Update offered ciphers
Dropped support for non-ephemeral Diffie-Hellman cipher suites, anonymous
authentication, some DES cipher suites, and export cipher suites.
(cherry picked from commit 90b217a3543f119bb7aa20d7a0e55fd5343e9ce7)
Bug: 21522548
Change-Id: Ie2048d303890935969cc7c1ac7bc9d93705c7a90
diff --git a/luni/src/main/java/javax/net/ssl/SSLEngine.java b/luni/src/main/java/javax/net/ssl/SSLEngine.java
index 1d3d73a..0f94f41 100644
--- a/luni/src/main/java/javax/net/ssl/SSLEngine.java
+++ b/luni/src/main/java/javax/net/ssl/SSLEngine.java
@@ -88,52 +88,52 @@
* </tr>
* <tr>
* <td>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_DHE_RSA_WITH_DES_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_DH_anon_WITH_DES_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_DH_anon_WITH_RC4_128_MD5</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_RSA_EXPORT_WITH_RC4_40_MD5</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
@@ -143,17 +143,17 @@
* </tr>
* <tr>
* <td>SSL_RSA_WITH_DES_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_RSA_WITH_NULL_MD5</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_RSA_WITH_NULL_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
@@ -298,32 +298,32 @@
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_128_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_128_CBC_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_128_GCM_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_256_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_256_CBC_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_256_GCM_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
@@ -333,7 +333,7 @@
* </tr>
* <tr>
* <td>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
@@ -368,7 +368,7 @@
* </tr>
* <tr>
* <td>TLS_ECDHE_ECDSA_WITH_NULL_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
@@ -378,7 +378,7 @@
* </tr>
* <tr>
* <td>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
@@ -413,7 +413,7 @@
* </tr>
* <tr>
* <td>TLS_ECDHE_RSA_WITH_NULL_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
@@ -423,117 +423,117 @@
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_NULL_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_NULL_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_RC4_128_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_AES_256_CBC_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_NULL_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_RC4_128_SHA</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
@@ -563,7 +563,7 @@
* </tr>
* <tr>
* <td>TLS_PSK_WITH_3DES_EDE_CBC_SHA</td>
- * <td>21+</td>
+ * <td>21–22</td>
* <td></td>
* </tr>
* <tr>
@@ -638,7 +638,7 @@
* </tr>
* <tr>
* <td>TLS_RSA_WITH_NULL_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* </tbody>
diff --git a/luni/src/main/java/javax/net/ssl/SSLSocket.java b/luni/src/main/java/javax/net/ssl/SSLSocket.java
index e60bad1..50db129 100644
--- a/luni/src/main/java/javax/net/ssl/SSLSocket.java
+++ b/luni/src/main/java/javax/net/ssl/SSLSocket.java
@@ -132,52 +132,52 @@
* </tr>
* <tr>
* <td>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_DHE_RSA_WITH_DES_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_DH_anon_WITH_DES_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_DH_anon_WITH_RC4_128_MD5</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_RSA_EXPORT_WITH_RC4_40_MD5</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
@@ -187,17 +187,17 @@
* </tr>
* <tr>
* <td>SSL_RSA_WITH_DES_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td>9–19</td>
* </tr>
* <tr>
* <td>SSL_RSA_WITH_NULL_MD5</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>SSL_RSA_WITH_NULL_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
@@ -272,37 +272,37 @@
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_128_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_128_CBC_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_128_GCM_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_256_CBC_SHA</td>
- * <td>9+</td>
+ * <td>9–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_256_CBC_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_DH_anon_WITH_AES_256_GCM_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
@@ -337,7 +337,7 @@
* </tr>
* <tr>
* <td>TLS_ECDHE_ECDSA_WITH_NULL_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
@@ -357,7 +357,7 @@
* </tr>
* <tr>
* <td>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
@@ -392,7 +392,7 @@
* </tr>
* <tr>
* <td>TLS_ECDHE_RSA_WITH_NULL_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
@@ -402,117 +402,117 @@
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_NULL_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_NULL_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_RSA_WITH_RC4_128_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td>11–19</td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_AES_256_CBC_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_NULL_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
* <td>TLS_ECDH_anon_WITH_RC4_128_SHA</td>
- * <td>11+</td>
+ * <td>11–22</td>
* <td></td>
* </tr>
* <tr>
@@ -527,7 +527,7 @@
* </tr>
* <tr>
* <td>TLS_PSK_WITH_3DES_EDE_CBC_SHA</td>
- * <td>21+</td>
+ * <td>21–22</td>
* <td></td>
* </tr>
* <tr>
@@ -577,7 +577,7 @@
* </tr>
* <tr>
* <td>TLS_RSA_WITH_NULL_SHA256</td>
- * <td>20+</td>
+ * <td>20–22</td>
* <td></td>
* </tr>
* </tbody>
@@ -621,7 +621,7 @@
* <tr>
* <td>DES-CBC-SHA</td>
* <td>SSL_RSA_WITH_DES_CBC_SHA</td>
- * <td>1+</td>
+ * <td>1–22</td>
* <td>1–19</td>
* </tr>
* <tr>
@@ -675,19 +675,19 @@
* <tr>
* <td>EDH-RSA-DES-CBC-SHA</td>
* <td>SSL_DHE_RSA_WITH_DES_CBC_SHA</td>
- * <td>1+</td>
+ * <td>1–22</td>
* <td>1–19</td>
* </tr>
* <tr>
* <td>EDH-RSA-DES-CBC3-SHA</td>
* <td>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
- * <td>1+</td>
+ * <td>1–22</td>
* <td>1–19</td>
* </tr>
* <tr>
* <td>EXP-DES-CBC-SHA</td>
* <td>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
- * <td>1+</td>
+ * <td>1–22</td>
* <td>1–19</td>
* </tr>
* <tr>
@@ -699,7 +699,7 @@
* <tr>
* <td>EXP-EDH-RSA-DES-CBC-SHA</td>
* <td>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
- * <td>1+</td>
+ * <td>1–22</td>
* <td>1–19</td>
* </tr>
* <tr>
@@ -711,7 +711,7 @@
* <tr>
* <td>EXP-RC4-MD5</td>
* <td>SSL_RSA_EXPORT_WITH_RC4_40_MD5</td>
- * <td>1+</td>
+ * <td>1–22</td>
* <td>1–19</td>
* </tr>
* <tr>
diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java
index 793c409..9ae6e4b 100644
--- a/support/src/test/java/libcore/java/security/StandardNames.java
+++ b/support/src/test/java/libcore/java/security/StandardNames.java
@@ -718,30 +718,18 @@
addBoth( "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
addBoth( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
addBoth( "TLS_RSA_WITH_AES_256_CBC_SHA");
- addBoth( "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- addBoth( "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
addBoth( "TLS_DHE_RSA_WITH_AES_256_CBC_SHA");
addBoth( "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
addBoth( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
addBoth( "TLS_RSA_WITH_AES_128_CBC_SHA");
- addBoth( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
- addBoth( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
addBoth( "TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
addBoth( "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
addBoth( "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
addBoth( "SSL_RSA_WITH_RC4_128_SHA");
- addBoth( "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
- addBoth( "TLS_ECDH_RSA_WITH_RC4_128_SHA");
- addBoth( "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
- addBoth( "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
addBoth( "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
- addBoth( "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
- addBoth( "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
- addBoth( "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA");
addBoth( "SSL_RSA_WITH_RC4_128_MD5");
// TLSv1.2 cipher suites
- addBoth( "TLS_RSA_WITH_NULL_SHA256");
addBoth( "TLS_RSA_WITH_AES_128_CBC_SHA256");
addBoth( "TLS_RSA_WITH_AES_256_CBC_SHA256");
addOpenSsl("TLS_RSA_WITH_AES_128_GCM_SHA256");
@@ -750,14 +738,6 @@
addBoth( "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256");
addOpenSsl("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256");
addOpenSsl("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
- addBoth( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256");
- addBoth( "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384");
- addOpenSsl("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256");
- addOpenSsl("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384");
- addBoth( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256");
- addBoth( "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384");
- addOpenSsl("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
- addOpenSsl("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384");
addBoth( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
addBoth( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
addOpenSsl("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
@@ -766,14 +746,9 @@
addBoth( "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
- addBoth( "TLS_DH_anon_WITH_AES_128_CBC_SHA256");
- addBoth( "TLS_DH_anon_WITH_AES_256_CBC_SHA256");
- addOpenSsl("TLS_DH_anon_WITH_AES_128_GCM_SHA256");
- addOpenSsl("TLS_DH_anon_WITH_AES_256_GCM_SHA384");
// Pre-Shared Key (PSK) cipher suites
addOpenSsl("TLS_PSK_WITH_RC4_128_SHA");
- addOpenSsl("TLS_PSK_WITH_3DES_EDE_CBC_SHA");
addOpenSsl("TLS_PSK_WITH_AES_128_CBC_SHA");
addOpenSsl("TLS_PSK_WITH_AES_256_CBC_SHA");
addOpenSsl("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA");
@@ -787,29 +762,6 @@
addOpenSsl(CIPHER_SUITE_FALLBACK);
// non-defaultCipherSuites
- addBoth( "TLS_ECDH_anon_WITH_AES_256_CBC_SHA");
- addBoth( "TLS_DH_anon_WITH_AES_256_CBC_SHA");
- addBoth( "TLS_ECDH_anon_WITH_AES_128_CBC_SHA");
- addBoth( "TLS_DH_anon_WITH_AES_128_CBC_SHA");
- addBoth( "TLS_ECDH_anon_WITH_RC4_128_SHA");
- addBoth( "SSL_DH_anon_WITH_RC4_128_MD5");
- addBoth( "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA");
- addBoth( "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
- addBoth( "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
- addBoth( "TLS_ECDHE_RSA_WITH_NULL_SHA");
- addBoth( "SSL_RSA_WITH_NULL_SHA");
- addBoth( "TLS_ECDH_ECDSA_WITH_NULL_SHA");
- addBoth( "TLS_ECDH_RSA_WITH_NULL_SHA");
- addBoth( "TLS_ECDH_anon_WITH_NULL_SHA");
- addBoth( "SSL_RSA_WITH_NULL_MD5");
- addBoth( "SSL_RSA_WITH_DES_CBC_SHA");
- addBoth( "SSL_DHE_RSA_WITH_DES_CBC_SHA");
- addBoth( "SSL_DH_anon_WITH_DES_CBC_SHA");
- addBoth( "SSL_RSA_EXPORT_WITH_RC4_40_MD5");
- addBoth( "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5");
- addBoth( "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA");
- addBoth( "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA");
- addBoth( "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA");
// Android does not have Kerberos support
addRi( "TLS_KRB5_WITH_RC4_128_SHA");
@@ -837,6 +789,54 @@
// Dropped
addNeither("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA");
addNeither("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA");
+ addRi( "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA");
+ addRi( "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA");
+ addRi( "SSL_DHE_RSA_WITH_DES_CBC_SHA");
+ addRi( "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA");
+ addRi( "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5");
+ addRi( "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
+ addRi( "SSL_DH_anon_WITH_DES_CBC_SHA");
+ addRi( "SSL_DH_anon_WITH_RC4_128_MD5");
+ addRi( "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA");
+ addRi( "SSL_RSA_EXPORT_WITH_RC4_40_MD5");
+ addRi( "SSL_RSA_WITH_DES_CBC_SHA");
+ addRi( "SSL_RSA_WITH_NULL_MD5");
+ addRi( "SSL_RSA_WITH_NULL_SHA");
+ addRi( "TLS_DH_anon_WITH_AES_128_CBC_SHA");
+ addRi( "TLS_DH_anon_WITH_AES_128_CBC_SHA256");
+ addNeither("TLS_DH_anon_WITH_AES_128_GCM_SHA256");
+ addRi( "TLS_DH_anon_WITH_AES_256_CBC_SHA");
+ addRi( "TLS_DH_anon_WITH_AES_256_CBC_SHA256");
+ addNeither("TLS_DH_anon_WITH_AES_256_GCM_SHA384");
+ addRi( "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
+ addRi( "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
+ addRi( "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
+ addRi( "TLS_ECDHE_RSA_WITH_NULL_SHA");
+ addRi( "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
+ addRi( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
+ addRi( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256");
+ addNeither("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
+ addRi( "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ addRi( "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384");
+ addNeither("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384");
+ addRi( "TLS_ECDH_ECDSA_WITH_NULL_SHA");
+ addRi( "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
+ addRi( "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
+ addRi( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
+ addRi( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256");
+ addNeither("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256");
+ addRi( "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
+ addRi( "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384");
+ addNeither("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384");
+ addRi( "TLS_ECDH_RSA_WITH_NULL_SHA");
+ addRi( "TLS_ECDH_RSA_WITH_RC4_128_SHA");
+ addRi( "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA");
+ addRi( "TLS_ECDH_anon_WITH_AES_128_CBC_SHA");
+ addRi( "TLS_ECDH_anon_WITH_AES_256_CBC_SHA");
+ addRi( "TLS_ECDH_anon_WITH_NULL_SHA");
+ addRi( "TLS_ECDH_anon_WITH_RC4_128_SHA");
+ addNeither("TLS_PSK_WITH_3DES_EDE_CBC_SHA");
+ addRi( "TLS_RSA_WITH_NULL_SHA256");
// Old non standard exportable encryption
addNeither("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA");