import java.util.Map; import java.util.Set; /** * Represents a cipher suite in SSL/TLS. * A cipher suite is a combination of cryptographic algorithms used to secure the communication. * This class aims to provide a comprehensive (though not exhaustive) list of standard * cipher suites and their support across different SSL/TLS protocol versions. */ public class CipherSuite { // --- Standard Cipher Suite IDs (Common and Historically Significant) --- // (This list is extensive but still not absolutely exhaustive. Refer to RFCs for full details.) // NULL Ciphers (No Encryption/Authentication) public final static int TLS_NULL_WITH_NULL_NULL = 0x0000; public final static int TLS_RSA_WITH_NULL_MD5 = 0x0001; public final static int TLS_RSA_WITH_NULL_SHA = 0x0002; // RC4 Ciphers public final static int TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003; public final static int TLS_RSA_WITH_RC4_128_MD5 = 0x0004; public final static int TLS_RSA_WITH_RC4_128_SHA = 0x0005; public final static int TLS_DHE_DSS_EXPORT_WITH_RC4_40_SHA = 0x0017; public final static int TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0018; // RC2 Ciphers public final static int TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006; // IDEA Ciphers public final static int TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007; // DES/3DES Ciphers public final static int TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008; public final static int TLS_RSA_WITH_DES_CBC_SHA = 0x0009; public final static int TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A; public final static int TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011; public final static int TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012; public final static int TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013; public final static int TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x001A; public final static int TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x001B; public final static int TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x001C; public final static int TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0014; public final static int TLS_DH_DSS_WITH_DES_CBC_SHA = 0x0015; public final static int TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x0016; public final static int TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x001D; public final static int TLS_DH_RSA_WITH_DES_CBC_SHA = 0x001E; public final static int TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x001F; // AES CBC Ciphers (introduced in TLS 1.2, but some older versions might have non-standard support) public final static int TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F; public final static int TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032; public final static int TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033; public final static int TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030; public final static int TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031; public final static int TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035; public final static int TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038; public final static int TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039; public final static int TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036; public final static int TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037; public final static int TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C; // TLS 1.2+ public final static int TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D; // TLS 1.2+ public final static int TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040; // TLS 1.2+ public final static int TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x003F; // TLS 1.2+ public final static int TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A; // TLS 1.2+ public final static int TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B; // TLS 1.2+ // AES GCM Ciphers (TLS 1.2 and TLS 1.3) public final static int TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C; // TLS 1.2 only public final static int TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D; // TLS 1.2 only public final static int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E; // TLS 1.2 only public final static int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F; // TLS 1.2 only public final static int TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0; // TLS 1.2 only public final static int TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1; // TLS 1.2 only public final static int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2; // TLS 1.2 only public final static int TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3; // TLS 1.2 only // ECDHE Ciphers (RFC 4492, then integrated into TLS 1.2) public final static int TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC006; public final static int TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC007; public final static int TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008; public final static int TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC009; public final static int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A; public final static int TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC00B; public final static int TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC00C; public final static int TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC00D; public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC00E; public final static int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00F; public final static int TLS_ECDH_RSA_WITH_NULL_SHA = 0xC010; public final static int TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC011; public final static int TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012; public final static int TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC013; public final static int TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC014; public final static int TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC015; public final static int TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC016; public final static int TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC017; public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC018; public final static int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC019; public final static int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023; // TLS 1.2+ public final static int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024; // TLS 1.2+ public final static int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027; // TLS 1.2+ public final static int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028; // TLS 1.2+ public final static int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B; // TLS 1.2 only public final static int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C; // TLS 1.2 only public final static int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F; // TLS 1.2 only public final static int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030; // TLS 1.2 only // CHACHA20-POLY1305 Ciphers (RFC 7905, TLS 1.2 mostly, but also TLS 1.3) public final static int TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8; // TLS 1.2 only public final static int TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9; // TLS 1.2 only // TLS 1.3 Specific Ciphers (RFC 8446) // Note: TLS 1.3 simplified cipher suites, they are now identified differently (e.g., KEM, cipher, HKDF hash) // The following are the *only* 5 standard cipher suites for TLS 1.3. public final static int TLS_AES_128_GCM_SHA256 = 0x1301; public final static int TLS_AES_256_GCM_SHA384 = 0x1302; public final static int TLS_CHACHA20_POLY1305_SHA256 = 0x1303; public final static int TLS_AES_128_CCM_SHA256 = 0x1304; public final static int TLS_AES_128_CCM_8_SHA256 = 0x1305; // Placeholder for SCSV (Signaling Cipher Suite Value) public final static int TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF; // Not a real cipher, but a signaling value // --- Protocol Versions --- public final static long TLS_UNKNOWN = 0x0000; // Unknown or not specified public final static long SSL3_0 = 0x0300; public final static long TLS1_0 = 0x0301; public final static long TLS1_1 = 0x0302; public final static long TLS1_2 = 0x0303; public final static long TLS1_3 = 0x0304; /** * The name of the cipher suite. * This is a human-readable string representation of the cipher suite. */ private final String name; /** * The ID of the cipher suite. * This is a unique identifier for the cipher suite. */ private final int id; /** * List of protocol versions that support this cipher suite v3 */ private static final Set SSLV3_CIPHER_SUITES = Set.of( TLS_NULL_WITH_NULL_NULL, TLS_RSA_WITH_NULL_MD5, TLS_RSA_WITH_NULL_SHA, TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_DSS_WITH_DES_CBC_SHA, TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_RSA_WITH_DES_CBC_SHA, TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA ); /** * List of cipher suites supported by TLS 1.0. * TLS 1.0 supports all SSL 3.0 cipher suites and adds DHE_DSS_WITH_RC4_128_SHA. */ private static final Set TLS1_0_CIPHER_SUITES = Set.of( TLS_NULL_WITH_NULL_NULL, TLS_RSA_WITH_NULL_MD5, TLS_RSA_WITH_NULL_SHA, TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_DSS_WITH_DES_CBC_SHA, TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_RSA_WITH_DES_CBC_SHA, TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA ); /** * List of protocol versions that support this cipher suite v1.1 */ private static final Set TLS1_1_CIPHER_SUITES = TLS1_0_CIPHER_SUITES; /** * List of protocol versions that support this cipher suite v1.2 */ private static final Set TLS1_2_CIPHER_SUITES = Set.of( // AES CBC ciphers TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, // AES GCM ciphers (officially for TLS 1.2 and later) TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DH_RSA_WITH_AES_128_GCM_SHA256, TLS_DH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, // ECDHE/ECDH ciphers (integrated from RFC 4492) TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, // ChaCha20-Poly1305 (RFC 7905, often supported in TLS 1.2+) TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ); /** * List of protocol versions that support this cipher suite v1.3 */ private static final Set TLS1_3_CIPHER_SUITES = Set.of( TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256 ); /** * A map of protocol version IDs to their human-readable names. * This is used to provide a more user-friendly representation of the protocol versions. */ private static final Map namedVersions = Map.of( SSL3_0, "SSLv3", TLS1_0, "TLSv1.0", TLS1_1, "TLSv1.1", TLS1_2, "TLSv1.2", TLS1_3, "TLSv1.3" ); /** * A map of cipher suite IDs to their human-readable names. * This is used to provide a more user-friendly representation of the cipher suites. */ private static final Map CIPHER_SUITE_ID_TO_NAME_MAP = Map.ofEntries( Map.entry(TLS_NULL_WITH_NULL_NULL, "TLS_NULL_WITH_NULL_NULL"), Map.entry(TLS_RSA_WITH_NULL_MD5, "TLS_RSA_WITH_NULL_MD5"), Map.entry(TLS_RSA_WITH_NULL_SHA, "TLS_RSA_WITH_NULL_SHA"), Map.entry(TLS_RSA_EXPORT_WITH_RC4_40_MD5, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"), Map.entry(TLS_RSA_WITH_RC4_128_MD5, "TLS_RSA_WITH_RC4_128_MD5"), Map.entry(TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA"), Map.entry(TLS_DHE_DSS_EXPORT_WITH_RC4_40_SHA, "TLS_DHE_DSS_EXPORT_WITH_RC4_40_SHA"), Map.entry(TLS_DHE_DSS_WITH_RC4_128_SHA, "TLS_DHE_DSS_WITH_RC4_128_SHA"), Map.entry(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"), Map.entry(TLS_RSA_WITH_IDEA_CBC_SHA, "TLS_RSA_WITH_IDEA_CBC_SHA"), Map.entry(TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"), Map.entry(TLS_RSA_WITH_DES_CBC_SHA, "TLS_RSA_WITH_DES_CBC_SHA"), Map.entry(TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"), Map.entry(TLS_DHE_DSS_WITH_DES_CBC_SHA, "TLS_DHE_DSS_WITH_DES_CBC_SHA"), Map.entry(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"), Map.entry(TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS_DHE_RSA_WITH_DES_CBC_SHA"), Map.entry(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"), Map.entry(TLS_DH_DSS_WITH_DES_CBC_SHA, "TLS_DH_DSS_WITH_DES_CBC_SHA"), Map.entry(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"), Map.entry(TLS_DH_RSA_WITH_DES_CBC_SHA, "TLS_DH_RSA_WITH_DES_CBC_SHA"), Map.entry(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"), Map.entry(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"), Map.entry(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"), Map.entry(TLS_DH_DSS_WITH_AES_128_CBC_SHA, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"), Map.entry(TLS_DH_RSA_WITH_AES_128_CBC_SHA, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"), Map.entry(TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA"), Map.entry(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"), Map.entry(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"), Map.entry(TLS_DH_DSS_WITH_AES_256_CBC_SHA, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"), Map.entry(TLS_DH_RSA_WITH_AES_256_CBC_SHA, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"), Map.entry(TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256"), Map.entry(TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256"), Map.entry(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"), Map.entry(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"), Map.entry(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"), Map.entry(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"), Map.entry(TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256"), Map.entry(TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384"), Map.entry(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"), Map.entry(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"), Map.entry(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"), Map.entry(TLS_DH_RSA_WITH_AES_256_GCM_SHA384, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"), Map.entry(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"), Map.entry(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"), Map.entry(TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS_ECDH_ECDSA_WITH_NULL_SHA"), Map.entry(TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"), Map.entry(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"), Map.entry(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"), Map.entry(TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"), Map.entry(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"), Map.entry(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"), Map.entry(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"), Map.entry(TLS_ECDH_RSA_WITH_NULL_SHA, "TLS_ECDH_RSA_WITH_NULL_SHA"), Map.entry(TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS_ECDH_RSA_WITH_RC4_128_SHA"), Map.entry(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"), Map.entry(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"), Map.entry(TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS_ECDHE_RSA_WITH_NULL_SHA"), Map.entry(TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"), Map.entry(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"), Map.entry(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"), Map.entry(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"), Map.entry(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"), Map.entry(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"), Map.entry(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"), Map.entry(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"), Map.entry(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"), Map.entry(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"), Map.entry(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"), Map.entry(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), Map.entry(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"), Map.entry(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"), Map.entry(TLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"), // TLS 1.3 Map.entry(TLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"), // TLS 1.3 Map.entry(TLS_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"), // TLS 1.3 Map.entry(TLS_AES_128_CCM_SHA256, "TLS_AES_128_CCM_SHA256"), // TLS 1.3 Map.entry(TLS_AES_128_CCM_8_SHA256, "TLS_AES_128_CCM_8_SHA256"), // TLS 1.3 Map.entry(TLS_EMPTY_RENEGOTIATION_INFO_SCSV, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV") ); /** * Constructs a CipherSuite instance with the provided ID. * This constructor initializes the cipher suite name based on the ID. * * @param id The unique identifier for the cipher suite. */ public CipherSuite(int id) { this.id = id; this.name = CIPHER_SUITE_ID_TO_NAME_MAP.getOrDefault(id, null); } /** * Checks if this cipher suite is supported by the given SSL/TLS protocol version. * * @param version The SSL/TLS protocol version (e.g., CipherSuite.TLS1_2). * @return true if the cipher suite is supported by the version, false otherwise. */ public boolean isSupported(long version) { if (!namedVersions.containsKey(version)) { return false; // Version not recognized } if (version == TLS1_0) { return TLS1_0_CIPHER_SUITES.contains(this.id); } if (version == TLS1_1) { return TLS1_1_CIPHER_SUITES.contains(this.id); } if (version == TLS1_2) { return TLS1_2_CIPHER_SUITES.contains(this.id); } if (version == TLS1_3) { return TLS1_3_CIPHER_SUITES.contains(this.id); } if (version == SSL3_0) { return SSLV3_CIPHER_SUITES.contains(this.id); } return false; // Unsupported version } /** * Gets the name of the cipher suite. * This method returns the human-readable string representation of the cipher suite. * * @return The name of the cipher suite. */ @Nullable public String getName() { return name; } /** * Gets the ID of the cipher suite. * This method returns the unique identifier for the cipher suite. * * @return The ID of the cipher suite. */ public int getId() { return id; } /** * Gets the name of the cipher suite by its ID. * This method looks up the cipher suite name based on its unique identifier. * * @param id The unique identifier for the cipher suite. * @return The name of the cipher suite, or null if not found. */ public static String getNameById(int id) { return CIPHER_SUITE_ID_TO_NAME_MAP.getOrDefault(id, null); } /** * Gets the human-readable name of a protocol version by its ID. * This method provides a user-friendly representation of the protocol version. * * @param version The protocol version ID (e.g., CipherSuite.TLS1_2). * @return The name of the protocol version, or null if not recognized. */ public static String getNamedVersion(long version) { return namedVersions.getOrDefault(version, null); } /** * Factory method to create a CipherSuite instance from an ID. * This method is a convenience method to instantiate a CipherSuite with the given ID. * * @param id The unique identifier for the cipher suite. * @return A new CipherSuite instance with the specified ID. */ public static CipherSuite fromId(int id) { return new CipherSuite(id); } }