SSL Protocol V. 3.0 - CipherSuite definitions

Appendix C

C. CipherSuite definitions

`CipherSuite`	`IsEx`	`Key Exchange`	`Cipher`	`Hash`
`SSL_NULL_WITH_NULL_NULL`	*	`NULL`	`NULL`	`NULL`
`SSL_RSA_WITH_NULL_MD5`	*	`RSA`	`NULL`	`MD5`
`SSL_RSA_WITH_NULL_SHA`	*	`RSA`	`NULL`	`SHA`
`SSL_RSA_EXPORT_WITH_RC4_40_MD5`	*	`RSA_EXPORT`	`RC4_40`	`MD5`
`SSL_RSA_WITH_RC4_128_MD5`		`RSA`	`RC4_128`	`MD5`
`SSL_RSA_WITH_RC4_128_SHA`		`RSA`	`RC4_128`	`SHA`
`SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5`	*	`RSA_EXPORT`	`RC2_CBC_40`	`MD5`
`SSL_RSA_WITH_IDEA_CBC_SHA`		`RSA`	`IDEA_CBC`	`SHA`
`SSL_RSA_EXPORT_WITH_DES40_CBC_SHA`	*	`RSA_EXPORT`	`DES40_CBC`	`SHA`
`SSL_RSA_WITH_DES_CBC_SHA`		`RSA`	`DES_CBC`	`SHA`
`SSL_RSA_WITH_3DES_EDE_CBC_SHA`		`RSA`	`3DES_EDE_CBC`	`SHA`
`SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA`	*	`DH_DSS_EXPORT`	`DES40_CBC`	`SHA`
`SSL_DH_DSS_WITH_DES_CBC_SHA`		`DH_DSS`	`DES_CBC`	`SHA`
`SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA`		`DH_DSS`	`3DES_EDE_CBC`	`SHA`
`SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA`	*	`DH_RSA_EXPORT`	`DES40_CBC`	`SHA`
`SSL_DH_RSA_WITH_DES_CBC_SHA`		`DH_RSA`	`DES_CBC`	`SHA`
`SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA`		`DH_RSA`	`3DES_EDE_CBC`	`SHA`
`SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA`	*	`DHE_DSS_EXPORT`	`DES40_CBC`	`SHA`
`SSL_DHE_DSS_WITH_DES_CBC_SHA`		`DHE_DSS`	`DES_CBC`	`SHA`
`SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA`		`DHE_DSS`	`3DES_EDE_CBC`	`SHA`
`SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA`	*	`DHE_RSA_EXPORT`	`DES40_CBC`	`SHA`
`SSL_DHE_RSA_WITH_DES_CBC_SHA`		`DHE_RSA`	`DES_CBC`	`SHA`
`SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA`		`DHE_RSA`	`3DES_EDE_CBC`	`SHA`
`SSL_DH_anon_EXPORT_WITH_RC4_40_MD5`	*	`DH_anon_EXPORT`	`RC4_40`	`MD5`
`SSL_DH_anon_WITH_RC4_128_MD5`		`DH_anon`	`RC4_128`	`MD5`
`SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA`		`DH_anon`	`DES40_CBC`	`SHA`
`SSL_DH_anon_WITH_DES_CBC_SHA`		`DH_anon`	`DES_CBC`	`SHA`
`SSL_DH_anon_WITH_3DES_EDE_CBC_SHA`		`DH_anon`	`3DES_EDE_CBC`	`SHA`
`SSL_FORTEZZA_DMS_WITH_NULL_SHA`		`FORTEZZA_DMS`	`NULL`	`SHA`
`SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA`		`FORTEZZA_DMS`	`FORTEZZA_CBC`	`SHA`

* indicates IsExportable is true.

`KeyAgreement`	`Description`	`Key size limit`
`DHE_DSS`	`Ephemeral DH with DSS signatures`	`None`
`DHE_DSS_EXPORT`	`Ephemeral DH with DSS signatures`	`DH = 512 bits`
`DHE_RSA`	`Ephemeral DH with RSA signatures`	`None`
`DHE_RSA_EXPORT`	`Ephemeral DH with RSA`	`DH = 512 bits, RSA = none`
`DH_anon`	`Anonymous DH, no signatures`	`None`
`DH_anon_EXPORT`	`Anonymous DH, no signatures`	`DH = 512 bits`
`DH_DSS`	`DH with DSS-based certificates`	`None`
`DH_DSS_EXPORT`	`DH with DSS-based certificates`	`DH = 512 bits`
`DH_RSA`	`DH with RSA-based certificates`	`None`
`DH_RSA_EXPORT`	`DH with RSA-based certificates`	`DH = 512 bits, RSA = none.`
`FORTEZZA_DMS`	`Fortezza DMS. Details unpublished.`	`N/A`
`NULL`	`No key exchange.`	`N/A`
`RSA`	`RSA key exchange.`	`None`
`RSA_EXPORT`	`RSA key exchange.`	`RSA = 512 bits.`

Key size limit: The key size limit gives the size of the largest public key that can be legally used for encryption in cipher suites that are exportable.

`Cipher`	`Cipher Type`	`IsEx`	`Key Material`	`Exp. Key Material`	`Effective Key Bits`	`IV_Size`	`Block Size`
`NULL`	`Stream`	`*`	`0`	`0`	`0`	`0`	`N/A`
`FORTEZZA_CBC`	`Block`		`NA (**)`	`12 (**)`	`96 (**)`	`20 (**)`	`8`
`IDEA_CBC`	`Block`		`16`	`16`	`128`	`8`	`8`
`RC2_CBC_40`	`Block`	`*`	`5`	`16`	`40`	`8`	`8`
`RC4_40`	`Stream`	`*`	`5`	`16`	`40`	`0`	`N/A`
`RC4_128`	`Stream`		`16`	`16`	`128`	`0`	`N/A`
`DES40_CBC`	`Block`	`*`	`5`	`8`	`40`	`8`	`8`
`DES_CBC`	`Block`		`8`	`8`	`56`	`8`	`8`
`3DES_EDE_CBC`	`Block`		`24`	`24`	`168`	`8`	`8`

* Indicares IsExportable is true.
** Fortezza uses its own key and IV generation algorithms.

Key Material: The number of bytes from the key_block that are used for generating the write keys.
Expanded Key Material: The number of bytes actually fed into the encryption algorithm.
Effective Key Bits: How much entropy material is in the key material being fed into the encryption routines.

`Hash function`	`HashSize`	`Padding Size`
`NULL`	`0`	`0`
`MD5`	`16`	`48`
`SHA`	`20`	`40`

Previous page | Next page | Contents