diff --git a/v2/pkg/protocols/ssl/ciphers.go b/v2/pkg/protocols/ssl/ciphers.go new file mode 100644 index 000000000..bf2deb8c2 --- /dev/null +++ b/v2/pkg/protocols/ssl/ciphers.go @@ -0,0 +1,367 @@ +package ssl + +import ( + "fmt" + + ztls "github.com/zmap/zcrypto/tls" +) + +var ciphers = map[string]uint16{ + "TLS_NULL_WITH_NULL_NULL": ztls.TLS_NULL_WITH_NULL_NULL, + "TLS_RSA_WITH_NULL_MD5": ztls.TLS_RSA_WITH_NULL_MD5, + "TLS_RSA_WITH_NULL_SHA": ztls.TLS_RSA_WITH_NULL_SHA, + "TLS_RSA_EXPORT_WITH_RC4_40_MD5": ztls.TLS_RSA_EXPORT_WITH_RC4_40_MD5, + "TLS_RSA_WITH_RC4_128_MD5": ztls.TLS_RSA_WITH_RC4_128_MD5, + "TLS_RSA_WITH_RC4_128_SHA": ztls.TLS_RSA_WITH_RC4_128_SHA, + "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5": ztls.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + "TLS_RSA_WITH_IDEA_CBC_SHA": ztls.TLS_RSA_WITH_IDEA_CBC_SHA, + "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + "TLS_RSA_WITH_DES_CBC_SHA": ztls.TLS_RSA_WITH_DES_CBC_SHA, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DH_DSS_WITH_DES_CBC_SHA": ztls.TLS_DH_DSS_WITH_DES_CBC_SHA, + "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, + "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DH_RSA_WITH_DES_CBC_SHA": ztls.TLS_DH_RSA_WITH_DES_CBC_SHA, + "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DHE_DSS_WITH_DES_CBC_SHA": ztls.TLS_DHE_DSS_WITH_DES_CBC_SHA, + "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DHE_RSA_WITH_DES_CBC_SHA": ztls.TLS_DHE_RSA_WITH_DES_CBC_SHA, + "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5": ztls.TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + "TLS_DH_ANON_WITH_RC4_128_MD5": ztls.TLS_DH_ANON_WITH_RC4_128_MD5, + "TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DH_ANON_WITH_DES_CBC_SHA": ztls.TLS_DH_ANON_WITH_DES_CBC_SHA, + "TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, + "SSL_FORTEZZA_KEA_WITH_NULL_SHA": ztls.SSL_FORTEZZA_KEA_WITH_NULL_SHA, + "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA": ztls.SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA, + "TLS_KRB5_WITH_DES_CBC_SHA": ztls.TLS_KRB5_WITH_DES_CBC_SHA, + "TLS_KRB5_WITH_3DES_EDE_CBC_SHA": ztls.TLS_KRB5_WITH_3DES_EDE_CBC_SHA, + "TLS_KRB5_WITH_RC4_128_SHA": ztls.TLS_KRB5_WITH_RC4_128_SHA, + "TLS_KRB5_WITH_IDEA_CBC_SHA": ztls.TLS_KRB5_WITH_IDEA_CBC_SHA, + "TLS_KRB5_WITH_DES_CBC_MD5": ztls.TLS_KRB5_WITH_DES_CBC_MD5, + "TLS_KRB5_WITH_3DES_EDE_CBC_MD5": ztls.TLS_KRB5_WITH_3DES_EDE_CBC_MD5, + "TLS_KRB5_WITH_RC4_128_MD5": ztls.TLS_KRB5_WITH_RC4_128_MD5, + "TLS_KRB5_WITH_IDEA_CBC_MD5": ztls.TLS_KRB5_WITH_IDEA_CBC_MD5, + "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, + "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, + "TLS_KRB5_EXPORT_WITH_RC4_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_RC4_40_SHA, + "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, + "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, + "TLS_KRB5_EXPORT_WITH_RC4_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_RC4_40_MD5, + "TLS_PSK_WITH_NULL_SHA": ztls.TLS_PSK_WITH_NULL_SHA, + "TLS_DHE_PSK_WITH_NULL_SHA": ztls.TLS_DHE_PSK_WITH_NULL_SHA, + "TLS_RSA_PSK_WITH_NULL_SHA": ztls.TLS_RSA_PSK_WITH_NULL_SHA, + "TLS_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_RSA_WITH_AES_128_CBC_SHA, + "TLS_DH_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_DH_DSS_WITH_AES_128_CBC_SHA, + "TLS_DH_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_DH_RSA_WITH_AES_128_CBC_SHA, + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + "TLS_DH_ANON_WITH_AES_128_CBC_SHA": ztls.TLS_DH_ANON_WITH_AES_128_CBC_SHA, + "TLS_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_RSA_WITH_AES_256_CBC_SHA, + "TLS_DH_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_DH_DSS_WITH_AES_256_CBC_SHA, + "TLS_DH_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_DH_RSA_WITH_AES_256_CBC_SHA, + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + "TLS_DH_ANON_WITH_AES_256_CBC_SHA": ztls.TLS_DH_ANON_WITH_AES_256_CBC_SHA, + "TLS_RSA_WITH_NULL_SHA256": ztls.TLS_RSA_WITH_NULL_SHA256, + "TLS_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_RSA_WITH_AES_128_CBC_SHA256, + "TLS_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_RSA_WITH_AES_256_CBC_SHA256, + "TLS_DH_DSS_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_AES_128_CBC_SHA256, + "TLS_DH_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_AES_128_CBC_SHA256, + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA, + "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5": ztls.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, + "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5": ztls.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA": ztls.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, + "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA": ztls.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA": ztls.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA": ztls.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + "TLS_DHE_DSS_WITH_RC4_128_SHA": ztls.TLS_DHE_DSS_WITH_RC4_128_SHA, + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + "TLS_DH_DSS_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_DSS_WITH_AES_256_CBC_SHA256, + "TLS_DH_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_RSA_WITH_AES_256_CBC_SHA256, + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + "TLS_DH_ANON_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_AES_128_CBC_SHA256, + "TLS_DH_ANON_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_ANON_WITH_AES_256_CBC_SHA256, + "TLS_GOSTR341094_WITH_28147_CNT_IMIT": ztls.TLS_GOSTR341094_WITH_28147_CNT_IMIT, + "TLS_GOSTR341001_WITH_28147_CNT_IMIT": ztls.TLS_GOSTR341001_WITH_28147_CNT_IMIT, + "TLS_GOSTR341094_WITH_NULL_GOSTR3411": ztls.TLS_GOSTR341094_WITH_NULL_GOSTR3411, + "TLS_GOSTR341001_WITH_NULL_GOSTR3411": ztls.TLS_GOSTR341001_WITH_NULL_GOSTR3411, + "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA, + "TLS_PSK_WITH_RC4_128_SHA": ztls.TLS_PSK_WITH_RC4_128_SHA, + "TLS_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_PSK_WITH_3DES_EDE_CBC_SHA, + "TLS_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_PSK_WITH_AES_128_CBC_SHA, + "TLS_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_PSK_WITH_AES_256_CBC_SHA, + "TLS_DHE_PSK_WITH_RC4_128_SHA": ztls.TLS_DHE_PSK_WITH_RC4_128_SHA, + "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + "TLS_DHE_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_PSK_WITH_AES_128_CBC_SHA, + "TLS_DHE_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_PSK_WITH_AES_256_CBC_SHA, + "TLS_RSA_PSK_WITH_RC4_128_SHA": ztls.TLS_RSA_PSK_WITH_RC4_128_SHA, + "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + "TLS_RSA_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_RSA_PSK_WITH_AES_128_CBC_SHA, + "TLS_RSA_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_RSA_PSK_WITH_AES_256_CBC_SHA, + "TLS_RSA_WITH_SEED_CBC_SHA": ztls.TLS_RSA_WITH_SEED_CBC_SHA, + "TLS_DH_DSS_WITH_SEED_CBC_SHA": ztls.TLS_DH_DSS_WITH_SEED_CBC_SHA, + "TLS_DH_RSA_WITH_SEED_CBC_SHA": ztls.TLS_DH_RSA_WITH_SEED_CBC_SHA, + "TLS_DHE_DSS_WITH_SEED_CBC_SHA": ztls.TLS_DHE_DSS_WITH_SEED_CBC_SHA, + "TLS_DHE_RSA_WITH_SEED_CBC_SHA": ztls.TLS_DHE_RSA_WITH_SEED_CBC_SHA, + "TLS_DH_ANON_WITH_SEED_CBC_SHA": ztls.TLS_DH_ANON_WITH_SEED_CBC_SHA, + "TLS_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_RSA_WITH_AES_128_GCM_SHA256, + "TLS_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_RSA_WITH_AES_256_GCM_SHA384, + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + "TLS_DH_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_AES_128_GCM_SHA256, + "TLS_DH_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_AES_256_GCM_SHA384, + "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + "TLS_DH_DSS_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_AES_128_GCM_SHA256, + "TLS_DH_DSS_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_AES_256_GCM_SHA384, + "TLS_DH_ANON_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_AES_128_GCM_SHA256, + "TLS_DH_ANON_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_AES_256_GCM_SHA384, + "TLS_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_PSK_WITH_AES_128_GCM_SHA256, + "TLS_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_PSK_WITH_AES_256_GCM_SHA384, + "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, + "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, + "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, + "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, + "TLS_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_PSK_WITH_AES_128_CBC_SHA256, + "TLS_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_PSK_WITH_AES_256_CBC_SHA384, + "TLS_PSK_WITH_NULL_SHA256": ztls.TLS_PSK_WITH_NULL_SHA256, + "TLS_PSK_WITH_NULL_SHA384": ztls.TLS_PSK_WITH_NULL_SHA384, + "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, + "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, + "TLS_DHE_PSK_WITH_NULL_SHA256": ztls.TLS_DHE_PSK_WITH_NULL_SHA256, + "TLS_DHE_PSK_WITH_NULL_SHA384": ztls.TLS_DHE_PSK_WITH_NULL_SHA384, + "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, + "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, + "TLS_RSA_PSK_WITH_NULL_SHA256": ztls.TLS_RSA_PSK_WITH_NULL_SHA256, + "TLS_RSA_PSK_WITH_NULL_SHA384": ztls.TLS_RSA_PSK_WITH_NULL_SHA384, + "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_RENEGO_PROTECTION_REQUEST": ztls.TLS_RENEGO_PROTECTION_REQUEST, + "TLS_FALLBACK_SCSV": ztls.TLS_FALLBACK_SCSV, + "TLS_ECDH_ECDSA_WITH_NULL_SHA": ztls.TLS_ECDH_ECDSA_WITH_NULL_SHA, + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA": ztls.TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_NULL_SHA": ztls.TLS_ECDHE_ECDSA_WITH_NULL_SHA, + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": ztls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + "TLS_ECDH_RSA_WITH_NULL_SHA": ztls.TLS_ECDH_RSA_WITH_NULL_SHA, + "TLS_ECDH_RSA_WITH_RC4_128_SHA": ztls.TLS_ECDH_RSA_WITH_RC4_128_SHA, + "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_RSA_WITH_NULL_SHA": ztls.TLS_ECDHE_RSA_WITH_NULL_SHA, + "TLS_ECDHE_RSA_WITH_RC4_128_SHA": ztls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + "TLS_ECDH_ANON_WITH_NULL_SHA": ztls.TLS_ECDH_ANON_WITH_NULL_SHA, + "TLS_ECDH_ANON_WITH_RC4_128_SHA": ztls.TLS_ECDH_ANON_WITH_RC4_128_SHA, + "TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDH_ANON_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_AES_128_CBC_SHA, + "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_AES_256_CBC_SHA, + "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + "TLS_SRP_SHA_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_WITH_AES_128_CBC_SHA, + "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + "TLS_SRP_SHA_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_WITH_AES_256_CBC_SHA, + "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_PSK_WITH_RC4_128_SHA": ztls.TLS_ECDHE_PSK_WITH_RC4_128_SHA, + "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + "TLS_ECDHE_PSK_WITH_NULL_SHA": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA, + "TLS_ECDHE_PSK_WITH_NULL_SHA256": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA256, + "TLS_ECDHE_PSK_WITH_NULL_SHA384": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA384, + "TLS_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, + "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, + "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, + "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, + "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256, + "TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, + "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, + "TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256, + "TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, + "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_RSA_WITH_AES_128_CCM": ztls.TLS_RSA_WITH_AES_128_CCM, + "TLS_RSA_WITH_AES_256_CCM": ztls.TLS_RSA_WITH_AES_256_CCM, + "TLS_DHE_RSA_WITH_AES_128_CCM": ztls.TLS_DHE_RSA_WITH_AES_128_CCM, + "TLS_DHE_RSA_WITH_AES_256_CCM": ztls.TLS_DHE_RSA_WITH_AES_256_CCM, + "TLS_RSA_WITH_AES_128_CCM_8": ztls.TLS_RSA_WITH_AES_128_CCM_8, + "TLS_RSA_WITH_AES_256_CCM_8": ztls.TLS_RSA_WITH_AES_256_CCM_8, + "TLS_DHE_RSA_WITH_AES_128_CCM_8": ztls.TLS_DHE_RSA_WITH_AES_128_CCM_8, + "TLS_DHE_RSA_WITH_AES_256_CCM_8": ztls.TLS_DHE_RSA_WITH_AES_256_CCM_8, + "TLS_PSK_WITH_AES_128_CCM": ztls.TLS_PSK_WITH_AES_128_CCM, + "TLS_PSK_WITH_AES_256_CCM": ztls.TLS_PSK_WITH_AES_256_CCM, + "TLS_DHE_PSK_WITH_AES_128_CCM": ztls.TLS_DHE_PSK_WITH_AES_128_CCM, + "TLS_DHE_PSK_WITH_AES_256_CCM": ztls.TLS_DHE_PSK_WITH_AES_256_CCM, + "TLS_PSK_WITH_AES_128_CCM_8": ztls.TLS_PSK_WITH_AES_128_CCM_8, + "TLS_PSK_WITH_AES_256_CCM_8": ztls.TLS_PSK_WITH_AES_256_CCM_8, + "TLS_PSK_DHE_WITH_AES_128_CCM_8": ztls.TLS_PSK_DHE_WITH_AES_128_CCM_8, + "TLS_PSK_DHE_WITH_AES_256_CCM_8": ztls.TLS_PSK_DHE_WITH_AES_256_CCM_8, + "TLS_ECDHE_ECDSA_WITH_AES_128_CCM": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM, + "TLS_ECDHE_ECDSA_WITH_AES_256_CCM": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CCM, + "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, + "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, + "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD, + "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD, + "SSL_RSA_WITH_RC2_CBC_MD5": ztls.SSL_RSA_WITH_RC2_CBC_MD5, + "SSL_RSA_WITH_IDEA_CBC_MD5": ztls.SSL_RSA_WITH_IDEA_CBC_MD5, + "SSL_RSA_WITH_DES_CBC_MD5": ztls.SSL_RSA_WITH_DES_CBC_MD5, + "SSL_RSA_WITH_3DES_EDE_CBC_MD5": ztls.SSL_RSA_WITH_3DES_EDE_CBC_MD5, + "SSL_EN_RC2_128_CBC_WITH_MD5": ztls.SSL_EN_RC2_128_CBC_WITH_MD5, + "OP_PCL_TLS10_AES_128_CBC_SHA512": ztls.OP_PCL_TLS10_AES_128_CBC_SHA512, +} + +func toCiphers(items []string) ([]uint16, error) { + var convertedCiphers []uint16 + for _, item := range items { + zcipher, ok := ciphers[item] + if !ok { + return nil, fmt.Errorf("unsupported cipher suite: %s", item) + } + convertedCiphers = append(convertedCiphers, zcipher) + } + return convertedCiphers, nil +} diff --git a/v2/pkg/protocols/ssl/ssl.go b/v2/pkg/protocols/ssl/ssl.go index 2797acfef..e38b37d26 100644 --- a/v2/pkg/protocols/ssl/ssl.go +++ b/v2/pkg/protocols/ssl/ssl.go @@ -34,7 +34,10 @@ type Request struct { CompiledOperators *operators.Operators `yaml:"-"` // description: | // Address contains address for the request - Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"` + Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"` + MinVersion string `yaml:"min_version,omitempty"` + MaxVersion string `yaml:"max_version,omitempty"` + CiperSuites []string `yaml:"cipher_suites,omitempty"` // cache any variables that may be needed for operation. dialer *fastdialer.Dialer @@ -98,6 +101,28 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous addressToDial := string(finalAddress) config := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} + if request.MinVersion != "" { + version, err := toVersion(request.MinVersion) + if err != nil { + return err + } + config.MinVersion = version + } + if request.MaxVersion != "" { + version, err := toVersion(request.MaxVersion) + if err != nil { + return err + } + config.MaxVersion = version + } + if len(config.CipherSuites) > 0 { + cipherSuites, err := toCiphers(request.CiperSuites) + if err != nil { + return err + } + config.CipherSuites = cipherSuites + } + conn, err := request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, config) if err != nil { requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err) diff --git a/v2/pkg/protocols/ssl/version.go b/v2/pkg/protocols/ssl/version.go new file mode 100644 index 000000000..758b95d62 --- /dev/null +++ b/v2/pkg/protocols/ssl/version.go @@ -0,0 +1,23 @@ +package ssl + +import ( + "crypto/tls" + "fmt" + + ztls "github.com/zmap/zcrypto/tls" +) + +var versions = map[string]uint16{ + "sslv3": ztls.VersionSSL30, + "tls10": ztls.VersionTLS10, + "tls11": ztls.VersionTLS11, + "tls12": ztls.VersionTLS12, + "tls13": tls.VersionTLS13, +} + +func toVersion(item string) (uint16, error) { + if version, ok := versions[item]; ok { + return version, nil + } + return 0, fmt.Errorf("unsupported version: %s", item) +}