1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
// CipherRun - A fast, modular, and scalable TLS/SSL security scanner
// Copyright (C) 2024 CipherRun Team
// Licensed under GPL-2.0
//! TLS/SSL Protocol Constants
//!
//! This module provides centralized constants for TLS/SSL protocol operations,
//! eliminating magic numbers throughout the codebase and ensuring consistency.
//! All constants are documented with RFC references where applicable.
use Duration;
// =============================================================================
// TLS Content Types (RFC 8446 Section 5.1, RFC 5246 Section 6.2.1)
// =============================================================================
/// TLS Content Type: Change Cipher Spec (0x14)
///
/// Used to signal a change in the encryption parameters.
/// Deprecated in TLS 1.3 but still used in TLS 1.2 and earlier.
///
/// Reference: RFC 5246 Section 7.1
pub const CONTENT_TYPE_CHANGE_CIPHER_SPEC: u8 = 0x14;
/// TLS Content Type: Alert (0x15)
///
/// Used to convey closure alerts and error messages.
///
/// Reference: RFC 8446 Section 6, RFC 5246 Section 7.2
pub const CONTENT_TYPE_ALERT: u8 = 0x15;
/// TLS Content Type: Handshake (0x16)
///
/// Used for handshake messages including ClientHello, ServerHello,
/// Certificate, CertificateVerify, Finished, etc.
///
/// Reference: RFC 8446 Section 4, RFC 5246 Section 7.4
pub const CONTENT_TYPE_HANDSHAKE: u8 = 0x16;
/// TLS Content Type: Application Data (0x17)
///
/// Used to carry encrypted application data after the handshake is complete.
///
/// Reference: RFC 8446 Section 5.2, RFC 5246 Section 10
pub const CONTENT_TYPE_APPLICATION_DATA: u8 = 0x17;
/// TLS Content Type: Heartbeat (0x18)
///
/// Used for the Heartbeat Extension (keep-alive functionality).
/// Note: This is the content type exploited by the Heartbleed vulnerability.
///
/// Reference: RFC 6520
pub const CONTENT_TYPE_HEARTBEAT: u8 = 0x18;
// =============================================================================
// TLS Handshake Types (RFC 8446 Section 4, RFC 5246 Section 7.4)
// =============================================================================
/// Handshake Type: HelloRequest (0x00)
///
/// Sent by server to initiate a new handshake (TLS 1.2 and earlier).
/// Not used in TLS 1.3.
///
/// Reference: RFC 5246 Section 7.4.1.1
pub const HANDSHAKE_TYPE_HELLO_REQUEST: u8 = 0x00;
/// Handshake Type: ClientHello (0x01)
///
/// Initial message sent by the client to initiate a TLS handshake.
/// Contains protocol version, random data, cipher suites, and extensions.
///
/// Reference: RFC 8446 Section 4.1.2, RFC 5246 Section 7.4.1.2
pub const HANDSHAKE_TYPE_CLIENT_HELLO: u8 = 0x01;
/// Handshake Type: ServerHello (0x02)
///
/// Server's response to ClientHello, selecting protocol version,
/// cipher suite, and other parameters.
///
/// Reference: RFC 8446 Section 4.1.3, RFC 5246 Section 7.4.1.3
pub const HANDSHAKE_TYPE_SERVER_HELLO: u8 = 0x02;
/// Handshake Type: HelloVerifyRequest (0x03)
///
/// Used in DTLS to verify client's address before allocating state.
///
/// Reference: RFC 6347 Section 4.2.1
pub const HANDSHAKE_TYPE_HELLO_VERIFY_REQUEST: u8 = 0x03;
/// Handshake Type: NewSessionTicket (0x04)
///
/// Used for session resumption without server-side state.
///
/// Reference: RFC 8446 Section 4.6.1, RFC 5077
pub const HANDSHAKE_TYPE_NEW_SESSION_TICKET: u8 = 0x04;
/// Handshake Type: EndOfEarlyData (0x05)
///
/// Marks the end of 0-RTT data in TLS 1.3.
///
/// Reference: RFC 8446 Section 4.5
pub const HANDSHAKE_TYPE_END_OF_EARLY_DATA: u8 = 0x05;
/// Handshake Type: EncryptedExtensions (0x08)
///
/// TLS 1.3 message containing encrypted extension data.
///
/// Reference: RFC 8446 Section 4.3.1
pub const HANDSHAKE_TYPE_ENCRYPTED_EXTENSIONS: u8 = 0x08;
/// Handshake Type: Certificate (0x0B)
///
/// Contains the certificate chain for authentication.
///
/// Reference: RFC 8446 Section 4.4.2, RFC 5246 Section 7.4.2
pub const HANDSHAKE_TYPE_CERTIFICATE: u8 = 0x0B;
/// Handshake Type: ServerKeyExchange (0x0C)
///
/// Contains server's key exchange parameters (TLS 1.2 and earlier).
/// Not used in TLS 1.3.
///
/// Reference: RFC 5246 Section 7.4.3
pub const HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE: u8 = 0x0C;
/// Handshake Type: CertificateRequest (0x0D)
///
/// Server requests a certificate from the client (mutual TLS).
///
/// Reference: RFC 8446 Section 4.3.2, RFC 5246 Section 7.4.4
pub const HANDSHAKE_TYPE_CERTIFICATE_REQUEST: u8 = 0x0D;
/// Handshake Type: ServerHelloDone (0x0E)
///
/// Indicates server has finished its part of the handshake (TLS 1.2 and earlier).
/// Not used in TLS 1.3.
///
/// Reference: RFC 5246 Section 7.4.5
pub const HANDSHAKE_TYPE_SERVER_HELLO_DONE: u8 = 0x0E;
/// Handshake Type: CertificateVerify (0x0F)
///
/// Proves possession of the private key corresponding to the certificate.
///
/// Reference: RFC 8446 Section 4.4.3, RFC 5246 Section 7.4.8
pub const HANDSHAKE_TYPE_CERTIFICATE_VERIFY: u8 = 0x0F;
/// Handshake Type: ClientKeyExchange (0x10)
///
/// Contains client's key exchange parameters (TLS 1.2 and earlier).
/// Not used in TLS 1.3.
///
/// Reference: RFC 5246 Section 7.4.7
pub const HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE: u8 = 0x10;
/// Handshake Type: Finished (0x14)
///
/// Final handshake message, contains verification data to ensure
/// handshake integrity.
///
/// Reference: RFC 8446 Section 4.4.4, RFC 5246 Section 7.4.9
pub const HANDSHAKE_TYPE_FINISHED: u8 = 0x14;
/// Handshake Type: CertificateURL (0x15)
///
/// Alternative to Certificate message, provides URLs instead of full certificates.
///
/// Reference: RFC 6066 Section 11
pub const HANDSHAKE_TYPE_CERTIFICATE_URL: u8 = 0x15;
/// Handshake Type: CertificateStatus (0x16)
///
/// Contains OCSP response for certificate validation.
///
/// Reference: RFC 6066 Section 8
pub const HANDSHAKE_TYPE_CERTIFICATE_STATUS: u8 = 0x16;
/// Handshake Type: KeyUpdate (0x18)
///
/// Used to update traffic keys in TLS 1.3.
///
/// Reference: RFC 8446 Section 4.6.3
pub const HANDSHAKE_TYPE_KEY_UPDATE: u8 = 0x18;
/// Handshake Type: MessageHash (0xFE)
///
/// Special synthetic handshake message type used in TLS 1.3.
///
/// Reference: RFC 8446 Section 4.4.1
pub const HANDSHAKE_TYPE_MESSAGE_HASH: u8 = 0xFE;
// =============================================================================
// TLS Alert Levels (RFC 8446 Section 6, RFC 5246 Section 7.2)
// =============================================================================
/// Alert Level: Warning (0x01)
///
/// Indicates a non-fatal error condition.
pub const ALERT_LEVEL_WARNING: u8 = 0x01;
/// Alert Level: Fatal (0x02)
///
/// Indicates a fatal error that terminates the connection.
pub const ALERT_LEVEL_FATAL: u8 = 0x02;
// =============================================================================
// TLS Alert Descriptions (RFC 8446 Section 6.2, RFC 5246 Section 7.2)
// =============================================================================
/// Alert: Close Notify (0)
pub const ALERT_CLOSE_NOTIFY: u8 = 0;
/// Alert: Unexpected Message (10)
pub const ALERT_UNEXPECTED_MESSAGE: u8 = 10;
/// Alert: Bad Record MAC (20)
pub const ALERT_BAD_RECORD_MAC: u8 = 20;
/// Alert: Handshake Failure (40)
pub const ALERT_HANDSHAKE_FAILURE: u8 = 40;
/// Alert: Bad Certificate (42)
pub const ALERT_BAD_CERTIFICATE: u8 = 42;
/// Alert: Certificate Revoked (44)
pub const ALERT_CERTIFICATE_REVOKED: u8 = 44;
/// Alert: Certificate Expired (45)
pub const ALERT_CERTIFICATE_EXPIRED: u8 = 45;
/// Alert: Certificate Unknown (46)
pub const ALERT_CERTIFICATE_UNKNOWN: u8 = 46;
/// Alert: Illegal Parameter (47)
pub const ALERT_ILLEGAL_PARAMETER: u8 = 47;
/// Alert: Unknown CA (48)
pub const ALERT_UNKNOWN_CA: u8 = 48;
/// Alert: Decode Error (50)
pub const ALERT_DECODE_ERROR: u8 = 50;
/// Alert: Protocol Version (70)
pub const ALERT_PROTOCOL_VERSION: u8 = 70;
/// Alert: Insufficient Security (71)
pub const ALERT_INSUFFICIENT_SECURITY: u8 = 71;
/// Alert: Internal Error (80)
pub const ALERT_INTERNAL_ERROR: u8 = 80;
/// Alert: Unrecognized Name (112)
pub const ALERT_UNRECOGNIZED_NAME: u8 = 112;
// =============================================================================
// TLS Extension Types (IANA TLS ExtensionType Values)
// =============================================================================
/// Extension: Server Name Indication (0x0000)
///
/// Allows client to indicate the hostname it's attempting to connect to.
///
/// Reference: RFC 6066 Section 3
pub const EXTENSION_SERVER_NAME: u16 = 0x0000;
/// Extension: Supported Groups (0x000A)
///
/// Indicates supported elliptic curves or finite field groups.
/// Formerly called "elliptic_curves".
///
/// Reference: RFC 8422 Section 5.1, RFC 7919
pub const EXTENSION_SUPPORTED_GROUPS: u16 = 0x000A;
/// Extension: EC Point Formats (0x000B)
///
/// Indicates supported elliptic curve point formats.
///
/// Reference: RFC 8422 Section 5.1
pub const EXTENSION_EC_POINT_FORMATS: u16 = 0x000B;
/// Extension: Signature Algorithms (0x000D)
///
/// Indicates supported signature algorithms.
///
/// Reference: RFC 8446 Section 4.2.3, RFC 5246 Section 7.4.1.4.1
pub const EXTENSION_SIGNATURE_ALGORITHMS: u16 = 0x000D;
/// Extension: Application Layer Protocol Negotiation (0x0010)
///
/// Allows negotiation of application protocol (e.g., http/1.1, h2).
///
/// Reference: RFC 7301
pub const EXTENSION_ALPN: u16 = 0x0010;
/// Extension: Encrypt-then-MAC (0x0016)
///
/// Changes MAC calculation order to encrypt-then-MAC for better security.
///
/// Reference: RFC 7366
pub const EXTENSION_ENCRYPT_THEN_MAC: u16 = 0x0016;
/// Extension: Extended Master Secret (0x0017)
///
/// Binds master secret to handshake log for better security.
///
/// Reference: RFC 7627
pub const EXTENSION_EXTENDED_MASTER_SECRET: u16 = 0x0017;
/// Extension: Session Ticket (0x0023)
///
/// Enables stateless session resumption.
///
/// Reference: RFC 5077
pub const EXTENSION_SESSION_TICKET: u16 = 0x0023;
/// Extension: Supported Versions (0x002B)
///
/// TLS 1.3 extension to indicate supported TLS versions.
///
/// Reference: RFC 8446 Section 4.2.1
pub const EXTENSION_SUPPORTED_VERSIONS: u16 = 0x002B;
/// Extension: Key Share (0x0033)
///
/// TLS 1.3 extension containing key exchange information.
///
/// Reference: RFC 8446 Section 4.2.8
pub const EXTENSION_KEY_SHARE: u16 = 0x0033;
/// Extension: Renegotiation Info (0xFF01)
///
/// Prevents renegotiation attacks.
///
/// Reference: RFC 5746
pub const EXTENSION_RENEGOTIATION_INFO: u16 = 0xFF01;
// =============================================================================
// Default Network Ports
// =============================================================================
/// Default port for HTTPS (HTTP over TLS)
pub const PORT_HTTPS: u16 = 443;
/// Default port for SMTP (mail submission, plaintext)
pub const PORT_SMTP: u16 = 25;
/// Default port for SMTPS (SMTP over implicit TLS)
pub const PORT_SMTPS: u16 = 465;
/// Default port for SMTP Submission (mail submission with STARTTLS)
pub const PORT_SMTP_SUBMISSION: u16 = 587;
/// Default port for IMAPS (IMAP over implicit TLS)
pub const PORT_IMAPS: u16 = 993;
/// Default port for POP3S (POP3 over implicit TLS)
pub const PORT_POP3S: u16 = 995;
/// Default port for FTPS (FTP over implicit TLS)
pub const PORT_FTPS: u16 = 990;
/// Default port for LDAPS (LDAP over implicit TLS)
pub const PORT_LDAPS: u16 = 636;
/// Default port for RDP (Remote Desktop Protocol)
pub const PORT_RDP: u16 = 3389;
/// Default port for MySQL over TLS
pub const PORT_MYSQL: u16 = 3306;
/// Default port for PostgreSQL over TLS
pub const PORT_POSTGRESQL: u16 = 5432;
// =============================================================================
// Buffer Sizes
// =============================================================================
/// Default buffer size for TLS record operations (4 KB)
///
/// This is a reasonable default for most TLS operations and matches
/// common page sizes for efficient memory allocation.
pub const BUFFER_SIZE_DEFAULT: usize = 4096;
/// Maximum TLS record size (16 KB + 2 KB for headers/MAC/padding)
///
/// TLS 1.2 and 1.3 specify a maximum plaintext fragment length of 2^14 bytes
/// (16,384 bytes). With encryption overhead, the maximum record size can be
/// slightly larger.
///
/// Reference: RFC 8446 Section 5.1, RFC 5246 Section 6.2.1
pub const BUFFER_SIZE_MAX_TLS_RECORD: usize = 16384;
/// Maximum allowed TLS record size with overhead
///
/// Includes space for headers, MAC, and padding.
pub const BUFFER_SIZE_MAX_WITH_OVERHEAD: usize = 18432; // 16KB + 2KB overhead
/// Size of TLS random field (32 bytes)
///
/// Used in ClientHello and ServerHello messages.
/// Contains 4 bytes of Unix timestamp + 28 bytes of random data.
///
/// Reference: RFC 8446 Section 4.1.2, RFC 5246 Section 7.4.1.2
pub const RANDOM_BYTES_SIZE: usize = 32;
/// Size of TLS 1.2 and earlier master secret (48 bytes)
///
/// Reference: RFC 5246 Section 8.1
pub const MASTER_SECRET_SIZE: usize = 48;
/// Size of TLS record header (5 bytes)
///
/// Format: [Content Type (1)] [Version (2)] [Length (2)]
///
/// Reference: RFC 8446 Section 5.1, RFC 5246 Section 6.2.1
pub const TLS_RECORD_HEADER_SIZE: usize = 5;
/// Size of handshake message header (4 bytes)
///
/// Format: [Type (1)] [Length (3)]
///
/// Reference: RFC 8446 Section 4, RFC 5246 Section 7.4
pub const HANDSHAKE_HEADER_SIZE: usize = 4;
/// Minimum size for a valid ClientHello message
///
/// Includes record header, handshake header, version, random, session ID length,
/// cipher suite length (minimum 2 bytes), and compression method.
pub const MIN_CLIENT_HELLO_SIZE: usize = 41;
/// Buffer size for reading server responses during vulnerability checks
///
/// Large enough to capture full ServerHello and initial handshake messages.
pub const VULNERABILITY_CHECK_BUFFER_SIZE: usize = 8192;
// =============================================================================
// Timeouts
// =============================================================================
/// Default connection timeout for TCP connections (10 seconds)
///
/// This is a reasonable default that balances responsiveness with
/// tolerance for slow networks.
pub const DEFAULT_CONNECT_TIMEOUT: Duration = from_secs;
/// Default read timeout for socket operations (5 seconds)
///
/// Used when waiting for data from a TLS server.
pub const DEFAULT_READ_TIMEOUT: Duration = from_secs;
/// Default write timeout for socket operations (5 seconds)
///
/// Used when sending data to a TLS server.
pub const DEFAULT_WRITE_TIMEOUT: Duration = from_secs;
/// Default socket timeout for general operations (10 seconds)
///
/// General-purpose timeout for socket operations.
pub const DEFAULT_SOCKET_TIMEOUT: Duration = from_secs;
/// Reduced read timeout for cipher suite testing (3 seconds)
///
/// Faster failure detection during cipher enumeration.
pub const CIPHER_TEST_READ_TIMEOUT: Duration = from_secs;
/// HTTP request timeout for external API calls (30 seconds)
///
/// Used for fetching CT logs, CRLs, and other HTTP-based operations.
pub const HTTP_REQUEST_TIMEOUT: Duration = from_secs;
/// Short timeout for quick probes and fast-fail scenarios (3 seconds)
pub const SHORT_TIMEOUT: Duration = from_secs;
// =============================================================================
// Protocol Versions
// =============================================================================
/// TLS 1.0 version bytes (0x0301)
pub const VERSION_TLS_1_0: u16 = 0x0301;
/// TLS 1.1 version bytes (0x0302)
pub const VERSION_TLS_1_1: u16 = 0x0302;
/// TLS 1.2 version bytes (0x0303)
pub const VERSION_TLS_1_2: u16 = 0x0303;
/// TLS 1.3 version bytes (0x0304)
pub const VERSION_TLS_1_3: u16 = 0x0304;
/// SSL 3.0 version bytes (0x0300)
pub const VERSION_SSL_3_0: u16 = 0x0300;
/// SSL 2.0 version bytes (0x0002)
pub const VERSION_SSL_2_0: u16 = 0x0002;
// =============================================================================
// Compression Methods
// =============================================================================
/// No compression (0x00)
///
/// The only compression method that should be used in modern TLS.
/// CRIME attack demonstrated that compression enables information leakage.
pub const COMPRESSION_NULL: u8 = 0x00;
/// DEFLATE compression (0x01)
///
/// DEPRECATED: Vulnerable to CRIME attack. Should never be used.
///
/// Reference: RFC 3749
pub const COMPRESSION_DEFLATE: u8 = 0x01;
// =============================================================================
// Heartbeat
// =============================================================================
/// Heartbeat request message type
///
/// Reference: RFC 6520
pub const HEARTBEAT_REQUEST: u8 = 0x01;
/// Heartbeat response message type
///
/// Reference: RFC 6520
pub const HEARTBEAT_RESPONSE: u8 = 0x02;
/// Maximum safe heartbeat payload size (recommended)
///
/// Used to avoid triggering IDS and to prevent memory exhaustion.
pub const HEARTBEAT_MAX_PAYLOAD: u16 = 16384;
/// Heartbleed vulnerability test payload size
///
/// The malicious payload size used to detect Heartbleed vulnerability.
/// The vulnerability occurs when the server sends more data than requested.
pub const HEARTBLEED_TEST_PAYLOAD: u16 = 0x4000; // 16384 bytes
// =============================================================================
// Retry and Rate Limiting
// =============================================================================
/// Default delay between retries (3 seconds)
pub const DEFAULT_RETRY_DELAY: Duration = from_secs;
/// Maximum number of retry attempts
pub const DEFAULT_MAX_RETRIES: usize = 3;
/// Default rate limit delay for IDS-friendly scanning (100ms)
pub const DEFAULT_RATE_LIMIT_DELAY: Duration = from_millis;
// =============================================================================
// Helper Functions
// =============================================================================
/// Convert content type byte to human-readable string
/// Convert handshake type byte to human-readable string
/// Convert protocol version to human-readable string