Type Definition bearssl::br_suite_translated [−] [src]

type br_suite_translated = [u16; 2];

\brief Type for a "translated cipher suite", as an array of two 16-bit integers.

The first element is the cipher suite identifier (as used on the wire). The second element is the concatenation of four 4-bit elements which characterise the cipher suite contents. In most to least significant order, these 4-bit elements are:

Bits 12 to 15: key exchange + server key type

val	symbolic constant	suite type	details
0	`BR_SSLKEYX_RSA`	RSA	RSA key exchange, key is RSA (encryption)
1	`BR_SSLKEYX_ECDHE_RSA`	ECDHE_RSA	ECDHE key exchange, key is RSA (signature)
2	`BR_SSLKEYX_ECDHE_ECDSA`	ECDHE_ECDSA	ECDHE key exchange, key is EC (signature)
3	`BR_SSLKEYX_ECDH_RSA`	ECDH_RSA	Key is EC (key exchange), cert signed with RSA
4	`BR_SSLKEYX_ECDH_ECDSA`	ECDH_ECDSA	Key is EC (key exchange), cert signed with ECDSA

Bits 8 to 11: symmetric encryption algorithm

val	symbolic constant	symmetric encryption	key strength (bits)
0	`BR_SSLENC_3DES_CBC`	3DES/CBC	168
1	`BR_SSLENC_AES128_CBC`	AES-128/CBC	128
2	`BR_SSLENC_AES256_CBC`	AES-256/CBC	256
3	`BR_SSLENC_AES128_GCM`	AES-128/GCM	128
4	`BR_SSLENC_AES256_GCM`	AES-256/GCM	256
5	`BR_SSLENC_CHACHA20`	ChaCha20/Poly1305	256

Bits 4 to 7: MAC algorithm

val	symbolic constant	MAC type	details
0	`BR_SSLMAC_AEAD`	AEAD	No dedicated MAC (encryption is AEAD)
2	`BR_SSLMAC_SHA1`	HMAC/SHA-1	Value matches `br_sha1_ID`
4	`BR_SSLMAC_SHA256`	HMAC/SHA-256	Value matches `br_sha256_ID`
5	`BR_SSLMAC_SHA384`	HMAC/SHA-384	Value matches `br_sha384_ID`

Bits 0 to 3: hash function for PRF when used with TLS-1.2

val	symbolic constant	hash function	details
4	`BR_SSLPRF_SHA256`	SHA-256	Value matches `br_sha256_ID`
5	`BR_SSLPRF_SHA384`	SHA-384	Value matches `br_sha384_ID`

For instance, cipher suite TLS_RSA_WITH_AES_128_GCM_SHA256 has standard identifier 0x009C, and is translated to 0x0304, for, in that order: RSA key exchange (0), AES-128/GCM (3), AEAD integrity (0), SHA-256 in the TLS PRF (4).