Our cipher specialist dug down a bit further on this. The patch is quite
massive, but we tested exhaustively internally.
Credit due to Pierre-David Oriol.
Added new missing ciphers.
Merged cipher list in a single cipher list for SSLv3, TLS1, 1.1, 1.2 since
there are plenty of webservers that allow out-of-spec ciphers to be used
for any of these protocols.
Renamed ciphers according to the IANA naming convention.
Combined double assigned ciphers in order to slightly reduce requests.
Transcribed the existing cipher ratings in the new list.
Marked All DES/3DES/RC4 additions as weak. When in conflict (double cipher
code attributions in drafts), used the lowest strength.
Modified the ssl tests to identify specifically TLS 1.1 (not using the same
cipher table as TLS 1.0 anymore).
Adjusted references to TLS_1_2 and TLS1_ to fit the new naming, added
TLS1_1 where TLS_1 was present (BSI requirements).
Add missing CVEs to generic TLS/SSL problems that cause ciphers to be
considered "weak".
--
LP
Index: scripts/2012/gb_secpod_ssl_ciphers_weak_report.nasl
===================================================================
--- scripts/2012/gb_secpod_ssl_ciphers_weak_report.nasl (revision 4183)
+++ scripts/2012/gb_secpod_ssl_ciphers_weak_report.nasl (working copy)
@@ -30,7 +30,7 @@
{
script_oid('1.3.6.1.4.1.25623.1.0.103440');
script_version("$Revision$");
- script_cve_id("CVE-2016-2183");
+ script_cve_id("CVE-2013-2566", "CVE-2015-4000", "CVE-2016-2183");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"$Date$");
@@ -54,12 +54,12 @@
- All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol.
- - RC4 is considered to be weak.
+ - RC4 is considered to be weak (CVE-2013-2566).
- - 64-bit block cipher 3DES vulnerable to SWEET32 attack(CVE-2016-2183).
+ - 64-bit block cipher 3DES vulnerable to SWEET32 attack (CVE-2016-2183).
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods
- and therefore considered as weak.
+ and therefore considered as weak (CVE-2015-4000).
- 1024 bit RSA authentication is considered to be insecure and therefore as weak.
Index: scripts/2016/gb_ssl_dh_weak_keysize_vuln.nasl
===================================================================
--- scripts/2016/gb_ssl_dh_weak_keysize_vuln.nasl (revision 4183)
+++ scripts/2016/gb_ssl_dh_weak_keysize_vuln.nasl (working copy)
@@ -71,17 +71,17 @@
include("misc_func.inc");
include("ssl_funcs.inc");
-dhe_ciphers = raw_string(0x00, 0xA3) + # TLS_1_2_DHE_DSS_WITH_AES_256_GCM_SHA384
- raw_string(0x00, 0x9F) + # TLS_1_2_DHE_RSA_WITH_AES_256_GCM_SHA384
- raw_string(0x00, 0x6B) + # TLS_1_2_DHE_RSA_WITH_AES_256_CBC_SHA256
- raw_string(0x00, 0x6A) + # TLS_1_2_DHE_DSS_WITH_AES_256_CBC_SHA256
+dhe_ciphers = raw_string(0x00, 0xA3) + # TLS1_2_DHE_DSS_WITH_AES_256_GCM_SHA384
+ raw_string(0x00, 0x9F) + # TLS1_2_DHE_RSA_WITH_AES_256_GCM_SHA384
+ raw_string(0x00, 0x6B) + # TLS1_2_DHE_RSA_WITH_AES_256_CBC_SHA256
+ raw_string(0x00, 0x6A) + # TLS1_2_DHE_DSS_WITH_AES_256_CBC_SHA256
raw_string(0x00, 0x39) + # SSL3_DHE_RSA_WITH_AES_256_SHA
raw_string(0x00, 0x38) + # SSL3_DHE_DSS_WITH_AES_256_SHA
raw_string(0x00, 0x87) + # SSL3_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
- raw_string(0x00, 0xA2) + # TLS_1_2_DHE_DSS_WITH_AES_128_GCM_SHA256
- raw_string(0x00, 0x9E) + # TLS_1_2_DHE_RSA_WITH_AES_128_GCM_SHA256
- raw_string(0x00, 0x67) + # TLS_1_2_DHE_RSA_WITH_AES_128_CBC_SHA256
- raw_string(0x00, 0x40) + # TLS_1_2_DHE_DSS_WITH_AES_128_CBC_SHA256
+ raw_string(0x00, 0xA2) + # TLS1_2_DHE_DSS_WITH_AES_128_GCM_SHA256
+ raw_string(0x00, 0x9E) + # TLS1_2_DHE_RSA_WITH_AES_128_GCM_SHA256
+ raw_string(0x00, 0x67) + # TLS1_2_DHE_RSA_WITH_AES_128_CBC_SHA256
+ raw_string(0x00, 0x40) + # TLS1_2_DHE_DSS_WITH_AES_128_CBC_SHA256
raw_string(0x00, 0x33) + # SSL3_DHE_RSA_WITH_AES_128_SHA
raw_string(0x00, 0x32) + # TLS1_DHE_DSS_WITH_AES_128_SHA
raw_string(0x00, 0x9A) + # TLS1_DHE_RSA_WITH_SEED_SHA
Index: scripts/Policy/policy_BSI-TR-03116-4.nasl
===================================================================
--- scripts/Policy/policy_BSI-TR-03116-4.nasl (revision 4183)
+++ scripts/Policy/policy_BSI-TR-03116-4.nasl (working copy)
@@ -64,16 +64,20 @@
if( ! ciphers ) exit( 0 );
-check_ciphers = make_list( "TLS1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
- "TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
- "TLS_1_2_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
- "TLS1_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- "TLS_1_2_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
- "TLS_1_2_RSA_PSK_WITH_AES_128_CBC_SHA256",
- "TLS1_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
- "TLS_1_2_ECDHE_PSK_WITH_AES_128_CBC_SHA256" );
+check_ciphers = make_list( "TLS1_0_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS1_1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS1_2_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS1_0_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS1_1_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS1_2_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS1_0_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS1_1_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS1_2_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS1_2_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS1_2_RSA_PSK_WITH_AES_128_CBC_SHA256",
+ "TLS1_0_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
+ "TLS1_1_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
+ "TLS1_2_ECDHE_PSK_WITH_AES_128_CBC_SHA256" );
foreach check_cipher( check_ciphers ) {
if( check_cipher >< ciphers ) {
Index: scripts/secpod_ssl_ciphers.inc
===================================================================
--- scripts/secpod_ssl_ciphers.inc (revision 4183)
+++ scripts/secpod_ssl_ciphers.inc (working copy)
@@ -32,434 +32,447 @@
# NOTE: Rationales for cipher classification should also be included in the
# vulnerability insight in 2012/gb_secpod_ssl_ciphers_weak_report.nasl
-## Mapping SSLv2 Cipher codes and Display Names
-## All SSLv2 Cipher are considered weak due to a design flaw within the SSLv2 protocol.
-sslv2_ciphers = make_array(
- "SSL2_NULL_WITH_MD5 : Weak cipher", raw_string(0x00, 0x00, 0x00),
- "SSL2_RC4_128_MD5 : Weak cipher", raw_string(0x01, 0x00, 0x80),
- "SSL2_RC4_128_EXPORT40_WITH_MD5 : Weak cipher", raw_string(0x02, 0x00, 0x80),
- "SSL2_RC2_CBC_128_CBC_WITH_MD5 : Weak cipher", raw_string(0x03, 0x00, 0x80),
- "SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : Weak cipher", raw_string(0x04, 0x00, 0x80),
- "SSL2_IDEA_128_CBC_WITH_MD5 : Weak cipher", raw_string(0x05, 0x00, 0x80),
- "SSL2_DES_64_CBC_WITH_MD5 : Weak cipher", raw_string(0x06, 0x00, 0x40),
- "SSL2_DES_64_CBC_WITH_SHA : Weak cipher", raw_string(0x06, 0x01, 0x40),
- "SSL2_DES_192_EDE3_CBC_WITH_MD5 : Weak cipher", raw_string(0x07, 0x00, 0xc0),
- "SSL2_DES_192_EDE3_CBC_WITH_SHA : Weak cipher", raw_string(0x07, 0x01, 0xc0),
- "SSL2_RC4_64_WITH_MD5 : Weak cipher", raw_string(0x08, 0x00, 0x80),
- "SSL2_DES_64_CFB64_WITH_MD5_1 : Weak cipher", raw_string(0xff, 0x08, 0x00),
- "SSL2_NULL : Weak cipher", raw_string(0xff, 0x08, 0x10),
- "SSL2_UNKNOWN : UNKNOWN", raw_string(0x06, 0x00, 0x80)
- );
+## All SSLv2 Cipher are considered weak due to a design flaw within the SSLv2 protocol.
+sslv2_ciphers = make_array(
+## List according to https://tools.ietf.org/html/draft-hickman-netscape-ssl-00
+ "SSL2_RC4_128_WITH_MD5 : Weak cipher", raw_string(0x01, 0x00, 0x80),
+ "SSL2_RC4_128_EXPORT40_WITH_MD5 : Weak cipher", raw_string(0x02, 0x00, 0x80),
+ "SSL2_RC2_CBC_128_CBC_WITH_MD5 : Weak cipher", raw_string(0x03, 0x00, 0x80),
+ "SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : Weak cipher", raw_string(0x04, 0x00, 0x80),
+ "SSL2_IDEA_128_CBC_WITH_MD5 : Weak cipher", raw_string(0x05, 0x00, 0x80),
+ "SSL2_DES_64_CBC_WITH_MD5 : Weak cipher", raw_string(0x06, 0x00, 0x40),
+ "SSL2_DES_192_EDE3_CBC_WITH_MD5 : Weak cipher", raw_string(0x07, 0x00, 0xc0),
+
+## Out of spec ciphers supported by some webservers (SSLEay, MS, etc.)
+ "SSL2_NULL : No cipher", raw_string(0xff, 0x08, 0x10),
+ "SSL2_NULL_WITH_MD5 : No cipher", raw_string(0x00, 0x00, 0x00),
+ "SSL2_DES_192_EDE3_CBC_WITH_SHA : Weak cipher", raw_string(0x07, 0x01, 0xc0),
+ "SSL2_RC4_64_WITH_MD5 : Weak cipher", raw_string(0x08, 0x00, 0x80),
+ "SSL2_DES_64_CBC_WITH_SHA : Weak cipher", raw_string(0x06, 0x01, 0x40),
+ "SSL2_DES_64_CFB64_WITH_MD5_1 : Weak cipher", raw_string(0xff, 0x08, 0x00),
+ "SSL2_UNKNOWN : UNKNOWN", raw_string(0x06, 0x00, 0x80)
+ );
+
+
+## Mapping all other protocols Cipher codes and display names
+## Testing for all existing ciphers codes (Except reserved/unassigned) for all protocols since some webservers aren't fully spec-compliant.
+## Naming following the http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml pattern.
+function create_protocol_cipher_list(protocol_prefix)
+{
+ cipher_list = make_array(
+ protocol_prefix + "NULL_WITH_NULL_NULL : No cipher, no authentication", raw_string(0x00, 0x00),
+ protocol_prefix + "RSA_WITH_NULL_MD5 : No cipher", raw_string(0x00, 0x01),
+ protocol_prefix + "RSA_WITH_NULL_SHA : No cipher", raw_string(0x00, 0x02),
+ protocol_prefix + "RSA_EXPORT_WITH_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x03),
+ protocol_prefix + "RSA_WITH_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x04),
+ protocol_prefix + "RSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x05),
+ protocol_prefix + "RSA_EXPORT_WITH_RC2_CBC_40_MD5 : Weak cipher", raw_string(0x00, 0x06),
+ protocol_prefix + "RSA_WITH_IDEA_CBC_SHA : Medium cipher", raw_string(0x00, 0x07),
+ protocol_prefix + "RSA_EXPORT_WITH_DES40_CBC_SHA : Weak cipher", raw_string(0x00, 0x08),
+ protocol_prefix + "RSA_WITH_DES_CBC_SHA : Weak cipher", raw_string(0x00, 0x09),
+ protocol_prefix + "RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x0A),
+ protocol_prefix + "DH_DSS_EXPORT_WITH_DES40_CBC_SHA : Weak cipher", raw_string(0x00, 0x0B),
+ protocol_prefix + "DH_DSS_WITH_DES_CBC_SHA : Weak cipher", raw_string(0x00, 0x0C),
+ protocol_prefix + "DH_DSS_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x0D),
+ protocol_prefix + "DH_RSA_EXPORT_WITH_DES40_CBC_SHA : Weak cipher", raw_string(0x00, 0x0E),
+ protocol_prefix + "DH_RSA_WITH_DES_CBC_SHA : Weak cipher", raw_string(0x00, 0x0F),
+ protocol_prefix + "DH_RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x10),
+ protocol_prefix + "DHE_DSS_EXPORT_WITH_DES40_CBC_SHA : Weak cipher", raw_string(0x00, 0x11),
+ protocol_prefix + "DHE_DSS_WITH_DES_CBC_SHA : Weak cipher", raw_string(0x00, 0x12),
+ protocol_prefix + "DHE_DSS_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x13),
+ protocol_prefix + "DHE_RSA_EXPORT_WITH_DES40_CBC_SHA : Weak cipher", raw_string(0x00, 0x14),
+ protocol_prefix + "DHE_RSA_WITH_DES_CBC_SHA : Weak cipher", raw_string(0x00, 0x15),
+ protocol_prefix + "DHE_RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x16),
+ protocol_prefix + "DH_anon_EXPORT_WITH_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x17),
+ protocol_prefix + "DH_anon_WITH_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x18),
+ protocol_prefix + "DH_anon_EXPORT_WITH_DES40_CBC_SHA : Weak cipher", raw_string(0x00, 0x19),
+ protocol_prefix + "DH_anon_WITH_DES_CBC_SHA : Weak cipher", raw_string(0x00, 0x1A),
+ protocol_prefix + "DH_anon_WITH_3DES_EDE_CBC_SHA : Medium cipher", raw_string(0x00, 0x1B),
+ protocol_prefix + "FORTEZZA_KEA_WITH_NULL_SHA : No cipher", raw_string(0x00, 0x1C),
+ protocol_prefix + "FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA : Weak cipher", raw_string(0x00, 0x1D),
+ # Cipher suite ID 0x001E is double-attributed.
+ protocol_prefix + "FORTEZZA_KEA_WITH_RC4_128_SHA or " + protocol_prefix + "KRB5_WITH_DES_CBC_SHA : Weak cipher", raw_string(0x00, 0x1E),
+ protocol_prefix + "KRB5_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x1F),
+ protocol_prefix + "KRB5_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x20),
+ protocol_prefix + "KRB5_WITH_IDEA_CBC_SHA : Medium cipher", raw_string(0x00, 0x21),
+ protocol_prefix + "KRB5_WITH_DES_CBC_MD5 : Weak cipher", raw_string(0x00, 0x22),
+ protocol_prefix + "KRB5_WITH_3DES_EDE_CBC_MD5 : Weak cipher", raw_string(0x00, 0x23),
+ protocol_prefix + "KRB5_WITH_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x24),
+ protocol_prefix + "KRB5_WITH_IDEA_CBC_MD5 : Medium cipher", raw_string(0x00, 0x25),
+ protocol_prefix + "KRB5_EXPORT_WITH_DES_CBC_40_SHA : Weak cipher", raw_string(0x00, 0x26),
+ protocol_prefix + "KRB5_EXPORT_WITH_RC2_CBC_40_SHAA : Weak cipher", raw_string(0x00, 0x27),
+ protocol_prefix + "KRB5_EXPORT_WITH_RC4_40_SHA : Weak cipher", raw_string(0x00, 0x28),
+ protocol_prefix + "KRB5_EXPORT_WITH_DES_CBC_40_MD5 : Weak cipher", raw_string(0x00, 0x29),
+ protocol_prefix + "KRB5_EXPORT_WITH_RC2_CBC_40_MD5 : Weak cipher", raw_string(0x00, 0x2A),
+ protocol_prefix + "KRB5_EXPORT_WITH_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x2B),
+ protocol_prefix + "PSK_WITH_NULL_SHA : No cipher", raw_string(0x00, 0x2C),
+ protocol_prefix + "DHE_PSK_WITH_NULL_SHA : No cipher", raw_string(0x00, 0x2D),
+ protocol_prefix + "RSA_PSK_WITH_NULL_SHA : No cipher", raw_string(0x00, 0x2E),
+ protocol_prefix + "RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x2F),
+ protocol_prefix + "DH_DSS_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x30),
+ protocol_prefix + "DH_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x31),
+ protocol_prefix + "DHE_DSS_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x32),
+ protocol_prefix + "DHE_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x33),
+ protocol_prefix + "DH_anon_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x34),
+ protocol_prefix + "RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x35),
+ protocol_prefix + "DH_DSS_WITH_AES_256_CBC_SHA : Strong cipher", raw_string(0x00, 0x36),
+ protocol_prefix + "DH_RSA_WITH_AES_256_CBC_SHA : Strong cipher", raw_string(0x00, 0x37),
+ protocol_prefix + "DHE_DSS_WITH_AES_256_CBC_SHA : Strong cipher", raw_string(0x00, 0x38),
+ protocol_prefix + "DHE_RSA_WITH_AES_256_CBC_SHA : Strong cipher", raw_string(0x00, 0x39),
+ protocol_prefix + "DH_anon_WITH_AES_256_CBC_SHA : Strong cipher", raw_string(0x00, 0x3A),
+ protocol_prefix + "RSA_WITH_NULL_SHA256 : No cipher", raw_string(0x00, 0x3B),
+ protocol_prefix + "RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x3C),
+ protocol_prefix + "RSA_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x3D),
+ protocol_prefix + "DH_DSS_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x3E),
+ protocol_prefix + "DH_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x3F),
+ protocol_prefix + "DHE_DSS_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x40),
+ protocol_prefix + "RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x41),
+ protocol_prefix + "DH_DSS_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x42),
+ protocol_prefix + "DH_RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x43),
+ protocol_prefix + "DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x44),
+ protocol_prefix + "DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x45),
+ protocol_prefix + "DH_anon_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x46),
+
+ ## 0x0047->0x0066 are unassigned/reserved cipher codes for draft/temporary implementations & backward compatibility.
+ ## Some servers do implement those.
+ protocol_prefix + "ECDH_ECDSA_WITH_NULL_SHA (Draft) : No cipher", raw_string(0x00, 0x47),
+ protocol_prefix + "ECDH_ECDSA_WITH_RC4_128_SHA (Draft) : Weak cipher", raw_string(0x00, 0x48),
+ protocol_prefix + "ECDH_ECDSA_WITH_DES_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x49),
+ protocol_prefix + "ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x4A),
+ protocol_prefix + "ECDH_ECDSA_WITH_AES_128_CBC_SHA (Draft) or " + protocol_prefix + "ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA (Draft) : Weak cipher", raw_string(0x00, 0x4B),
+ protocol_prefix + "ECDH_ECDSA_WITH_AES_256_CBC_SHA (Draft) or " + protocol_prefix + "ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA (Draft) : Weak cipher", raw_string(0x00, 0x4C),
+ protocol_prefix + "ECDH_RSA_WITH_NULL_SHA (Draft) : No cipher", raw_string(0x00, 0x4D),
+ protocol_prefix + "ECDH_RSA_WITH_RC4_128_SHA (Draft) : Weak cipher", raw_string(0x00, 0x4E),
+ protocol_prefix + "ECDH_RSA_WITH_DES_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x4F),
+ protocol_prefix + "ECDH_RSA_WITH_3DES_EDE_CBC_SHA (Draft) or " + protocol_prefix + "SRP_SHA_WITH_3DES_EDE_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x50),
+ protocol_prefix + "ECDH_RSA_WITH_AES_128_CBC_SHA (Draft) or " + protocol_prefix + "SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x51),
+ protocol_prefix + "ECDH_RSA_WITH_AES_256_CBC_SHA (Draft) or " + protocol_prefix + "SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x52),
+ protocol_prefix + "ECDH_RSA_EXPORT_WITH_RC4_40_SHA (Draft) or " + protocol_prefix + "SRP_SHA_WITH_AES_128_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x53),
+ protocol_prefix + "ECDH_RSA_EXPORT_WITH_RC4_56_SHA (Draft) or " + protocol_prefix + "SRP_SHA_RSA_WITH_AES_128_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x54),
+ protocol_prefix + "ECDH_anon_NULL_WITH_SHA (Draft) or " + protocol_prefix + "SRP_SHA_DSS_WITH_AES_128_CBC_SHA (Draft) : No cipher", raw_string(0x00, 0x55),
+ protocol_prefix + "ECDH_anon_WITH_RC4_128_SHA (Draft) or " + protocol_prefix + "SRP_SHA_WITH_AES_256_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x56),
+ protocol_prefix + "ECDH_anon_WITH_DES_CBC_SHA (Draft) or " + protocol_prefix + "SRP_SHA_RSA_WITH_AES_256_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x57),
+ protocol_prefix + "ECDH_anon_WITH_3DES_EDE_CBC_SHA (Draft) or " + protocol_prefix + "SRP_SHA_DSS_WITH_AES_256_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x58),
+ protocol_prefix + "ECDH_anon_EXPORT_WITH_DES40_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x59),
+ protocol_prefix + "ECDH_anon_EXPORT_WITH_RC4_40_SHA (Draft) : Weak cipher", raw_string(0x00, 0x5A),
+ protocol_prefix + "ECDH_anon_EXPORT_WITH_DES40_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x5B),
+ protocol_prefix + "ECDH_anon_EXPORT_WITH_RC4_40_SHA (Draft) : Weak cipher", raw_string(0x00, 0x5C),
+ protocol_prefix + "RSA_EXPORT1024_WITH_RC4_56_MD5 : Weak cipher, weak authentication", raw_string(0x00, 0x60),
+ protocol_prefix + "RSA_EXPORT1024_WITH_RC2_CBC_56_MD,5 : Weak cipher, weak authentication", raw_string(0x00, 0x61),
+ protocol_prefix + "RSA_EXPORT1024_WITH_DES_CBC_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x62),
+ protocol_prefix + "DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x63),
+ protocol_prefix + "RSA_EXPORT1024_WITH_RC4_56_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x64),
+ protocol_prefix + "DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x65),
+ protocol_prefix + "DHE_DSS_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x66),
+
+ protocol_prefix + "DHE_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x67),
+ protocol_prefix + "DH_DSS_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x68),
+ protocol_prefix + "DH_RSA_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x69),
+ protocol_prefix + "DHE_DSS_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x6A),
+ protocol_prefix + "DHE_RSA_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x6B),
+ protocol_prefix + "DH_anon_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x6C),
+ protocol_prefix + "DH_anon_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x6D),
+
+ ## 0x006E->0x0083 are reserved/unassigned cipher codes for draft/temporary implementations & backward compatibility.
+ protocol_prefix + "KRB5_WITH_3DES_EDE_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x70),
+ protocol_prefix + "KRB5_WITH_3DES_EDE_CBC_MD5 (Draft) : Weak cipher", raw_string(0x00, 0x71),
+ protocol_prefix + "KRB5_WITH_RC4_128_SHA (Draft) : Weak cipher", raw_string(0x00, 0x72),
+ protocol_prefix + "KRB5_WITH_RC4_128_MD5 (Draft) : Weak cipher", raw_string(0x00, 0x73),
+ protocol_prefix + "KRB5_WITH_DES_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x74),
+ protocol_prefix + "KRB5_WITH_DES_CBC_MD5 (Draft) : Weak cipher", raw_string(0x00, 0x75),
+ protocol_prefix + "KRB5_WITH_AES_128_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x76),
+ protocol_prefix + "KRB5_WITH_AES_256_CBC_SHA (Draft) : Weak cipher", raw_string(0x00, 0x77),
+ protocol_prefix + "KRB5_WITH_NULL_SHA (Draft) : No cipher", raw_string(0x00, 0x78),
+ protocol_prefix + "KRB5_WITH_NULL_MD5 (Draft) : No cipher", raw_string(0x00, 0x79),
+
+ protocol_prefix + "RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x84),
+ protocol_prefix + "DH_DSS_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x85),
+ protocol_prefix + "DH_RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x86),
+ protocol_prefix + "DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x87),
+ protocol_prefix + "DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x88),
+ protocol_prefix + "DH_anon_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x89),
+ protocol_prefix + "PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x8A),
+ protocol_prefix + "PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x8B),
+ protocol_prefix + "PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x8C),
+ protocol_prefix + "PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x8D),
+ protocol_prefix + "DHE_PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x8E),
+ protocol_prefix + "DHE_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x8F),
+ protocol_prefix + "DHE_PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x90),
+ protocol_prefix + "DHE_PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x91),
+ protocol_prefix + "RSA_PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x92),
+ protocol_prefix + "RSA_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x93),
+ protocol_prefix + "RSA_PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x94),
+ protocol_prefix + "RSA_PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x95),
+ protocol_prefix + "RSA_WITH_SEED_CBC_SHA : Weak cipher", raw_string(0x00, 0x96),
+ protocol_prefix + "DH_DSS_WITH_SEED_CBC_SHA : Medium cipher", raw_string(0x00, 0x97),
+ protocol_prefix + "DH_RSA_WITH_SEED_CBC_SHA : Medium cipher", raw_string(0x00, 0x98),
+ protocol_prefix + "DHE_DSS_WITH_SEED_CBC_SHA : Medium cipher", raw_string(0x00, 0x99),
+ protocol_prefix + "DHE_RSA_WITH_SEED_CBC_SHA : Medium cipher", raw_string(0x00, 0x9A),
+ protocol_prefix + "DH_anon_WITH_SEED_CBC_SHA : Medium cipher", raw_string(0x00, 0x9B),
+ protocol_prefix + "RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0x9C),
+ protocol_prefix + "RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0x9D),
+ protocol_prefix + "DHE_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0x9E),
+ protocol_prefix + "DHE_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0x9F),
+ protocol_prefix + "DH_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA0),
+ protocol_prefix + "DH_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA1),
+ protocol_prefix + "DHE_DSS_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA2),
+ protocol_prefix + "DHE_DSS_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA3),
+ protocol_prefix + "DH_DSS_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA4),
+ protocol_prefix + "DH_DSS_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA5),
+ protocol_prefix + "DH_anon_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA6),
+ protocol_prefix + "DH_anon_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA7),
+ protocol_prefix + "PSK_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA8),
+ protocol_prefix + "PSK_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA9),
+ protocol_prefix + "DHE_PSK_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xAA),
+ protocol_prefix + "DHE_PSK_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xAB),
+ protocol_prefix + "RSA_PSK_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xAC),
+ protocol_prefix + "RSA_PSK_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xAD),
+ protocol_prefix + "PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xAE),
+ protocol_prefix + "PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0x00, 0xAF),
+ protocol_prefix + "PSK_WITH_NULL_SHA256 : No cipher", raw_string(0x00, 0xB0),
+ protocol_prefix + "PSK_WITH_NULL_SHA384 : No cipher", raw_string(0x00, 0xB1),
+ protocol_prefix + "DHE_PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xB2),
+ protocol_prefix + "DHE_PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0x00, 0xB3),
+ protocol_prefix + "DHE_PSK_WITH_NULL_SHA256 : No cipher", raw_string(0x00, 0xB4),
+ protocol_prefix + "DHE_PSK_WITH_NULL_SHA384 : No cipher", raw_string(0x00, 0xB5),
+ protocol_prefix + "RSA_PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xB6),
+ protocol_prefix + "RSA_PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0x00, 0xB7),
+ protocol_prefix + "RSA_PSK_WITH_NULL_SHA256 : No cipher", raw_string(0x00, 0xB8),
+ protocol_prefix + "RSA_PSK_WITH_NULL_SHA384 : No cipher", raw_string(0x00, 0xB9),
+ protocol_prefix + "RSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xBA),
+ protocol_prefix + "DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xBB),
+ protocol_prefix + "DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xBC),
+ protocol_prefix + "DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xBD),
+ protocol_prefix + "DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xBE),
+ protocol_prefix + "DH_anon_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xBF),
+ protocol_prefix + "RSA_WITH_CAMELLIA_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xC0),
+ protocol_prefix + "DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xC1),
+ protocol_prefix + "DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xC2),
+ protocol_prefix + "DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xC3),
+ protocol_prefix + "DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xC4),
+ protocol_prefix + "DH_anon_WITH_CAMELLIA_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xC5),
+ protocol_prefix + "ECDH_ECDSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x01),
+ protocol_prefix + "ECDH_ECDSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x02),
+ protocol_prefix + "ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x03),
+ protocol_prefix + "ECDH_ECDSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x04),
+ protocol_prefix + "ECDH_ECDSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x05),
+ protocol_prefix + "ECDHE_ECDSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x06),
+ protocol_prefix + "ECDHE_ECDSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x07),
+ protocol_prefix + "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x08),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x09),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0A),
+ protocol_prefix + "ECDH_RSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x0B),
+ protocol_prefix + "ECDH_RSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x0C),
+ protocol_prefix + "ECDH_RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x0D),
+ protocol_prefix + "ECDH_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0E),
+ protocol_prefix + "ECDH_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0F),
+ protocol_prefix + "ECDHE_RSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x10),
+ protocol_prefix + "ECDHE_RSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x11),
+ protocol_prefix + "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x12),
+ protocol_prefix + "ECDHE_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x13),
+ protocol_prefix + "ECDHE_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x14),
+ protocol_prefix + "ECDH_anon_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x15),
+ protocol_prefix + "ECDH_anon_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x16),
+ protocol_prefix + "ECDH_anon_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x17),
+ protocol_prefix + "ECDH_anon_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x18),
+ protocol_prefix + "ECDH_anon_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x19),
+ protocol_prefix + "SRP_SHA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x1A),
+ protocol_prefix + "SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x1B),
+ protocol_prefix + "SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x1C),
+ protocol_prefix + "SRP_SHA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x1D),
+ protocol_prefix + "SRP_SHA_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x1E),
+ protocol_prefix + "SRP_SHA_DSS_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x1F),
+ protocol_prefix + "SRP_SHA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x20),
+ protocol_prefix + "SRP_SHA_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x21),
+ protocol_prefix + "SRP_SHA_DSS_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x22),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x23),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x24),
+ protocol_prefix + "ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x25),
+ protocol_prefix + "ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x26),
+ protocol_prefix + "ECDHE_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x27),
+ protocol_prefix + "ECDHE_RSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x28),
+ protocol_prefix + "ECDH_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x29),
+ protocol_prefix + "ECDH_RSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x2A),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x2B),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x2C),
+ protocol_prefix + "ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x2D),
+ protocol_prefix + "ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x2E),
+ protocol_prefix + "ECDHE_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x2F),
+ protocol_prefix + "ECDHE_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x30),
+ protocol_prefix + "ECDH_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x31),
+ protocol_prefix + "ECDH_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x32),
+ protocol_prefix + "ECDHE_PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x33),
+ protocol_prefix + "ECDHE_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x34),
+ protocol_prefix + "ECDHE_PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x35),
+ protocol_prefix + "ECDHE_PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x36),
+ protocol_prefix + "ECDHE_PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x37),
+ protocol_prefix + "ECDHE_PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x38),
+ protocol_prefix + "ECDHE_PSK_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x39),
+ protocol_prefix + "ECDHE_PSK_WITH_NULL_SHA256 : No cipher", raw_string(0xC0, 0x3A),
+ protocol_prefix + "ECDHE_PSK_WITH_NULL_SHA384 : No cipher", raw_string(0xC0, 0x3B),
+ protocol_prefix + "RSA_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x3C),
+ protocol_prefix + "RSA_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x3D),
+ protocol_prefix + "DH_DSS_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x3E),
+ protocol_prefix + "DH_DSS_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x3F),
+ protocol_prefix + "DH_RSA_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x40),
+ protocol_prefix + "DH_RSA_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x41),
+ protocol_prefix + "DHE_DSS_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x42),
+ protocol_prefix + "DHE_DSS_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x43),
+ protocol_prefix + "DHE_RSA_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x44),
+ protocol_prefix + "DHE_RSA_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x45),
+ protocol_prefix + "DH_anon_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x46),
+ protocol_prefix + "DH_anon_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x47),
+ protocol_prefix + "ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x48),
+ protocol_prefix + "ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x49),
+ protocol_prefix + "ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x4A),
+ protocol_prefix + "ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x4B),
+ protocol_prefix + "ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x4C),
+ protocol_prefix + "ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x4D),
+ protocol_prefix + "ECDH_RSA_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x4E),
+ protocol_prefix + "ECDH_RSA_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x4F),
+ protocol_prefix + "RSA_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x50),
+ protocol_prefix + "RSA_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x51),
+ protocol_prefix + "DHE_RSA_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x52),
+ protocol_prefix + "DHE_RSA_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x53),
+ protocol_prefix + "DH_RSA_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x54),
+ protocol_prefix + "DH_RSA_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x55),
+ protocol_prefix + "DHE_DSS_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x56),
+ protocol_prefix + "DHE_DSS_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x57),
+ protocol_prefix + "DH_DSS_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x58),
+ protocol_prefix + "DH_DSS_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x59),
+ protocol_prefix + "DH_anon_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x5A),
+ protocol_prefix + "DH_anon_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x5B),
+ protocol_prefix + "ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x5C),
+ protocol_prefix + "ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x5D),
+ protocol_prefix + "ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x5E),
+ protocol_prefix + "ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x5F),
+ protocol_prefix + "ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x60),
+ protocol_prefix + "ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x61),
+ protocol_prefix + "ECDH_RSA_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x62),
+ protocol_prefix + "ECDH_RSA_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x63),
+ protocol_prefix + "PSK_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x64),
+ protocol_prefix + "PSK_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x65),
+ protocol_prefix + "DHE_PSK_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x66),
+ protocol_prefix + "DHE_PSK_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x67),
+ protocol_prefix + "RSA_PSK_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x68),
+ protocol_prefix + "RSA_PSK_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x69),
+ protocol_prefix + "PSK_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x6A),
+ protocol_prefix + "PSK_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x6B),
+ protocol_prefix + "DHE_PSK_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x6C),
+ protocol_prefix + "DHE_PSK_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x6D),
+ protocol_prefix + "RSA_PSK_WITH_ARIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x6E),
+ protocol_prefix + "RSA_PSK_WITH_ARIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x6F),
+ protocol_prefix + "ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x70),
+ protocol_prefix + "ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x71),
+ protocol_prefix + "ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x72),
+ protocol_prefix + "ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x73),
+ protocol_prefix + "ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x74),
+ protocol_prefix + "ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x75),
+ protocol_prefix + "ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x76),
+ protocol_prefix + "ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x77),
+ protocol_prefix + "ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x78),
+ protocol_prefix + "ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x79),
+ protocol_prefix + "RSA_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x7A),
+ protocol_prefix + "RSA_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x7B),
+ protocol_prefix + "DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x7C),
+ protocol_prefix + "DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x7D),
+ protocol_prefix + "DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x7E),
+ protocol_prefix + "DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x7F),
+ protocol_prefix + "DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x80),
+ protocol_prefix + "DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x81),
+ protocol_prefix + "DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x82),
+ protocol_prefix + "DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x83),
+ protocol_prefix + "DH_anon_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x84),
+ protocol_prefix + "DH_anon_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x85),
+ protocol_prefix + "ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x86),
+ protocol_prefix + "ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x87),
+ protocol_prefix + "ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x88),
+ protocol_prefix + "ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x89),
+ protocol_prefix + "ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x8A),
+ protocol_prefix + "ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x8B),
+ protocol_prefix + "ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x8C),
+ protocol_prefix + "ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x8D),
+ protocol_prefix + "PSK_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x8E),
+ protocol_prefix + "PSK_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x8F),
+ protocol_prefix + "DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x90),
+ protocol_prefix + "DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x91),
+ protocol_prefix + "RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x92),
+ protocol_prefix + "RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x93),
+ protocol_prefix + "PSK_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x94),
+ protocol_prefix + "PSK_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x95),
+ protocol_prefix + "DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x96),
+ protocol_prefix + "DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x97),
+ protocol_prefix + "RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x98),
+ protocol_prefix + "RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x99),
+ protocol_prefix + "ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x9A),
+ protocol_prefix + "ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x9B),
+ protocol_prefix + "RSA_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0x9C),
+ protocol_prefix + "RSA_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0x9D),
+ protocol_prefix + "DHE_RSA_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0x9E),
+ protocol_prefix + "DHE_RSA_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0x9F),
+ protocol_prefix + "RSA_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xA0),
+ protocol_prefix + "RSA_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xA1),
+ protocol_prefix + "DHE_RSA_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xA2),
+ protocol_prefix + "DHE_RSA_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xA3),
+ protocol_prefix + "PSK_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0xA4),
+ protocol_prefix + "PSK_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0xA5),
+ protocol_prefix + "DHE_PSK_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0xA6),
+ protocol_prefix + "DHE_PSK_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0xA7),
+ protocol_prefix + "PSK_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xA8),
+ protocol_prefix + "PSK_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xA9),
+ protocol_prefix + "PSK_DHE_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xAA),
+ protocol_prefix + "PSK_DHE_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xAB),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0xAC),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0xAD),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xAE),
+ protocol_prefix + "ECDHE_ECDSA_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xAF),
+
+ ## 0xC0B0->0xCCA7 are reserved/unassigned cipher codes for draft/temporary implementations & backward compatibility.
+ protocol_prefix + "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Draft) : Strong cipher", raw_string(0xCC, 0x13),
+ protocol_prefix + "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (Draft) : Strong cipher", raw_string(0xCC, 0x14),
+ protocol_prefix + "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Draft) : Strong cipher", raw_string(0xCC, 0x15),
+
+ protocol_prefix + "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : Strong cipher", raw_string(0xCC, 0xA8),
+ protocol_prefix + "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : Strong cipher", raw_string(0xCC, 0xA9),
+ protocol_prefix + "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : Strong cipher", raw_string(0xCC, 0xAA),
+ protocol_prefix + "PSK_WITH_CHACHA20_POLY1305_SHA256 : Strong cipher", raw_string(0xCC, 0xAB),
+ protocol_prefix + "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : Strong cipher", raw_string(0xCC, 0xAC),
+ protocol_prefix + "DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : Strong cipher", raw_string(0xCC, 0xAD),
+ protocol_prefix + "RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 : Strong cipher", raw_string(0xCC, 0xAE),
+
+ ## 0x006E->0x0083 are reserved/unassigned cipher codes for draft/temporary implementations & backward compatibility.
+ protocol_prefix + "RSA_WITH_ESTREAM_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x10),
+ protocol_prefix + "RSA_WITH_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x11),
+ protocol_prefix + "ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x12),
+ protocol_prefix + "ECDHE_RSA_WITH_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x13),
+ protocol_prefix + "ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x14),
+ protocol_prefix + "ECDHE_ECDSA_WITH_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x15),
+ protocol_prefix + "PSK_WITH_ESTREAM_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x16),
+ protocol_prefix + "PSK_WITH_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x17),
+ protocol_prefix + "ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x18),
+ protocol_prefix + "ECDHE_PSK_WITH_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x19),
+ protocol_prefix + "RSA_PSK_WITH_ESTREAM_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x1A),
+ protocol_prefix + "RSA_PSK_WITH_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x1B),
+ protocol_prefix + "DHE_PSK_WITH_ESTREAM_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x1C),
+ protocol_prefix + "DHE_PSK_WITH_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x1D),
+ protocol_prefix + "DHE_RSA_WITH_ESTREAM_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x1E),
+ protocol_prefix + "DHE_RSA_WITH_SALSA20_SHA1 (Draft) : Medium cipher", raw_string(0xE4, 0x1F),
+ protocol_prefix + "RSA_FIPS_WITH_DES_CBC_SHA (Draft) : Weak cipher", raw_string(0xfe, 0xfe),
+ protocol_prefix + "RSA_FIPS_WITH_3DES_EDE_CBC_SHA (Draft) : Weak cipher", raw_string(0xfe, 0xff),
+ protocol_prefix + "RSA_FIPS_WITH_3DES_EDE_CBC_SHA (Draft) : Weak cipher", raw_string(0xff, 0xe0),
+ protocol_prefix + "RSA_FIPS_WITH_DES_CBC_SHA (Draft) : Weak cipher", raw_string(0xff, 0xe1)
+ );
+ return(cipher_list);
+}
+
+
+## Instanciate the cipher suites list with protocol prefix (except SSLv2 that has a special list/format)
+sslv3_ciphers = create_protocol_cipher_list(protocol_prefix:"SSL3_");
+tlsv1_ciphers = create_protocol_cipher_list(protocol_prefix:"TLS1_0_");
+tlsv1_1_ciphers = create_protocol_cipher_list(protocol_prefix:"TLS1_1_");
+tlsv1_2_ciphers = create_protocol_cipher_list(protocol_prefix:"TLS1_2_");
+
-## Mapping SSLv3 Cipher codes and Display Names
-sslv3_ciphers = make_array(
-## Null cipher does not encrypt only authenticate
- "SSL3_NULL_NULL_NULL : No cipher, no authentication", raw_string(0x00, 0x00),
- "SSL3_RSA_NULL_MD5 : No cipher", raw_string(0x00, 0x01),
- "SSL3_RSA_NULL_SHA : No cipher", raw_string(0x00, 0x02),
-## Export Cipher of 40 bit are easy to brute force
- "SSL3_RSA_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x03),
-## RC4 is considered to be weak
- "SSL3_RSA_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x04),
- "SSL3_RSA_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x05),
- "SSL3_RSA_RC2_40_MD5 : Weak cipher", raw_string(0x00, 0x06),
- "SSL3_RSA_IDEA_128_SHA : Medium cipher", raw_string(0x00, 0x07),
-## 40 bit ciphers can be brute forced
- "SSL3_RSA_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x08),
-## 64 bit ciphers can be brute forced
- "SSL3_RSA_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x09),
- "SSL3_RSA_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x0A),
- "SSL3_DH_DSS_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x0B),
- "SSL3_DH_DSS_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x0C),
- "SSL3_DH_DSS_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x0D),
- "SSL3_DH_RSA_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x0E),
- "SSL3_DH_RSA_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x0F),
- "SSL3_DH_RSA_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x10),
- "SSL3_EDH_DSS_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x11),
- "SSL3_EDH_DSS_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x12),
- "SSL3_EDH_DSS_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x13),
- "SSL3_EDH_RSA_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x14),
- "SSL3_EDH_RSA_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x15),
- "SSL3_EDH_RSA_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x16),
- "SSL3_ADH_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x17),
- "SSL3_ADH_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x18),
- "SSL3_ADH_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x19),
- "SSL3_ADH_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x1A),
- "SSL3_ADH_DES_192_CBC_SHA : Weak cipher", raw_string(0x00, 0x1B),
- "SSL3_FZA_DMS_NULL_SHA : No cipher", raw_string(0x00, 0x1C),
- "SSL3_FZA_DMS_FZA_SHA : Weak cipher", raw_string(0x00, 0x1D),
- "SSL3_FZA_DMS_RC4_SHA : Weak cipher", raw_string(0x00, 0x1E),
- "SSL3_KRB5_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x1E),
- "SSL3_KRB5_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x1F),
- "SSL3_KRB5_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x20),
- "SSL3_KRB5_IDEA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x21),
- "SSL3_KRB5_DES_64_CBC_MD5 : Weak cipher", raw_string(0x00, 0x22),
- "SSL3_KRB5_DES_192_CBC3_MD5 : Weak cipher", raw_string(0x00, 0x23),
- "SSL3_KRB5_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x24),
- "SSL3_KRB5_IDEA_128_CBC_MD5 : Medium cipher", raw_string(0x00, 0x25),
- "SSL3_KRB5_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x26),
- "SSL3_KRB5_RC2_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x27),
- "SSL3_KRB5_RC4_40_SHA : Weak cipher", raw_string(0x00, 0x28),
- "SSL3_KRB5_DES_40_CBC_MD5 : Weak cipher", raw_string(0x00, 0x29),
- "SSL3_KRB5_RC2_40_CBC_MD5 : Weak cipher", raw_string(0x00, 0x2A),
- "SSL3_KRB5_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x2B),
-## It is expected that the 128 bit AES will be insecure within the next 10 years
- "SSL3_DH_DSS_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x30),
- "SSL3_DH_RSA_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x31),
- "SSL3_DHE_DSS_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x32),
- "SSL3_DHE_RSA_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x33),
- "SSL3_ADH_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x34),
- "SSL3_RSA_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x35),
- "SSL3_DH_DSS_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x36),
- "SSL3_DH_RSA_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x37),
- "SSL3_DHE_DSS_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x38),
- "SSL3_DHE_RSA_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x39),
- "SSL3_ADH_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x3A),
- "SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x41),
- "SSL3_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x42),
- "SSL3_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x43),
- "SSL3_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x44),
- "SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x45),
- "SSL3_ADH_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x46),
-## 1024 bit RSA authentication is considered to be insecure
- "SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : Weak cipher, weak authentication", raw_string(0x00, 0x60),
- "SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : Weak cipher, weak authentication", raw_string(0x00, 0x61),
- "SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x62),
- "SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x63),
- "SSL3_RSA_EXPORT1024_WITH_RC4_56_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x64),
- "SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x65),
- "SSL3_DHE_DSS_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x66),
-## The BEAST and Lucky 13 attacks might degrade the CBC Cipher in TLS < 1.2
- "SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x84),
- "SSL3_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x85),
- "SSL3_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x86),
- "SSL3_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x87),
- "SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x88),
- "SSL3_ADH_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x89),
- "SSL3_RSA_WITH_SEED_SHA : Weak cipher", raw_string(0x00, 0x96),
- "SSL3_DH_DSS_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x97),
- "SSL3_DH_RSA_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x98),
- "SSL3_DHE_DSS_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x99),
- "SSL3_DHE_RSA_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x9A),
- "SSL3_ADH_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x9B),
- "SSL3_ECDH_ECDSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x01),
- "SSL3_ECDH_ECDSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x02),
- "SSL3_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x03),
- "SSL3_ECDH_ECDSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x04),
- "SSL3_ECDH_ECDSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x05),
- "SSL3_ECDHE_ECDSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x06),
- "SSL3_ECDHE_ECDSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x07),
- "SSL3_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x08),
- "SSL3_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x09),
- "SSL3_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0A),
- "SSL3_ECDH_RSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x0B),
- "SSL3_ECDH_RSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x0C),
- "SSL3_ECDH_RSA_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x0D),
- "SSL3_ECDH_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0E),
- "SSL3_ECDH_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0F),
- "SSL3_ECDHE_RSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x10),
- "SSL3_ECDHE_RSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x11),
- "SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x12),
- "SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x13),
- "SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x14),
- "SSL3_ECDH_anon_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x15),
- "SSL3_ECDH_anon_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x16),
- "SSL3_ECDH_anon_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x17),
- "SSL3_ECDH_anon_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x18),
- "SSL3_ECDH_anon_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x19)
- );
-
-## Mapping TLSv1 Cipher codes and Display Names
-tlsv1_ciphers = make_array(
- "TLS1_NULL_NULL_NULL : No cipher, no authentication", raw_string(0x00, 0x00),
- "TLS1_RSA_NULL_MD5 : No cipher", raw_string(0x00, 0x01),
- "TLS1_RSA_NULL_SHA : No cipher", raw_string(0x00, 0x02),
- "TLS1_RSA_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x03),
- "TLS1_RSA_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x04),
- "TLS1_RSA_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x05),
- "TLS1_RSA_RC2_40_MD5 : Weak cipher", raw_string(0x00, 0x06),
- "TLS1_RSA_IDEA_128_SHA : Medium cipher", raw_string(0x00, 0x07),
- "TLS1_RSA_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x08),
- "TLS1_RSA_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x09),
- "TLS1_RSA_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x0A),
- "TLS1_DH_DSS_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x0B),
- "TLS1_DH_DSS_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x0C),
- "TLS1_DH_DSS_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x0D),
- "TLS1_DH_RSA_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x0E),
- "TLS1_DH_RSA_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x0F),
- "TLS1_DH_RSA_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x10),
- "TLS1_EDH_DSS_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x11),
- "TLS1_EDH_DSS_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x12),
- "TLS1_EDH_DSS_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x13),
- "TLS1_EDH_RSA_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x14),
- "TLS1_EDH_RSA_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x15),
- "TLS1_EDH_RSA_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x16),
- "TLS1_ADH_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x17),
- "TLS1_ADH_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x18),
- "TLS1_ADH_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x19),
- "TLS1_ADH_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x1A),
- "TLS1_ADH_DES_192_CBC_SHA : Weak cipher", raw_string(0x00, 0x1B),
- "TLS1_FZA_DMS_NULL_SHA : No cipher", raw_string(0x00, 0x1C),
- "TLS1_FZA_DMS_FZA_SHA : Weak cipher", raw_string(0x00, 0x1D),
- "TLS1_FZA_DMS_RC4_SHA : Weak cipher", raw_string(0x00, 0x1E),
- "TLS1_KRB5_DES_64_CBC_SHA : Weak cipher", raw_string(0x00, 0x1E),
- "TLS1_KRB5_DES_192_CBC3_SHA : Weak cipher", raw_string(0x00, 0x1F),
- "TLS1_KRB5_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x20),
- "TLS1_KRB5_IDEA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x21),
- "TLS1_KRB5_DES_64_CBC_MD5 : Weak cipher", raw_string(0x00, 0x22),
- "TLS1_KRB5_DES_192_CBC3_MD5 : Weak cipher", raw_string(0x00, 0x23),
- "TLS1_KRB5_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x24),
- "TLS1_KRB5_IDEA_128_CBC_MD5 : Medium cipher", raw_string(0x00, 0x25),
- "TLS1_KRB5_DES_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x26),
- "TLS1_KRB5_RC2_40_CBC_SHA : Weak cipher", raw_string(0x00, 0x27),
- "TLS1_KRB5_RC4_40_SHA : Weak cipher", raw_string(0x00, 0x28),
- "TLS1_KRB5_DES_40_CBC_MD5 : Weak cipher", raw_string(0x00, 0x29),
- "TLS1_KRB5_RC2_40_CBC_MD5 : Weak cipher", raw_string(0x00, 0x2A),
- "TLS1_KRB5_RC4_40_MD5 : Weak cipher", raw_string(0x00, 0x2B),
- "TLS1_RSA_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x2F),
- "TLS1_DH_DSS_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x30),
- "TLS1_DH_RSA_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x31),
- "TLS1_DHE_DSS_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x32),
- "TLS1_DHE_RSA_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x33),
- "TLS1_ADH_WITH_AES_128_SHA : Medium cipher", raw_string(0x00, 0x34),
- "TLS1_RSA_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x35),
- "TLS1_DH_DSS_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x36),
- "TLS1_DH_RSA_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x37),
- "TLS1_DHE_DSS_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x38),
- "TLS1_DHE_RSA_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x39),
- "TLS1_ADH_WITH_AES_256_SHA : Strong cipher", raw_string(0x00, 0x3A),
- "TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x41),
- "TLS1_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x42),
- "TLS1_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x43),
- "TLS1_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x44),
- "TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x45),
- "TLS1_ADH_WITH_CAMELLIA_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x46),
- "TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : Weak cipher, weak authentication", raw_string(0x00, 0x60),
- "TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : Weak cipher, weak authentication", raw_string(0x00, 0x61),
- "TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x62),
- "TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x63),
- "TLS1_RSA_EXPORT1024_WITH_RC4_56_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x64),
- "TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : Weak cipher, weak authentication", raw_string(0x00, 0x65),
- "TLS1_DHE_DSS_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x66),
- "TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x84),
- "TLS1_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x85),
- "TLS1_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x86),
- "TLS1_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x87),
- "TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x88),
- "TLS1_ADH_WITH_CAMELLIA_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x89),
- "TLS1_RSA_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x96),
- "TLS1_DH_DSS_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x97),
- "TLS1_DH_RSA_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x98),
- "TLS1_DHE_DSS_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x99),
- "TLS1_DHE_RSA_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x9A),
- "TLS1_ADH_WITH_SEED_SHA : Medium cipher", raw_string(0x00, 0x9B),
- "TLS1_ECDH_ECDSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x01),
- "TLS1_ECDH_ECDSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x02),
- "TLS1_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x03),
- "TLS1_ECDH_ECDSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x04),
- "TLS1_ECDH_ECDSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x05),
- "TLS1_ECDHE_ECDSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x06),
- "TLS1_ECDHE_ECDSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x07),
- "TLS1_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x08),
- "TLS1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x09),
- "TLS1_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0A),
- "TLS1_ECDH_RSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x0B),
- "TLS1_ECDH_RSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x0C),
- "TLS1_ECDH_RSA_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x0D),
- "TLS1_ECDH_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0E),
- "TLS1_ECDH_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x0F),
- "TLS1_ECDHE_RSA_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x10),
- "TLS1_ECDHE_RSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x11),
- "TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x12),
- "TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x13),
- "TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x14),
- "TLS1_ECDH_anon_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x15),
- "TLS1_ECDH_anon_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x16),
- "TLS1_ECDH_anon_WITH_DES_192_CBC3_SHA : Weak cipher", raw_string(0xC0, 0x17),
- "TLS1_ECDH_anon_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x18),
- "TLS1_ECDH_anon_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x19),
- "TLS1_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x8B),
- "TLS1_DHE_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x8F),
- "TLS1_RSA_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x93),
-
-
-
-##https://www.ietf.org/rfc/rfc5289.txt
-##TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)
-##AES [AES] in Cipher Block Chaining (CBC) [CBC] mode with an HMAC-based MAC
-##Only first 8 are supported for TLS1.0 and TLS1.1
- "TLS1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x23),
- "TLS1_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x24),
- "TLS1_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x25),
- "TLS1_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x26),
- "TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x27),
- "TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x28),
- "TLS1_ECDH_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x29),
- "TLS1_ECDH_RSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x2A),
-
-##https://tools.ietf.org/html/rfc5489
-##ECDHE_PSK Cipher Suites for Transport Layer Security (TLS)
- "TLS1_ECDHE_PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x33),
- "TLS1_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x34),
- "TLS1_ECDHE_PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x35),
- "TLS1_ECDHE_PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x36),
- "TLS1_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x37),
- "TLS1_ECDHE_PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x38),
- "TLS1_ECDHE_PSK_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x39),
- "TLS1_ECDHE_PSK_WITH_NULL_SHA256 : No cipher", raw_string(0xC0, 0x3A),
- "TLS1_ECDHE_PSK_WITH_NULL_SHA384 : No cipher", raw_string(0xC0, 0x3B));
-
-##TLS1.1 and 1.0 have same cipher suites
-
-## Mapping TLSv1.2 Cipher codes and Display Names
-##Ciphers taken from https://www.openssl.org/docs/manmaster/apps/ciphers.html
-## and https://www.ietf.org/rfc/rfc5246.txt
-tlsv1_2_ciphers = make_array(
- "TLS_1_2_NULL_WITH_NULL_NULL : No cipher, no authentication", raw_string(0x00, 0x00),
- "TLS_1_2_RSA_NULL_MD5 : No cipher", raw_string(0x00, 0x01),
- "TLS_1_2_RSA_NULL_SHA : No cipher", raw_string(0x00, 0x02),
- "TLS_1_2_RSA_WITH_RC4_128_MD5 : Weak cipher", raw_string(0x00, 0x04),
- "TLS_1_2_RSA_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x05),
- "TLS_1_2_RSA_WITH_NULL_SHA256 : No cipher", raw_string(0x00, 0x3B),
- "TLS_1_2_RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x0A),
- "TLS_1_2_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x2F),
- "TLS_1_2_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x35),
- "TLS_1_2_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x3C),
- "TLS_1_2_RSA_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x3D),
- "TLS_1_2_DH_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x3F),
- "TLS_1_2_DH_RSA_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x69),
- "TLS_1_2_DH_DSS_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x3E),
- "TLS_1_2_DH_DSS_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x68),
- "TLS_1_2_DHE_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x67),
- "TLS_1_2_DH_DSS_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x0D),
- "TLS_1_2_DH_RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x10),
- "TLS_1_2_DHE_DSS_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x13),
- "TLS_1_2_DHE_RSA_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x16),
- "TLS_1_2_DH_DSS_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x30),
- "TLS_1_2_DH_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x31),
- "TLS_1_2_DHE_DSS_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x32),
- "TLS_1_2_DHE_RSA_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x33),
- "TLS_1_2_DH_DSS_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x36),
- "TLS_1_2_DH_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00,0x37),
- "TLS_1_2_DHE_DSS_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00,0x38),
- "TLS_1_2_DHE_RSA_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00,0x39),
- "TLS_1_2_DHE_DSS_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x40),
- "TLS_1_2_DHE_DSS_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x6A),
- "TLS_1_2_DHE_RSA_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x6B),
- "TLS_1_2_DH_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA0),
- "TLS_1_2_DH_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA1),
- "TLS_1_2_DH_DSS_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA4),
- "TLS_1_2_DH_DSS_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA5),
- "TLS_1_2_DHE_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0x9E),
- "TLS_1_2_DHE_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0x9F),
- "TLS_1_2_DHE_DSS_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA2),
- "TLS_1_2_DHE_DSS_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA3),
- "TLS_1_2_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0x9C),
- "TLS_1_2_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0x9D),
- "TLS_1_2_DH_anon_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x6C),
- "TLS_1_2_DH_anon_WITH_AES_256_CBC_SHA256 : Medium cipher", raw_string(0x00, 0x6D),
- "TLS_1_2_DH_anon_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA6),
- "TLS_1_2_DH_anon_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA7),
- "TLS_1_2_RSA_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0x9C),
- "TLS_1_2_RSA_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0x9D),
- "TLS_1_2_DHE_RSA_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0x9E),
- "TLS_1_2_DHE_RSA_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0x9F),
- "TLS_1_2_RSA_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xA0),
- "TLS_1_2_RSA_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xA1),
- "TLS_1_2_DHE_RSA_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xA2),
- "TLS_1_2_DHE_RSA_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xA3),
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0xAC),
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0xAD),
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xAE),
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xAF),
- "TLS_1_2_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x72),
- "TLS_1_2_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x73),
- "TLS_1_2_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x76),
- "TLS_1_2_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x77),
- "TLS_1_2_PSK_WITH_NULL_SHA : No cipher", raw_string(0x00, 0x2C),
- "TLS_1_2_DHE_PSK_WITH_NULL_SHA : No cipher", raw_string(0x00, 0x2D),
- "TLS_1_2_RSA_PSK_WITH_NULL_SHA : No cipher", raw_string(0x00, 0x2E),
- "TLS_1_2_PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x8A),
- "TLS_1_2_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x8B),
- "TLS_1_2_PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x8C),
- "TLS_1_2_PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x8D),
- "TLS_1_2_DHE_PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x8E),
- "TLS_1_2_DHE_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x8F),
- "TLS_1_2_DHE_PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x90),
- "TLS_1_2_DHE_PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x91),
- "TLS_1_2_RSA_PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0x00, 0x92),
- "TLS_1_2_RSA_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0x00, 0x93),
- "TLS_1_2_RSA_PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0x00, 0x94),
- "TLS_1_2_RSA_PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0x00, 0x95),
- "TLS_1_2_PSK_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xA8),
- "TLS_1_2_PSK_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xA9),
- "TLS_1_2_DHE_PSK_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xAA),
- "TLS_1_2_DHE_PSK_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xAB),
- "TLS_1_2_RSA_PSK_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0x00, 0xAC),
- "TLS_1_2_RSA_PSK_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0x00, 0xAD),
- "TLS_1_2_PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xAE),
- "TLS_1_2_PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0x00, 0xAF),
- "TLS_1_2_PSK_WITH_NULL_SHA256 : No cipher", raw_string(0x00, 0xB0),
- "TLS_1_2_PSK_WITH_NULL_SHA384 : No cipher", raw_string(0x00, 0xB1),
- "TLS_1_2_DHE_PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xB2),
- "TLS_1_2_DHE_PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0x00, 0xB3),
- "TLS_1_2_DHE_PSK_WITH_NULL_SHA256 : No cipher", raw_string(0x00, 0xB4),
- "TLS_1_2_DHE_PSK_WITH_NULL_SHA384 : No cipher", raw_string(0x00, 0xB5),
- "TLS_1_2_RSA_PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0x00, 0xB6),
- "TLS_1_2_RSA_PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0x00, 0xB7),
- "TLS_1_2_RSA_PSK_WITH_NULL_SHA256 : No cipher", raw_string(0x00, 0xB8),
- "TLS_1_2_RSA_PSK_WITH_NULL_SHA384 : No cipher", raw_string(0x00, 0xB9),
- "TLS_1_2_PSK_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x94),
- "TLS_1_2_PSK_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x95),
- "TLS_1_2_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x96),
- "TLS_1_2_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x97),
- "TLS_1_2_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x98),
- "TLS_1_2_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x99),
- "TLS_1_2_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x9A),
- "TLS_1_2_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x9B),
- "TLS_1_2_PSK_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0xA4),
- "TLS_1_2_PSK_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0xA5),
- "TLS_1_2_DHE_PSK_WITH_AES_128_CCM : Medium cipher", raw_string(0xC0, 0xA6),
- "TLS_1_2_DHE_PSK_WITH_AES_256_CCM : Medium cipher", raw_string(0xC0, 0xA7),
- "TLS_1_2_PSK_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xA8),
- "TLS_1_2_PSK_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xA9),
- "TLS_1_2_DHE_PSK_WITH_AES_128_CCM_8 : Medium cipher", raw_string(0xC0, 0xAA),
- "TLS_1_2_DHE_PSK_WITH_AES_256_CCM_8 : Medium cipher", raw_string(0xC0, 0xAB),
-
-##https://tools.ietf.org/html/rfc5489
-##ECDHE_PSK Cipher Suites for Transport Layer Security (TLS)
- "TLS_1_2_ECDHE_PSK_WITH_RC4_128_SHA : Weak cipher", raw_string(0xC0, 0x33),
- "TLS_1_2_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA : Weak cipher", raw_string(0xC0, 0x34),
- "TLS_1_2_ECDHE_PSK_WITH_AES_128_CBC_SHA : Medium cipher", raw_string(0xC0, 0x35),
- "TLS_1_2_ECDHE_PSK_WITH_AES_256_CBC_SHA : Medium cipher", raw_string(0xC0, 0x36),
- "TLS_1_2_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x37),
- "TLS_1_2_ECDHE_PSK_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x38),
- "TLS_1_2_ECDHE_PSK_WITH_NULL_SHA : No cipher", raw_string(0xC0, 0x39),
- "TLS_1_2_ECDHE_PSK_WITH_NULL_SHA256 : No cipher", raw_string(0xC0, 0x3A),
- "TLS_1_2_ECDHE_PSK_WITH_NULL_SHA384 : No cipher", raw_string(0xC0, 0x3B),
-
-##https://www.ietf.org/rfc/rfc5289.txt
-##TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)
-##AES [AES] in Cipher Block Chaining (CBC) [CBC] mode with an HMAC-based MAC
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x23),
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x24),
- "TLS_1_2_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x25),
- "TLS_1_2_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x26),
- "TLS_1_2_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x27),
- "TLS_1_2_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x28),
- "TLS_1_2_ECDH_RSA_WITH_AES_128_CBC_SHA256 : Medium cipher", raw_string(0xC0, 0x29),
- "TLS_1_2_ECDH_RSA_WITH_AES_256_CBC_SHA384 : Medium cipher", raw_string(0xC0, 0x2A),
-
-##Following Supported for TLS 1.2
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x2B),
- "TLS_1_2_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x2C),
- "TLS_1_2_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x2D),
- "TLS_1_2_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x2E),
- "TLS_1_2_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x2F),
- "TLS_1_2_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x30),
- "TLS_1_2_ECDH_RSA_WITH_AES_128_GCM_SHA256 : Medium cipher", raw_string(0xC0, 0x31),
- "TLS_1_2_ECDH_RSA_WITH_AES_256_GCM_SHA384 : Medium cipher", raw_string(0xC0, 0x32));
-
## This function Constructs and sends ssl request with given
## cipher spec for given ssl version
Index: scripts/secpod_ssl_ciphers.nasl
===================================================================
--- scripts/secpod_ssl_ciphers.nasl (revision 4183)
+++ scripts/secpod_ssl_ciphers.nasl (working copy)
@@ -345,10 +345,10 @@
## Iterate over cipher specs and report weak and
## supported ciphers(if check_sup_ciphers is TRUE)
## TLSv1_1 uses the same cipher suites as TLSv1
- foreach cipher ( keys ( tlsv1_ciphers ) )
+ foreach cipher ( keys ( tlsv1_1_ciphers ) )
{
## Get cipher code and cipher name
- CIPHER_CODE = tlsv1_ciphers[cipher];
+ CIPHER_CODE = tlsv1_1_ciphers[cipher];
CIPHER_NAME = cipher;
CIPHER_NAME = cipher_has_strength_override( cn:CIPHER_NAME );
Index: scripts/secpod_ssl_ciphers_setting.nasl
===================================================================
--- scripts/secpod_ssl_ciphers_setting.nasl (revision 4183)
+++ scripts/secpod_ssl_ciphers_setting.nasl (working copy)
@@ -30,7 +30,7 @@
sets into the KB.";
include("secpod_ssl_ciphers.inc");
-cipher_arrays = make_list( keys( sslv2_ciphers ), keys( sslv3_ciphers ), keys( tlsv1_ciphers ), keys( tlsv1_2_ciphers ) );
+cipher_arrays = make_list( keys( sslv2_ciphers ), keys( sslv3_ciphers ), keys( tlsv1_ciphers ), keys( tlsv1_1_ciphers ), keys( tlsv1_2_ciphers ) );
if(description)
_______________________________________________
Openvas-plugins mailing list
Openvas-plugins@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
