Skip to content

Commit

Permalink
Add cipher suite strings for IBM JRE (#126)
Browse files Browse the repository at this point in the history
Add cipher suite strings for IBM JRE into SuiteToOSSL mapping
Add EDCH/EDCHE SHA384 cipher suites into SuiteToOSSL mapping
Yuki authored and kares committed Mar 21, 2017
1 parent 2743c7c commit 580ea57
Showing 1 changed file with 89 additions and 0 deletions.
89 changes: 89 additions & 0 deletions src/main/java/org/jruby/ext/openssl/CipherStrings.java
Original file line number Diff line number Diff line change
@@ -1755,6 +1755,12 @@ private static Collection<Def> matchingPattern(
SSL_NOT_EXP|SSL_HIGH, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
));

SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", name = "ECDHE-ECDSA-AES256-SHA384");
CipherNames.put(name, new Def(name,
SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH, 256, 384, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
));

SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", name = "ECDHE-RSA-AES128-SHA");
CipherNames.put(name, new Def(name,
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
@@ -1773,6 +1779,12 @@ private static Collection<Def> matchingPattern(
SSL_NOT_EXP|SSL_HIGH, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
));

SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", name = "ECDHE-RSA-AES256-SHA384");
CipherNames.put(name, new Def(name,
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH, 256, 384, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
));

SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", name = "ECDH-ECDSA-AES128-SHA");
CipherNames.put(name, new Def(name,
SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
@@ -1791,6 +1803,12 @@ private static Collection<Def> matchingPattern(
SSL_NOT_EXP|SSL_HIGH, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
));

SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", name = "ECDH-ECDSA-AES256-SHA384");
CipherNames.put(name, new Def(name,
SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH, 256, 384, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
));

SuiteToOSSL.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", name = "ECDH-RSA-AES128-SHA");
CipherNames.put(name, new Def(name,
SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
@@ -1809,6 +1827,12 @@ private static Collection<Def> matchingPattern(
SSL_NOT_EXP|SSL_HIGH, 128, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
));

SuiteToOSSL.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", name = "ECDH-RSA-AES256-SHA384");
CipherNames.put(name, new Def(name,
SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH, 256, 384, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS
));

SuiteToOSSL.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-ECDSA-DES-CBC3-SHA");
SuiteToOSSL.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDH-ECDSA-DES-CBC3-SHA");
SuiteToOSSL.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-RSA-DES-CBC3-SHA");
@@ -1848,6 +1872,71 @@ private static Collection<Def> matchingPattern(
SuiteToOSSL.put("TLS_ECDH_RSA_WITH_NULL_SHA", "ECDH-RSA-NULL-SHA");
SuiteToOSSL.put("TLS_ECDH_anon_WITH_NULL_SHA", "AECDH-NULL-SHA");

/* For IBM JRE: suite names start with "SSL_". On Oracle JRE, the suite names start with "TLS_" */
SuiteToOSSL.put("SSL_DH_anon_WITH_AES_128_CBC_SHA", "ADH-AES128-SHA");
SuiteToOSSL.put("SSL_DH_anon_WITH_AES_128_CBC_SHA256", "ADH-AES128-SHA256");
SuiteToOSSL.put("SSL_DH_anon_WITH_AES_128_GCM_SHA256", "ADH-AES128-GCM-SHA256");
SuiteToOSSL.put("SSL_DH_anon_WITH_AES_256_CBC_SHA", "ADH-AES256-SHA");
SuiteToOSSL.put("SSL_DH_anon_WITH_AES_256_CBC_SHA256", "ADH-AES256-SHA256");
SuiteToOSSL.put("SSL_DH_anon_WITH_AES_256_GCM_SHA384", "ADH-AES256-GCM-SHA384");

SuiteToOSSL.put("SSL_DHE_DSS_WITH_AES_128_CBC_SHA", "DHE-DSS-AES128-SHA");
SuiteToOSSL.put("SSL_DHE_DSS_WITH_AES_128_CBC_SHA256", "DHE-DSS-AES128-SHA256");
SuiteToOSSL.put("SSL_DHE_DSS_WITH_AES_128_GCM_SHA256", "DHE-DSS-AES128-GCM-SHA256");
SuiteToOSSL.put("SSL_DHE_DSS_WITH_AES_256_CBC_SHA", "DHE-DSS-AES256-SHA");
SuiteToOSSL.put("SSL_DHE_DSS_WITH_AES_256_CBC_SHA256", "DHE-DSS-AES256-SHA256");
SuiteToOSSL.put("SSL_DHE_DSS_WITH_AES_256_GCM_SHA384", "DHE-DSS-AES256-GCM-SHA384");

SuiteToOSSL.put("SSL_DHE_RSA_WITH_AES_128_CBC_SHA", "DHE-RSA-AES128-SHA");
SuiteToOSSL.put("SSL_DHE_RSA_WITH_AES_128_CBC_SHA256", "DHE-RSA-AES128-SHA256");
SuiteToOSSL.put("SSL_DHE_RSA_WITH_AES_128_GCM_SHA256", "DHE-RSA-AES128-GCM-SHA256");
SuiteToOSSL.put("SSL_DHE_RSA_WITH_AES_256_CBC_SHA", "DHE-RSA-AES256-SHA");
SuiteToOSSL.put("SSL_DHE_RSA_WITH_AES_256_CBC_SHA256", "DHE-RSA-AES256-SHA256");
SuiteToOSSL.put("SSL_DHE_RSA_WITH_AES_256_GCM_SHA384", "DHE-RSA-AES256-GCM-SHA384");

SuiteToOSSL.put("SSL_ECDH_anon_WITH_AES_128_CBC_SHA", "AECDH-AES128-SHA");
SuiteToOSSL.put("SSL_ECDH_anon_WITH_AES_256_CBC_SHA", "AECDH-AES256-SHA");
SuiteToOSSL.put("SSL_ECDH_anon_WITH_NULL_SHA", "AECDH-NULL-SHA");

SuiteToOSSL.put("SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "ECDH-ECDSA-AES128-SHA");
SuiteToOSSL.put("SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "ECDH-ECDSA-AES128-SHA256");
SuiteToOSSL.put("SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "ECDH-ECDSA-AES128-GCM-SHA256");
SuiteToOSSL.put("SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "ECDH-ECDSA-AES256-SHA");
SuiteToOSSL.put("SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "ECDH-ECDSA-AES256-SHA384");
SuiteToOSSL.put("SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "ECDH-ECDSA-AES256-GCM-SHA384");
SuiteToOSSL.put("SSL_ECDH_ECDSA_WITH_NULL_SHA", "ECDH-ECDSA-NULL-SHA");

SuiteToOSSL.put("SSL_ECDH_RSA_WITH_AES_128_CBC_SHA", "ECDH-RSA-AES128-SHA");
SuiteToOSSL.put("SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256", "ECDH-RSA-AES128-SHA256");
SuiteToOSSL.put("SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256", "ECDH-RSA-AES128-GCM-SHA256");
SuiteToOSSL.put("SSL_ECDH_RSA_WITH_AES_256_CBC_SHA", "ECDH-RSA-AES256-SHA");
SuiteToOSSL.put("SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384", "ECDH-RSA-AES256-SHA384");
SuiteToOSSL.put("SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384", "ECDH-RSA-AES256-GCM-SHA384");
SuiteToOSSL.put("SSL_ECDH_RSA_WITH_NULL_SHA", "ECDH-RSA-NULL-SHA");

SuiteToOSSL.put("SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "ECDHE-ECDSA-AES128-SHA");
SuiteToOSSL.put("SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "ECDHE-ECDSA-AES128-SHA256");
SuiteToOSSL.put("SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256");
SuiteToOSSL.put("SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "ECDHE-ECDSA-AES256-SHA");
SuiteToOSSL.put("SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "ECDHE-ECDSA-AES256-SHA384");
SuiteToOSSL.put("SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "ECDHE-ECDSA-AES256-GCM-SHA384");
SuiteToOSSL.put("SSL_ECDHE_ECDSA_WITH_NULL_SHA", "ECDHE-ECDSA-NULL-SHA");

SuiteToOSSL.put("SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA", "ECDHE-RSA-AES128-SHA");
SuiteToOSSL.put("SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "ECDHE-RSA-AES128-SHA256");
SuiteToOSSL.put("SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA", "ECDHE-RSA-AES256-SHA");
SuiteToOSSL.put("SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "ECDHE-RSA-AES128-SHA384");
SuiteToOSSL.put("SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "ECDHE-RSA-AES256-GCM-SHA384");
SuiteToOSSL.put("SSL_ECDHE_RSA_WITH_NULL_SHA", "ECDHE-RSA-NULL-SHA");

SuiteToOSSL.put("SSL_RSA_WITH_AES_128_CBC_SHA", "AES128-SHA");
SuiteToOSSL.put("SSL_RSA_WITH_AES_128_CBC_SHA256", "AES128-SHA256");
SuiteToOSSL.put("SSL_RSA_WITH_AES_128_GCM_SHA256", "AES128-GCM-SHA256");
SuiteToOSSL.put("SSL_RSA_WITH_AES_256_CBC_SHA", "AES256-SHA");
SuiteToOSSL.put("SSL_RSA_WITH_AES_256_CBC_SHA256", "AES256-SHA256");
SuiteToOSSL.put("SSL_RSA_WITH_AES_256_GCM_SHA384", "AES256-GCM-SHA384");
SuiteToOSSL.put("SSL_RSA_WITH_NULL_SHA256", "NULL-SHA256");

// left overs supported by Java 7's SSLv3 / TLS v1.2 :

// TLS_EMPTY_RENEGOTIATION_INFO_SCSV,

0 comments on commit 580ea57

Please sign in to comment.