curl/docs/CIPHERS.md
Daniel Stenberg 067992baa7
docs/CIPHERS: fix the TLS 1.3 cipher names
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html

Reported-by: Ricky-Tigg on github
Bug: #3178
2018-10-27 10:46:36 +02:00

10 KiB

Ciphers

With curl's options CURLOPT_SSL_CIPHER_LIST and --ciphers users can control which ciphers to consider when negotiating TLS connections.

TLS 1.3 ciphers are supported since curl 7.61 with options CURLOPT_TLS13_CIPHERS and --tls13-ciphers .

The names of the known ciphers differ depending on which TLS backend that libcurl was built to use. This is an attempt to list known cipher names.

OpenSSL

(based on OpenSSL docs)

When specifying multiple cipher names, separate them with colon (:).

SSL3 cipher suites

NULL-MD5 NULL-SHA RC4-MD5 RC4-SHA IDEA-CBC-SHA DES-CBC3-SHA DH-DSS-DES-CBC3-SHA DH-RSA-DES-CBC3-SHA DHE-DSS-DES-CBC3-SHA DHE-RSA-DES-CBC3-SHA ADH-RC4-MD5 ADH-DES-CBC3-SHA

TLS v1.0 cipher suites

NULL-MD5 NULL-SHA RC4-MD5 RC4-SHA IDEA-CBC-SHA DES-CBC3-SHA DHE-DSS-DES-CBC3-SHA DHE-RSA-DES-CBC3-SHA ADH-RC4-MD5 ADH-DES-CBC3-SHA

AES ciphersuites from RFC3268, extending TLS v1.0

AES128-SHA AES256-SHA DH-DSS-AES128-SHA DH-DSS-AES256-SHA DH-RSA-AES128-SHA DH-RSA-AES256-SHA DHE-DSS-AES128-SHA DHE-DSS-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ADH-AES128-SHA ADH-AES256-SHA

SEED ciphersuites from RFC4162, extending TLS v1.0

SEED-SHA DH-DSS-SEED-SHA DH-RSA-SEED-SHA DHE-DSS-SEED-SHA DHE-RSA-SEED-SHA ADH-SEED-SHA

GOST ciphersuites, extending TLS v1.0

GOST94-GOST89-GOST89 GOST2001-GOST89-GOST89 GOST94-NULL-GOST94 GOST2001-NULL-GOST94

Elliptic curve cipher suites

ECDHE-RSA-NULL-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-ECDSA-NULL-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA AECDH-NULL-SHA AECDH-RC4-SHA AECDH-DES-CBC3-SHA AECDH-AES128-SHA AECDH-AES256-SHA

TLS v1.2 cipher suites

NULL-SHA256 AES128-SHA256 AES256-SHA256 AES128-GCM-SHA256 AES256-GCM-SHA384 DH-RSA-AES128-SHA256 DH-RSA-AES256-SHA256 DH-RSA-AES128-GCM-SHA256 DH-RSA-AES256-GCM-SHA384 DH-DSS-AES128-SHA256 DH-DSS-AES256-SHA256 DH-DSS-AES128-GCM-SHA256 DH-DSS-AES256-GCM-SHA384 DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-DSS-AES128-SHA256 DHE-DSS-AES256-SHA256 DHE-DSS-AES128-GCM-SHA256 DHE-DSS-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ADH-AES128-SHA256 ADH-AES256-SHA256 ADH-AES128-GCM-SHA256 ADH-AES256-GCM-SHA384 AES128-CCM AES256-CCM DHE-RSA-AES128-CCM DHE-RSA-AES256-CCM AES128-CCM8 AES256-CCM8 DHE-RSA-AES128-CCM8 DHE-RSA-AES256-CCM8 ECDHE-ECDSA-AES128-CCM ECDHE-ECDSA-AES256-CCM ECDHE-ECDSA-AES128-CCM8 ECDHE-ECDSA-AES256-CCM8

Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2

ECDHE-ECDSA-CAMELLIA128-SHA256 ECDHE-ECDSA-CAMELLIA256-SHA384 ECDHE-RSA-CAMELLIA128-SHA256 ECDHE-RSA-CAMELLIA256-SHA384

TLS 1.3 cipher suites

(Note these ciphers are set with CURLOPT_TLS13_CIPHERS and --tls13-ciphers)

TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_SHA256

NSS

Totally insecure

rc4 rc4-md5 rc4export rc2 rc2export des desede3

SSL3/TLS cipher suites

rsa_rc4_128_md5 rsa_rc4_128_sha rsa_3des_sha rsa_des_sha rsa_rc4_40_md5 rsa_rc2_40_md5 rsa_null_md5 rsa_null_sha fips_3des_sha fips_des_sha fortezza fortezza_rc4_128_sha fortezza_null

TLS 1.0 Exportable 56-bit Cipher Suites

rsa_des_56_sha rsa_rc4_56_sha

AES ciphers

dhe_dss_aes_128_cbc_sha dhe_dss_aes_256_cbc_sha dhe_rsa_aes_128_cbc_sha dhe_rsa_aes_256_cbc_sha rsa_aes_128_sha rsa_aes_256_sha

ECC ciphers

ecdh_ecdsa_null_sha ecdh_ecdsa_rc4_128_sha ecdh_ecdsa_3des_sha ecdh_ecdsa_aes_128_sha ecdh_ecdsa_aes_256_sha ecdhe_ecdsa_null_sha ecdhe_ecdsa_rc4_128_sha ecdhe_ecdsa_3des_sha ecdhe_ecdsa_aes_128_sha ecdhe_ecdsa_aes_256_sha ecdh_rsa_null_sha ecdh_rsa_128_sha ecdh_rsa_3des_sha ecdh_rsa_aes_128_sha ecdh_rsa_aes_256_sha ecdhe_rsa_null ecdhe_rsa_rc4_128_sha ecdhe_rsa_3des_sha ecdhe_rsa_aes_128_sha ecdhe_rsa_aes_256_sha ecdh_anon_null_sha ecdh_anon_rc4_128sha ecdh_anon_3des_sha ecdh_anon_aes_128_sha ecdh_anon_aes_256_sha

HMAC-SHA256 cipher suites

rsa_null_sha_256 rsa_aes_128_cbc_sha_256 rsa_aes_256_cbc_sha_256 dhe_rsa_aes_128_cbc_sha_256 dhe_rsa_aes_256_cbc_sha_256 ecdhe_ecdsa_aes_128_cbc_sha_256 ecdhe_rsa_aes_128_cbc_sha_256

AES GCM cipher suites in RFC 5288 and RFC 5289

rsa_aes_128_gcm_sha_256 dhe_rsa_aes_128_gcm_sha_256 dhe_dss_aes_128_gcm_sha_256 ecdhe_ecdsa_aes_128_gcm_sha_256 ecdh_ecdsa_aes_128_gcm_sha_256 ecdhe_rsa_aes_128_gcm_sha_256 ecdh_rsa_aes_128_gcm_sha_256

cipher suites using SHA384

rsa_aes_256_gcm_sha_384 dhe_rsa_aes_256_gcm_sha_384 dhe_dss_aes_256_gcm_sha_384 ecdhe_ecdsa_aes_256_sha_384 ecdhe_rsa_aes_256_sha_384 ecdhe_ecdsa_aes_256_gcm_sha_384 ecdhe_rsa_aes_256_gcm_sha_384

chacha20-poly1305 cipher suites

ecdhe_rsa_chacha20_poly1305_sha_256 ecdhe_ecdsa_chacha20_poly1305_sha_256 dhe_rsa_chacha20_poly1305_sha_256

GSKit

Ciphers are internally defined as numeric codes (https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/apis/gsk_attribute_set_buffer.htm), but libcurl maps them to the following case-insensitive names.

SSL2 cipher suites (insecure: disabled by default)

rc2-md5 rc4-md5 exp-rc2-md5 exp-rc4-md5 des-cbc-md5 des-cbc3-md5

SSL3 cipher suites

null-md5 null-sha rc4-md5 rc4-sha exp-rc2-cbc-md5 exp-rc4-md5 exp-des-cbc-sha des-cbc3-sha

TLS v1.0 cipher suites

null-md5 null-sha rc4-md5 rc4-sha exp-rc2-cbc-md5 exp-rc4-md5 exp-des-cbc-sha des-cbc3-sha aes128-sha aes256-sha

TLS v1.1 cipher suites

null-md5 null-sha rc4-md5 rc4-sha exp-des-cbc-sha des-cbc3-sha aes128-sha aes256-sha

TLS v1.2 cipher suites

null-md5 null-sha null-sha256 rc4-md5 rc4-sha des-cbc3-sha aes128-sha aes256-sha aes128-sha256 aes256-sha256 aes128-gcm-sha256 aes256-gcm-sha384

WolfSSL

RC4-SHA, RC4-MD5, DES-CBC3-SHA, AES128-SHA, AES256-SHA, NULL-SHA, NULL-SHA256, DHE-RSA-AES128-SHA, DHE-RSA-AES256-SHA, DHE-PSK-AES256-GCM-SHA384, DHE-PSK-AES128-GCM-SHA256, PSK-AES256-GCM-SHA384, PSK-AES128-GCM-SHA256, DHE-PSK-AES256-CBC-SHA384, DHE-PSK-AES128-CBC-SHA256, PSK-AES256-CBC-SHA384, PSK-AES128-CBC-SHA256, PSK-AES128-CBC-SHA, PSK-AES256-CBC-SHA, DHE-PSK-AES128-CCM, DHE-PSK-AES256-CCM, PSK-AES128-CCM, PSK-AES256-CCM, PSK-AES128-CCM-8, PSK-AES256-CCM-8, DHE-PSK-NULL-SHA384, DHE-PSK-NULL-SHA256, PSK-NULL-SHA384, PSK-NULL-SHA256, PSK-NULL-SHA, HC128-MD5, HC128-SHA, HC128-B2B256, AES128-B2B256, AES256-B2B256, RABBIT-SHA, NTRU-RC4-SHA, NTRU-DES-CBC3-SHA, NTRU-AES128-SHA, NTRU-AES256-SHA, AES128-CCM-8, AES256-CCM-8, ECDHE-ECDSA-AES128-CCM, ECDHE-ECDSA-AES128-CCM-8, ECDHE-ECDSA-AES256-CCM-8, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-RC4-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-ECDSA-RC4-SHA, ECDHE-ECDSA-DES-CBC3-SHA, AES128-SHA256, AES256-SHA256, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-SHA256, ECDH-RSA-AES128-SHA, ECDH-RSA-AES256-SHA, ECDH-ECDSA-AES128-SHA, ECDH-ECDSA-AES256-SHA, ECDH-RSA-RC4-SHA, ECDH-RSA-DES-CBC3-SHA, ECDH-ECDSA-RC4-SHA, ECDH-ECDSA-DES-CBC3-SHA, AES128-GCM-SHA256, AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDH-RSA-AES128-GCM-SHA256, ECDH-RSA-AES256-GCM-SHA384, ECDH-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES256-GCM-SHA384, CAMELLIA128-SHA, DHE-RSA-CAMELLIA128-SHA, CAMELLIA256-SHA, DHE-RSA-CAMELLIA256-SHA, CAMELLIA128-SHA256, DHE-RSA-CAMELLIA128-SHA256, CAMELLIA256-SHA256, DHE-RSA-CAMELLIA256-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDH-RSA-AES128-SHA256, ECDH-ECDSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDH-RSA-AES256-SHA384, ECDH-ECDSA-AES256-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-CHACHA20-POLY1305, DHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305-OLD, ECDHE-ECDSA-CHACHA20-POLY1305-OLD, DHE-RSA-CHACHA20-POLY1305-OLD, ADH-AES128-SHA, QSH, RENEGOTIATION-INFO, IDEA-CBC-SHA, ECDHE-ECDSA-NULL-SHA, ECDHE-PSK-NULL-SHA256, ECDHE-PSK-AES128-CBC-SHA256, PSK-CHACHA20-POLY1305, ECDHE-PSK-CHACHA20-POLY1305, DHE-PSK-CHACHA20-POLY1305, EDH-RSA-DES-CBC3-SHA,

WinSSL

WinSSL allows the enabling and disabling of encryption algorithms, but not specific ciphersuites. They are defined by Microsoft (https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549(v=vs.85).aspx)

CALG_MD2, CALG_MD4, CALG_MD5, CALG_SHA, CALG_SHA1, CALG_MAC, CALG_RSA_SIGN, CALG_DSS_SIGN, CALG_NO_SIGN, CALG_RSA_KEYX, CALG_DES, CALG_3DES_112, CALG_3DES, CALG_DESX, CALG_RC2, CALG_RC4, CALG_SEAL, CALG_DH_SF, CALG_DH_EPHEM, CALG_AGREEDKEY_ANY, CALG_HUGHES_MD5, CALG_SKIPJACK, CALG_TEK, CALG_CYLINK_MEK, CALG_SSL3_SHAMD5, CALG_SSL3_MASTER, CALG_SCHANNEL_MASTER_HASH, CALG_SCHANNEL_MAC_KEY, CALG_SCHANNEL_ENC_KEY, CALG_PCT1_MASTER, CALG_SSL2_MASTER, CALG_TLS1_MASTER, CALG_RC5, CALG_HMAC, CALG_TLS1PRF, CALG_HASH_REPLACE_OWF, CALG_AES_128, CALG_AES_192, CALG_AES_256, CALG_AES, CALG_SHA_256, CALG_SHA_384, CALG_SHA_512, CALG_ECDH, CALG_ECMQV, CALG_ECDSA,