C. CipherSuite definitions
CipherSuite Is Key Cipher Hash
Exportable Exchange
TLS_NULL_WITH_NULL_NULL * NULL NULL NULL
TLS_RSA_WITH_NULL_MD5 * RSA NULL MD5
TLS_RSA_WITH_NULL_SHA * RSA NULL SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5 * RSA_EXPORT RC4_40 MD5
TLS_RSA_WITH_RC4_128_MD5 RSA RC4_128 MD5
TLS_RSA_WITH_RC4_128_SHA RSA RC4_128 SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 * RSA_EXPORT RC2_CBC_40 MD5
TLS_RSA_WITH_IDEA_CBC_SHA RSA IDEA_CBC SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA * RSA_EXPORT DES40_CBC SHA
TLS_RSA_WITH_DES_CBC_SHA RSA DES_CBC SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA RSA 3DES_EDE_CBC SHA
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA * DH_DSS_EXPORT DES40_CBC SHA
TLS_DH_DSS_WITH_DES_CBC_SHA DH_DSS DES_CBC SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA DH_DSS 3DES_EDE_CBC SHA
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA * DH_RSA_EXPORT DES40_CBC SHA
TLS_DH_RSA_WITH_DES_CBC_SHA DH_RSA DES_CBC SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA DH_RSA 3DES_EDE_CBC SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA * DHE_DSS_EXPORT DES40_CBC SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA DHE_DSS DES_CBC SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE_DSS 3DES_EDE_CBC SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * DHE_RSA_EXPORT DES40_CBC SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA DHE_RSA DES_CBC SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE_RSA 3DES_EDE_CBC SHA
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 * DH_anon_EXPORT RC4_40 MD5
TLS_DH_anon_WITH_RC4_128_MD5 DH_anon RC4_128 MD5
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA DH_anon DES40_CBC SHA
TLS_DH_anon_WITH_DES_CBC_SHA DH_anon DES_CBC SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA DH_anon 3DES_EDE_CBC SHA
* Indicates IsExportable is True
Key
Exchange
Algorithm Description Key size limit
DHE_DSS Ephemeral DH with DSS signatures None
DHE_DSS_EXPORT Ephemeral DH with DSS signatures DH = 512 bits
DHE_RSA Ephemeral DH with RSA signatures None
DHE_RSA_EXPORT Ephemeral DH with RSA signatures DH = 512 bits,
RSA = none
DH_anon Anonymous DH, no signatures None
DH_anon_EXPORT Anonymous DH, no signatures DH = 512 bits
DH_DSS DH with DSS-based certificates None
DH_DSS_EXPORT DH with DSS-based certificates DH = 512 bits
DH_RSA DH with RSA-based certificates None
DH_RSA_EXPORT DH with RSA-based certificates DH = 512 bits,
RSA = none
NULL No key exchange N/A
RSA RSA key exchange None
RSA_EXPORT RSA key exchange RSA = 512 bits
Key size limit
The key size limit gives the size of the largest public key that
can be legally used for encryption in cipher suites that are
exportable.
Key Expanded Effective IV Block
Cipher Type Material Key Material Key Bits Size Size
NULL * Stream 0 0 0 0 N/A
IDEA_CBC Block 16 16 128 8 8
RC2_CBC_40 * Block 5 16 40 8 8
RC4_40 * Stream 5 16 40 0 N/A
RC4_128 Stream 16 16 128 0 N/A
DES40_CBC * Block 5 8 40 8 8
DES_CBC Block 8 8 56 8 8
3DES_EDE_CBC Block 24 24 168 8 8
* Indicates IsExportable is true.
Type
Indicates whether this is a stream cipher or a block cipher
running in CBC mode.
Key Material
The number of bytes from the key_block that are used for
generating the write keys.
Expanded Key Material
The number of bytes actually fed into the encryption algorithm
Effective Key Bits
How much entropy material is in the key material being fed into
the encryption routines.
IV Size
How much data needs to be generated for the initialization
vector. Zero for stream ciphers; equal to the block size for
block ciphers.
Block Size
The amount of data a block cipher enciphers in one chunk; a
block cipher running in CBC mode can only encrypt an even
multiple of its block size.
Hash Hash Padding
function Size Size
NULL 0 0
MD5 16 48
SHA 20 40