Google Git
Sign in
android / platform / external / curl / 849082a60867156db868dcb93b67125b84997600 / . / docs / CIPHERS.md
blob: af8f2f4c40b2602e276fd6f4c5a3b46985d58f34 [file] [log] [blame] [view]
Elliott Hughes82be86d2017-09-20 17:00:17 -0700[diff] [blame]1# Ciphers
2
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]3With curl's options
Elliott Hughes34dd5f42021-08-10 13:01:18 -0700[diff] [blame]4[`CURLOPT_SSL_CIPHER_LIST`](https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html)
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]5and
Elliott Hughes34dd5f42021-08-10 13:01:18 -0700[diff] [blame]6[`--ciphers`](https://curl.se/docs/manpage.html#--ciphers)
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]7users can control which ciphers to consider when negotiating TLS connections.
8
Haibo Huangb6336c12019-06-05 01:34:44 -0700[diff] [blame]9TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+ with options
Elliott Hughes34dd5f42021-08-10 13:01:18 -0700[diff] [blame]10[`CURLOPT_TLS13_CIPHERS`](https://curl.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html)
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]11and
Elliott Hughes34dd5f42021-08-10 13:01:18 -0700[diff] [blame]12[`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers)
Haibo Huangb6336c12019-06-05 01:34:44 -0700[diff] [blame]13. If you are using a different SSL backend you can try setting TLS 1.3 cipher
14suites by using the respective regular cipher option.
Elliott Hughes82be86d2017-09-20 17:00:17 -0700[diff] [blame]15
16The names of the known ciphers differ depending on which TLS backend that
17libcurl was built to use. This is an attempt to list known cipher names.
18
19## OpenSSL
20
21(based on [OpenSSL docs](https://www.openssl.org/docs/man1.1.0/apps/ciphers.html))
22
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]23When specifying multiple cipher names, separate them with colon (`:`).
24
Elliott Hughes82be86d2017-09-20 17:00:17 -0700[diff] [blame]25### SSL3 cipher suites
26
27`NULL-MD5`
28`NULL-SHA`
29`RC4-MD5`
30`RC4-SHA`
31`IDEA-CBC-SHA`
32`DES-CBC3-SHA`
33`DH-DSS-DES-CBC3-SHA`
34`DH-RSA-DES-CBC3-SHA`
35`DHE-DSS-DES-CBC3-SHA`
36`DHE-RSA-DES-CBC3-SHA`
37`ADH-RC4-MD5`
38`ADH-DES-CBC3-SHA`
39
40### TLS v1.0 cipher suites
41
42`NULL-MD5`
43`NULL-SHA`
44`RC4-MD5`
45`RC4-SHA`
46`IDEA-CBC-SHA`
47`DES-CBC3-SHA`
48`DHE-DSS-DES-CBC3-SHA`
49`DHE-RSA-DES-CBC3-SHA`
50`ADH-RC4-MD5`
51`ADH-DES-CBC3-SHA`
52
53### AES ciphersuites from RFC3268, extending TLS v1.0
54
55`AES128-SHA`
56`AES256-SHA`
57`DH-DSS-AES128-SHA`
58`DH-DSS-AES256-SHA`
59`DH-RSA-AES128-SHA`
60`DH-RSA-AES256-SHA`
61`DHE-DSS-AES128-SHA`
62`DHE-DSS-AES256-SHA`
63`DHE-RSA-AES128-SHA`
64`DHE-RSA-AES256-SHA`
65`ADH-AES128-SHA`
66`ADH-AES256-SHA`
67
68### SEED ciphersuites from RFC4162, extending TLS v1.0
69
70`SEED-SHA`
71`DH-DSS-SEED-SHA`
72`DH-RSA-SEED-SHA`
73`DHE-DSS-SEED-SHA`
74`DHE-RSA-SEED-SHA`
75`ADH-SEED-SHA`
76
77### GOST ciphersuites, extending TLS v1.0
78
79`GOST94-GOST89-GOST89`
80`GOST2001-GOST89-GOST89`
81`GOST94-NULL-GOST94`
82`GOST2001-NULL-GOST94`
83
84### Elliptic curve cipher suites
85
86`ECDHE-RSA-NULL-SHA`
87`ECDHE-RSA-RC4-SHA`
88`ECDHE-RSA-DES-CBC3-SHA`
89`ECDHE-RSA-AES128-SHA`
90`ECDHE-RSA-AES256-SHA`
91`ECDHE-ECDSA-NULL-SHA`
92`ECDHE-ECDSA-RC4-SHA`
93`ECDHE-ECDSA-DES-CBC3-SHA`
94`ECDHE-ECDSA-AES128-SHA`
95`ECDHE-ECDSA-AES256-SHA`
96`AECDH-NULL-SHA`
97`AECDH-RC4-SHA`
98`AECDH-DES-CBC3-SHA`
99`AECDH-AES128-SHA`
100`AECDH-AES256-SHA`
101
102### TLS v1.2 cipher suites
103
104`NULL-SHA256`
105`AES128-SHA256`
106`AES256-SHA256`
107`AES128-GCM-SHA256`
108`AES256-GCM-SHA384`
109`DH-RSA-AES128-SHA256`
110`DH-RSA-AES256-SHA256`
111`DH-RSA-AES128-GCM-SHA256`
112`DH-RSA-AES256-GCM-SHA384`
113`DH-DSS-AES128-SHA256`
114`DH-DSS-AES256-SHA256`
115`DH-DSS-AES128-GCM-SHA256`
116`DH-DSS-AES256-GCM-SHA384`
117`DHE-RSA-AES128-SHA256`
118`DHE-RSA-AES256-SHA256`
119`DHE-RSA-AES128-GCM-SHA256`
120`DHE-RSA-AES256-GCM-SHA384`
121`DHE-DSS-AES128-SHA256`
122`DHE-DSS-AES256-SHA256`
123`DHE-DSS-AES128-GCM-SHA256`
124`DHE-DSS-AES256-GCM-SHA384`
125`ECDHE-RSA-AES128-SHA256`
126`ECDHE-RSA-AES256-SHA384`
127`ECDHE-RSA-AES128-GCM-SHA256`
128`ECDHE-RSA-AES256-GCM-SHA384`
129`ECDHE-ECDSA-AES128-SHA256`
130`ECDHE-ECDSA-AES256-SHA384`
131`ECDHE-ECDSA-AES128-GCM-SHA256`
132`ECDHE-ECDSA-AES256-GCM-SHA384`
133`ADH-AES128-SHA256`
134`ADH-AES256-SHA256`
135`ADH-AES128-GCM-SHA256`
136`ADH-AES256-GCM-SHA384`
137`AES128-CCM`
138`AES256-CCM`
139`DHE-RSA-AES128-CCM`
140`DHE-RSA-AES256-CCM`
141`AES128-CCM8`
142`AES256-CCM8`
143`DHE-RSA-AES128-CCM8`
144`DHE-RSA-AES256-CCM8`
145`ECDHE-ECDSA-AES128-CCM`
146`ECDHE-ECDSA-AES256-CCM`
147`ECDHE-ECDSA-AES128-CCM8`
148`ECDHE-ECDSA-AES256-CCM8`
149
150### Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2
151
152`ECDHE-ECDSA-CAMELLIA128-SHA256`
153`ECDHE-ECDSA-CAMELLIA256-SHA384`
154`ECDHE-RSA-CAMELLIA128-SHA256`
155`ECDHE-RSA-CAMELLIA256-SHA384`
156
Elliott Hughes72d948d2018-08-03 14:37:21 -0700[diff] [blame]157### TLS 1.3 cipher suites
158
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]159(Note these ciphers are set with `CURLOPT_TLS13_CIPHERS` and `--tls13-ciphers`)
Elliott Hughes72d948d2018-08-03 14:37:21 -0700[diff] [blame]160
Elliott Hughesa93fb052018-12-12 14:22:48 -0800[diff] [blame]161`TLS_AES_256_GCM_SHA384`
162`TLS_CHACHA20_POLY1305_SHA256`
163`TLS_AES_128_GCM_SHA256`
164`TLS_AES_128_CCM_8_SHA256`
165`TLS_AES_128_CCM_SHA256`
Elliott Hughes72d948d2018-08-03 14:37:21 -0700[diff] [blame]166
Elliott Hughes82be86d2017-09-20 17:00:17 -0700[diff] [blame]167## NSS
168
169### Totally insecure
170
171`rc4`
172`rc4-md5`
173`rc4export`
174`rc2`
175`rc2export`
176`des`
177`desede3`
178
179### SSL3/TLS cipher suites
180
181`rsa_rc4_128_md5`
182`rsa_rc4_128_sha`
183`rsa_3des_sha`
184`rsa_des_sha`
185`rsa_rc4_40_md5`
186`rsa_rc2_40_md5`
187`rsa_null_md5`
188`rsa_null_sha`
189`fips_3des_sha`
190`fips_des_sha`
191`fortezza`
192`fortezza_rc4_128_sha`
193`fortezza_null`
194
195### TLS 1.0 Exportable 56-bit Cipher Suites
196
197`rsa_des_56_sha`
198`rsa_rc4_56_sha`
199
200### AES ciphers
201
202`dhe_dss_aes_128_cbc_sha`
203`dhe_dss_aes_256_cbc_sha`
204`dhe_rsa_aes_128_cbc_sha`
205`dhe_rsa_aes_256_cbc_sha`
206`rsa_aes_128_sha`
207`rsa_aes_256_sha`
208
209### ECC ciphers
210
211`ecdh_ecdsa_null_sha`
212`ecdh_ecdsa_rc4_128_sha`
213`ecdh_ecdsa_3des_sha`
214`ecdh_ecdsa_aes_128_sha`
215`ecdh_ecdsa_aes_256_sha`
216`ecdhe_ecdsa_null_sha`
217`ecdhe_ecdsa_rc4_128_sha`
218`ecdhe_ecdsa_3des_sha`
219`ecdhe_ecdsa_aes_128_sha`
220`ecdhe_ecdsa_aes_256_sha`
221`ecdh_rsa_null_sha`
222`ecdh_rsa_128_sha`
223`ecdh_rsa_3des_sha`
224`ecdh_rsa_aes_128_sha`
225`ecdh_rsa_aes_256_sha`
226`ecdhe_rsa_null`
227`ecdhe_rsa_rc4_128_sha`
228`ecdhe_rsa_3des_sha`
229`ecdhe_rsa_aes_128_sha`
230`ecdhe_rsa_aes_256_sha`
231`ecdh_anon_null_sha`
232`ecdh_anon_rc4_128sha`
233`ecdh_anon_3des_sha`
234`ecdh_anon_aes_128_sha`
235`ecdh_anon_aes_256_sha`
236
237### HMAC-SHA256 cipher suites
238
239`rsa_null_sha_256`
240`rsa_aes_128_cbc_sha_256`
241`rsa_aes_256_cbc_sha_256`
242`dhe_rsa_aes_128_cbc_sha_256`
243`dhe_rsa_aes_256_cbc_sha_256`
244`ecdhe_ecdsa_aes_128_cbc_sha_256`
245`ecdhe_rsa_aes_128_cbc_sha_256`
246
247### AES GCM cipher suites in RFC 5288 and RFC 5289
248
249`rsa_aes_128_gcm_sha_256`
250`dhe_rsa_aes_128_gcm_sha_256`
251`dhe_dss_aes_128_gcm_sha_256`
252`ecdhe_ecdsa_aes_128_gcm_sha_256`
253`ecdh_ecdsa_aes_128_gcm_sha_256`
254`ecdhe_rsa_aes_128_gcm_sha_256`
255`ecdh_rsa_aes_128_gcm_sha_256`
256
257### cipher suites using SHA384
258
259`rsa_aes_256_gcm_sha_384`
260`dhe_rsa_aes_256_gcm_sha_384`
261`dhe_dss_aes_256_gcm_sha_384`
262`ecdhe_ecdsa_aes_256_sha_384`
263`ecdhe_rsa_aes_256_sha_384`
264`ecdhe_ecdsa_aes_256_gcm_sha_384`
265`ecdhe_rsa_aes_256_gcm_sha_384`
266
267### chacha20-poly1305 cipher suites
268
269`ecdhe_rsa_chacha20_poly1305_sha_256`
270`ecdhe_ecdsa_chacha20_poly1305_sha_256`
271`dhe_rsa_chacha20_poly1305_sha_256`
272
Haibo Huangb6336c12019-06-05 01:34:44 -0700[diff] [blame]273### TLS 1.3 cipher suites
274
275`aes_128_gcm_sha_256`
276`aes_256_gcm_sha_384`
277`chacha20_poly1305_sha_256`
278
Elliott Hughes82be86d2017-09-20 17:00:17 -0700[diff] [blame]279## GSKit
280
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame]281Ciphers are internally defined as
282[numeric codes](https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/apis/gsk_attribute_set_buffer.htm),
Elliott Hughes82be86d2017-09-20 17:00:17 -0700[diff] [blame]283but libcurl maps them to the following case-insensitive names.
284
285### SSL2 cipher suites (insecure: disabled by default)
286
287`rc2-md5`
288`rc4-md5`
289`exp-rc2-md5`
290`exp-rc4-md5`
291`des-cbc-md5`
292`des-cbc3-md5`
293
294### SSL3 cipher suites
295
296`null-md5`
297`null-sha`
298`rc4-md5`
299`rc4-sha`
300`exp-rc2-cbc-md5`
301`exp-rc4-md5`
302`exp-des-cbc-sha`
303`des-cbc3-sha`
304
305### TLS v1.0 cipher suites
306
307`null-md5`
308`null-sha`
309`rc4-md5`
310`rc4-sha`
311`exp-rc2-cbc-md5`
312`exp-rc4-md5`
313`exp-des-cbc-sha`
314`des-cbc3-sha`
315`aes128-sha`
316`aes256-sha`
317
318### TLS v1.1 cipher suites
319
320`null-md5`
321`null-sha`
322`rc4-md5`
323`rc4-sha`
324`exp-des-cbc-sha`
325`des-cbc3-sha`
326`aes128-sha`
327`aes256-sha`
328
329### TLS v1.2 cipher suites
330
331`null-md5`
332`null-sha`
333`null-sha256`
334`rc4-md5`
335`rc4-sha`
336`des-cbc3-sha`
337`aes128-sha`
338`aes256-sha`
339`aes128-sha256`
340`aes256-sha256`
341`aes128-gcm-sha256`
342`aes256-gcm-sha384`
343
344## WolfSSL
345
346`RC4-SHA`,
347`RC4-MD5`,
348`DES-CBC3-SHA`,
349`AES128-SHA`,
350`AES256-SHA`,
351`NULL-SHA`,
352`NULL-SHA256`,
353`DHE-RSA-AES128-SHA`,
354`DHE-RSA-AES256-SHA`,
355`DHE-PSK-AES256-GCM-SHA384`,
356`DHE-PSK-AES128-GCM-SHA256`,
357`PSK-AES256-GCM-SHA384`,
358`PSK-AES128-GCM-SHA256`,
359`DHE-PSK-AES256-CBC-SHA384`,
360`DHE-PSK-AES128-CBC-SHA256`,
361`PSK-AES256-CBC-SHA384`,
362`PSK-AES128-CBC-SHA256`,
363`PSK-AES128-CBC-SHA`,
364`PSK-AES256-CBC-SHA`,
365`DHE-PSK-AES128-CCM`,
366`DHE-PSK-AES256-CCM`,
367`PSK-AES128-CCM`,
368`PSK-AES256-CCM`,
369`PSK-AES128-CCM-8`,
370`PSK-AES256-CCM-8`,
371`DHE-PSK-NULL-SHA384`,
372`DHE-PSK-NULL-SHA256`,
373`PSK-NULL-SHA384`,
374`PSK-NULL-SHA256`,
375`PSK-NULL-SHA`,
376`HC128-MD5`,
377`HC128-SHA`,
378`HC128-B2B256`,
379`AES128-B2B256`,
380`AES256-B2B256`,
381`RABBIT-SHA`,
382`NTRU-RC4-SHA`,
383`NTRU-DES-CBC3-SHA`,
384`NTRU-AES128-SHA`,
385`NTRU-AES256-SHA`,
386`AES128-CCM-8`,
387`AES256-CCM-8`,
388`ECDHE-ECDSA-AES128-CCM`,
389`ECDHE-ECDSA-AES128-CCM-8`,
390`ECDHE-ECDSA-AES256-CCM-8`,
391`ECDHE-RSA-AES128-SHA`,
392`ECDHE-RSA-AES256-SHA`,
393`ECDHE-ECDSA-AES128-SHA`,
394`ECDHE-ECDSA-AES256-SHA`,
395`ECDHE-RSA-RC4-SHA`,
396`ECDHE-RSA-DES-CBC3-SHA`,
397`ECDHE-ECDSA-RC4-SHA`,
398`ECDHE-ECDSA-DES-CBC3-SHA`,
399`AES128-SHA256`,
400`AES256-SHA256`,
401`DHE-RSA-AES128-SHA256`,
402`DHE-RSA-AES256-SHA256`,
403`ECDH-RSA-AES128-SHA`,
404`ECDH-RSA-AES256-SHA`,
405`ECDH-ECDSA-AES128-SHA`,
406`ECDH-ECDSA-AES256-SHA`,
407`ECDH-RSA-RC4-SHA`,
408`ECDH-RSA-DES-CBC3-SHA`,
409`ECDH-ECDSA-RC4-SHA`,
410`ECDH-ECDSA-DES-CBC3-SHA`,
411`AES128-GCM-SHA256`,
412`AES256-GCM-SHA384`,
413`DHE-RSA-AES128-GCM-SHA256`,
414`DHE-RSA-AES256-GCM-SHA384`,
415`ECDHE-RSA-AES128-GCM-SHA256`,
416`ECDHE-RSA-AES256-GCM-SHA384`,
417`ECDHE-ECDSA-AES128-GCM-SHA256`,
418`ECDHE-ECDSA-AES256-GCM-SHA384`,
419`ECDH-RSA-AES128-GCM-SHA256`,
420`ECDH-RSA-AES256-GCM-SHA384`,
421`ECDH-ECDSA-AES128-GCM-SHA256`,
422`ECDH-ECDSA-AES256-GCM-SHA384`,
423`CAMELLIA128-SHA`,
424`DHE-RSA-CAMELLIA128-SHA`,
425`CAMELLIA256-SHA`,
426`DHE-RSA-CAMELLIA256-SHA`,
427`CAMELLIA128-SHA256`,
428`DHE-RSA-CAMELLIA128-SHA256`,
429`CAMELLIA256-SHA256`,
430`DHE-RSA-CAMELLIA256-SHA256`,
431`ECDHE-RSA-AES128-SHA256`,
432`ECDHE-ECDSA-AES128-SHA256`,
433`ECDH-RSA-AES128-SHA256`,
434`ECDH-ECDSA-AES128-SHA256`,
435`ECDHE-RSA-AES256-SHA384`,
436`ECDHE-ECDSA-AES256-SHA384`,
437`ECDH-RSA-AES256-SHA384`,
438`ECDH-ECDSA-AES256-SHA384`,
439`ECDHE-RSA-CHACHA20-POLY1305`,
440`ECDHE-ECDSA-CHACHA20-POLY1305`,
441`DHE-RSA-CHACHA20-POLY1305`,
442`ECDHE-RSA-CHACHA20-POLY1305-OLD`,
443`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`,
444`DHE-RSA-CHACHA20-POLY1305-OLD`,
445`ADH-AES128-SHA`,
446`QSH`,
447`RENEGOTIATION-INFO`,
448`IDEA-CBC-SHA`,
449`ECDHE-ECDSA-NULL-SHA`,
450`ECDHE-PSK-NULL-SHA256`,
451`ECDHE-PSK-AES128-CBC-SHA256`,
452`PSK-CHACHA20-POLY1305`,
453`ECDHE-PSK-CHACHA20-POLY1305`,
454`DHE-PSK-CHACHA20-POLY1305`,
455`EDH-RSA-DES-CBC3-SHA`,
Elliott Hughes72d948d2018-08-03 14:37:21 -0700[diff] [blame]456
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame]457## Schannel
Elliott Hughes72d948d2018-08-03 14:37:21 -0700[diff] [blame]458
Haibo Huang34ab3462019-05-22 00:50:27 -0700[diff] [blame]459Schannel allows the enabling and disabling of encryption algorithms, but not
460specific ciphersuites. They are
461[defined](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id) by
462Microsoft.
Elliott Hughes72d948d2018-08-03 14:37:21 -0700[diff] [blame]463
Haibo Huang001784b2019-07-19 05:27:28 -0700[diff] [blame]464There is also the case that the selected algorithm is not supported by the
465protocol or does not match the ciphers offered by the server during the SSL
466negotiation. In this case curl will return error
467`CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH`
468and the request will fail.
469
Elliott Hughes72d948d2018-08-03 14:37:21 -0700[diff] [blame]470`CALG_MD2`,
471`CALG_MD4`,
472`CALG_MD5`,
473`CALG_SHA`,
474`CALG_SHA1`,
475`CALG_MAC`,
476`CALG_RSA_SIGN`,
477`CALG_DSS_SIGN`,
478`CALG_NO_SIGN`,
479`CALG_RSA_KEYX`,
480`CALG_DES`,
481`CALG_3DES_112`,
482`CALG_3DES`,
483`CALG_DESX`,
484`CALG_RC2`,
485`CALG_RC4`,
486`CALG_SEAL`,
487`CALG_DH_SF`,
488`CALG_DH_EPHEM`,
489`CALG_AGREEDKEY_ANY`,
490`CALG_HUGHES_MD5`,
491`CALG_SKIPJACK`,
492`CALG_TEK`,
493`CALG_CYLINK_MEK`,
494`CALG_SSL3_SHAMD5`,
495`CALG_SSL3_MASTER`,
496`CALG_SCHANNEL_MASTER_HASH`,
497`CALG_SCHANNEL_MAC_KEY`,
498`CALG_SCHANNEL_ENC_KEY`,
499`CALG_PCT1_MASTER`,
500`CALG_SSL2_MASTER`,
501`CALG_TLS1_MASTER`,
502`CALG_RC5`,
503`CALG_HMAC`,
504`CALG_TLS1PRF`,
505`CALG_HASH_REPLACE_OWF`,
506`CALG_AES_128`,
507`CALG_AES_192`,
508`CALG_AES_256`,
509`CALG_AES`,
510`CALG_SHA_256`,
511`CALG_SHA_384`,
512`CALG_SHA_512`,
513`CALG_ECDH`,
514`CALG_ECMQV`,
515`CALG_ECDSA`,
Haibo Huang65021c72019-03-27 15:37:23 -0700[diff] [blame]516`CALG_ECDH_EPHEM`,
Elliott Hughes34dd5f42021-08-10 13:01:18 -0700[diff] [blame]517
518As of curl 7.77.0, you can also pass `SCH_USE_STRONG_CRYPTO` as a cipher name
519to [constrain the set of available ciphers as specified in the schannel
520documentation](https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022).
521Note that the supported ciphers in this case follows the OS version, so if you
522are running an outdated OS you might still be supporting weak ciphers.