B<- index ->D


C. CipherSuite definitions

CipherSuite                      Is       Key          Cipher      Hash
                             Exportable Exchange

TLS_NULL_WITH_NULL_NULL               * NULL           NULL        NULL
TLS_RSA_WITH_NULL_MD5                 * RSA            NULL         MD5
TLS_RSA_WITH_NULL_SHA                 * RSA            NULL         SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5        * RSA_EXPORT     RC4_40       MD5
TLS_RSA_WITH_RC4_128_MD5                RSA            RC4_128      MD5
TLS_RSA_WITH_RC4_128_SHA                RSA            RC4_128      SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * RSA_EXPORT     RC2_CBC_40   MD5
TLS_RSA_WITH_IDEA_CBC_SHA               RSA            IDEA_CBC     SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA     * RSA_EXPORT     DES40_CBC    SHA
TLS_RSA_WITH_DES_CBC_SHA                RSA            DES_CBC      SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA           RSA            3DES_EDE_CBC SHA
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA  * DH_DSS_EXPORT  DES40_CBC    SHA
TLS_DH_DSS_WITH_DES_CBC_SHA             DH_DSS         DES_CBC      SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH_DSS         3DES_EDE_CBC SHA
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA  * DH_RSA_EXPORT  DES40_CBC    SHA
TLS_DH_RSA_WITH_DES_CBC_SHA             DH_RSA         DES_CBC      SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH_RSA         3DES_EDE_CBC SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA * DHE_DSS_EXPORT DES40_CBC    SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA            DHE_DSS        DES_CBC      SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE_DSS        3DES_EDE_CBC SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA * DHE_RSA_EXPORT DES40_CBC    SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA            DHE_RSA        DES_CBC      SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE_RSA        3DES_EDE_CBC SHA
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5    * DH_anon_EXPORT RC4_40       MD5
TLS_DH_anon_WITH_RC4_128_MD5            DH_anon        RC4_128      MD5
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   DH_anon        DES40_CBC    SHA
TLS_DH_anon_WITH_DES_CBC_SHA            DH_anon        DES_CBC      SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       DH_anon        3DES_EDE_CBC SHA


   * Indicates IsExportable is True

      Key
      Exchange
      Algorithm       Description                        Key size limit

      DHE_DSS         Ephemeral DH with DSS signatures   None
      DHE_DSS_EXPORT  Ephemeral DH with DSS signatures   DH = 512 bits
      DHE_RSA         Ephemeral DH with RSA signatures   None
      DHE_RSA_EXPORT  Ephemeral DH with RSA signatures   DH = 512 bits,
                                                         RSA = none
      DH_anon         Anonymous DH, no signatures        None
      DH_anon_EXPORT  Anonymous DH, no signatures        DH = 512 bits
      DH_DSS          DH with DSS-based certificates     None
      DH_DSS_EXPORT   DH with DSS-based certificates     DH = 512 bits
      DH_RSA          DH with RSA-based certificates     None
      DH_RSA_EXPORT   DH with RSA-based certificates     DH = 512 bits,
                                                         RSA = none
      NULL            No key exchange                    N/A
      RSA             RSA key exchange                   None
      RSA_EXPORT      RSA key exchange                   RSA = 512 bits

   Key size limit
       The key size limit gives the size of the largest public key that
       can be legally used for encryption in cipher suites that are
       exportable.

                         Key      Expanded   Effective   IV    Block
    Cipher       Type  Material Key Material  Key Bits  Size   Size

    NULL       * Stream   0          0           0        0     N/A
    IDEA_CBC     Block   16         16         128        8      8
    RC2_CBC_40 * Block    5         16          40        8      8
    RC4_40     * Stream   5         16          40        0     N/A
    RC4_128      Stream  16         16         128        0     N/A
    DES40_CBC  * Block    5          8          40        8      8
    DES_CBC      Block    8          8          56        8      8
    3DES_EDE_CBC Block   24         24         168        8      8

   * Indicates IsExportable is true.

   Type
       Indicates whether this is a stream cipher or a block cipher
       running in CBC mode.

   Key Material
       The number of bytes from the key_block that are used for
       generating the write keys.

   Expanded Key Material
       The number of bytes actually fed into the encryption algorithm

   Effective Key Bits
       How much entropy material is in the key material being fed into
       the encryption routines.

   IV Size
       How much data needs to be generated for the initialization
       vector. Zero for stream ciphers; equal to the block size for
       block ciphers.

   Block Size
       The amount of data a block cipher enciphers in one chunk; a
       block cipher running in CBC mode can only encrypt an even
       multiple of its block size.

      Hash      Hash      Padding
    function    Size       Size
      NULL       0          0
      MD5        16         48
      SHA        20         40


->D