diff options
author | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2013-09-19 20:26:57 +0000 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2013-09-19 20:26:57 +0000 |
commit | cf7f5dd3ad4eaebba00c8b4a85be90ed522d6a04 (patch) | |
tree | 455eb6c6d118e90a56bf8bfe723bb6aed0c48048 /epan | |
parent | f4a4271320f90dcad22471c165203741390aac29 (diff) |
From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144 [PATCH] Update TLS Ciphers
Correct cipher suites list, add TLS_ annotations
Add official TLS_ names as comment and correct:
- 6: RC2 is a block cipher using MD5, not stream+SHA.
- 25,26,27: should be SHA instead of MD5
- 98: DES export is a block cipher using 56-bits[1], not stream.
- 99: DES export should be using 56-bits[1].
- 138: removed commented RC4 cipher because it is not a block cipher
Besides these comments and corrections, there are no further changes.
[1]: http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-00
svn path=/trunk/; revision=52148
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 75 |
1 files changed, 37 insertions, 38 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 4248fd5584..68b4b6bb1e 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -1763,48 +1763,48 @@ static const gchar *ciphers[]={ }; static SslCipherSuite cipher_suites[]={ - {1,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_MD5, SSL_CIPHER_MODE_STREAM}, - {2,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, - {3,KEX_RSA,SIG_RSA,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM}, - {4,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM}, - {5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, - {6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_SHA, SSL_CIPHER_MODE_STREAM}, - {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {14,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {15,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {16,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {17,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {18,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {19,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {20,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, - {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM}, - {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM}, - {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5, SSL_CIPHER_MODE_CBC}, - {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5, SSL_CIPHER_MODE_CBC}, - {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5, SSL_CIPHER_MODE_CBC}, - {47,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, + {1,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */ + {2,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */ + {3,KEX_RSA,SIG_RSA,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ + {4,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */ + {5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */ + {6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_MD5, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ + {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_IDEA_CBC_SHA */ + {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ + {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_DES_CBC_SHA */ + {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */ + {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ + {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_DES_CBC_SHA */ + {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */ + {14,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ + {15,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_DES_CBC_SHA */ + {16,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */ + {17,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ + {18,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */ + {19,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */ + {20,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ + {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */ + {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ + {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ + {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */ + {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ + {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_DES_CBC_SHA */ + {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */ + {47,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_128_CBC_SHA */ {48,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */ {49,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */ {50,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */ - {51,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, + {51,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ {52,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ - {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, + {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_256_CBC_SHA */ {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */ {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */ {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */ {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */ - {59,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM}, - {60,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, - {61,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, + {59,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */ + {60,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ + {61,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ {62,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */ {63,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */ {64,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */ @@ -1816,8 +1816,8 @@ static SslCipherSuite cipher_suites[]={ {70,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */ {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM}, {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM}, - {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_STREAM}, - {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, + {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ + {99,KEX_DH,SIG_DSS,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM}, {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM}, {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, @@ -1825,7 +1825,7 @@ static SslCipherSuite cipher_suites[]={ {104,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */ {105,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */ {106,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */ - {107,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, + {107,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ {108,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */ {109,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */ {132,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ @@ -1834,7 +1834,6 @@ static SslCipherSuite cipher_suites[]={ {135,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */ {136,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ {137,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */ - /*{138,KEX_PSK,SIG_RSA,ENC_RC4,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},*/ {139,KEX_PSK,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, {140,KEX_PSK,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, {141,KEX_PSK,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, @@ -1884,7 +1883,7 @@ static SslCipherSuite cipher_suites[]={ {49166,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ {49167,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ {49168,KEX_DH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */ - {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ + {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ {49170,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ {49171,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ {49172,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ |