tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject svn commit: r1608840 [1/2] - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/ java/org/apache/tomcat/util/net/jsse/openssl/ java/org/apache/tomcat/util/net/jsse/res/ webapps/docs/
Date Tue, 08 Jul 2014 16:20:55 GMT
Author: remm
Date: Tue Jul  8 16:20:54 2014
New Revision: 1608840

URL: http://svn.apache.org/r1608840
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56704
Add OpenSSL cipher suite parser for JSSE. It allows using the same value for both native and JSSE, and makes it easy to define safe default or custom cipher suites.
Code submitted by Emmanuel Hugonnet.

Added:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Protocol.java
Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1608840&r1=1608839&r2=1608840&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue Jul  8 16:20:54 2014
@@ -65,6 +65,7 @@ import org.apache.tomcat.util.net.Abstra
 import org.apache.tomcat.util.net.Constants;
 import org.apache.tomcat.util.net.SSLUtil;
 import org.apache.tomcat.util.net.ServerSocketFactory;
+import org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationParser;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
@@ -234,10 +235,14 @@ public class JSSESocketFactory implement
         }
 
         List<String> requestedCiphers = new ArrayList<>();
-        for (String rc : requestedCiphersStr.split(",")) {
-            final String cipher = rc.trim();
-            if (cipher.length() > 0) {
-                requestedCiphers.add(cipher);
+        if (requestedCiphersStr.indexOf(':') != -1) {
+            requestedCiphers = OpenSSLCipherConfigurationParser.parseExpression(requestedCiphersStr);
+        } else {
+            for (String rc : requestedCiphersStr.split(",")) {
+                final String cipher = rc.trim();
+                if (cipher.length() > 0) {
+                    requestedCiphers.add(cipher);
+                }
             }
         }
         if (requestedCiphers.isEmpty()) {

Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java?rev=1608840&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java Tue Jul  8 16:20:54 2014
@@ -0,0 +1,32 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse.openssl;
+
+enum Authentication {
+    RSA /* RSA auth */,
+    DSS /* DSS auth */,
+    aNULL /* no auth (i.e. use ADH or AECDH) */,
+    DH /* Fixed DH auth (kDHd or kDHr) */,
+    ECDH /* Fixed ECDH auth (kECDHe or kECDHr) */,
+    KRB5 /* KRB5 auth */,
+    ECDSA/* ECDSA auth*/,
+    PSK /* PSK auth */,
+    GOST94 /* GOST R 34.10-94 signature auth */,
+    GOST01 /* GOST R 34.10-2001 */,
+    FZA /* Fortezza */;
+}

Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java?rev=1608840&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Ciphers.java Tue Jul  8 16:20:54 2014
@@ -0,0 +1,2299 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse.openssl;
+
+/**
+ * All Ciphers for SSL/TSL.
+ */
+enum Ciphers {
+    /* The RSA ciphers */
+    // Cipher 01
+    SSL_RSA_WITH_NULL_MD5("NULL-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.eNULL,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            false,
+            0,
+            0),
+    // Cipher 02
+    SSL_RSA_WITH_NULL_SHA("NULL-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.eNULL,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            true,
+            0,
+            0),
+    // Cipher 03
+    SSL_RSA_EXPORT_WITH_RC4_40_MD5("EXP-RC4-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128),
+    // Cipher 04
+    SSL_RSA_WITH_RC4_128_MD5("RC4-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 05
+    SSL_RSA_WITH_RC4_128_SHA("RC4-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 06
+    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5("EXP-RC2-CBC-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC2,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128),
+    // Cipher 07
+    SSL_RSA_WITH_IDEA_CBC_SHA("IDEA-CBC-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.IDEA,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 08
+    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-DES-CBC-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            56),
+    // Cipher 09
+    SSL_RSA_WITH_DES_CBC_SHA("DES-CBC-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56),
+    // Cipher 0A
+    SSL_RSA_WITH_3DES_EDE_CBC_SHA("DES-CBC3-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168),
+    /* The DH ciphers */
+    // Cipher 0B
+    SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA("EXP-DH-DSS-DES-CBC-SHA",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            56),
+    // Cipher 0C
+    SSL_DH_DSS_WITH_DES_CBC_SHA("DH-DSS-DES-CBC-SHA",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56),
+    // Cipher 0D
+    SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA("DH-DSS-DES-CBC3-SHA",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168),
+    // Cipher 0E
+    SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-DH-RSA-DES-CBC-SHA",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            56),
+    // Cipher 0F
+    SSL_DH_RSA_WITH_DES_CBC_SHA("DH-RSA-DES-CBC-SHA",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56),
+    // Cipher 10
+    SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA("DH-RSA-DES-CBC3-SHA",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168),
+    /* The Ephemeral DH ciphers */
+    // Cipher 11
+    SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA("EXP-EDH-DSS-DES-CBC-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            56),
+    // Cipher 12
+    SSL_DHE_DSS_WITH_DES_CBC_SHA("EDH-DSS-DES-CBC-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56),
+    // Cipher 13
+    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA("EDH-DSS-DES-CBC3-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168),
+    // Cipher 14
+    TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA("EXP-EDH-RSA-DES-CBC-SHA",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            56),
+    // Cipher 15
+    TLS_DHE_RSA_WITH_DES_CBC_SHA("EDH-RSA-DES-CBC-SHA",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56),
+    // Cipher 16
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA("EDH-RSA-DES-CBC3-SHA",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168),
+    // Cipher 17
+    TLS_DH_anon_EXPORT_WITH_RC4_40_MD5("EXP-ADH-RC4-MD5",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128),
+    // Cipher 18
+    TLS_DH_anon_WITH_RC4_128_MD5("ADH-RC4-MD5",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 19
+    TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA("EXP-ADH-DES-CBC-SHA",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128),
+    // Cipher 1A
+    TLS_DH_anon_WITH_DES_CBC_SHA("ADH-DES-CBC-SHA",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56),
+    // Cipher 1B
+    TLS_DH_anon_WITH_3DES_EDE_CBC_SHA("ADH-DES-CBC3-SHA",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168),
+    /* Fortezza ciphersuite from SSL 3.0 spec */
+    // Cipher 1C
+    SSL_FORTEZZA_DMS_WITH_NULL_SHA("FZA-NULL-SHA",
+            KeyExchange.FZA,
+            Authentication.FZA,
+            Encryption.eNULL,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            false,
+            0,
+            0),
+    // Cipher 1D
+    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA("FZA-FZA-CBC-SHA",
+            KeyExchange.FZA,
+            Authentication.FZA,
+            Encryption.FZA,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            false,
+            0,
+            0),
+    // Cipher 1E
+    SSL_FORTEZZA_DMS_WITH_RC4_128_SHA("FZA-RC4-SHA",
+            KeyExchange.FZA,
+            Authentication.FZA,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    /* The Kerberos ciphers*/
+    // Cipher 1E
+    /*TLS_KRB5_WITH_DES_CBC_SHA("KRB5-DES-CBC-SHA",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56),
+    // Cipher 1F
+    TLS_KRB5_WITH_3DES_EDE_CBC_SHA("KRB5-DES-CBC3-SHA",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168),
+    // Cipher 20
+    TLS_KRB5_WITH_RC4_128_SHA("KRB5-RC4-SHA",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 21
+    TLS_KRB5_WITH_IDEA_CBC_SHA("KRB5-IDEA-CBC-SHA",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.IDEA,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 22
+    TLS_KRB5_WITH_DES_CBC_MD5("KRB5-DES-CBC-MD5",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.DES,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56),
+    // Cipher 23
+    TLS_KRB5_WITH_3DES_EDE_CBC_MD5("KRB5-DES-CBC3-MD5",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.TRIPLE_DES,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            168,
+            168),
+    // Cipher 24
+    TLS_KRB5_WITH_RC4_128_MD5("KRB5-RC4-MD5",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 25
+    TLS_KRB5_WITH_IDEA_CBC_MD5("KRB5-IDEA-CBC-MD5",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.IDEA,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 26
+    TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA("EXP-KRB5-DES-CBC-SHA",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            56),
+    // Cipher 27
+    TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA("EXP-KRB5-RC2-CBC-SHA",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.RC2,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128),
+    // Cipher 28
+    TLS_KRB5_EXPORT_WITH_RC4_40_SHA("EXP-KRB5-RC4-SHA",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128),
+    // Cipher 29
+    TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5("EXP-KRB5-DES-CBC-MD5",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.DES,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            56),
+    // Cipher 2A
+    TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5("EXP-KRB5-RC2-CBC-MD5",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.RC2,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128),
+    // Cipher 2B
+    TLS_KRB5_EXPORT_WITH_RC4_40_MD5("EXP-KRB5-RC4-MD5",
+            KeyExchange.KRB5,
+            Authentication.KRB5,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.SSLv3,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128),*/
+    /* New AES ciphersuites */
+    // Cipher 2F
+    TLS_RSA_WITH_AES_128_CBC_SHA("AES128-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 30
+    TLS_DH_DSS_WITH_AES_128_CBC_SHA("DH-DSS-AES128-SHA",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 31
+    TLS_DH_RSA_WITH_AES_128_CBC_SHA("DH-RSA-AES128-SHA",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 32
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA("DHE-DSS-AES128-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 33
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA("DHE-RSA-AES128-SHA",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 34
+    TLS_DH_anon_WITH_AES_128_CBC_SHA("ADH-AES128-SHA",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 35
+    TLS_RSA_WITH_AES_256_CBC_SHA("AES256-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 36
+    TLS_DH_DSS_WITH_AES_256_CBC_SHA("DH-DSS-AES256-SHA",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 37
+    TLS_DH_RSA_WITH_AES_256_CBC_SHA("DH-RSA-AES256-SHA",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 38
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA("DHE-DSS-AES256-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 39
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA("DHE-RSA-AES256-SHA",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256), // Cipher 3A
+    TLS_DH_anon_WITH_AES_256_CBC_SHA("ADH-AES256-SHA",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    /* TLS v1.2 ciphersuites */
+    // Cipher 3B
+    TLS_RSA_WITH_NULL_SHA256("NULL-SHA256",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.eNULL,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            true,
+            0,
+            0),
+    // Cipher 3C
+    TLS_RSA_WITH_AES_128_CBC_SHA256("AES128-SHA256",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 3D
+    TLS_RSA_WITH_AES_256_CBC_SHA256("AES256-SHA256",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.AES256,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 3E
+    TLS_DH_DSS_WITH_AES_128_CBC_SHA256("DH-DSS-AES128-SHA256",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 3F
+    TLS_DH_RSA_WITH_AES_128_CBC_SHA256("DH-RSA-AES128-SHA256",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 40
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256("DHE-DSS-AES128-SHA256",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    /* Camellia ciphersuites from RFC4132 (128-bit portion) */
+    // Cipher 41
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA("CAMELLIA128-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.CAMELLIA128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128),
+    // Cipher 42
+    TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA("DH-DSS-CAMELLIA128-SHA",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.CAMELLIA128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128),
+    // Cipher 43
+    TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA("DH-RSA-CAMELLIA128-SHA",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.CAMELLIA128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128),
+    // Cipher 44
+    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA("DHE-DSS-CAMELLIA128-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.CAMELLIA128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128),
+    // Cipher 45
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA("DHE-RSA-CAMELLIA128-SHA",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.CAMELLIA128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128),
+    // Cipher 46
+    TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA("ADH-CAMELLIA128-SHA",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.CAMELLIA128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128),
+    /* New TLS Export CipherSuites from expired ID */
+    // Cipher 60
+    SSL_RSA_EXPORT1024_WITH_RC4_56_MD5("EXP1024-RC4-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.TLSv1,
+            true,
+            EncryptionLevel.EXP56,
+            false,
+            56,
+            128),
+    // Cipher 61
+    SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD("EXP1024-RC2-CBC-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC2,
+            MessageDigest.MD5,
+            Protocol.TLSv1,
+            true,
+            EncryptionLevel.EXP56,
+            false,
+            56,
+            128),
+    // Cipher 62
+    SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA("EXP1024-DES-CBC-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            true,
+            EncryptionLevel.EXP56,
+            false,
+            56,
+            56),
+    // Cipher 63
+    SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA("EXP1024-DHE-DSS-DES-CBC-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            true,
+            EncryptionLevel.EXP56,
+            false,
+            56,
+            56),
+    // Cipher 64
+    SSL_RSA_EXPORT1024_WITH_RC4_56_SHA("EXP1024-RC4-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            true,
+            EncryptionLevel.EXP56,
+            false,
+            56,
+            128),
+    // Cipher 65
+    SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA("EXP1024-DHE-DSS-RC4-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            true,
+            EncryptionLevel.EXP56,
+            false,
+            56,
+            128),
+    // Cipher 66
+    SSL_DHE_DSS_WITH_RC4_128_SHA("DHE-DSS-RC4-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    /* TLS v1.2 ciphersuites */
+    // Cipher 67
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256("DHE-RSA-AES128-SHA256",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128),
+    // Cipher 68
+    TLS_DH_DSS_WITH_AES_256_CBC_SHA256("DH-DSS-AES256-SHA256",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.AES256,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 69
+    TLS_DH_RSA_WITH_AES_256_CBC_SHA256("DH-RSA-AES256-SHA256",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.AES256,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 6A
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256("DHE-DSS-AES256-SHA256",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.AES256,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 6B
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256("DHE-RSA-AES256-SHA256",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.AES256,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    // Cipher 6C
+    TLS_DH_anon_WITH_AES_128_CBC_SHA256("ADH-AES128-SHA256",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher 6D
+    TLS_DH_anon_WITH_AES_256_CBC_SHA256("ADH-AES256-SHA256",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.AES256,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256),
+    /* GOST Ciphersuites */
+    TLS_GOSTR341094_WITH_28147_CNT_IMIT("GOST94-GOST89-GOST89",
+            KeyExchange.GOST,
+            Authentication.GOST94,
+            Encryption.eGOST2814789CNT,
+            MessageDigest.GOST89MAC,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256),
+    TLS_GOSTR341001_WITH_28147_CNT_IMIT("GOST2001-GOST89-GOST89",
+            KeyExchange.GOST,
+            Authentication.GOST01,
+            Encryption.eGOST2814789CNT,
+            MessageDigest.GOST89MAC,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256),
+    TLS_GOSTR341094_WITH_NULL_GOSTR3411("GOST94-NULL-GOST94",
+            KeyExchange.GOST,
+            Authentication.GOST94,
+            Encryption.eNULL,
+            MessageDigest.GOST94,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            false,
+            0,
+            0),
+    TLS_GOSTR341001_WITH_NULL_GOSTR3411("GOST2001-NULL-GOST94",
+            KeyExchange.GOST,
+            Authentication.GOST01,
+            Encryption.eNULL,
+            MessageDigest.GOST94,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            false,
+            0,
+            0),
+    /* Camellia ciphersuites from RFC4132 (256-bit portion) */
+    // Cipher 84
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA("CAMELLIA256-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.CAMELLIA256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256),
+    // Cipher 85
+    TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA("DH-DSS-CAMELLIA256-SHA",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.CAMELLIA256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256),
+    // Cipher 86
+    TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SH("DH-RSA-CAMELLIA256-SHA",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.CAMELLIA256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256),
+    // Cipher 87
+    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA("DHE-DSS-CAMELLIA256-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.CAMELLIA256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256),
+    // Cipher 88
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA("DHE-RSA-CAMELLIA256-SHA",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.CAMELLIA256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256), // Cipher 89
+    TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA("ADH-CAMELLIA256-SHA",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.CAMELLIA256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256),
+    // Cipher 8A
+    TLS_PSK_WITH_RC4_128_SHA("PSK-RC4-SHA",
+            KeyExchange.PSK,
+            Authentication.PSK,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128),
+    // Cipher 8B
+    TLS_PSK_WITH_3DES_EDE_CBC_SHA("PSK-3DES-EDE-CBC-SHA",
+            KeyExchange.PSK,
+            Authentication.PSK,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168
+    ),
+    // Cipher 8C
+    TLS_PSK_WITH_AES_128_CBC_SHA("PSK-AES128-CBC-SHA",
+            KeyExchange.PSK,
+            Authentication.PSK,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher 8D
+    TLS_PSK_WITH_AES_256_CBC_SHA("PSK-AES256-CBC-SHA",
+            KeyExchange.PSK,
+            Authentication.PSK,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    /* SEED ciphersuites from RFC4162 */
+    // Cipher 96
+    TLS_RSA_WITH_SEED_CBC_SHA("SEED-SHA",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.SEED,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher 97
+    TLS_DH_DSS_WITH_SEED_CBC_SHA("DH-DSS-SEED-SHA",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.SEED,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher 98
+    TLS_DH_RSA_WITH_SEED_CBC_SHA("DH-RSA-SEED-SHA",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.SEED,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher 99
+    TLS_DHE_DSS_WITH_SEED_CBC_SHA("DHE-DSS-SEED-SHA",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.SEED,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher 9A
+    TLS_DHE_RSA_WITH_SEED_CBC_SHA("DHE-RSA-SEED-SHA",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.SEED,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher 9B
+    TLS_DH_anon_WITH_SEED_CBC_SHA("ADH-SEED-SHA",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.SEED,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    /* GCM ciphersuites from RFC5288 */
+    // Cipher 9C
+    TLS_RSA_WITH_AES_128_GCM_SHA256("AES128-GCM-SHA256",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher 9D
+    TLS_RSA_WITH_AES_256_GCM_SHA384("AES256-GCM-SHA384",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher 9E
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256("DHE-RSA-AES128-GCM-SHA256",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher 9F
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384("DHE-RSA-AES256-GCM-SHA384",
+            KeyExchange.EDH,
+            Authentication.RSA,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher A0
+    TLS_DH_RSA_WITH_AES_128_GCM_SHA256("DH-RSA-AES128-GCM-SHA256",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher A1
+    TLS_DH_RSA_WITH_AES_256_GCM_SHA384("DH-RSA-AES256-GCM-SHA384",
+            KeyExchange.DHr,
+            Authentication.DH,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher A2
+    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256("DHE-DSS-AES128-GCM-SHA256",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher A3
+    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384("DHE-DSS-AES256-GCM-SHA384",
+            KeyExchange.EDH,
+            Authentication.DSS,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher A4
+    TLS_DH_DSS_WITH_AES_128_GCM_SHA256("DH-DSS-AES128-GCM-SHA256",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher A5
+    TLS_DH_DSS_WITH_AES_256_GCM_SHA384("DH-DSS-AES256-GCM-SHA384",
+            KeyExchange.DHd,
+            Authentication.DH,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher A6
+    TLS_DH_anon_WITH_AES_128_GCM_SHA256("ADH-AES128-GCM-SHA256",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher A7
+    TLS_DH_anon_WITH_AES_256_GCM_SHA384("ADH-AES256-GCM-SHA384",
+            KeyExchange.EDH,
+            Authentication.aNULL,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+    // Cipher C001
+    TLS_ECDH_ECDSA_WITH_NULL_SHA("ECDH-ECDSA-NULL-SHA",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.eNULL,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            true,
+            0,
+            0
+    ),
+    // Cipher C002
+    TLS_ECDH_ECDSA_WITH_RC4_128_SHA("ECDH-ECDSA-RC4-SHA",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher C003
+    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA("ECDH-ECDSA-DES-CBC3-SHA",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168
+    ),
+    // Cipher C004
+    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA("ECDH-ECDSA-AES128-SHA",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C005
+    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA("ECDH-ECDSA-AES256-SHA",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C006
+    TLS_ECDHE_ECDSA_WITH_NULL_SHA("ECDHE-ECDSA-NULL-SHA",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.eNULL,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            true,
+            0,
+            0
+    ),
+    // Cipher C007
+    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA("ECDHE-ECDSA-RC4-SHA",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher C008
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA("ECDHE-ECDSA-DES-CBC3-SHA",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168
+    ),
+    // Cipher C009
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA("ECDHE-ECDSA-AES128-SHA",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C00A
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA("ECDHE-ECDSA-AES256-SHA",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C00B
+    TLS_ECDH_RSA_WITH_NULL_SHA("ECDH-RSA-NULL-SHA",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.eNULL,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            true,
+            0,
+            0
+    ),
+    // Cipher C00C
+    TLS_ECDH_RSA_WITH_RC4_128_SHA("ECDH-RSA-RC4-SHA",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher C00D
+    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA("ECDH-RSA-DES-CBC3-SHA",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168
+    ),
+    // Cipher C00E
+    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA("ECDH-RSA-AES128-SHA",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C00F
+    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA("ECDH-RSA-AES256-SHA",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    TLS_ECDHE_RSA_WITH_NULL_SHA("ECDHE-RSA-NULL-SHA",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.eNULL,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            true,
+            0,
+            0
+    ),
+    // Cipher C011
+    TLS_ECDHE_RSA_WITH_RC4_128_SHA("ECDHE-RSA-RC4-SHA",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher C012
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA("ECDHE-RSA-DES-CBC3-SHA",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168
+    ),
+    // Cipher C013
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA("ECDHE-RSA-AES128-SHA",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C014
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA("ECDHE-RSA-AES256-SHA",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C015
+    TLS_ECDH_anon_WITH_NULL_SHA("AECDH-NULL-SHA",
+            KeyExchange.EECDH,
+            Authentication.aNULL,
+            Encryption.eNULL,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.STRONG_NONE,
+            true,
+            0,
+            0
+    ),
+    // Cipher C016
+    TLS_ECDH_anon_WITH_RC4_128_SHA("AECDH-RC4-SHA",
+            KeyExchange.EECDH,
+            Authentication.aNULL,
+            Encryption.RC4,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // Cipher C017
+    TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA("AECDH-DES-CBC3-SHA",
+            KeyExchange.EECDH,
+            Authentication.aNULL,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            168,
+            168
+    ),
+    // Cipher C018
+    TLS_ECDH_anon_WITH_AES_128_CBC_SHA("AECDH-AES128-SHA",
+            KeyExchange.EECDH,
+            Authentication.aNULL,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C019
+    TLS_ECDH_anon_WITH_AES_256_CBC_SHA("AECDH-AES256-SHA",
+            KeyExchange.EECDH,
+            Authentication.aNULL,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    /* SRP ciphersuite from RFC 5054 */
+    // Cipher C01A
+    TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA("SRP-3DES-EDE-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.aNULL,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            168,
+            168
+    ),
+    // Cipher C01B
+    TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA("SRP-RSA-3DES-EDE-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.RSA,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            168,
+            168
+    ),
+    // Cipher C01C
+    TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA("SRP-DSS-3DES-EDE-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.DSS,
+            Encryption.TRIPLE_DES,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            168,
+            168
+    ),
+    // Cipher C01D
+    TLS_SRP_SHA_WITH_AES_128_CBC_SHA("SRP-AES-128-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.aNULL,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128
+    ),
+    // Cipher C01E
+    TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA("SRP-RSA-AES-128-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.RSA,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128
+    ),
+    // Cipher C01F
+    TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA("SRP-DSS-AES-128-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.DSS,
+            Encryption.AES128,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            128,
+            128
+    ),
+    // Cipher C020
+    TLS_SRP_SHA_WITH_AES_256_CBC_SHA("SRP-AES-256-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.aNULL,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256
+    ),
+    // Cipher C021
+    TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA("SRP-RSA-AES-256-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.RSA,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256
+    ),
+    // Cipher C022
+    TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA("SRP-DSS-AES-256-CBC-SHA",
+            KeyExchange.SRP,
+            Authentication.DSS,
+            Encryption.AES256,
+            MessageDigest.SHA1,
+            Protocol.TLSv1,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            256,
+            256
+    ),
+    /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
+    // Cipher C023
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256("ECDHE-ECDSA-AES128-SHA256",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C024
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384("ECDHE-ECDSA-AES256-SHA384",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.AES256,
+            MessageDigest.SHA384,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C025
+    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256("ECDH-ECDSA-AES128-SHA256",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C026
+    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384("ECDH-ECDSA-AES256-SHA384",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.AES256,
+            MessageDigest.SHA384,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C027
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256("ECDHE-RSA-AES128-SHA256",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C028
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384("ECDHE-RSA-AES256-SHA384",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.AES256,
+            MessageDigest.SHA384,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C029
+    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256("ECDH-RSA-AES128-SHA256",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.AES128,
+            MessageDigest.SHA256,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C02A
+    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384("ECDH-RSA-AES256-SHA384",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.AES256,
+            MessageDigest.SHA384,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    /* GCM based TLS v1.2 ciphersuites from RFC5289 */
+    // Cipher C02B
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256("ECDHE-ECDSA-AES128-GCM-SHA256",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C02C
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384("ECDHE-ECDSA-AES256-GCM-SHA384",
+            KeyExchange.EECDH,
+            Authentication.ECDSA,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C02D
+    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256("ECDH-ECDSA-AES128-GCM-SHA256",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C02E
+    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384("ECDH-ECDSA-AES256-GCM-SHA384",
+            KeyExchange.ECDHe,
+            Authentication.ECDH,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C02F
+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256("ECDHE-RSA-AES128-GCM-SHA256",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C030
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384("ECDHE-RSA-AES256-GCM-SHA384",
+            KeyExchange.EECDH,
+            Authentication.RSA,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // Cipher C031
+    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256("ECDH-RSA-AES128-GCM-SHA256",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.AES128GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            128,
+            128
+    ),
+    // Cipher C032
+    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384("ECDH-RSA-AES256-GCM-SHA384",
+            KeyExchange.ECDHr,
+            Authentication.ECDH,
+            Encryption.AES256GCM,
+            MessageDigest.AEAD,
+            Protocol.TLSv1_2,
+            false,
+            EncryptionLevel.HIGH,
+            true,
+            256,
+            256
+    ),
+    // RC4_128_WITH_MD5
+    SSL_CK_RC4_128_WITH_MD5("RC4-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.SSLv2,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // RC4_128_EXPORT40_WITH_MD5
+    SSL_CK_RC4_128_EXPORT40_WITH_MD5("EXP-RC4-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC4,
+            MessageDigest.MD5,
+            Protocol.SSLv2,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128
+    ),
+    // RC2_128_CBC_WITH_MD5
+    SSL_CK_RC2_128_CBC_WITH_MD5("RC2-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC2,
+            MessageDigest.MD5,
+            Protocol.SSLv2,
+            false,
+            EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // RC2_128_CBC_EXPORT40_WITH_MD5
+    SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5("EXP-RC2-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.RC2,
+            MessageDigest.MD5,
+            Protocol.SSLv2,
+            true,
+            EncryptionLevel.EXP40,
+            false,
+            40,
+            128
+    ),
+    // IDEA_128_CBC_WITH_MD5
+    SSL_CK_IDEA_128_CBC_WITH_MD5("IDEA-CBC-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.IDEA,
+            MessageDigest.MD5,
+            Protocol.SSLv2,
+            false, EncryptionLevel.MEDIUM,
+            false,
+            128,
+            128
+    ),
+    // DES_64_CBC_WITH_MD5
+    SSL_CK_DES_64_CBC_WITH_MD5("DES-CBC-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.DES,
+            MessageDigest.MD5,
+            Protocol.SSLv2,
+            false,
+            EncryptionLevel.LOW,
+            false,
+            56,
+            56
+    ),
+    // DES_192_EDE3_CBC_WITH_MD5
+    SSL_CK_DES_192_EDE3_CBC_WITH_MD5("DES-CBC3-MD5",
+            KeyExchange.RSA,
+            Authentication.RSA,
+            Encryption.TRIPLE_DES,
+            MessageDigest.MD5,
+            Protocol.SSLv2,
+            false,
+            EncryptionLevel.HIGH,
+            false,
+            168,
+            168
+    );
+
+    /* TEMP_GOST_TLS*/
+    /*
+    // Cipher FF00
+     TLS_GOSTR341094_RSA_WITH_28147_CNT_MD5("GOST-MD5",
+     KeyExchange.RSA,
+     Authentication.RSA,
+     Encryption.eGOST2814789CNT,
+     MessageDigest.MD5,
+     Protocol.TLSv1,
+     false, EncryptionLevel.HIGH,false,
+
+     256,
+     256,
+     ),
+     TLS_RSA_WITH_28147_CNT_GOST94(
+     "GOST-GOST94",
+     KeyExchange.RSA,
+     Authentication.RSA,
+     Encryption.eGOST2814789CNT,
+     MessageDigest.GOST94,
+     Protocol.TLSv1,
+     false, EncryptionLevel.HIGH,false,
+
+     256,
+     256
+     ),
+     {
+     1,
+     "GOST-GOST89MAC",
+     0x0300ff02,
+     KeyExchange.RSA,
+     Authentication.RSA,
+     Encryption.eGOST2814789CNT,
+     MessageDigest.GOST89MAC,
+     Protocol.TLSv1,
+     false, EncryptionLevel.HIGH,false,
+
+     256,
+     256
+     ),
+     {
+     1,
+     "GOST-GOST89STREAM",
+     0x0300ff03,
+     KeyExchange.RSA,
+     Authentication.RSA,
+     Encryption.eGOST2814789CNT,
+     MessageDigest.GOST89MAC,
+     Protocol.TLSv1,
+     false, EncryptionLevel.HIGH,false,
+
+     256,
+     256
+     };*/
+    private final String openSSLAlias;
+    private final KeyExchange kx;
+    private final Authentication au;
+    private final Encryption enc;
+    private final MessageDigest mac;
+    private final Protocol protocol;
+    private final boolean export;
+    private final EncryptionLevel level;
+    private final boolean fipsCompatible;
+    /**
+     * Number of bits really used
+     */
+    private final int strength_bits;
+    /**
+     * Number of bits for algorithm
+     */
+    private final int alg_bits;
+
+    Ciphers(String openSSLAlias, KeyExchange kx, Authentication au,
+            Encryption enc, MessageDigest mac, Protocol protocol, boolean export,
+            EncryptionLevel level, boolean fipsCompatible, int strength_bits,
+            int alg_bits) {
+        this.openSSLAlias = openSSLAlias;
+        this.kx = kx;
+        this.au = au;
+        this.enc = enc;
+        this.mac = mac;
+        this.protocol = protocol;
+        this.export = export;
+        this.level = level;
+        this.fipsCompatible = fipsCompatible;
+        this.strength_bits = strength_bits;
+        this.alg_bits = alg_bits;
+    }
+
+    public String getOpenSSLAlias() {
+        return openSSLAlias;
+    }
+
+    public KeyExchange getKx() {
+        return kx;
+    }
+
+    public Authentication getAu() {
+        return au;
+    }
+
+    public Encryption getEnc() {
+        return enc;
+    }
+
+    public MessageDigest getMac() {
+        return mac;
+    }
+
+    public Protocol getProtocol() {
+        return protocol;
+    }
+
+    public boolean isExport() {
+        return export;
+    }
+
+    public EncryptionLevel getLevel() {
+        return level;
+    }
+
+    public boolean isFipsCompatible() {
+        return fipsCompatible;
+    }
+
+    public int getStrength_bits() {
+        return strength_bits;
+    }
+
+    public int getAlg_bits() {
+        return alg_bits;
+    }
+
+}

Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java?rev=1608840&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Encryption.java Tue Jul  8 16:20:54 2014
@@ -0,0 +1,22 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse.openssl;
+
+enum Encryption {
+    AES256GCM, AES256, AES128GCM, AES128, CAMELLIA256, CAMELLIA128, TRIPLE_DES, DES, IDEA, eGOST2814789CNT, SEED, FZA, RC4, RC2, eNULL;
+}

Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java?rev=1608840&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/EncryptionLevel.java Tue Jul  8 16:20:54 2014
@@ -0,0 +1,22 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse.openssl;
+
+enum EncryptionLevel {
+    STRONG_NONE, EXP40, EXP56, LOW, MEDIUM, HIGH, FIPS;
+}

Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java?rev=1608840&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/KeyExchange.java Tue Jul  8 16:20:54 2014
@@ -0,0 +1,33 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse.openssl;
+
+enum KeyExchange {
+    EECDH /* ephemeral ECDH */,
+    RSA /* RSA key exchange */,
+    DHr /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */,
+    DHd /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */,
+    EDH /* tmp DH key no DH cert */,
+    PSK /* PSK */,
+    FZA /* Fortezza */  /* no such ciphersuite supported! */,
+    KRB5 /* Kerberos 5 key exchange */,
+    ECDHr /* ECDH cert, RSA CA cert */,
+    ECDHe /* ECDH cert, ECDSA CA cert */,
+    GOST /* GOST key exchange */,
+    SRP /* SRP */;
+}

Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java?rev=1608840&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/MessageDigest.java Tue Jul  8 16:20:54 2014
@@ -0,0 +1,22 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.tomcat.util.net.jsse.openssl;
+
+enum MessageDigest {
+    MD5, SHA1, GOST94, GOST89MAC, SHA256, SHA384, AEAD;
+}



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message