logo

tls-shake

SSL/TLS False Handshake client for testing server’s configuration
commit: a9680051d3d8c4e626ab48a58fae0fcdbcd08530
parent: 748d0174bfab1c6c245a0a05e481a7241aa01fee
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Fri, 16 Nov 2018 02:39:48 +0100

Add work in progress code

Diffstat:

MREADME5+++--
Amkfile28++++++++++++++++++++++++++++
Asrc/client-hello.c108+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Asrc/debug.h5+++++
Atls-parameters-4.csv345+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 489 insertions(+), 2 deletions(-)

diff --git a/README b/README @@ -1,5 +1,6 @@ SSLv1→TLSv1.2/1.3 scanner by doing handshake but without doing/having crypto. Original idea by aeris. Note that my only network program was years ago in python, and the code was quite horrible. -## client-hello.c -Try to do the clientHello part of the handshake in C. +- Wrote on Gentoo Linux (Gcc/Clang, glibc/musl) +- libbsd is needed for non-BSDs +- build is done with Plan9’s mk diff --git a/mkfile b/mkfile @@ -0,0 +1,28 @@ +MKSHELL=/bin/sh +CC=cc +CFLAGS="-Wpedantic -Wall -Wextra -Wformat -O2 -Wno-unused" +BSD_FLAGS=`pkg-config --cflags --libs libbsd-overlay` # Unneeded on *BSD systems +DESTDIR="" + +PREFIX="/usr/local" +BINDIR=$PREFIX"/bin" + +bins=`ls -d src/*.c | sed -e 's;src;bin;' -e 's;\.c$;;'` + +all:V: $bins + +install:V: all + for bin in $bins; do cp $bin $DESTDIR/$BINDIR/; done + +clean:V: + rm -f $bins + rm -f src/tls-parameters-4.h + +bin/&: src/&.c + $CC $CFLAGS -std=c99 -D_POSIX_C_SOURCE=200809L -DDEBUG src/$stem.c -o bin/$stem + +bin/client-hello: src/client-hello.c src/tls-parameters-4.h + $CC $CFLAGS -std=c99 -D_POSIX_C_SOURCE=200809L -DDEBUG $BSD_FLAGS src/client-hello.c -o bin/client-hello + +src/tls-parameters-4.h: tls-parameters-4.csv + grep ',TLS_' tls-parameters-4.csv | cut -b 4,5,9,10 | awk 'BEGIN { print "int ciphers[] = {" } { print " 0x"$1"," } END { print "};" }' > src/tls-parameters-4.h diff --git a/src/client-hello.c b/src/client-hello.c @@ -0,0 +1,108 @@ +#include "debug.h" /* debug_printf */ +#include "tls-parameters-4.h" /* ciphers */ + +#include <err.h> +#include <errno.h> // errno +#include <netdb.h> // getaddrinfo() +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> /* arc4random_buf() */ +#include <string.h> /* memset(), strlcpy(), strlcat() */ +#include <sys/socket.h> +#include <sys/types.h> +#include <unistd.h> /* close() */ + +static int SSL_TLS_versions[] = { + 0x0200, /* 2.0: SSLv2 */ + 0x0300, /* 3.0: SSLv3 */ + 0x0301, /* 3.1: TLSv1.0 */ + 0x0302, /* 3.2: TLSv1.1 */ + 0x0303, /* 3.3: TLSv1.2 */ +}; + +static void usage(char *command) +{ + printf("Usage: %s <host> [port]\n", command); + printf("Default port: 443\n"); + exit(0); +} + +int main(int argc, char *argv[]) +{ + size_t send_result; + char *handshake, *tls_packet, *client_hello; + char *s_port = "1337", random_bytes[32]; + + if(argc < 2 || argc > 3) usage(argv[0]); + + /* START network connection, copied from manpages of getaddrinfo(3) from OpenBSD and GNU */ + struct addrinfo hints, *result, *rp; + int error = 0; + int save_errno = errno; + int s = 0; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = 0; + hints.ai_protocol = 0; + + error = getaddrinfo(argv[1], s_port, &hints, &result); + if(error != 0) errx(1, "getaddrinfo: %s", gai_strerror(error)); + + for(rp = result; rp != NULL; rp = rp->ai_next) + { + s = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); + + if(connect(s, rp->ai_addr, rp->ai_addrlen) != -1) + { + break; + } + else + { + save_errno = errno; + } + + close(s); + } + + if((s == -1) | (rp == NULL)) + { + perror(strerror(save_errno)); + exit(EXIT_FAILURE); + } + + freeaddrinfo(result); + + /* DONE network connection */ + arc4random_buf(random_bytes, sizeof(random_bytes)); + + tls_packet = (uint16_t)'\x01'; /* client hello: 0x01 */ + + strlcpy(client_hello, (uint32_t)0x0303, 4); /* SSL version max */ + strlcat(client_hello, (const char *)&random_bytes, 32); + + strlcat(tls_packet, (const char *)sizeof(client_hello), 3); + strlcat(tls_packet, client_hello, sizeof(client_hello)); + + strlcat(tls_packet, '\x00', 2); /* Session ID lenght */ + + strlcat(tls_packet, sizeof(ciphers), 2); + strlcat(tls_packet, &ciphers, sizeof(ciphers)); + + strlcat(tls_packet, '\x01', 1); /* Compression Method */ + strlcat(tls_packet, '\x00', 1); /* Compression Methods */ + + strlcat(tls_packet, "\x00\x00", 2); /* Extension Lenght */ + + handshake = '\x16'; + strlcat(&handshake, 0x0200, 2); /* SSL version min */ + strlcat(&handshake, sizeof(tls_packet), 2); + strlcat(&handshake, tls_packet, sizeof(tls_packet)); + + write(s, handshake, sizeof(handshake)); + + close(s); + + return 0; +} diff --git a/src/debug.h b/src/debug.h @@ -0,0 +1,5 @@ +#ifdef DEBUG +# define debug_printf(...) do { if (DEBUG) fprintf(stderr, __VA_ARGS__); } while (0) +#else +# define debug_printf(...) (void)0 +#endif diff --git a/tls-parameters-4.csv b/tls-parameters-4.csv @@ -0,0 +1,345 @@ +Value,Description,DTLS-OK,Reference +"0x00,0x00",TLS_NULL_WITH_NULL_NULL,Y,[RFC5246] +"0x00,0x01",TLS_RSA_WITH_NULL_MD5,Y,[RFC5246] +"0x00,0x02",TLS_RSA_WITH_NULL_SHA,Y,[RFC5246] +"0x00,0x03",TLS_RSA_EXPORT_WITH_RC4_40_MD5,N,[RFC4346][RFC6347] +"0x00,0x04",TLS_RSA_WITH_RC4_128_MD5,N,[RFC5246][RFC6347] +"0x00,0x05",TLS_RSA_WITH_RC4_128_SHA,N,[RFC5246][RFC6347] +"0x00,0x06",TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,Y,[RFC4346] +"0x00,0x07",TLS_RSA_WITH_IDEA_CBC_SHA,Y,[RFC5469] +"0x00,0x08",TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346] +"0x00,0x09",TLS_RSA_WITH_DES_CBC_SHA,Y,[RFC5469] +"0x00,0x0A",TLS_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246] +"0x00,0x0B",TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346] +"0x00,0x0C",TLS_DH_DSS_WITH_DES_CBC_SHA,Y,[RFC5469] +"0x00,0x0D",TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246] +"0x00,0x0E",TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346] +"0x00,0x0F",TLS_DH_RSA_WITH_DES_CBC_SHA,Y,[RFC5469] +"0x00,0x10",TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246] +"0x00,0x11",TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346] +"0x00,0x12",TLS_DHE_DSS_WITH_DES_CBC_SHA,Y,[RFC5469] +"0x00,0x13",TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246] +"0x00,0x14",TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346] +"0x00,0x15",TLS_DHE_RSA_WITH_DES_CBC_SHA,Y,[RFC5469] +"0x00,0x16",TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246] +"0x00,0x17",TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,N,[RFC4346][RFC6347] +"0x00,0x18",TLS_DH_anon_WITH_RC4_128_MD5,N,[RFC5246][RFC6347] +"0x00,0x19",TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346] +"0x00,0x1A",TLS_DH_anon_WITH_DES_CBC_SHA,Y,[RFC5469] +"0x00,0x1B",TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246] +"0x00,0x1C-1D",Reserved to avoid conflicts with SSLv3,,[RFC5246] +"0x00,0x1E",TLS_KRB5_WITH_DES_CBC_SHA,Y,[RFC2712] +"0x00,0x1F",TLS_KRB5_WITH_3DES_EDE_CBC_SHA,Y,[RFC2712] +"0x00,0x20",TLS_KRB5_WITH_RC4_128_SHA,N,[RFC2712][RFC6347] +"0x00,0x21",TLS_KRB5_WITH_IDEA_CBC_SHA,Y,[RFC2712] +"0x00,0x22",TLS_KRB5_WITH_DES_CBC_MD5,Y,[RFC2712] +"0x00,0x23",TLS_KRB5_WITH_3DES_EDE_CBC_MD5,Y,[RFC2712] +"0x00,0x24",TLS_KRB5_WITH_RC4_128_MD5,N,[RFC2712][RFC6347] +"0x00,0x25",TLS_KRB5_WITH_IDEA_CBC_MD5,Y,[RFC2712] +"0x00,0x26",TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,Y,[RFC2712] +"0x00,0x27",TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,Y,[RFC2712] +"0x00,0x28",TLS_KRB5_EXPORT_WITH_RC4_40_SHA,N,[RFC2712][RFC6347] +"0x00,0x29",TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,Y,[RFC2712] +"0x00,0x2A",TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,Y,[RFC2712] +"0x00,0x2B",TLS_KRB5_EXPORT_WITH_RC4_40_MD5,N,[RFC2712][RFC6347] +"0x00,0x2C",TLS_PSK_WITH_NULL_SHA,Y,[RFC4785] +"0x00,0x2D",TLS_DHE_PSK_WITH_NULL_SHA,Y,[RFC4785] +"0x00,0x2E",TLS_RSA_PSK_WITH_NULL_SHA,Y,[RFC4785] +"0x00,0x2F",TLS_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246] +"0x00,0x30",TLS_DH_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5246] +"0x00,0x31",TLS_DH_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246] +"0x00,0x32",TLS_DHE_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5246] +"0x00,0x33",TLS_DHE_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246] +"0x00,0x34",TLS_DH_anon_WITH_AES_128_CBC_SHA,Y,[RFC5246] +"0x00,0x35",TLS_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246] +"0x00,0x36",TLS_DH_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5246] +"0x00,0x37",TLS_DH_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246] +"0x00,0x38",TLS_DHE_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5246] +"0x00,0x39",TLS_DHE_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246] +"0x00,0x3A",TLS_DH_anon_WITH_AES_256_CBC_SHA,Y,[RFC5246] +"0x00,0x3B",TLS_RSA_WITH_NULL_SHA256,Y,[RFC5246] +"0x00,0x3C",TLS_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246] +"0x00,0x3D",TLS_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246] +"0x00,0x3E",TLS_DH_DSS_WITH_AES_128_CBC_SHA256,Y,[RFC5246] +"0x00,0x3F",TLS_DH_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246] +"0x00,0x40",TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,Y,[RFC5246] +"0x00,0x41",TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932] +"0x00,0x42",TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932] +"0x00,0x43",TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932] +"0x00,0x44",TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932] +"0x00,0x45",TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932] +"0x00,0x46",TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932] +"0x00,0x47-4F","Reserved to avoid conflicts with deployed implementations",,[Pasi_Eronen] +"0x00,0x50-58",Reserved to avoid conflicts,,"[Pasi Eronen, <pasi.eronen&nokia.com>, 2008-04-04. 2008-04-04]" +"0x00,0x59-5C","Reserved to avoid conflicts with deployed implementations",,[Pasi_Eronen] +"0x00,0x5D-5F",Unassigned,, +"0x00,0x60-66","Reserved to avoid conflicts with widely deployed implementations",,[Pasi_Eronen] +"0x00,0x67",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246] +"0x00,0x68",TLS_DH_DSS_WITH_AES_256_CBC_SHA256,Y,[RFC5246] +"0x00,0x69",TLS_DH_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246] +"0x00,0x6A",TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,Y,[RFC5246] +"0x00,0x6B",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246] +"0x00,0x6C",TLS_DH_anon_WITH_AES_128_CBC_SHA256,Y,[RFC5246] +"0x00,0x6D",TLS_DH_anon_WITH_AES_256_CBC_SHA256,Y,[RFC5246] +"0x00,0x6E-83",Unassigned,, +"0x00,0x84",TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932] +"0x00,0x85",TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932] +"0x00,0x86",TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932] +"0x00,0x87",TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932] +"0x00,0x88",TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932] +"0x00,0x89",TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932] +"0x00,0x8A",TLS_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347] +"0x00,0x8B",TLS_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279] +"0x00,0x8C",TLS_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279] +"0x00,0x8D",TLS_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279] +"0x00,0x8E",TLS_DHE_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347] +"0x00,0x8F",TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279] +"0x00,0x90",TLS_DHE_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279] +"0x00,0x91",TLS_DHE_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279] +"0x00,0x92",TLS_RSA_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347] +"0x00,0x93",TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279] +"0x00,0x94",TLS_RSA_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279] +"0x00,0x95",TLS_RSA_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279] +"0x00,0x96",TLS_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162] +"0x00,0x97",TLS_DH_DSS_WITH_SEED_CBC_SHA,Y,[RFC4162] +"0x00,0x98",TLS_DH_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162] +"0x00,0x99",TLS_DHE_DSS_WITH_SEED_CBC_SHA,Y,[RFC4162] +"0x00,0x9A",TLS_DHE_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162] +"0x00,0x9B",TLS_DH_anon_WITH_SEED_CBC_SHA,Y,[RFC4162] +"0x00,0x9C",TLS_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288] +"0x00,0x9D",TLS_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288] +"0x00,0x9E",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288] +"0x00,0x9F",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288] +"0x00,0xA0",TLS_DH_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288] +"0x00,0xA1",TLS_DH_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288] +"0x00,0xA2",TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,Y,[RFC5288] +"0x00,0xA3",TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,Y,[RFC5288] +"0x00,0xA4",TLS_DH_DSS_WITH_AES_128_GCM_SHA256,Y,[RFC5288] +"0x00,0xA5",TLS_DH_DSS_WITH_AES_256_GCM_SHA384,Y,[RFC5288] +"0x00,0xA6",TLS_DH_anon_WITH_AES_128_GCM_SHA256,Y,[RFC5288] +"0x00,0xA7",TLS_DH_anon_WITH_AES_256_GCM_SHA384,Y,[RFC5288] +"0x00,0xA8",TLS_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487] +"0x00,0xA9",TLS_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487] +"0x00,0xAA",TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487] +"0x00,0xAB",TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487] +"0x00,0xAC",TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487] +"0x00,0xAD",TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487] +"0x00,0xAE",TLS_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487] +"0x00,0xAF",TLS_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487] +"0x00,0xB0",TLS_PSK_WITH_NULL_SHA256,Y,[RFC5487] +"0x00,0xB1",TLS_PSK_WITH_NULL_SHA384,Y,[RFC5487] +"0x00,0xB2",TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487] +"0x00,0xB3",TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487] +"0x00,0xB4",TLS_DHE_PSK_WITH_NULL_SHA256,Y,[RFC5487] +"0x00,0xB5",TLS_DHE_PSK_WITH_NULL_SHA384,Y,[RFC5487] +"0x00,0xB6",TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487] +"0x00,0xB7",TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487] +"0x00,0xB8",TLS_RSA_PSK_WITH_NULL_SHA256,Y,[RFC5487] +"0x00,0xB9",TLS_RSA_PSK_WITH_NULL_SHA384,Y,[RFC5487] +"0x00,0xBA",TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932] +"0x00,0xBB",TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932] +"0x00,0xBC",TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932] +"0x00,0xBD",TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932] +"0x00,0xBE",TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932] +"0x00,0xBF",TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932] +"0x00,0xC0",TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932] +"0x00,0xC1",TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932] +"0x00,0xC2",TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932] +"0x00,0xC3",TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932] +"0x00,0xC4",TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932] +"0x00,0xC5",TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932] +"0x00,0xC6-FE",Unassigned,, +"0x00,0xFF",TLS_EMPTY_RENEGOTIATION_INFO_SCSV,Y,[RFC5746] +"0x01-55,*",Unassigned,, +"0x56,0x00",TLS_FALLBACK_SCSV,Y,[RFC7507] +"0x56,0x01-0xC0,0x00",Unassigned,, +"0xC0,0x01",TLS_ECDH_ECDSA_WITH_NULL_SHA,Y,[RFC4492] +"0xC0,0x02",TLS_ECDH_ECDSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347] +"0xC0,0x03",TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492] +"0xC0,0x04",TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,Y,[RFC4492] +"0xC0,0x05",TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,Y,[RFC4492] +"0xC0,0x06",TLS_ECDHE_ECDSA_WITH_NULL_SHA,Y,[RFC4492] +"0xC0,0x07",TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347] +"0xC0,0x08",TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492] +"0xC0,0x09",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,Y,[RFC4492] +"0xC0,0x0A",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,Y,[RFC4492] +"0xC0,0x0B",TLS_ECDH_RSA_WITH_NULL_SHA,Y,[RFC4492] +"0xC0,0x0C",TLS_ECDH_RSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347] +"0xC0,0x0D",TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492] +"0xC0,0x0E",TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,Y,[RFC4492] +"0xC0,0x0F",TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,Y,[RFC4492] +"0xC0,0x10",TLS_ECDHE_RSA_WITH_NULL_SHA,Y,[RFC4492] +"0xC0,0x11",TLS_ECDHE_RSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347] +"0xC0,0x12",TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492] +"0xC0,0x13",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,Y,[RFC4492] +"0xC0,0x14",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,Y,[RFC4492] +"0xC0,0x15",TLS_ECDH_anon_WITH_NULL_SHA,Y,[RFC4492] +"0xC0,0x16",TLS_ECDH_anon_WITH_RC4_128_SHA,N,[RFC4492][RFC6347] +"0xC0,0x17",TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492] +"0xC0,0x18",TLS_ECDH_anon_WITH_AES_128_CBC_SHA,Y,[RFC4492] +"0xC0,0x19",TLS_ECDH_anon_WITH_AES_256_CBC_SHA,Y,[RFC4492] +"0xC0,0x1A",TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054] +"0xC0,0x1B",TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054] +"0xC0,0x1C",TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054] +"0xC0,0x1D",TLS_SRP_SHA_WITH_AES_128_CBC_SHA,Y,[RFC5054] +"0xC0,0x1E",TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5054] +"0xC0,0x1F",TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5054] +"0xC0,0x20",TLS_SRP_SHA_WITH_AES_256_CBC_SHA,Y,[RFC5054] +"0xC0,0x21",TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5054] +"0xC0,0x22",TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5054] +"0xC0,0x23",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289] +"0xC0,0x24",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289] +"0xC0,0x25",TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289] +"0xC0,0x26",TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289] +"0xC0,0x27",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289] +"0xC0,0x28",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289] +"0xC0,0x29",TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289] +"0xC0,0x2A",TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289] +"0xC0,0x2B",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289] +"0xC0,0x2C",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289] +"0xC0,0x2D",TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289] +"0xC0,0x2E",TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289] +"0xC0,0x2F",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289] +"0xC0,0x30",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289] +"0xC0,0x31",TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289] +"0xC0,0x32",TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289] +"0xC0,0x33",TLS_ECDHE_PSK_WITH_RC4_128_SHA,N,[RFC5489][RFC6347] +"0xC0,0x34",TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC5489] +"0xC0,0x35",TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,Y,[RFC5489] +"0xC0,0x36",TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,Y,[RFC5489] +"0xC0,0x37",TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5489] +"0xC0,0x38",TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5489] +"0xC0,0x39",TLS_ECDHE_PSK_WITH_NULL_SHA,Y,[RFC5489] +"0xC0,0x3A",TLS_ECDHE_PSK_WITH_NULL_SHA256,Y,[RFC5489] +"0xC0,0x3B",TLS_ECDHE_PSK_WITH_NULL_SHA384,Y,[RFC5489] +"0xC0,0x3C",TLS_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x3D",TLS_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x3E",TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x3F",TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x40",TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x41",TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x42",TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x43",TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x44",TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x45",TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x46",TLS_DH_anon_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x47",TLS_DH_anon_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x48",TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x49",TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x4A",TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x4B",TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x4C",TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x4D",TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x4E",TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x4F",TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x50",TLS_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x51",TLS_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x52",TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x53",TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x54",TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x55",TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x56",TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x57",TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x58",TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x59",TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x5A",TLS_DH_anon_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x5B",TLS_DH_anon_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x5C",TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x5D",TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x5E",TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x5F",TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x60",TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x61",TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x62",TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x63",TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x64",TLS_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x65",TLS_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x66",TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x67",TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x68",TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x69",TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x6A",TLS_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x6B",TLS_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x6C",TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x6D",TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x6E",TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209] +"0xC0,0x6F",TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209] +"0xC0,0x70",TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209] +"0xC0,0x71",TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209] +"0xC0,0x72",TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367] +"0xC0,0x73",TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367] +"0xC0,0x74",TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367] +"0xC0,0x75",TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367] +"0xC0,0x76",TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367] +"0xC0,0x77",TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367] +"0xC0,0x78",TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367] +"0xC0,0x79",TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367] +"0xC0,0x7A",TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x7B",TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x7C",TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x7D",TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x7E",TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x7F",TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x80",TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x81",TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x82",TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x83",TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x84",TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x85",TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x86",TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x87",TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x88",TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x89",TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x8A",TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x8B",TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x8C",TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x8D",TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x8E",TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x8F",TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x90",TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x91",TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x92",TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367] +"0xC0,0x93",TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367] +"0xC0,0x94",TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367] +"0xC0,0x95",TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367] +"0xC0,0x96",TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367] +"0xC0,0x97",TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367] +"0xC0,0x98",TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367] +"0xC0,0x99",TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367] +"0xC0,0x9A",TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367] +"0xC0,0x9B",TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367] +"0xC0,0x9C",TLS_RSA_WITH_AES_128_CCM,Y,[RFC6655] +"0xC0,0x9D",TLS_RSA_WITH_AES_256_CCM,Y,[RFC6655] +"0xC0,0x9E",TLS_DHE_RSA_WITH_AES_128_CCM,Y,[RFC6655] +"0xC0,0x9F",TLS_DHE_RSA_WITH_AES_256_CCM,Y,[RFC6655] +"0xC0,0xA0",TLS_RSA_WITH_AES_128_CCM_8,Y,[RFC6655] +"0xC0,0xA1",TLS_RSA_WITH_AES_256_CCM_8,Y,[RFC6655] +"0xC0,0xA2",TLS_DHE_RSA_WITH_AES_128_CCM_8,Y,[RFC6655] +"0xC0,0xA3",TLS_DHE_RSA_WITH_AES_256_CCM_8,Y,[RFC6655] +"0xC0,0xA4",TLS_PSK_WITH_AES_128_CCM,Y,[RFC6655] +"0xC0,0xA5",TLS_PSK_WITH_AES_256_CCM,Y,[RFC6655] +"0xC0,0xA6",TLS_DHE_PSK_WITH_AES_128_CCM,Y,[RFC6655] +"0xC0,0xA7",TLS_DHE_PSK_WITH_AES_256_CCM,Y,[RFC6655] +"0xC0,0xA8",TLS_PSK_WITH_AES_128_CCM_8,Y,[RFC6655] +"0xC0,0xA9",TLS_PSK_WITH_AES_256_CCM_8,Y,[RFC6655] +"0xC0,0xAA",TLS_PSK_DHE_WITH_AES_128_CCM_8,Y,[RFC6655] +"0xC0,0xAB",TLS_PSK_DHE_WITH_AES_256_CCM_8,Y,[RFC6655] +"0xC0,0xAC",TLS_ECDHE_ECDSA_WITH_AES_128_CCM,Y,[RFC7251] +"0xC0,0xAD",TLS_ECDHE_ECDSA_WITH_AES_256_CCM,Y,[RFC7251] +"0xC0,0xAE",TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,Y,[RFC7251] +"0xC0,0xAF",TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,Y,[RFC7251] +"0xC0,0xB0-FF",Unassigned,, +"0xC1-CB,*",Unassigned,, +"0xCC,0x00-A7",Unassigned,, +"0xCC,0xA8",TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905] +"0xCC,0xA9",TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905] +"0xCC,0xAA",TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905] +"0xCC,0xAB",TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905] +"0xCC,0xAC",TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905] +"0xCC,0xAD",TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905] +"0xCC,0xAE",TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,Y,[RFC7905] +"0xCC,0xAF-FF",Unassigned,, +"0xCD-FD,*",Unassigned,, +"0xFE,0x00-FD",Unassigned,, +"0xFE,0xFE-FF","Reserved to avoid conflicts with widely deployed implementations",,[Pasi_Eronen] +"0xFF,0x00-FF",Reserved for Private Use,,[RFC5246]