type br_suite_translated = [u16; 2];
\brief Type for a "translated cipher suite", as an array of two
16-bit integers.
The first element is the cipher suite identifier (as used on the wire).
The second element is the concatenation of four 4-bit elements which
characterise the cipher suite contents. In most to least significant
order, these 4-bit elements are:
- Bits 12 to 15: key exchange + server key type
val |
symbolic constant |
suite type |
details |
0 |
BR_SSLKEYX_RSA |
RSA |
RSA key exchange, key is RSA (encryption) |
1 |
BR_SSLKEYX_ECDHE_RSA |
ECDHE_RSA |
ECDHE key exchange, key is RSA (signature) |
2 |
BR_SSLKEYX_ECDHE_ECDSA |
ECDHE_ECDSA |
ECDHE key exchange, key is EC (signature) |
3 |
BR_SSLKEYX_ECDH_RSA |
ECDH_RSA |
Key is EC (key exchange), cert signed with RSA |
4 |
BR_SSLKEYX_ECDH_ECDSA |
ECDH_ECDSA |
Key is EC (key exchange), cert signed with ECDSA |
- Bits 8 to 11: symmetric encryption algorithm
val |
symbolic constant |
symmetric encryption |
key strength (bits) |
0 |
BR_SSLENC_3DES_CBC |
3DES/CBC |
168 |
1 |
BR_SSLENC_AES128_CBC |
AES-128/CBC |
128 |
2 |
BR_SSLENC_AES256_CBC |
AES-256/CBC |
256 |
3 |
BR_SSLENC_AES128_GCM |
AES-128/GCM |
128 |
4 |
BR_SSLENC_AES256_GCM |
AES-256/GCM |
256 |
5 |
BR_SSLENC_CHACHA20 |
ChaCha20/Poly1305 |
256 |
- Bits 4 to 7: MAC algorithm
val |
symbolic constant |
MAC type |
details |
0 |
BR_SSLMAC_AEAD |
AEAD |
No dedicated MAC (encryption is AEAD) |
2 |
BR_SSLMAC_SHA1 |
HMAC/SHA-1 |
Value matches br_sha1_ID |
4 |
BR_SSLMAC_SHA256 |
HMAC/SHA-256 |
Value matches br_sha256_ID |
5 |
BR_SSLMAC_SHA384 |
HMAC/SHA-384 |
Value matches br_sha384_ID |
- Bits 0 to 3: hash function for PRF when used with TLS-1.2
val |
symbolic constant |
hash function |
details |
4 |
BR_SSLPRF_SHA256 |
SHA-256 |
Value matches br_sha256_ID |
5 |
BR_SSLPRF_SHA384 |
SHA-384 |
Value matches br_sha384_ID |
For instance, cipher suite TLS_RSA_WITH_AES_128_GCM_SHA256
has
standard identifier 0x009C, and is translated to 0x0304, for, in
that order: RSA key exchange (0), AES-128/GCM (3), AEAD integrity (0),
SHA-256 in the TLS PRF (4).