From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144 [PATCH] Update TLS Ciphers

Correct cipher suites list, add TLS_ annotations

Add official TLS_ names as comment and correct:
- 6: RC2 is a block cipher using MD5, not stream+SHA.
- 25,26,27: should be SHA instead of MD5
- 98: DES export is a block cipher using 56-bits[1], not stream.
- 99: DES export should be using 56-bits[1].
- 138: removed commented RC4 cipher because it is not a block cipher

Besides these comments and corrections, there are no further changes.

 [1]: http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-00

svn path=/trunk/; revision=52148

1 files changed, 37 insertions, 38 deletions

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 4248fd5584..68b4b6bb1e 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -1763,48 +1763,48 @@ static const gchar *ciphers[]={
 };
 
 static SslCipherSuite cipher_suites[]={
-    {1,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_MD5, SSL_CIPHER_MODE_STREAM},
-    {2,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},
-    {3,KEX_RSA,SIG_RSA,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM},
-    {4,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM},
-    {5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},
-    {6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_SHA, SSL_CIPHER_MODE_STREAM},
-    {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {14,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {15,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {16,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {17,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {18,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {19,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {20,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
-    {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM},
-    {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM},
-    {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5, SSL_CIPHER_MODE_CBC},
-    {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5, SSL_CIPHER_MODE_CBC},
-    {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5, SSL_CIPHER_MODE_CBC},
-    {47,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
+    {1,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_MD5 */
+    {2,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_SHA */
+    {3,KEX_RSA,SIG_RSA,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
+    {4,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_RC4_128_MD5 */
+    {5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_RC4_128_SHA */
+    {6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_MD5, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
+    {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_IDEA_CBC_SHA */
+    {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
+    {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_DES_CBC_SHA */
+    {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
+    {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
+    {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_DES_CBC_SHA */
+    {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
+    {14,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
+    {15,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_DES_CBC_SHA */
+    {16,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
+    {17,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
+    {18,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
+    {19,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
+    {20,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
+    {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
+    {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
+    {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
+    {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_DH_anon_WITH_RC4_128_MD5 */
+    {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
+    {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_DES_CBC_SHA */
+    {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
+    {47,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_128_CBC_SHA */
     {48,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
     {49,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
     {50,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */
-    {51,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
+    {51,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
     {52,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_128_CBC_SHA */
-    {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},
+    {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_256_CBC_SHA */
     {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */
     {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */
     {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */
     {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */
     {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_256_CBC_SHA */
-    {59,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM},
-    {60,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},
-    {61,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},
+    {59,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_SHA256 */
+    {60,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_128_CBC_SHA256 */
+    {61,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_256_CBC_SHA256 */
     {62,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */
     {63,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */
     {64,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */
@@ -1816,8 +1816,8 @@ static SslCipherSuite cipher_suites[]={
     {70,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */
     {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
     {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
-    {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_STREAM},
-    {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},
+    {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
+    {99,KEX_DH,SIG_DSS,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */
     {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
     {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
     {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},
@@ -1825,7 +1825,7 @@ static SslCipherSuite cipher_suites[]={
     {104,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */
     {105,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */
     {106,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */
-    {107,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},
+    {107,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
     {108,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
     {109,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
     {132,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */
@@ -1834,7 +1834,6 @@ static SslCipherSuite cipher_suites[]={
     {135,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
     {136,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
     {137,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
-    /*{138,KEX_PSK,SIG_RSA,ENC_RC4,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},*/
     {139,KEX_PSK,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
     {140,KEX_PSK,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
     {141,KEX_PSK,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},
@@ -1884,7 +1883,7 @@ static SslCipherSuite cipher_suites[]={
     {49166,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
     {49167,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
     {49168,KEX_DH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_NULL_SHA */
-    {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},    /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+    {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
     {49170,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
     {49171,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
     {49172,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */