commit: a9680051d3d8c4e626ab48a58fae0fcdbcd08530
parent: 748d0174bfab1c6c245a0a05e481a7241aa01fee
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Fri, 16 Nov 2018 02:39:48 +0100
Add work in progress code
Diffstat:
5 files changed, 489 insertions(+), 2 deletions(-)
diff --git a/README b/README
@@ -1,5 +1,6 @@
SSLv1→TLSv1.2/1.3 scanner by doing handshake but without doing/having crypto. Original idea by aeris.
Note that my only network program was years ago in python, and the code was quite horrible.
-## client-hello.c
-Try to do the clientHello part of the handshake in C.
+- Wrote on Gentoo Linux (Gcc/Clang, glibc/musl)
+- libbsd is needed for non-BSDs
+- build is done with Plan9’s mk
diff --git a/mkfile b/mkfile
@@ -0,0 +1,28 @@
+MKSHELL=/bin/sh
+CC=cc
+CFLAGS="-Wpedantic -Wall -Wextra -Wformat -O2 -Wno-unused"
+BSD_FLAGS=`pkg-config --cflags --libs libbsd-overlay` # Unneeded on *BSD systems
+DESTDIR=""
+
+PREFIX="/usr/local"
+BINDIR=$PREFIX"/bin"
+
+bins=`ls -d src/*.c | sed -e 's;src;bin;' -e 's;\.c$;;'`
+
+all:V: $bins
+
+install:V: all
+ for bin in $bins; do cp $bin $DESTDIR/$BINDIR/; done
+
+clean:V:
+ rm -f $bins
+ rm -f src/tls-parameters-4.h
+
+bin/&: src/&.c
+ $CC $CFLAGS -std=c99 -D_POSIX_C_SOURCE=200809L -DDEBUG src/$stem.c -o bin/$stem
+
+bin/client-hello: src/client-hello.c src/tls-parameters-4.h
+ $CC $CFLAGS -std=c99 -D_POSIX_C_SOURCE=200809L -DDEBUG $BSD_FLAGS src/client-hello.c -o bin/client-hello
+
+src/tls-parameters-4.h: tls-parameters-4.csv
+ grep ',TLS_' tls-parameters-4.csv | cut -b 4,5,9,10 | awk 'BEGIN { print "int ciphers[] = {" } { print " 0x"$1"," } END { print "};" }' > src/tls-parameters-4.h
diff --git a/src/client-hello.c b/src/client-hello.c
@@ -0,0 +1,108 @@
+#include "debug.h" /* debug_printf */
+#include "tls-parameters-4.h" /* ciphers */
+
+#include <err.h>
+#include <errno.h> // errno
+#include <netdb.h> // getaddrinfo()
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h> /* arc4random_buf() */
+#include <string.h> /* memset(), strlcpy(), strlcat() */
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <unistd.h> /* close() */
+
+static int SSL_TLS_versions[] = {
+ 0x0200, /* 2.0: SSLv2 */
+ 0x0300, /* 3.0: SSLv3 */
+ 0x0301, /* 3.1: TLSv1.0 */
+ 0x0302, /* 3.2: TLSv1.1 */
+ 0x0303, /* 3.3: TLSv1.2 */
+};
+
+static void usage(char *command)
+{
+ printf("Usage: %s <host> [port]\n", command);
+ printf("Default port: 443\n");
+ exit(0);
+}
+
+int main(int argc, char *argv[])
+{
+ size_t send_result;
+ char *handshake, *tls_packet, *client_hello;
+ char *s_port = "1337", random_bytes[32];
+
+ if(argc < 2 || argc > 3) usage(argv[0]);
+
+ /* START network connection, copied from manpages of getaddrinfo(3) from OpenBSD and GNU */
+ struct addrinfo hints, *result, *rp;
+ int error = 0;
+ int save_errno = errno;
+ int s = 0;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = 0;
+ hints.ai_protocol = 0;
+
+ error = getaddrinfo(argv[1], s_port, &hints, &result);
+ if(error != 0) errx(1, "getaddrinfo: %s", gai_strerror(error));
+
+ for(rp = result; rp != NULL; rp = rp->ai_next)
+ {
+ s = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+
+ if(connect(s, rp->ai_addr, rp->ai_addrlen) != -1)
+ {
+ break;
+ }
+ else
+ {
+ save_errno = errno;
+ }
+
+ close(s);
+ }
+
+ if((s == -1) | (rp == NULL))
+ {
+ perror(strerror(save_errno));
+ exit(EXIT_FAILURE);
+ }
+
+ freeaddrinfo(result);
+
+ /* DONE network connection */
+ arc4random_buf(random_bytes, sizeof(random_bytes));
+
+ tls_packet = (uint16_t)'\x01'; /* client hello: 0x01 */
+
+ strlcpy(client_hello, (uint32_t)0x0303, 4); /* SSL version max */
+ strlcat(client_hello, (const char *)&random_bytes, 32);
+
+ strlcat(tls_packet, (const char *)sizeof(client_hello), 3);
+ strlcat(tls_packet, client_hello, sizeof(client_hello));
+
+ strlcat(tls_packet, '\x00', 2); /* Session ID lenght */
+
+ strlcat(tls_packet, sizeof(ciphers), 2);
+ strlcat(tls_packet, &ciphers, sizeof(ciphers));
+
+ strlcat(tls_packet, '\x01', 1); /* Compression Method */
+ strlcat(tls_packet, '\x00', 1); /* Compression Methods */
+
+ strlcat(tls_packet, "\x00\x00", 2); /* Extension Lenght */
+
+ handshake = '\x16';
+ strlcat(&handshake, 0x0200, 2); /* SSL version min */
+ strlcat(&handshake, sizeof(tls_packet), 2);
+ strlcat(&handshake, tls_packet, sizeof(tls_packet));
+
+ write(s, handshake, sizeof(handshake));
+
+ close(s);
+
+ return 0;
+}
diff --git a/src/debug.h b/src/debug.h
@@ -0,0 +1,5 @@
+#ifdef DEBUG
+# define debug_printf(...) do { if (DEBUG) fprintf(stderr, __VA_ARGS__); } while (0)
+#else
+# define debug_printf(...) (void)0
+#endif
diff --git a/tls-parameters-4.csv b/tls-parameters-4.csv
@@ -0,0 +1,345 @@
+Value,Description,DTLS-OK,Reference
+"0x00,0x00",TLS_NULL_WITH_NULL_NULL,Y,[RFC5246]
+"0x00,0x01",TLS_RSA_WITH_NULL_MD5,Y,[RFC5246]
+"0x00,0x02",TLS_RSA_WITH_NULL_SHA,Y,[RFC5246]
+"0x00,0x03",TLS_RSA_EXPORT_WITH_RC4_40_MD5,N,[RFC4346][RFC6347]
+"0x00,0x04",TLS_RSA_WITH_RC4_128_MD5,N,[RFC5246][RFC6347]
+"0x00,0x05",TLS_RSA_WITH_RC4_128_SHA,N,[RFC5246][RFC6347]
+"0x00,0x06",TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,Y,[RFC4346]
+"0x00,0x07",TLS_RSA_WITH_IDEA_CBC_SHA,Y,[RFC5469]
+"0x00,0x08",TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
+"0x00,0x09",TLS_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
+"0x00,0x0A",TLS_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
+"0x00,0x0B",TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
+"0x00,0x0C",TLS_DH_DSS_WITH_DES_CBC_SHA,Y,[RFC5469]
+"0x00,0x0D",TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
+"0x00,0x0E",TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
+"0x00,0x0F",TLS_DH_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
+"0x00,0x10",TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
+"0x00,0x11",TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
+"0x00,0x12",TLS_DHE_DSS_WITH_DES_CBC_SHA,Y,[RFC5469]
+"0x00,0x13",TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
+"0x00,0x14",TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
+"0x00,0x15",TLS_DHE_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
+"0x00,0x16",TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
+"0x00,0x17",TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,N,[RFC4346][RFC6347]
+"0x00,0x18",TLS_DH_anon_WITH_RC4_128_MD5,N,[RFC5246][RFC6347]
+"0x00,0x19",TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
+"0x00,0x1A",TLS_DH_anon_WITH_DES_CBC_SHA,Y,[RFC5469]
+"0x00,0x1B",TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
+"0x00,0x1C-1D",Reserved to avoid conflicts with SSLv3,,[RFC5246]
+"0x00,0x1E",TLS_KRB5_WITH_DES_CBC_SHA,Y,[RFC2712]
+"0x00,0x1F",TLS_KRB5_WITH_3DES_EDE_CBC_SHA,Y,[RFC2712]
+"0x00,0x20",TLS_KRB5_WITH_RC4_128_SHA,N,[RFC2712][RFC6347]
+"0x00,0x21",TLS_KRB5_WITH_IDEA_CBC_SHA,Y,[RFC2712]
+"0x00,0x22",TLS_KRB5_WITH_DES_CBC_MD5,Y,[RFC2712]
+"0x00,0x23",TLS_KRB5_WITH_3DES_EDE_CBC_MD5,Y,[RFC2712]
+"0x00,0x24",TLS_KRB5_WITH_RC4_128_MD5,N,[RFC2712][RFC6347]
+"0x00,0x25",TLS_KRB5_WITH_IDEA_CBC_MD5,Y,[RFC2712]
+"0x00,0x26",TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,Y,[RFC2712]
+"0x00,0x27",TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,Y,[RFC2712]
+"0x00,0x28",TLS_KRB5_EXPORT_WITH_RC4_40_SHA,N,[RFC2712][RFC6347]
+"0x00,0x29",TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,Y,[RFC2712]
+"0x00,0x2A",TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,Y,[RFC2712]
+"0x00,0x2B",TLS_KRB5_EXPORT_WITH_RC4_40_MD5,N,[RFC2712][RFC6347]
+"0x00,0x2C",TLS_PSK_WITH_NULL_SHA,Y,[RFC4785]
+"0x00,0x2D",TLS_DHE_PSK_WITH_NULL_SHA,Y,[RFC4785]
+"0x00,0x2E",TLS_RSA_PSK_WITH_NULL_SHA,Y,[RFC4785]
+"0x00,0x2F",TLS_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
+"0x00,0x30",TLS_DH_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5246]
+"0x00,0x31",TLS_DH_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
+"0x00,0x32",TLS_DHE_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5246]
+"0x00,0x33",TLS_DHE_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
+"0x00,0x34",TLS_DH_anon_WITH_AES_128_CBC_SHA,Y,[RFC5246]
+"0x00,0x35",TLS_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
+"0x00,0x36",TLS_DH_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5246]
+"0x00,0x37",TLS_DH_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
+"0x00,0x38",TLS_DHE_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5246]
+"0x00,0x39",TLS_DHE_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
+"0x00,0x3A",TLS_DH_anon_WITH_AES_256_CBC_SHA,Y,[RFC5246]
+"0x00,0x3B",TLS_RSA_WITH_NULL_SHA256,Y,[RFC5246]
+"0x00,0x3C",TLS_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
+"0x00,0x3D",TLS_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
+"0x00,0x3E",TLS_DH_DSS_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
+"0x00,0x3F",TLS_DH_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
+"0x00,0x40",TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
+"0x00,0x41",TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
+"0x00,0x42",TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
+"0x00,0x43",TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
+"0x00,0x44",TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
+"0x00,0x45",TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
+"0x00,0x46",TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
+"0x00,0x47-4F","Reserved to avoid conflicts with deployed implementations",,[Pasi_Eronen]
+"0x00,0x50-58",Reserved to avoid conflicts,,"[Pasi Eronen, <pasi.eronen&nokia.com>, 2008-04-04. 2008-04-04]"
+"0x00,0x59-5C","Reserved to avoid conflicts with deployed implementations",,[Pasi_Eronen]
+"0x00,0x5D-5F",Unassigned,,
+"0x00,0x60-66","Reserved to avoid conflicts with widely deployed implementations",,[Pasi_Eronen]
+"0x00,0x67",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
+"0x00,0x68",TLS_DH_DSS_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
+"0x00,0x69",TLS_DH_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
+"0x00,0x6A",TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
+"0x00,0x6B",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
+"0x00,0x6C",TLS_DH_anon_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
+"0x00,0x6D",TLS_DH_anon_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
+"0x00,0x6E-83",Unassigned,,
+"0x00,0x84",TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
+"0x00,0x85",TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
+"0x00,0x86",TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
+"0x00,0x87",TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
+"0x00,0x88",TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
+"0x00,0x89",TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
+"0x00,0x8A",TLS_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
+"0x00,0x8B",TLS_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
+"0x00,0x8C",TLS_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
+"0x00,0x8D",TLS_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
+"0x00,0x8E",TLS_DHE_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
+"0x00,0x8F",TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
+"0x00,0x90",TLS_DHE_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
+"0x00,0x91",TLS_DHE_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
+"0x00,0x92",TLS_RSA_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
+"0x00,0x93",TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
+"0x00,0x94",TLS_RSA_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
+"0x00,0x95",TLS_RSA_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
+"0x00,0x96",TLS_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
+"0x00,0x97",TLS_DH_DSS_WITH_SEED_CBC_SHA,Y,[RFC4162]
+"0x00,0x98",TLS_DH_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
+"0x00,0x99",TLS_DHE_DSS_WITH_SEED_CBC_SHA,Y,[RFC4162]
+"0x00,0x9A",TLS_DHE_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
+"0x00,0x9B",TLS_DH_anon_WITH_SEED_CBC_SHA,Y,[RFC4162]
+"0x00,0x9C",TLS_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
+"0x00,0x9D",TLS_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
+"0x00,0x9E",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
+"0x00,0x9F",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
+"0x00,0xA0",TLS_DH_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
+"0x00,0xA1",TLS_DH_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
+"0x00,0xA2",TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
+"0x00,0xA3",TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
+"0x00,0xA4",TLS_DH_DSS_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
+"0x00,0xA5",TLS_DH_DSS_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
+"0x00,0xA6",TLS_DH_anon_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
+"0x00,0xA7",TLS_DH_anon_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
+"0x00,0xA8",TLS_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
+"0x00,0xA9",TLS_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
+"0x00,0xAA",TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
+"0x00,0xAB",TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
+"0x00,0xAC",TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
+"0x00,0xAD",TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
+"0x00,0xAE",TLS_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
+"0x00,0xAF",TLS_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
+"0x00,0xB0",TLS_PSK_WITH_NULL_SHA256,Y,[RFC5487]
+"0x00,0xB1",TLS_PSK_WITH_NULL_SHA384,Y,[RFC5487]
+"0x00,0xB2",TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
+"0x00,0xB3",TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
+"0x00,0xB4",TLS_DHE_PSK_WITH_NULL_SHA256,Y,[RFC5487]
+"0x00,0xB5",TLS_DHE_PSK_WITH_NULL_SHA384,Y,[RFC5487]
+"0x00,0xB6",TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
+"0x00,0xB7",TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
+"0x00,0xB8",TLS_RSA_PSK_WITH_NULL_SHA256,Y,[RFC5487]
+"0x00,0xB9",TLS_RSA_PSK_WITH_NULL_SHA384,Y,[RFC5487]
+"0x00,0xBA",TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
+"0x00,0xBB",TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
+"0x00,0xBC",TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
+"0x00,0xBD",TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
+"0x00,0xBE",TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
+"0x00,0xBF",TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
+"0x00,0xC0",TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
+"0x00,0xC1",TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
+"0x00,0xC2",TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
+"0x00,0xC3",TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
+"0x00,0xC4",TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
+"0x00,0xC5",TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
+"0x00,0xC6-FE",Unassigned,,
+"0x00,0xFF",TLS_EMPTY_RENEGOTIATION_INFO_SCSV,Y,[RFC5746]
+"0x01-55,*",Unassigned,,
+"0x56,0x00",TLS_FALLBACK_SCSV,Y,[RFC7507]
+"0x56,0x01-0xC0,0x00",Unassigned,,
+"0xC0,0x01",TLS_ECDH_ECDSA_WITH_NULL_SHA,Y,[RFC4492]
+"0xC0,0x02",TLS_ECDH_ECDSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
+"0xC0,0x03",TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
+"0xC0,0x04",TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
+"0xC0,0x05",TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
+"0xC0,0x06",TLS_ECDHE_ECDSA_WITH_NULL_SHA,Y,[RFC4492]
+"0xC0,0x07",TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
+"0xC0,0x08",TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
+"0xC0,0x09",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
+"0xC0,0x0A",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
+"0xC0,0x0B",TLS_ECDH_RSA_WITH_NULL_SHA,Y,[RFC4492]
+"0xC0,0x0C",TLS_ECDH_RSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
+"0xC0,0x0D",TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
+"0xC0,0x0E",TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
+"0xC0,0x0F",TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
+"0xC0,0x10",TLS_ECDHE_RSA_WITH_NULL_SHA,Y,[RFC4492]
+"0xC0,0x11",TLS_ECDHE_RSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
+"0xC0,0x12",TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
+"0xC0,0x13",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
+"0xC0,0x14",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
+"0xC0,0x15",TLS_ECDH_anon_WITH_NULL_SHA,Y,[RFC4492]
+"0xC0,0x16",TLS_ECDH_anon_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
+"0xC0,0x17",TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
+"0xC0,0x18",TLS_ECDH_anon_WITH_AES_128_CBC_SHA,Y,[RFC4492]
+"0xC0,0x19",TLS_ECDH_anon_WITH_AES_256_CBC_SHA,Y,[RFC4492]
+"0xC0,0x1A",TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
+"0xC0,0x1B",TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
+"0xC0,0x1C",TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
+"0xC0,0x1D",TLS_SRP_SHA_WITH_AES_128_CBC_SHA,Y,[RFC5054]
+"0xC0,0x1E",TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5054]
+"0xC0,0x1F",TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5054]
+"0xC0,0x20",TLS_SRP_SHA_WITH_AES_256_CBC_SHA,Y,[RFC5054]
+"0xC0,0x21",TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5054]
+"0xC0,0x22",TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5054]
+"0xC0,0x23",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
+"0xC0,0x24",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
+"0xC0,0x25",TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
+"0xC0,0x26",TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
+"0xC0,0x27",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
+"0xC0,0x28",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
+"0xC0,0x29",TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
+"0xC0,0x2A",TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
+"0xC0,0x2B",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
+"0xC0,0x2C",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
+"0xC0,0x2D",TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
+"0xC0,0x2E",TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
+"0xC0,0x2F",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
+"0xC0,0x30",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
+"0xC0,0x31",TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
+"0xC0,0x32",TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
+"0xC0,0x33",TLS_ECDHE_PSK_WITH_RC4_128_SHA,N,[RFC5489][RFC6347]
+"0xC0,0x34",TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC5489]
+"0xC0,0x35",TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,Y,[RFC5489]
+"0xC0,0x36",TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,Y,[RFC5489]
+"0xC0,0x37",TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5489]
+"0xC0,0x38",TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5489]
+"0xC0,0x39",TLS_ECDHE_PSK_WITH_NULL_SHA,Y,[RFC5489]
+"0xC0,0x3A",TLS_ECDHE_PSK_WITH_NULL_SHA256,Y,[RFC5489]
+"0xC0,0x3B",TLS_ECDHE_PSK_WITH_NULL_SHA384,Y,[RFC5489]
+"0xC0,0x3C",TLS_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x3D",TLS_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x3E",TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x3F",TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x40",TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x41",TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x42",TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x43",TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x44",TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x45",TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x46",TLS_DH_anon_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x47",TLS_DH_anon_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x48",TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x49",TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x4A",TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x4B",TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x4C",TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x4D",TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x4E",TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x4F",TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x50",TLS_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x51",TLS_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x52",TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x53",TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x54",TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x55",TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x56",TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x57",TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x58",TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x59",TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x5A",TLS_DH_anon_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x5B",TLS_DH_anon_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x5C",TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x5D",TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x5E",TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x5F",TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x60",TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x61",TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x62",TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x63",TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x64",TLS_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x65",TLS_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x66",TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x67",TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x68",TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x69",TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x6A",TLS_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x6B",TLS_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x6C",TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x6D",TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x6E",TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
+"0xC0,0x6F",TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
+"0xC0,0x70",TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
+"0xC0,0x71",TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
+"0xC0,0x72",TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
+"0xC0,0x73",TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
+"0xC0,0x74",TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
+"0xC0,0x75",TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
+"0xC0,0x76",TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
+"0xC0,0x77",TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
+"0xC0,0x78",TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
+"0xC0,0x79",TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
+"0xC0,0x7A",TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x7B",TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x7C",TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x7D",TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x7E",TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x7F",TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x80",TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x81",TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x82",TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x83",TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x84",TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x85",TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x86",TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x87",TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x88",TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x89",TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x8A",TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x8B",TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x8C",TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x8D",TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x8E",TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x8F",TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x90",TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x91",TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x92",TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
+"0xC0,0x93",TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
+"0xC0,0x94",TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
+"0xC0,0x95",TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
+"0xC0,0x96",TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
+"0xC0,0x97",TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
+"0xC0,0x98",TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
+"0xC0,0x99",TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
+"0xC0,0x9A",TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
+"0xC0,0x9B",TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
+"0xC0,0x9C",TLS_RSA_WITH_AES_128_CCM,Y,[RFC6655]
+"0xC0,0x9D",TLS_RSA_WITH_AES_256_CCM,Y,[RFC6655]
+"0xC0,0x9E",TLS_DHE_RSA_WITH_AES_128_CCM,Y,[RFC6655]
+"0xC0,0x9F",TLS_DHE_RSA_WITH_AES_256_CCM,Y,[RFC6655]
+"0xC0,0xA0",TLS_RSA_WITH_AES_128_CCM_8,Y,[RFC6655]
+"0xC0,0xA1",TLS_RSA_WITH_AES_256_CCM_8,Y,[RFC6655]
+"0xC0,0xA2",TLS_DHE_RSA_WITH_AES_128_CCM_8,Y,[RFC6655]
+"0xC0,0xA3",TLS_DHE_RSA_WITH_AES_256_CCM_8,Y,[RFC6655]
+"0xC0,0xA4",TLS_PSK_WITH_AES_128_CCM,Y,[RFC6655]
+"0xC0,0xA5",TLS_PSK_WITH_AES_256_CCM,Y,[RFC6655]
+"0xC0,0xA6",TLS_DHE_PSK_WITH_AES_128_CCM,Y,[RFC6655]
+"0xC0,0xA7",TLS_DHE_PSK_WITH_AES_256_CCM,Y,[RFC6655]
+"0xC0,0xA8",TLS_PSK_WITH_AES_128_CCM_8,Y,[RFC6655]
+"0xC0,0xA9",TLS_PSK_WITH_AES_256_CCM_8,Y,[RFC6655]
+"0xC0,0xAA",TLS_PSK_DHE_WITH_AES_128_CCM_8,Y,[RFC6655]
+"0xC0,0xAB",TLS_PSK_DHE_WITH_AES_256_CCM_8,Y,[RFC6655]
+"0xC0,0xAC",TLS_ECDHE_ECDSA_WITH_AES_128_CCM,Y,[RFC7251]
+"0xC0,0xAD",TLS_ECDHE_ECDSA_WITH_AES_256_CCM,Y,[RFC7251]
+"0xC0,0xAE",TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,Y,[RFC7251]
+"0xC0,0xAF",TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,Y,[RFC7251]
+"0xC0,0xB0-FF",Unassigned,,
+"0xC1-CB,*",Unassigned,,
+"0xCC,0x00-A7",Unassigned,,
+"0xCC,0xA8",TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
+"0xCC,0xA9",TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
+"0xCC,0xAA",TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
+"0xCC,0xAB",TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
+"0xCC,0xAC",TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
+"0xCC,0xAD",TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
+"0xCC,0xAE",TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905]
+"0xCC,0xAF-FF",Unassigned,,
+"0xCD-FD,*",Unassigned,,
+"0xFE,0x00-FD",Unassigned,,
+"0xFE,0xFE-FF","Reserved to avoid conflicts with widely deployed implementations",,[Pasi_Eronen]
+"0xFF,0x00-FF",Reserved for Private Use,,[RFC5246]
