OpenVPN 3 Core Library
Loading...
Searching...
No Matches
iana_ciphers.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12#pragma once
13
14namespace openvpn {
15
16struct tls_cipher_name_pair
17{
18 const char *openssl_name;
19 const char *iana_name;
20};
21
25// clang-format off
26static const tls_cipher_name_pair tls_cipher_name_translation_table[] = {
27 {.openssl_name = "ADH-SEED-SHA", .iana_name = "TLS-DH-anon-WITH-SEED-CBC-SHA" },
28 {.openssl_name = "AES128-GCM-SHA256", .iana_name = "TLS-RSA-WITH-AES-128-GCM-SHA256" },
29 {.openssl_name = "AES128-SHA256", .iana_name = "TLS-RSA-WITH-AES-128-CBC-SHA256" },
30 {.openssl_name = "AES128-SHA", .iana_name = "TLS-RSA-WITH-AES-128-CBC-SHA" },
31 {.openssl_name = "AES256-GCM-SHA384", .iana_name = "TLS-RSA-WITH-AES-256-GCM-SHA384" },
32 {.openssl_name = "AES256-SHA256", .iana_name = "TLS-RSA-WITH-AES-256-CBC-SHA256" },
33 {.openssl_name = "AES256-SHA", .iana_name = "TLS-RSA-WITH-AES-256-CBC-SHA" },
34 {.openssl_name = "CAMELLIA128-SHA256", .iana_name = "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256" },
35 {.openssl_name = "CAMELLIA128-SHA", .iana_name = "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" },
36 {.openssl_name = "CAMELLIA256-SHA256", .iana_name = "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256" },
37 {.openssl_name = "CAMELLIA256-SHA", .iana_name = "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA" },
38 {.openssl_name = "DES-CBC3-SHA", .iana_name = "TLS-RSA-WITH-3DES-EDE-CBC-SHA" },
39 {.openssl_name = "DES-CBC-SHA", .iana_name = "TLS-RSA-WITH-DES-CBC-SHA" },
40 {.openssl_name = "DH-DSS-SEED-SHA", .iana_name = "TLS-DH-DSS-WITH-SEED-CBC-SHA" },
41 {.openssl_name = "DHE-DSS-AES128-GCM-SHA256", .iana_name = "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256" },
42 {.openssl_name = "DHE-DSS-AES128-SHA256", .iana_name = "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256" },
43 {.openssl_name = "DHE-DSS-AES128-SHA", .iana_name = "TLS-DHE-DSS-WITH-AES-128-CBC-SHA" },
44 {.openssl_name = "DHE-DSS-AES256-GCM-SHA384", .iana_name = "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384" },
45 {.openssl_name = "DHE-DSS-AES256-SHA256", .iana_name = "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256" },
46 {.openssl_name = "DHE-DSS-AES256-SHA", .iana_name = "TLS-DHE-DSS-WITH-AES-256-CBC-SHA" },
47 {.openssl_name = "DHE-DSS-CAMELLIA128-SHA256", .iana_name = "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256" },
48 {.openssl_name = "DHE-DSS-CAMELLIA128-SHA", .iana_name = "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA" },
49 {.openssl_name = "DHE-DSS-CAMELLIA256-SHA256", .iana_name = "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256" },
50 {.openssl_name = "DHE-DSS-CAMELLIA256-SHA", .iana_name = "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA" },
51 {.openssl_name = "DHE-DSS-SEED-SHA", .iana_name = "TLS-DHE-DSS-WITH-SEED-CBC-SHA" },
52 {.openssl_name = "DHE-RSA-AES128-GCM-SHA256", .iana_name = "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" },
53 {.openssl_name = "DHE-RSA-AES128-SHA256", .iana_name = "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256" },
54 {.openssl_name = "DHE-RSA-AES128-SHA", .iana_name = "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" },
55 {.openssl_name = "DHE-RSA-AES256-GCM-SHA384", .iana_name = "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" },
56 {.openssl_name = "DHE-RSA-AES256-SHA256", .iana_name = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" },
57 {.openssl_name = "DHE-RSA-AES256-SHA", .iana_name = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" },
58 {.openssl_name = "DHE-RSA-CAMELLIA128-SHA256", .iana_name = "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" },
59 {.openssl_name = "DHE-RSA-CAMELLIA128-SHA", .iana_name = "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA" },
60 {.openssl_name = "DHE-RSA-CAMELLIA256-SHA256", .iana_name = "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" },
61 {.openssl_name = "DHE-RSA-CAMELLIA256-SHA", .iana_name = "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA" },
62 {.openssl_name = "DHE-RSA-CHACHA20-POLY1305", .iana_name = "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256" },
63 {.openssl_name = "DHE-RSA-SEED-SHA", .iana_name = "TLS-DHE-RSA-WITH-SEED-CBC-SHA" },
64 {.openssl_name = "DH-RSA-SEED-SHA", .iana_name = "TLS-DH-RSA-WITH-SEED-CBC-SHA" },
65 {.openssl_name = "ECDH-ECDSA-AES128-GCM-SHA256", .iana_name = "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256" },
66 {.openssl_name = "ECDH-ECDSA-AES128-SHA256", .iana_name = "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256" },
67 {.openssl_name = "ECDH-ECDSA-AES128-SHA", .iana_name = "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA" },
68 {.openssl_name = "ECDH-ECDSA-AES256-GCM-SHA384", .iana_name = "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384" },
69 {.openssl_name = "ECDH-ECDSA-AES256-SHA256", .iana_name = "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA256" },
70 {.openssl_name = "ECDH-ECDSA-AES256-SHA384", .iana_name = "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384" },
71 {.openssl_name = "ECDH-ECDSA-AES256-SHA", .iana_name = "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA" },
72 {.openssl_name = "ECDH-ECDSA-CAMELLIA128-SHA256", .iana_name = "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256" },
73 {.openssl_name = "ECDH-ECDSA-CAMELLIA128-SHA", .iana_name = "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA" },
74 {.openssl_name = "ECDH-ECDSA-CAMELLIA256-SHA256", .iana_name = "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA256" },
75 {.openssl_name = "ECDH-ECDSA-CAMELLIA256-SHA", .iana_name = "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA" },
76 {.openssl_name = "ECDH-ECDSA-DES-CBC3-SHA", .iana_name = "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA" },
77 {.openssl_name = "ECDH-ECDSA-DES-CBC-SHA", .iana_name = "TLS-ECDH-ECDSA-WITH-DES-CBC-SHA" },
78 {.openssl_name = "ECDH-ECDSA-RC4-SHA", .iana_name = "TLS-ECDH-ECDSA-WITH-RC4-128-SHA" },
79 {.openssl_name = "ECDHE-ECDSA-AES128-GCM-SHA256", .iana_name = "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" },
80 {.openssl_name = "ECDHE-ECDSA-AES128-SHA256", .iana_name = "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" },
81 {.openssl_name = "ECDHE-ECDSA-AES128-SHA384", .iana_name = "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA384" },
82 {.openssl_name = "ECDHE-ECDSA-AES128-SHA", .iana_name = "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA" },
83 {.openssl_name = "ECDHE-ECDSA-AES256-GCM-SHA384", .iana_name = "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" },
84 {.openssl_name = "ECDHE-ECDSA-AES256-SHA256", .iana_name = "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA256" },
85 {.openssl_name = "ECDHE-ECDSA-AES256-SHA384", .iana_name = "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384" },
86 {.openssl_name = "ECDHE-ECDSA-AES256-SHA", .iana_name = "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA" },
87 {.openssl_name = "ECDHE-ECDSA-CAMELLIA128-SHA256", .iana_name = "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256" },
88 {.openssl_name = "ECDHE-ECDSA-CAMELLIA128-SHA", .iana_name = "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA" },
89 {.openssl_name = "ECDHE-ECDSA-CAMELLIA256-SHA256", .iana_name = "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA256" },
90 {.openssl_name = "ECDHE-ECDSA-CAMELLIA256-SHA", .iana_name = "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA" },
91 {.openssl_name = "ECDHE-ECDSA-CHACHA20-POLY1305", .iana_name = "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"},
92 {.openssl_name = "ECDHE-ECDSA-DES-CBC3-SHA", .iana_name = "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA" },
93 {.openssl_name = "ECDHE-ECDSA-DES-CBC-SHA", .iana_name = "TLS-ECDHE-ECDSA-WITH-DES-CBC-SHA" },
94 {.openssl_name = "ECDHE-ECDSA-RC4-SHA", .iana_name = "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA" },
95 {.openssl_name = "ECDHE-RSA-AES128-GCM-SHA256", .iana_name = "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" },
96 {.openssl_name = "ECDHE-RSA-AES128-SHA256", .iana_name = "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" },
97 {.openssl_name = "ECDHE-RSA-AES128-SHA384", .iana_name = "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA384" },
98 {.openssl_name = "ECDHE-RSA-AES128-SHA", .iana_name = "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" },
99 {.openssl_name = "ECDHE-RSA-AES256-GCM-SHA384", .iana_name = "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" },
100 {.openssl_name = "ECDHE-RSA-AES256-SHA256", .iana_name = "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA256" },
101 {.openssl_name = "ECDHE-RSA-AES256-SHA384", .iana_name = "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" },
102 {.openssl_name = "ECDHE-RSA-AES256-SHA", .iana_name = "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" },
103 {.openssl_name = "ECDHE-RSA-CAMELLIA128-SHA256", .iana_name = "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" },
104 {.openssl_name = "ECDHE-RSA-CAMELLIA128-SHA", .iana_name = "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA" },
105 {.openssl_name = "ECDHE-RSA-CAMELLIA256-SHA256", .iana_name = "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" },
106 {.openssl_name = "ECDHE-RSA-CAMELLIA256-SHA", .iana_name = "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA" },
107 {.openssl_name = "ECDHE-RSA-CHACHA20-POLY1305", .iana_name = "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" },
108 {.openssl_name = "ECDHE-RSA-DES-CBC3-SHA", .iana_name = "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA" },
109 {.openssl_name = "ECDHE-RSA-DES-CBC-SHA", .iana_name = "TLS-ECDHE-RSA-WITH-DES-CBC-SHA" },
110 {.openssl_name = "ECDHE-RSA-RC4-SHA", .iana_name = "TLS-ECDHE-RSA-WITH-RC4-128-SHA" },
111 {.openssl_name = "ECDH-RSA-AES128-GCM-SHA256", .iana_name = "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256" },
112 {.openssl_name = "ECDH-RSA-AES128-SHA256", .iana_name = "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256" },
113 {.openssl_name = "ECDH-RSA-AES128-SHA384", .iana_name = "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA384" },
114 {.openssl_name = "ECDH-RSA-AES128-SHA", .iana_name = "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA" },
115 {.openssl_name = "ECDH-RSA-AES256-GCM-SHA384", .iana_name = "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384" },
116 {.openssl_name = "ECDH-RSA-AES256-SHA256", .iana_name = "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA256" },
117 {.openssl_name = "ECDH-RSA-AES256-SHA384", .iana_name = "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384" },
118 {.openssl_name = "ECDH-RSA-AES256-SHA", .iana_name = "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA" },
119 {.openssl_name = "ECDH-RSA-CAMELLIA128-SHA256", .iana_name = "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256" },
120 {.openssl_name = "ECDH-RSA-CAMELLIA128-SHA", .iana_name = "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA" },
121 {.openssl_name = "ECDH-RSA-CAMELLIA256-SHA256", .iana_name = "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA256" },
122 {.openssl_name = "ECDH-RSA-CAMELLIA256-SHA", .iana_name = "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA" },
123 {.openssl_name = "ECDH-RSA-DES-CBC3-SHA", .iana_name = "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA" },
124 {.openssl_name = "ECDH-RSA-DES-CBC-SHA", .iana_name = "TLS-ECDH-RSA-WITH-DES-CBC-SHA" },
125 {.openssl_name = "ECDH-RSA-RC4-SHA", .iana_name = "TLS-ECDH-RSA-WITH-RC4-128-SHA" },
126 {.openssl_name = "EDH-DSS-DES-CBC3-SHA", .iana_name = "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA" },
127 {.openssl_name = "EDH-DSS-DES-CBC-SHA", .iana_name = "TLS-DHE-DSS-WITH-DES-CBC-SHA" },
128 {.openssl_name = "EDH-RSA-DES-CBC3-SHA", .iana_name = "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA" },
129 {.openssl_name = "EDH-RSA-DES-CBC-SHA", .iana_name = "TLS-DHE-RSA-WITH-DES-CBC-SHA" },
130 {.openssl_name = "EXP-DES-CBC-SHA", .iana_name = "TLS-RSA-EXPORT-WITH-DES40-CBC-SHA" },
131 {.openssl_name = "EXP-EDH-DSS-DES-CBC-SHA", .iana_name = "TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA" },
132 {.openssl_name = "EXP-EDH-RSA-DES-CBC-SHA", .iana_name = "TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA" },
133 {.openssl_name = "EXP-RC2-CBC-MD5", .iana_name = "TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5" },
134 {.openssl_name = "EXP-RC4-MD5", .iana_name = "TLS-RSA-EXPORT-WITH-RC4-40-MD5" },
135 {.openssl_name = "NULL-MD5", .iana_name = "TLS-RSA-WITH-NULL-MD5" },
136 {.openssl_name = "NULL-SHA256", .iana_name = "TLS-RSA-WITH-NULL-SHA256" },
137 {.openssl_name = "NULL-SHA", .iana_name = "TLS-RSA-WITH-NULL-SHA" },
138 {.openssl_name = "PSK-3DES-EDE-CBC-SHA", .iana_name = "TLS-PSK-WITH-3DES-EDE-CBC-SHA" },
139 {.openssl_name = "PSK-AES128-CBC-SHA", .iana_name = "TLS-PSK-WITH-AES-128-CBC-SHA" },
140 {.openssl_name = "PSK-AES256-CBC-SHA", .iana_name = "TLS-PSK-WITH-AES-256-CBC-SHA" },
141 {.openssl_name = "PSK-RC4-SHA", .iana_name = "TLS-PSK-WITH-RC4-128-SHA" },
142 {.openssl_name = "RC4-MD5", .iana_name = "TLS-RSA-WITH-RC4-128-MD5" },
143 {.openssl_name = "RC4-SHA", .iana_name = "TLS-RSA-WITH-RC4-128-SHA" },
144 {.openssl_name = "SEED-SHA", .iana_name = "TLS-RSA-WITH-SEED-CBC-SHA" },
145 {.openssl_name = "SRP-DSS-3DES-EDE-CBC-SHA", .iana_name = "TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA" },
146 {.openssl_name = "SRP-DSS-AES-128-CBC-SHA", .iana_name = "TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA" },
147 {.openssl_name = "SRP-DSS-AES-256-CBC-SHA", .iana_name = "TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA" },
148 {.openssl_name = "SRP-RSA-3DES-EDE-CBC-SHA", .iana_name = "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA" },
149 {.openssl_name = "SRP-RSA-AES-128-CBC-SHA", .iana_name = "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA" },
150 {.openssl_name = "SRP-RSA-AES-256-CBC-SHA", .iana_name = "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA" }
151};
152// clang-format on
153
154inline const tls_cipher_name_pair *
155tls_get_cipher_name_pair(const std::string &ciphername)
156{
157 for (auto &pair : tls_cipher_name_translation_table)
158 {
159 if (pair.iana_name == ciphername || pair.openssl_name == ciphername)
160 return &pair;
161 }
162
163 /* No entry found, return NULL */
164 return NULL;
165}
166} // namespace openvpn
openvpn::tls_cipher_name_translation_table
static const tls_cipher_name_pair tls_cipher_name_translation_table[]
Definition iana_ciphers.hpp:26
openvpn::tls_get_cipher_name_pair
const tls_cipher_name_pair * tls_get_cipher_name_pair(const std::string &ciphername)
Definition iana_ciphers.hpp:155
openvpn::tls_cipher_name_pair
Definition iana_ciphers.hpp:17
openvpn::tls_cipher_name_pair::openssl_name
const char * openssl_name
Definition iana_ciphers.hpp:18
openvpn::tls_cipher_name_pair::iana_name
const char * iana_name
Definition iana_ciphers.hpp:19