Skip to content

Instantly share code, notes, and snippets.

@ArrayIterator

ArrayIterator/CipherSuite.java

Last active June 4, 2025 04:41
Show Gist options
  • Save ArrayIterator/9b362503a62145a08a46782e28c991c3 to your computer and use it in GitHub Desktop.
Save ArrayIterator/9b362503a62145a08a46782e28c991c3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CipherSuite.java
import java.util.Map;
import java.util.Set;
/**
* Represents a cipher suite in SSL/TLS.
* A cipher suite is a combination of cryptographic algorithms used to secure the communication.
* This class aims to provide a comprehensive (though not exhaustive) list of standard
* cipher suites and their support across different SSL/TLS protocol versions.
*/
public class CipherSuite {
// --- Standard Cipher Suite IDs (Common and Historically Significant) ---
// (This list is extensive but still not absolutely exhaustive. Refer to RFCs for full details.)
// NULL Ciphers (No Encryption/Authentication)
public final static int TLS_NULL_WITH_NULL_NULL = 0x0000;
public final static int TLS_RSA_WITH_NULL_MD5 = 0x0001;
public final static int TLS_RSA_WITH_NULL_SHA = 0x0002;
// RC4 Ciphers
public final static int TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003;
public final static int TLS_RSA_WITH_RC4_128_MD5 = 0x0004;
public final static int TLS_RSA_WITH_RC4_128_SHA = 0x0005;
public final static int TLS_DHE_DSS_EXPORT_WITH_RC4_40_SHA = 0x0017;
public final static int TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0018;
// RC2 Ciphers
public final static int TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006;
// IDEA Ciphers
public final static int TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007;
// DES/3DES Ciphers
public final static int TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008;
public final static int TLS_RSA_WITH_DES_CBC_SHA = 0x0009;
public final static int TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A;
public final static int TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011;
public final static int TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012;
public final static int TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013;
public final static int TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x001A;
public final static int TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x001B;
public final static int TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x001C;
public final static int TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0014;
public final static int TLS_DH_DSS_WITH_DES_CBC_SHA = 0x0015;
public final static int TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x0016;
public final static int TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x001D;
public final static int TLS_DH_RSA_WITH_DES_CBC_SHA = 0x001E;
public final static int TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x001F;
// AES CBC Ciphers (introduced in TLS 1.2, but some older versions might have non-standard support)
public final static int TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F;
public final static int TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032;
public final static int TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033;
public final static int TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030;
public final static int TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031;
public final static int TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035;
public final static int TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038;
public final static int TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039;
public final static int TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036;
public final static int TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037;
public final static int TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C; // TLS 1.2+
public final static int TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D; // TLS 1.2+
public final static int TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040; // TLS 1.2+
public final static int TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x003F; // TLS 1.2+
public final static int TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A; // TLS 1.2+
public final static int TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B; // TLS 1.2+
// AES GCM Ciphers (TLS 1.2 and TLS 1.3)
public final static int TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C; // TLS 1.2 only
public final static int TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D; // TLS 1.2 only
public final static int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E; // TLS 1.2 only
public final static int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F; // TLS 1.2 only
public final static int TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0; // TLS 1.2 only
public final static int TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1; // TLS 1.2 only
public final static int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2; // TLS 1.2 only
public final static int TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3; // TLS 1.2 only
// ECDHE Ciphers (RFC 4492, then integrated into TLS 1.2)
public final static int TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC006;
public final static int TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC007;
public final static int TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008;
public final static int TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC009;
public final static int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A;
public final static int TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC00B;
public final static int TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC00C;
public final static int TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC00D;
public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC00E;
public final static int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00F;
public final static int TLS_ECDH_RSA_WITH_NULL_SHA = 0xC010;
public final static int TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC011;
public final static int TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012;
public final static int TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC013;
public final static int TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC014;
public final static int TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC015;
public final static int TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC016;
public final static int TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC017;
public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC018;
public final static int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC019;
public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023; // TLS 1.2+
public final static int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024; // TLS 1.2+
public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027; // TLS 1.2+
public final static int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028; // TLS 1.2+
public final static int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B; // TLS 1.2 only
public final static int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C; // TLS 1.2 only
public final static int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F; // TLS 1.2 only
public final static int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030; // TLS 1.2 only
// CHACHA20-POLY1305 Ciphers (RFC 7905, TLS 1.2 mostly, but also TLS 1.3)
public final static int TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8; // TLS 1.2 only
public final static int TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9; // TLS 1.2 only
// TLS 1.3 Specific Ciphers (RFC 8446)
// Note: TLS 1.3 simplified cipher suites, they are now identified differently (e.g., KEM, cipher, HKDF hash)
// The following are the *only* 5 standard cipher suites for TLS 1.3.
public final static int TLS_AES_128_GCM_SHA256 = 0x1301;
public final static int TLS_AES_256_GCM_SHA384 = 0x1302;
public final static int TLS_CHACHA20_POLY1305_SHA256 = 0x1303;
public final static int TLS_AES_128_CCM_SHA256 = 0x1304;
public final static int TLS_AES_128_CCM_8_SHA256 = 0x1305;
// Placeholder for SCSV (Signaling Cipher Suite Value)
public final static int TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF; // Not a real cipher, but a signaling value
// --- Protocol Versions ---
public final static long TLS_UNKNOWN = 0x0000; // Unknown or not specified
public final static long SSL3_0 = 0x0300;
public final static long TLS1_0 = 0x0301;
public final static long TLS1_1 = 0x0302;
public final static long TLS1_2 = 0x0303;
public final static long TLS1_3 = 0x0304;
/**
* The name of the cipher suite.
* This is a human-readable string representation of the cipher suite.
*/
private final String name;
/**
* The ID of the cipher suite.
* This is a unique identifier for the cipher suite.
*/
private final int id;
/**
* List of protocol versions that support this cipher suite v3
*/
private static final Set<Integer> SSLV3_CIPHER_SUITES = Set.of(
TLS_NULL_WITH_NULL_NULL,
TLS_RSA_WITH_NULL_MD5,
TLS_RSA_WITH_NULL_SHA,
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
TLS_RSA_WITH_IDEA_CBC_SHA,
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
TLS_RSA_WITH_DES_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
TLS_DHE_DSS_WITH_DES_CBC_SHA,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
TLS_DHE_RSA_WITH_DES_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
TLS_DH_DSS_WITH_DES_CBC_SHA,
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
TLS_DH_RSA_WITH_DES_CBC_SHA,
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
);
/**
* List of cipher suites supported by TLS 1.0.
* TLS 1.0 supports all SSL 3.0 cipher suites and adds DHE_DSS_WITH_RC4_128_SHA.
*/
private static final Set<Integer> TLS1_0_CIPHER_SUITES = Set.of(
TLS_NULL_WITH_NULL_NULL,
TLS_RSA_WITH_NULL_MD5,
TLS_RSA_WITH_NULL_SHA,
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
TLS_RSA_WITH_IDEA_CBC_SHA,
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
TLS_RSA_WITH_DES_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
TLS_DHE_DSS_WITH_DES_CBC_SHA,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
TLS_DHE_RSA_WITH_DES_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
TLS_DH_DSS_WITH_DES_CBC_SHA,
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
TLS_DH_RSA_WITH_DES_CBC_SHA,
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_RC4_128_SHA
);
/**
* List of protocol versions that support this cipher suite v1.1
*/
private static final Set<Integer> TLS1_1_CIPHER_SUITES = TLS1_0_CIPHER_SUITES;
/**
* List of protocol versions that support this cipher suite v1.2
*/
private static final Set<Integer> TLS1_2_CIPHER_SUITES = Set.of(
// AES CBC ciphers
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DH_DSS_WITH_AES_128_CBC_SHA,
TLS_DH_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DH_DSS_WITH_AES_256_CBC_SHA,
TLS_DH_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
// AES GCM ciphers (officially for TLS 1.2 and later)
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
// ECDHE/ECDH ciphers (integrated from RFC 4492)
TLS_ECDH_ECDSA_WITH_NULL_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_NULL_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
// ChaCha20-Poly1305 (RFC 7905, often supported in TLS 1.2+)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
);
/**
* List of protocol versions that support this cipher suite v1.3
*/
private static final Set<Integer> TLS1_3_CIPHER_SUITES = Set.of(
TLS_AES_128_GCM_SHA256,
TLS_AES_256_GCM_SHA384,
TLS_CHACHA20_POLY1305_SHA256,
TLS_AES_128_CCM_SHA256,
TLS_AES_128_CCM_8_SHA256
);
/**
* A map of protocol version IDs to their human-readable names.
* This is used to provide a more user-friendly representation of the protocol versions.
*/
private static final Map<Long, String> namedVersions = Map.of(
SSL3_0, "SSLv3",
TLS1_0, "TLSv1.0",
TLS1_1, "TLSv1.1",
TLS1_2, "TLSv1.2",
TLS1_3, "TLSv1.3"
);
/**
* A map of cipher suite IDs to their human-readable names.
* This is used to provide a more user-friendly representation of the cipher suites.
*/
private static final Map<Integer, String> CIPHER_SUITE_ID_TO_NAME_MAP = Map.<Integer, String>ofEntries(
Map.entry(TLS_NULL_WITH_NULL_NULL, "TLS_NULL_WITH_NULL_NULL"),
Map.entry(TLS_RSA_WITH_NULL_MD5, "TLS_RSA_WITH_NULL_MD5"),
Map.entry(TLS_RSA_WITH_NULL_SHA, "TLS_RSA_WITH_NULL_SHA"),
Map.entry(TLS_RSA_EXPORT_WITH_RC4_40_MD5, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"),
Map.entry(TLS_RSA_WITH_RC4_128_MD5, "TLS_RSA_WITH_RC4_128_MD5"),
Map.entry(TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA"),
Map.entry(TLS_DHE_DSS_EXPORT_WITH_RC4_40_SHA, "TLS_DHE_DSS_EXPORT_WITH_RC4_40_SHA"),
Map.entry(TLS_DHE_DSS_WITH_RC4_128_SHA, "TLS_DHE_DSS_WITH_RC4_128_SHA"),
Map.entry(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"),
Map.entry(TLS_RSA_WITH_IDEA_CBC_SHA, "TLS_RSA_WITH_IDEA_CBC_SHA"),
Map.entry(TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"),
Map.entry(TLS_RSA_WITH_DES_CBC_SHA, "TLS_RSA_WITH_DES_CBC_SHA"),
Map.entry(TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"),
Map.entry(TLS_DHE_DSS_WITH_DES_CBC_SHA, "TLS_DHE_DSS_WITH_DES_CBC_SHA"),
Map.entry(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"),
Map.entry(TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS_DHE_RSA_WITH_DES_CBC_SHA"),
Map.entry(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"),
Map.entry(TLS_DH_DSS_WITH_DES_CBC_SHA, "TLS_DH_DSS_WITH_DES_CBC_SHA"),
Map.entry(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"),
Map.entry(TLS_DH_RSA_WITH_DES_CBC_SHA, "TLS_DH_RSA_WITH_DES_CBC_SHA"),
Map.entry(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_DH_DSS_WITH_AES_128_CBC_SHA, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_DH_RSA_WITH_AES_128_CBC_SHA, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_DH_DSS_WITH_AES_256_CBC_SHA, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_DH_RSA_WITH_AES_256_CBC_SHA, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256"),
Map.entry(TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256"),
Map.entry(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"),
Map.entry(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"),
Map.entry(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"),
Map.entry(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"),
Map.entry(TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256"),
Map.entry(TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384"),
Map.entry(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"),
Map.entry(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"),
Map.entry(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"),
Map.entry(TLS_DH_RSA_WITH_AES_256_GCM_SHA384, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"),
Map.entry(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"),
Map.entry(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"),
Map.entry(TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS_ECDH_ECDSA_WITH_NULL_SHA"),
Map.entry(TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"),
Map.entry(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"),
Map.entry(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"),
Map.entry(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_ECDH_RSA_WITH_NULL_SHA, "TLS_ECDH_RSA_WITH_NULL_SHA"),
Map.entry(TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS_ECDH_RSA_WITH_RC4_128_SHA"),
Map.entry(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS_ECDHE_RSA_WITH_NULL_SHA"),
Map.entry(TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"),
Map.entry(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"),
Map.entry(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"),
Map.entry(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"),
Map.entry(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"),
Map.entry(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"),
Map.entry(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"),
Map.entry(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"),
Map.entry(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"),
Map.entry(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"),
Map.entry(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"),
Map.entry(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"),
Map.entry(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"),
Map.entry(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"),
Map.entry(TLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"), // TLS 1.3
Map.entry(TLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"), // TLS 1.3
Map.entry(TLS_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"), // TLS 1.3
Map.entry(TLS_AES_128_CCM_SHA256, "TLS_AES_128_CCM_SHA256"), // TLS 1.3
Map.entry(TLS_AES_128_CCM_8_SHA256, "TLS_AES_128_CCM_8_SHA256"), // TLS 1.3
Map.entry(TLS_EMPTY_RENEGOTIATION_INFO_SCSV, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV")
);
/**
* Constructs a CipherSuite instance with the provided ID.
* This constructor initializes the cipher suite name based on the ID.
*
* @param id The unique identifier for the cipher suite.
*/
public CipherSuite(int id) {
this.id = id;
this.name = CIPHER_SUITE_ID_TO_NAME_MAP.getOrDefault(id, null);
}
/**
* Checks if this cipher suite is supported by the given SSL/TLS protocol version.
*
* @param version The SSL/TLS protocol version (e.g., CipherSuite.TLS1_2).
* @return true if the cipher suite is supported by the version, false otherwise.
*/
public boolean isSupported(long version) {
if (!namedVersions.containsKey(version)) {
return false; // Version not recognized
}
if (version == TLS1_0) {
return TLS1_0_CIPHER_SUITES.contains(this.id);
}
if (version == TLS1_1) {
return TLS1_1_CIPHER_SUITES.contains(this.id);
}
if (version == TLS1_2) {
return TLS1_2_CIPHER_SUITES.contains(this.id);
}
if (version == TLS1_3) {
return TLS1_3_CIPHER_SUITES.contains(this.id);
}
if (version == SSL3_0) {
return SSLV3_CIPHER_SUITES.contains(this.id);
}
return false; // Unsupported version
}
/**
* Gets the name of the cipher suite.
* This method returns the human-readable string representation of the cipher suite.
*
* @return The name of the cipher suite.
*/
@Nullable
public String getName() {
return name;
}
/**
* Gets the ID of the cipher suite.
* This method returns the unique identifier for the cipher suite.
*
* @return The ID of the cipher suite.
*/
public int getId() {
return id;
}
/**
* Gets the name of the cipher suite by its ID.
* This method looks up the cipher suite name based on its unique identifier.
*
* @param id The unique identifier for the cipher suite.
* @return The name of the cipher suite, or null if not found.
*/
public static String getNameById(int id) {
return CIPHER_SUITE_ID_TO_NAME_MAP.getOrDefault(id, null);
}
/**
* Gets the human-readable name of a protocol version by its ID.
* This method provides a user-friendly representation of the protocol version.
*
* @param version The protocol version ID (e.g., CipherSuite.TLS1_2).
* @return The name of the protocol version, or null if not recognized.
*/
public static String getNamedVersion(long version) {
return namedVersions.getOrDefault(version, null);
}
/**
* Factory method to create a CipherSuite instance from an ID.
* This method is a convenience method to instantiate a CipherSuite with the given ID.
*
* @param id The unique identifier for the cipher suite.
* @return A new CipherSuite instance with the specified ID.
*/
public static CipherSuite fromId(int id) {
return new CipherSuite(id);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment