS_PSK_WITH_ARIA_256_GCM_SHA384"]               =  0xC06B,
 ["TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"]           =  0xC06C,
 ["TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"]           =  0xC06D,
 ["TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"]           =  0xC06E,
 ["TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"]           =  0xC06F,
 ["TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"]         =  0xC070,
 ["TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"]         =  0xC071,
 ["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"]   =  0xC072,
 ["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"]   =  0xC073,
 ["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"]    =  0xC074,
 ["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"]    =  0xC075,
 ["TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"]     =  0xC076,
 ["TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"]     =  0xC077,
 ["TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"]      =  0xC078,
 ["TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"]      =  0xC079,
 ["TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"]           =  0xC07A,
 ["TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"]           =  0xC07B,
 ["TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"]       =  0xC07C,
 ["TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"]       =  0xC07D,
 ["TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"]        =  0xC07E,
 ["TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"]        =  0xC07F,
 ["TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"]       =  0xC080,
 ["TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"]       =  0xC081,
 ["TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"]        =  0xC082,
 ["TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"]        =  0xC083,
 ["TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"]       =  0xC084,
 ["TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"]       =  0xC085,
 ["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"]   =  0xC086,
 ["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"]   =  0xC087,
 ["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"]    =  0xC088,
 ["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"]    =  0xC089,
 ["TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"]     =  0xC08A,
 ["TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"]     =  0xC08B,
 ["TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"]      =  0xC08C,
 ["TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"]      =  0xC08D,
 ["TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"]           =  0xC08E,
 ["TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"]           =  0xC08F,
 ["TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"]       =  0xC090,
 ["TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"]       =  0xC091,
 ["TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"]       =  0xC092,
 ["TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"]       =  0xC093,
 ["TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"]           =  0xC094,
 ["TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"]           =  0xC095,
 ["TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"]       =  0xC096,
 ["TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"]       =  0xC097,
 ["TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"]       =  0xC098,
 ["TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"]       =  0xC099,
 ["TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"]     =  0xC09A,
 ["TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"]     =  0xC09B,
 ["TLS_RSA_WITH_AES_128_CCM"]                       =  0xC09C,
 ["TLS_RSA_WITH_AES_256_CCM"]                       =  0xC09D,
 ["TLS_DHE_RSA_WITH_AES_128_CCM"]                   =  0xC09E,
 ["TLS_DHE_RSA_WITH_AES_256_CCM"]                   =  0xC09F,
 ["TLS_RSA_WITH_AES_128_CCM_8"]                     =  0xC0A0,
 ["TLS_RSA_WITH_AES_256_CCM_8"]                     =  0xC0A1,
 ["TLS_DHE_RSA_WITH_AES_128_CCM_8"]                 =  0xC0A2,
 ["TLS_DHE_RSA_WITH_AES_256_CCM_8"]                 =  0xC0A3,
 ["TLS_PSK_WITH_AES_128_CCM"]                       =  0xC0A4,
 ["TLS_PSK_WITH_AES_256_CCM"]                       =  0xC0A5,
 ["TLS_DHE_PSK_WITH_AES_128_CCM"]                   =  0xC0A6,
 ["TLS_DHE_PSK_WITH_AES_256_CCM"]                   =  0xC0A7,
 ["TLS_PSK_WITH_AES_128_CCM_8"]                     =  0xC0A8,
 ["TLS_PSK_WITH_AES_256_CCM_8"]                     =  0xC0A9,
 ["TLS_PSK_DHE_WITH_AES_128_CCM_8"]                 =  0xC0AA,
 ["TLS_PSK_DHE_WITH_AES_256_CCM_8"]                 =  0xC0AB,
 ["SSL_RSA_FIPS_WITH_DES_CBC_SHA"]                  =  0xFEFE,
 ["SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"]             =  0xFEFF,
 }
 cipherstrength = {
@@ -542,8 +688,11 @@ local function client_hello(t)
 	if t["compressors"] ~= nil then
 		-- Add specified compressors.
 		for _, compressor in pairs(t["compressors"]) do
-			compressors = compressors .. bin.pack("C", COMPRESSORS[compressor])
+      if compressor ~= "NULL" then
        compressors = compressors .. bin.pack("C", COMPRESSORS[compressor])
      end
 		end
    compressors = compressors .. bin.pack("C", 0) -- Always include NULL as last choice
 	else
 		-- Add all known compressors.
 		for _, compressor in pairs(COMPRESSORS) do
@@ -569,9 +718,8 @@ local function client_hello(t)
 	return record_write("handshake", t["protocol"], h .. b)
 end
-local function try_params(host, port, t, name, records)
+local function try_params(host, port, t)
 	local buffer, err, i, record, req, resp, sock, status
 	local condvar = nmap.condvar(records)
 	-- Create socket.
 	sock = nmap.new_socket()
@@ -580,7 +728,6 @@ local function try_params(host, port, t, name, records)
 	if not status then
 		stdnse.print_debug(1, "Can't connect: %s", err)
 		sock:close()
 		condvar "signal"
 		return nil
 	end
@@ -590,7 +737,6 @@ local function try_params(host, port, t, name, records)
 	if not status then
 		stdnse.print_debug(1, "Can't send: %s", err)
 		sock:close()
 		condvar "signal"
 		return nil
 	end
@@ -602,8 +748,7 @@ local function try_params(host, port, t, name, records)
 		status, resp = sock:receive()
 		if not status then
 			sock:close()
-			condvar "signal"
+			return nil
 			return record
 		end
 		buffer = buffer .. resp
@@ -612,159 +757,179 @@ local function try_params(host, port, t, name, records)
 		i, record = record_read(buffer, i)
 		if record ~= nil then
 			sock:close()
-			record.name = name
+			return record
 			table.insert(records, record)
 			condvar "signal"
 			return
 		end
 	end
 end
-local function try_protocol(host, port, protocol)
+local function keys(t)
-	local ciphers, compressors, results
+  local ret = {}
  for k, _ in pairs(t) do
    ret[#ret+1] = k
  end
  return ret
 end
-	local function find_ciphers()
+local function keys_in_chunks(t)
-		local name, protocol_worked, record, results, t,cipherstr
+  local ret = {{}}
-		local records, threads = {}, {}
+  local c = 0
-		local condvar = nmap.condvar(records)
+  local b = 1
  for k, _ in pairs(t) do
    c = c+1
    ret[b][c] = k
    if c > 64 then
      c = 0
      b = b + 1
      ret[b] = {}
    end
  end
  return ret
 end
-		results = {}
+local function remove(t, e)
  for i, v in ipairs(t) do
    if v == e then
      table.remove(t, i)
      return i
    end
  end
  return nil
 end
-		-- Try every cipher.
+local function find_ciphers(host, port, protocol)
-		protocol_worked = false
+  local name, protocol_worked, record, results, t,cipherstr
-		for name, _ in pairs(CIPHERS) do
+  local ciphers = keys_in_chunks(CIPHERS)
  results = {}
  -- Try every cipher.
  protocol_worked = false
  for _, group in ipairs(ciphers) do
    while (next(group)) do
 			-- Create structure.
 			t = {
-				["ciphers"] = {name},
+				["ciphers"] = group,
 				["protocol"] = protocol
 			}
-			-- Try connecting with cipher.
+      record = try_params(host, port, t)
 			local co = stdnse.new_thread(try_params, host, port, t, name, records)
 			threads[co] = true
 		end
 		repeat
 			for thread in pairs(threads) do
 				if coroutine.status(thread) == "dead" then threads[thread] = nil end
 			end
 			if ( next(threads) ) then
 				condvar "wait"
 			end
 		until next(threads) == nil
 		for _, record in ipairs(records) do
 			local name = record.name
 			if record == nil then
 				if protocol_worked then
-					stdnse.print_debug(2, "Cipher %s rejected.", name)
+					stdnse.print_debug(2, "%d ciphers rejected. (No handshake)", #group)
 				else
-					stdnse.print_debug(2, "Cipher %s and/or protocol %s rejected.", name, protocol)
+					stdnse.print_debug(1, "%d ciphers and/or protocol %s rejected. (No handshake)", #group, protocol)
 				end
        break
 			elseif record["protocol"] ~= protocol then
 				stdnse.print_debug(1, "Protocol %s rejected.", protocol)
        protocol_worked = nil
 				break
 			elseif record["type"] == "alert" and record["body"]["description"] == "handshake_failure" then
 				protocol_worked = true
-				stdnse.print_debug(2, "Cipher %s rejected.", name)
+				stdnse.print_debug(2, "%d ciphers rejected.", #group)
        break
 			elseif record["type"] ~= "handshake" or record["body"]["type"] ~= "server_hello" then
 				stdnse.print_debug(2, "Unexpected record received.")
        break
 			else
 				protocol_worked = true
 				name = record["body"]["cipher"]
 				stdnse.print_debug(2, "Cipher %s chosen.", name)
        remove(group, name)
 				-- Add cipher to the list of accepted ciphers.
 				name = record["body"]["cipher"]
 				if rankedciphersfilename and rankedciphers[name] then
 					cipherstr=rankedciphers[name]
 				else
 					cipherstr="unknown strength"
 				end
 				stdnse.print_debug(2, "Strength of %s rated %d.",cipherstr,cipherstrength[cipherstr])
 				if mincipherstrength>cipherstrength[cipherstr] then
 					stdnse.print_debug(2, "Downgrading min cipher strength to %d.",cipherstrength[cipherstr])
 					mincipherstrength=cipherstrength[cipherstr]
 				end
 				name=name.." - "..cipherstr
 				table.insert(results, name)
 			end
 		end
    if protocol_worked == nil then break end
  end
-		return results
+  return results
-	end
+end
-	local function find_compressors()
+local function find_compressors(host, port, protocol, good_cipher)
-		local name, protocol_worked, record, results, t
+  local name, protocol_worked, record, results, t
-		local records, threads = {}, {}
+  local compressors = keys(COMPRESSORS)
 		local condvar = nmap.condvar(records)
-		results = {}
+  results = {}
-		-- Try every compressor.
+  -- Try every compressor.
-		protocol_worked = false
+  protocol_worked = false
-		for name, _ in pairs(COMPRESSORS) do
+  while (next(compressors)) do
-			-- Create structure.
+    -- Create structure.
-			t = {
+    t = {
-				["compressors"] = {name},
+      ["compressors"] = compressors,
-				["protocol"] = protocol
+      ["ciphers"] = {good_cipher},
-			}
+      ["protocol"] = protocol
    }
-			-- Try connecting with compressor.
+    -- Try connecting with compressor.
-			local co = stdnse.new_thread(try_params, host, port, t, name, records)
+    record = try_params(host, port, t)
-			threads[co] = true
+  
-		end
+    if record == nil then
-		
+      if protocol_worked then
-		repeat
+        stdnse.print_debug(2, "%d compressors rejected. (No handshake)", #compressors)
-			for thread in pairs(threads) do
+      else
-				if coroutine.status(thread) == "dead" then threads[thread] = nil end
+        stdnse.print_debug(1, "%d compressors and/or protocol %s rejected. (No handshake)", #compressors, protocol)
-			end
+      end
-			if ( next(threads) ) then
+      break
-				condvar "wait"
+    elseif record["protocol"] ~= protocol then
-			end
+      stdnse.print_debug(1, "Protocol %s rejected.", protocol)
-		until next(threads) == nil
+      break
-		
+    elseif record["type"] == "alert" and record["body"]["description"] == "handshake_failure" then
-		for _, record in ipairs(records) do
+      protocol_worked = true
-			local name = record.name
+      stdnse.print_debug(2, "%d compressors rejected.", #compressors)
-			if record == nil then
+      break
-				if protocol_worked then
+    elseif record["type"] ~= "handshake" or record["body"]["type"] ~= "server_hello" then
-					stdnse.print_debug(2, "Compressor %s rejected.", name)
+      stdnse.print_debug(2, "Unexpected record received.")
-				else
+      break
-					stdnse.print_debug(2, "Compressor %s and/or protocol %s rejected.", name, protocol)
+    else
-				end
+      protocol_worked = true
-			elseif record["protocol"] ~= protocol then
+      name = record["body"]["compressor"]
-				stdnse.print_debug(1, "Protocol %s rejected.", protocol)
+      stdnse.print_debug(2, "Compressor %s chosen.", name)
-				break
+      remove(compressors, name)
 			elseif record["type"] == "alert" and record["body"]["description"] == "handshake_failure" then
 				protocol_worked = true
 				stdnse.print_debug(2, "Compressor %s rejected.", name)
 			elseif record["type"] ~= "handshake" or record["body"]["type"] ~= "server_hello" then
 				stdnse.print_debug(2, "Unexpected record received.")
 			elseif record["body"]["compressor"] ~= name then
 				protocol_worked = true
 				stdnse.print_debug(2, "Compressor %s rejected.", name)
 			else
 				protocol_worked = true
 				stdnse.print_debug(2, "Compressor %s chosen.", name)
-				-- Add compressor to the list of accepted compressors.
+      -- Add compressor to the list of accepted compressors.
-				table.insert(results, name)
+      table.insert(results, name)
-			end
+      if name == "NULL" then
-		end
+        break -- NULL is always last choice, and must be included
      end
    end
  end
-		return results
+  return results
-	end
+end
 local function try_protocol(host, port, protocol, upresults)
 	local ciphers, compressors, results
  local condvar = nmap.condvar(upresults)
 	results = {}
 	-- Find all valid ciphers.
-	ciphers = find_ciphers()
+	ciphers = find_ciphers(host, port, protocol)
 	if #ciphers == 0 then
-		return {}
+    condvar "signal"
    return nil
 	end
 	-- Find all valid compression methods.
-	compressors = find_compressors()
+	compressors = find_compressors(host, port, protocol, ciphers[1])
  -- Add rankings to ciphers
  for i, name in ipairs(ciphers) do
    if rankedciphersfilename and rankedciphers[name] then
      cipherstr=rankedciphers[name]
    else
      cipherstr="unknown strength"
    end
    stdnse.print_debug(2, "Strength of %s rated %d.",cipherstr,cipherstrength[cipherstr])
    if mincipherstrength>cipherstrength[cipherstr] then
      stdnse.print_debug(2, "Downgrading min cipher strength to %d.",cipherstrength[cipherstr])
      mincipherstrength=cipherstrength[cipherstr]
    end
    ciphers[i]=name.." - "..cipherstr
  end
 	-- Format the cipher table.
 	table.sort(ciphers)
@@ -776,7 +941,12 @@ local function try_protocol(host, port, protocol)
 	compressors["name"] = "Compressors (" .. #compressors .. ")"
 	table.insert(results, compressors)
-	return results
+  if #results > 0 then
    results["name"] = protocol
    table.insert(upresults, results)
  end
  condvar "signal"
  return nil
 end
 -- Shamelessly stolen from nselib/unpwdb.lua and changed a bit. (Gabriel Lawrence)
@@ -830,15 +1000,24 @@ action = function(host, port)
 	results = {}
  local condvar = nmap.condvar(results)
  local threads = {}
 	for name, _ in pairs(PROTOCOLS) do
 		stdnse.print_debug(1, "Trying protocol %s.", name)
-		result = try_protocol(host.ip, port.number, name)
+		local co = stdnse.new_thread(try_protocol, host.ip, port.number, name, results)
-		if #result > 0 then
+    threads[co] = true
 			result["name"] = name
 			table.insert(results, result)
 		end
 	end
  repeat
    for thread in pairs(threads) do
      if coroutine.status(thread) == "dead" then threads[thread] = nil end
    end
    if ( next(threads) ) then
      condvar "wait"
    end
  until next(threads) == nil
 	-- Sort protocol results by name.
 	table.sort(results, function(a, b) return a["name"] < b["name"] end)
 	if rankedciphersfilename then