diff --git a/README.md b/README.md index ab05cc14..5b149057 100644 --- a/README.md +++ b/README.md @@ -273,7 +273,7 @@ The second API is [nc_server_config_load_modules](https://netopeer.liberouter.or - **ietf-tcp-client**: tcp-client-keepalives ✔, proxy-connect ✘, socks5-gss-api ✘, socks5-username-password ✘, local-binding-supported ✔, - **ietf-tcp-common**: transport-params ✔, ssh-x509-certs ✘, public-key-generation ✘, - **ietf-tcp-server**: tcp-server-keepalives ✔, -- **ietf-tls-common**: tls10 ✔, tls11 ✔, tls12 ✔, tls13 ✔, hello-params ✔, public-key-generation ✘, +- **ietf-tls-common**: tls12 ✔, tls13 ✔, hello-params ✔, public-key-generation ✘, - **ietf-tls-server**: server-ident-x509-cert ✔, client-auth-supported ✔, client-auth-x509-cert ✔, tls-server-keepalives ✘, server-ident-raw-public-key ✘, server-ident-tls12-psk ✘, server-ident-tls13-epsk ✘, client-auth-raw-public-key ✘, client-auth-tls12-psk ✘, client-auth-tls13-epsk ✘, - **ietf-truststore**: central-truststore-supported ✔, inline-definitions-supported ✔, certificates ✔, public-keys ✔, - **ietf-x509-cert-to-name**: no features, diff --git a/modules/iana-tls-cipher-suite-algs@2022-06-16.yang b/modules/iana-tls-cipher-suite-algs@2022-06-16.yang deleted file mode 100644 index 2b914d80..00000000 --- a/modules/iana-tls-cipher-suite-algs@2022-06-16.yang +++ /dev/null @@ -1,3777 +0,0 @@ -module iana-tls-cipher-suite-algs { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:iana-tls-cipher-suite-algs"; - prefix tlscsa; - - organization - "Internet Assigned Numbers Authority (IANA)"; - - contact - "Postal: ICANN - 12025 Waterfront Drive, Suite 300 - Los Angeles, CA 90094-2536 - United States of America - Tel: +1 310 301 5800 - Email: iana@iana.org"; - - description - "This module defines identities for the Cipher Suite - algorithms defined in the 'TLS Cipher Suites' sub-registry - of the 'Transport Layer Security (TLS) Parameters' registry - maintained by IANA. - - Copyright (c) 2022 IETF Trust and the persons identified as - authors of the code. All rights reserved. - - Redistribution and use in source and binary forms, with - or without modification, is permitted pursuant to, and - subject to the license terms contained in, the Revised - BSD License set forth in Section 4.c of the IETF Trust's - Legal Provisions Relating to IETF Documents - (https://trustee.ietf.org/license-info). - - The initial version of this YANG module is part of RFC FFFF - (https://www.rfc-editor.org/info/rfcFFFF); see the RFC - itself for full legal notices."; - - revision 2022-06-16 { - description - "Reflect contents of the public key algorithms registry - on June 16, 2022."; - reference - "RFC FFFF: YANG Groupings for TLS Clients and TLS Servers"; - } - - // Typedefs - - typedef cipher-suite-algorithm-ref { - type identityref { - base "cipher-suite-alg-base"; - } - description - "A reference to a TLS cipher suite algorithm identifier."; - } - - // Identities - - identity cipher-suite-alg-base { - description - "Base identity used to identify TLS cipher suites."; - } - - identity tls-null-with-null-null { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-NULL-WITH-NULL-NULL"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-with-null-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-NULL-MD5"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-NULL-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-export-with-rc4-40-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-EXPORT-WITH-RC4-40-MD5"; - reference - "RFC 4346: - The TLS Protocol Version 1.1 - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-rsa-with-rc4-128-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-RC4-128-MD5"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2 - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-rsa-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-RC4-128-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2 - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-rsa-export-with-rc2-cbc-40-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5"; - reference - "RFC 4346: - The TLS Protocol Version 1.1"; - } - - identity tls-rsa-with-idea-cbc-sha { - base cipher-suite-alg-base; - status obsolete; - description - "TLS-RSA-WITH-IDEA-CBC-SHA"; - reference - "RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS) - RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-export-with-des40-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-EXPORT-WITH-DES40-CBC-SHA"; - reference - "RFC 4346: - The TLS Protocol Version 1.1"; - } - - identity tls-rsa-with-des-cbc-sha { - base cipher-suite-alg-base; - status obsolete; - description - "TLS-RSA-WITH-DES-CBC-SHA"; - reference - "RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS) - RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-dss-export-with-des40-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA"; - reference - "RFC 4346: - The TLS Protocol Version 1.1"; - } - - identity tls-dh-dss-with-des-cbc-sha { - base cipher-suite-alg-base; - status obsolete; - description - "TLS-DH-DSS-WITH-DES-CBC-SHA"; - reference - "RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS) - RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-dh-dss-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-rsa-export-with-des40-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA"; - reference - "RFC 4346: - The TLS Protocol Version 1.1"; - } - - identity tls-dh-rsa-with-des-cbc-sha { - base cipher-suite-alg-base; - status obsolete; - description - "TLS-DH-RSA-WITH-DES-CBC-SHA"; - reference - "RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS) - RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-dh-rsa-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-dss-export-with-des40-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-EXPORT-WITH-DES40-CBC-SHA"; - reference - "RFC 4346: - The TLS Protocol Version 1.1"; - } - - identity tls-dhe-dss-with-des-cbc-sha { - base cipher-suite-alg-base; - status obsolete; - description - "TLS-DHE-DSS-WITH-DES-CBC-SHA"; - reference - "RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS) - RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-dhe-dss-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-rsa-export-with-des40-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-EXPORT-WITH-DES40-CBC-SHA"; - reference - "RFC 4346: - The TLS Protocol Version 1.1"; - } - - identity tls-dhe-rsa-with-des-cbc-sha { - base cipher-suite-alg-base; - status obsolete; - description - "TLS-DHE-RSA-WITH-DES-CBC-SHA"; - reference - "RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS) - RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-anon-export-with-rc4-40-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-EXPORT-WITH-RC4-40-MD5"; - reference - "RFC 4346: - The TLS Protocol Version 1.1 - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-dh-anon-with-rc4-128-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-RC4-128-MD5"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2 - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-dh-anon-export-with-des40-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-EXPORT-WITH-DES40-CBC-SHA"; - reference - "RFC 4346: - The TLS Protocol Version 1.1"; - } - - identity tls-dh-anon-with-des-cbc-sha { - base cipher-suite-alg-base; - status obsolete; - description - "TLS-DH-ANON-WITH-DES-CBC-SHA"; - reference - "RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS) - RFC 5469: - DES and IDEA Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-dh-anon-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-krb5-with-des-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-WITH-DES-CBC-SHA"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-WITH-RC4-128-SHA"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS) - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-krb5-with-idea-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-WITH-IDEA-CBC-SHA"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-with-des-cbc-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-WITH-DES-CBC-MD5"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-with-3des-ede-cbc-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-WITH-3DES-EDE-CBC-MD5"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-with-rc4-128-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-WITH-RC4-128-MD5"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS) - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-krb5-with-idea-cbc-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-WITH-IDEA-CBC-MD5"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-export-with-des-cbc-40-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-EXPORT-WITH-DES-CBC-40-SHA"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-export-with-rc2-cbc-40-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-SHA"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-export-with-rc4-40-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-EXPORT-WITH-RC4-40-SHA"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS) - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-krb5-export-with-des-cbc-40-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-EXPORT-WITH-DES-CBC-40-MD5"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-krb5-export-with-rc2-cbc-40-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-MD5"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS)"; - } - identity tls-krb5-export-with-rc4-40-md5 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-KRB5-EXPORT-WITH-RC4-40-MD5"; - reference - "RFC 2712: - Addition of Kerberos Cipher Suites to - Transport Layer Security (TLS) - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-psk-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-NULL-SHA"; - reference - "RFC 4785: - Pre-Shared Key Cipher Suites with NULL Encryption for - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-NULL-SHA"; - reference - "RFC 4785: - Pre-Shared Key Cipher Suites with NULL Encryption for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-NULL-SHA"; - reference - "RFC 4785: - Pre-Shared Key Cipher Suites with NULL Encryption for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-128-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-dss-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-AES-128-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-rsa-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-AES-128-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-dss-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-AES-128-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-rsa-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-anon-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-AES-128-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-256-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-dss-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-AES-256-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-rsa-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-AES-256-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-dss-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-AES-256-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-rsa-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-anon-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-AES-256-CBC-SHA"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-with-null-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-NULL-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-with-aes-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-256-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-dss-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-rsa-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-dss-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-with-camellia-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-dss-with-camellia-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-rsa-with-camellia-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-dss-with-camellia-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-camellia-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-anon-with-camellia-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-CAMELLIA-128-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-dss-with-aes-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-AES-256-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-rsa-with-aes-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-AES-256-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-dss-with-aes-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dhe-rsa-with-aes-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-anon-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-dh-anon-with-aes-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-AES-256-CBC-SHA256"; - reference - "RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2"; - } - - identity tls-rsa-with-camellia-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-dss-with-camellia-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-CAMELLIA-256-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-rsa-with-camellia-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-CAMELLIA-256-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-dss-with-camellia-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-camellia-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-anon-with-camellia-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-CAMELLIA-256-CBC-SHA"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-psk-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-RC4-128-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS) - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-psk-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-128-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-256-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-RC4-128-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS) - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-dhe-psk-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-RC4-128-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS) - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-rsa-psk-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA"; - reference - "RFC 4279: - Pre-Shared Key Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-seed-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-SEED-CBC-SHA"; - reference - "RFC 4162: - Addition of SEED Ciphersuites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-dss-with-seed-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-SEED-CBC-SHA"; - reference - "RFC 4162: - Addition of SEED Ciphersuites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-rsa-with-seed-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-SEED-CBC-SHA"; - reference - "RFC 4162: - Addition of SEED Ciphersuites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-dss-with-seed-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-SEED-CBC-SHA"; - reference - "RFC 4162: - Addition of SEED Ciphersuites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-seed-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-SEED-CBC-SHA"; - reference - "RFC 4162: - Addition of SEED Ciphersuites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-anon-with-seed-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-SEED-CBC-SHA"; - reference - "RFC 4162: - Addition of SEED Ciphersuites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-rsa-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - description - "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - description - "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dh-rsa-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dh-rsa-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dhe-dss-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dhe-dss-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dh-dss-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dh-dss-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dh-anon-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-dh-anon-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5288: - AES-GCM Cipher Suites for TLS"; - } - - identity tls-psk-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-psk-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-dhe-psk-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - description - "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-dhe-psk-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - description - "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-rsa-psk-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-rsa-psk-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-psk-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-psk-with-aes-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-256-CBC-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-psk-with-null-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-NULL-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-psk-with-null-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-NULL-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-dhe-psk-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-dhe-psk-with-aes-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-dhe-psk-with-null-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-NULL-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-dhe-psk-with-null-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-NULL-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-rsa-psk-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-rsa-psk-with-aes-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-rsa-psk-with-null-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-NULL-SHA256"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-rsa-psk-with-null-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-NULL-SHA384"; - reference - "RFC 5487: - Pre-Shared Key Cipher Suites for Transport Layer Security - (TLS) with SHA-256/384 and AES Galois Counter Mode"; - } - - identity tls-rsa-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-dss-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-rsa-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-dss-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-anon-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-rsa-with-camellia-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-dss-with-camellia-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-CAMELLIA-256-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-rsa-with-camellia-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-CAMELLIA-256-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-dss-with-camellia-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-camellia-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-dh-anon-with-camellia-256-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-CAMELLIA-256-CBC-SHA256"; - reference - "RFC 5932: - Camellia Cipher Suites for TLS"; - } - - identity tls-sm4-gcm-sm3 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SM4-GCM-SM3"; - reference - "RFC 8998: - ShangMi (SM) Cipher Suites for Transport Layer Security - (TLS) Protocol Version 1.3"; - } - - identity tls-sm4-ccm-sm3 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SM4-CCM-SM3"; - reference - "RFC 8998: - ShangMi (SM) Cipher Suites for Transport Layer Security - (TLS) Protocol Version 1.3"; - } - - identity tls-empty-renegotiation-info-scsv { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-EMPTY-RENEGOTIATION-INFO-SCSV"; - reference - "RFC 5746: - Transport Layer Security (TLS) - Renegotiation Indication Extension"; - } - - identity tls-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - description - "TLS-AES-128-GCM-SHA256"; - reference - "RFC 8446: - The Transport Layer Security (TLS) Protocol Version 1.3"; - } - - identity tls-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - description - "TLS-AES-256-GCM-SHA384"; - reference - "RFC 8446: - The Transport Layer Security (TLS) Protocol Version 1.3"; - } - identity tls-chacha20-poly1305-sha256 { - base cipher-suite-alg-base; - description - "TLS-CHACHA20-POLY1305-SHA256"; - reference - "RFC 8446: - The Transport Layer Security (TLS) Protocol Version 1.3"; - } - - identity tls-aes-128-ccm-sha256 { - base cipher-suite-alg-base; - description - "TLS-AES-128-CCM-SHA256"; - reference - "RFC 8446: - The Transport Layer Security (TLS) Protocol Version 1.3"; - } - - identity tls-aes-128-ccm-8-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-AES-128-CCM-8-SHA256"; - reference - "RFC 8446: - The Transport Layer Security (TLS) Protocol Version 1.3"; - } - - identity tls-fallback-scsv { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-FALLBACK-SCSV"; - reference - "RFC 7507: - TLS Fallback Signaling Cipher Suite Value (SCSV) - for Preventing Protocol Downgrade Attacks"; - } - - identity tls-ecdh-ecdsa-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-NULL-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-ecdsa-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-RC4-128-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-ecdh-ecdsa-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-ecdsa-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-ecdsa-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdhe-ecdsa-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-NULL-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdhe-ecdsa-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-ecdhe-ecdsa-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdhe-ecdsa-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdhe-ecdsa-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-rsa-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-NULL-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-rsa-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-RC4-128-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-ecdh-rsa-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-rsa-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-rsa-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdhe-rsa-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-NULL-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdhe-rsa-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-RC4-128-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-ecdhe-rsa-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdhe-rsa-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdhe-rsa-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-anon-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ANON-WITH-NULL-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-anon-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ANON-WITH-RC4-128-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-ecdh-anon-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ANON-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-anon-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ANON-WITH-AES-128-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-ecdh-anon-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ANON-WITH-AES-256-CBC-SHA"; - reference - "RFC 8422: - Elliptic Curve Cryptography (ECC) Cipher Suites for - Transport Layer Security (TLS) Versions 1.2 and Earlier"; - } - - identity tls-srp-sha-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-srp-sha-rsa-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-srp-sha-dss-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-srp-sha-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-WITH-AES-128-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-srp-sha-rsa-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-srp-sha-dss-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-srp-sha-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-WITH-AES-256-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-srp-sha-rsa-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-srp-sha-dss-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA"; - reference - "RFC 5054: - Using SRP for TLS Authentication"; - } - - identity tls-ecdhe-ecdsa-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdhe-ecdsa-with-aes-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdh-ecdsa-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdh-ecdsa-with-aes-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdhe-rsa-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdhe-rsa-with-aes-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdh-rsa-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdh-rsa-with-aes-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdhe-ecdsa-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdhe-ecdsa-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdh-ecdsa-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdh-ecdsa-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdhe-rsa-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdhe-rsa-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdh-rsa-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdh-rsa-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384"; - reference - "RFC 5289: - TLS Elliptic Curve Cipher Suites with SHA-256/384 - and AES Galois Counter Mode"; - } - - identity tls-ecdhe-psk-with-rc4-128-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-RC4-128-SHA"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS) - RFC 6347: - Datagram Transport Layer Security version 1.2"; - } - - identity tls-ecdhe-psk-with-3des-ede-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-aes-128-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-aes-256-cbc-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-aes-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-aes-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-null-sha { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-NULL-SHA"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-null-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-NULL-SHA256"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-null-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-NULL-SHA384"; - reference - "RFC 5489: - ECDHE_PSK Ciphersuites for Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-dss-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-dss-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-rsa-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-rsa-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-dss-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-dss-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-anon-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-anon-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-ecdsa-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-ecdsa-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-rsa-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - identity tls-ecdhe-rsa-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-rsa-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-rsa-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-rsa-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-rsa-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-dss-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-dss-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-dss-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-dss-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-anon-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-anon-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-ecdsa-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-ecdsa-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-rsa-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-rsa-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-rsa-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-rsa-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-aria-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-aria-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - identity tls-ecdhe-psk-with-aria-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-aria-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384"; - reference - "RFC 6209: - Addition of the ARIA Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-camellia-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-ecdsa-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-ecdsa-with-camellia-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-rsa-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-rsa-with-camellia-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-rsa-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-rsa-with-camellia-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-rsa-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-rsa-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-RSA-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-dss-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-dss-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-DSS-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-dss-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-dss-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-DSS-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-anon-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dh-anon-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DH-ANON-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-ecdsa-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-ecdsa-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-rsa-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-rsa-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-rsa-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdh-rsa-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-camellia-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - identity tls-rsa-psk-with-camellia-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-camellia-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-camellia-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-camellia-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-camellia-128-cbc-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-camellia-256-cbc-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384"; - reference - "RFC 6367: - Addition of the Camellia Cipher Suites to - Transport Layer Security (TLS)"; - } - - identity tls-rsa-with-aes-128-ccm { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-128-CCM"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-rsa-with-aes-256-ccm { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-256-CCM"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-aes-128-ccm { - base cipher-suite-alg-base; - description - "TLS-DHE-RSA-WITH-AES-128-CCM"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-aes-256-ccm { - base cipher-suite-alg-base; - description - "TLS-DHE-RSA-WITH-AES-256-CCM"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-rsa-with-aes-128-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-128-CCM-8"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-rsa-with-aes-256-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-WITH-AES-256-CCM-8"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-aes-128-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-AES-128-CCM-8"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-dhe-rsa-with-aes-256-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-DHE-RSA-WITH-AES-256-CCM-8"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-psk-with-aes-128-ccm { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-128-CCM"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-psk-with-aes-256-ccm { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-256-CCM"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-dhe-psk-with-aes-128-ccm { - base cipher-suite-alg-base; - description - "TLS-DHE-PSK-WITH-AES-128-CCM"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-dhe-psk-with-aes-256-ccm { - base cipher-suite-alg-base; - description - "TLS-DHE-PSK-WITH-AES-256-CCM"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-psk-with-aes-128-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-128-CCM-8"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-psk-with-aes-256-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-AES-256-CCM-8"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-psk-dhe-with-aes-128-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-DHE-WITH-AES-128-CCM-8"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-psk-dhe-with-aes-256-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-DHE-WITH-AES-256-CCM-8"; - reference - "RFC 6655: - AES-CCM Cipher Suites for TLS"; - } - - identity tls-ecdhe-ecdsa-with-aes-128-ccm { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM"; - reference - "RFC 7251: - AES-CCM ECC Cipher Suites for TLS"; - } - - identity tls-ecdhe-ecdsa-with-aes-256-ccm { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM"; - reference - "RFC 7251: - AES-CCM ECC Cipher Suites for TLS"; - } - - identity tls-ecdhe-ecdsa-with-aes-128-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8"; - reference - "RFC 7251: - AES-CCM ECC Cipher Suites for TLS"; - } - - identity tls-ecdhe-ecdsa-with-aes-256-ccm-8 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8"; - reference - "RFC 7251: - AES-CCM ECC Cipher Suites for TLS"; - } - - identity tls-eccpwd-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECCPWD-WITH-AES-128-GCM-SHA256"; - reference - "RFC 8492: - Secure Password Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-eccpwd-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECCPWD-WITH-AES-256-GCM-SHA384"; - reference - "RFC 8492: - Secure Password Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-eccpwd-with-aes-128-ccm-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECCPWD-WITH-AES-128-CCM-SHA256"; - reference - "RFC 8492: - Secure Password Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-eccpwd-with-aes-256-ccm-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECCPWD-WITH-AES-256-CCM-SHA384"; - reference - "RFC 8492: - Secure Password Ciphersuites for - Transport Layer Security (TLS)"; - } - - identity tls-sha256-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SHA256-SHA256"; - reference - "RFC 9150: - TLS 1.3 Authentication and Integrity-Only Cipher Suites"; - } - - identity tls-sha384-sha384 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-SHA384-SHA384"; - reference - "RFC 9150: - TLS 1.3 Authentication and Integrity-Only Cipher Suites"; - } - - identity tls-gostr341112-256-with-kuznyechik-ctr-omac { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-GOSTR341112-256-WITH-KUZNYECHIK-CTR-OMAC"; - reference - "RFC 9189: - GOST Cipher Suites for Transport Layer Security (TLS) - Protocol Version 1.2"; - } - - identity tls-gostr341112-256-with-magma-ctr-omac { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-GOSTR341112-256-WITH-MAGMA-CTR-OMAC"; - reference - "RFC 9189: - GOST Cipher Suites for Transport Layer Security (TLS) - Protocol Version 1.2"; - } - - identity tls-gostr341112-256-with-28147-cnt-imit { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-GOSTR341112-256-WITH-28147-CNT-IMIT"; - reference - "RFC 9189: - GOST Cipher Suites for Transport Layer Security (TLS) - Protocol Version 1.2"; - } - - identity tls-ecdhe-rsa-with-chacha20-poly1305-sha256 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"; - reference - "RFC 7905: - ChaCha20-Poly1305 Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-ecdsa-with-chacha20-poly1305-sha256 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"; - reference - "RFC 7905: - ChaCha20-Poly1305 Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-dhe-rsa-with-chacha20-poly1305-sha256 { - base cipher-suite-alg-base; - description - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256"; - reference - "RFC 7905: - ChaCha20-Poly1305 Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-psk-with-chacha20-poly1305-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256"; - reference - "RFC 7905: - ChaCha20-Poly1305 Cipher Suites for - Transport Layer Security (TLS)"; - } - identity tls-ecdhe-psk-with-chacha20-poly1305-sha256 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256"; - reference - "RFC 7905: - ChaCha20-Poly1305 Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-dhe-psk-with-chacha20-poly1305-sha256 { - base cipher-suite-alg-base; - description - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256"; - reference - "RFC 7905: - ChaCha20-Poly1305 Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-rsa-psk-with-chacha20-poly1305-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256"; - reference - "RFC 7905: - ChaCha20-Poly1305 Cipher Suites for - Transport Layer Security (TLS)"; - } - - identity tls-ecdhe-psk-with-aes-128-gcm-sha256 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-PSK-WITH-AES-128-GCM-SHA256"; - reference - "RFC 8442: - ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites"; - } - - identity tls-ecdhe-psk-with-aes-256-gcm-sha384 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-PSK-WITH-AES-256-GCM-SHA384"; - reference - "RFC 8442: - ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites"; - } - identity tls-ecdhe-psk-with-aes-128-ccm-8-sha256 { - base cipher-suite-alg-base; - status deprecated; - description - "TLS-ECDHE-PSK-WITH-AES-128-CCM-8-SHA256"; - reference - "RFC 8442: - ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites"; - } - - identity tls-ecdhe-psk-with-aes-128-ccm-sha256 { - base cipher-suite-alg-base; - description - "TLS-ECDHE-PSK-WITH-AES-128-CCM-SHA256"; - reference - "RFC 8442: - ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites"; - } - - // Protocol-accessible Nodes - - container supported-algorithms { - config false; - description - "A container for a list of cipher suite algorithms supported - by the server."; - leaf-list supported-algorithm { - type cipher-suite-algorithm-ref; - description - "A cipher suite algorithm supported by the server."; - } - } - -} diff --git a/modules/iana-tls-cipher-suite-algs@2025-04-04.yang b/modules/iana-tls-cipher-suite-algs@2025-04-04.yang new file mode 100644 index 00000000..b90c3d66 --- /dev/null +++ b/modules/iana-tls-cipher-suite-algs@2025-04-04.yang @@ -0,0 +1,3551 @@ +module iana-tls-cipher-suite-algs { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:iana-tls-cipher-suite-algs"; + prefix tlscsa; + + organization + "Internet Assigned Numbers Authority (IANA)"; + + contact + "Postal: ICANN + 12025 Waterfront Drive, Suite 300 + Los Angeles, CA 90094-2536 + United States of America + Tel: +1 310 301 5800 + Email: "; + + description + "This module defines enumerations for the cipher suite + algorithms defined in the 'TLS Cipher Suites' registry + under the 'Transport Layer Security (TLS) Parameters' + registry group maintained by IANA. + + Copyright (c) 2024 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Revised + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + The initial version of this YANG module is part of RFC 9645 + (https://www.rfc-editor.org/info/rfc9645); see the RFC + itself for full legal notices. + + All versions of this module are published by IANA + (https://www.iana.org/assignments/yang-parameters)."; + + revision 2025-04-04 { + description + "This initial version of the module was created using + the script defined in RFC 9645 to reflect the contents + of the cipher-suite algorithms registry maintained by IANA."; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + typedef tls-cipher-suite-algorithm { + type enumeration { + enum TLS_NULL_WITH_NULL_NULL { + status deprecated; + description + "Enumeration for the 'TLS_NULL_WITH_NULL_NULL' algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_NULL_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_NULL_MD5' algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_NULL_SHA' algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_EXPORT_WITH_RC4_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_EXPORT_WITH_RC4_40_MD5' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version 1.1 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_RSA_WITH_RC4_128_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_RC4_128_MD5' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_RSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_RSA_WITH_IDEA_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_IDEA_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_RSA_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_RSA_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DH_DSS_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DH_RSA_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA' algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DHE_DSS_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA' algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DHE_RSA_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_EXPORT_WITH_RC4_40_MD5' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version 1.1 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_DH_anon_WITH_RC4_128_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_RC4_128_MD5' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA' algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DH_anon_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DH_anon_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_KRB5_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_KRB5_WITH_IDEA_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_IDEA_CBC_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_DES_CBC_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_DES_CBC_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_3DES_EDE_CBC_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_3DES_EDE_CBC_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_RC4_128_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_RC4_128_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_KRB5_WITH_IDEA_CBC_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_IDEA_CBC_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_RC4_40_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_RC4_40_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_RC4_40_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_PSK_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_NULL_SHA' algorithm."; + reference + "RFC 4785: + Pre-Shared Key (PSK) Ciphersuites with NULL Encryption + for Transport Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_NULL_SHA' + algorithm."; + reference + "RFC 4785: + Pre-Shared Key (PSK) Ciphersuites with NULL Encryption + for Transport Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_NULL_SHA' + algorithm."; + reference + "RFC 4785: + Pre-Shared Key (PSK) Ciphersuites with NULL Encryption + for Transport Layer Security (TLS)"; + } + enum TLS_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_PSK_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_PSK_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_PSK_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_PSK_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_PSK_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_RSA_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_PSK_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_CBC_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_NULL_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_NULL_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_NULL_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_NULL_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_NULL_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_NULL_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_SM4_GCM_SM3 { + status deprecated; + description + "Enumeration for the 'TLS_SM4_GCM_SM3' algorithm."; + reference + "RFC 8998: + ShangMi (SM) Cipher Suites for TLS 1.3"; + } + enum TLS_SM4_CCM_SM3 { + status deprecated; + description + "Enumeration for the 'TLS_SM4_CCM_SM3' algorithm."; + reference + "RFC 8998: + ShangMi (SM) Cipher Suites for TLS 1.3"; + } + enum TLS_EMPTY_RENEGOTIATION_INFO_SCSV { + status deprecated; + description + "Enumeration for the 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV' + algorithm."; + reference + "RFC 5746: + Transport Layer Security (TLS) Renegotiation Indication + Extension"; + } + enum TLS_AES_128_GCM_SHA256 { + description + "Enumeration for the 'TLS_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version + 1.3"; + } + enum TLS_AES_256_GCM_SHA384 { + description + "Enumeration for the 'TLS_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version + 1.3"; + } + enum TLS_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the 'TLS_CHACHA20_POLY1305_SHA256' + algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version + 1.3"; + } + enum TLS_AES_128_CCM_SHA256 { + description + "Enumeration for the 'TLS_AES_128_CCM_SHA256' algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version + 1.3"; + } + enum TLS_AES_128_CCM_8_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_AES_128_CCM_8_SHA256' + algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version 1.3 + IESG Action: + IESG Action 2018-08-16"; + } + enum TLS_AEGIS_256_SHA512 { + status deprecated; + description + "Enumeration for the 'TLS_AEGIS_256_SHA512' algorithm."; + reference + "draft-irtf-cfrg-aegis-aead-08: + The AEGIS Family of Authenticated Encryption + Algorithms"; + } + enum TLS_AEGIS_128L_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_AEGIS_128L_SHA256' algorithm."; + reference + "draft-irtf-cfrg-aegis-aead-08: + The AEGIS Family of Authenticated Encryption + Algorithms"; + } + enum TLS_FALLBACK_SCSV { + status deprecated; + description + "Enumeration for the 'TLS_FALLBACK_SCSV' algorithm."; + reference + "RFC 7507: + TLS Fallback Signaling Cipher Suite Value (SCSV) for + Preventing Protocol Downgrade Attacks"; + } + enum TLS_ECDH_ECDSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_ECDSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_ECDSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_ECDSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA' algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_RSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_RSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_RSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_RSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_anon_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_anon_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_anon_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_anon_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA' algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA' algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384' + algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_PSK_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256' algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384' algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_NULL_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_NULL_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_NULL_SHA384' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_WITH_AES_128_CCM { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_AES_256_CCM { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_RSA_WITH_AES_128_CCM { + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_RSA_WITH_AES_256_CCM { + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_RSA_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_RSA_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_128_CCM { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_256_CCM { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_AES_128_CCM { + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_AES_256_CCM { + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_DHE_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_DHE_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_DHE_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_DHE_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_CCM { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 7251: + AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites + for TLS"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_CCM { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 7251: + AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites + for TLS"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 7251: + AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites + for TLS"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 7251: + AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites + for TLS"; + } + enum TLS_ECCPWD_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECCPWD_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 8492: + Secure Password Ciphersuites for Transport Layer + Security (TLS)"; + } + enum TLS_ECCPWD_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECCPWD_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 8492: + Secure Password Ciphersuites for Transport Layer + Security (TLS)"; + } + enum TLS_ECCPWD_WITH_AES_128_CCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECCPWD_WITH_AES_128_CCM_SHA256' + algorithm."; + reference + "RFC 8492: + Secure Password Ciphersuites for Transport Layer + Security (TLS)"; + } + enum TLS_ECCPWD_WITH_AES_256_CCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECCPWD_WITH_AES_256_CCM_SHA384' + algorithm."; + reference + "RFC 8492: + Secure Password Ciphersuites for Transport Layer + Security (TLS)"; + } + enum TLS_SHA256_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_SHA256_SHA256' algorithm."; + reference + "RFC 9150: + TLS 1.3 Authentication and Integrity-Only Cipher + Suites"; + } + enum TLS_SHA384_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_SHA384_SHA384' algorithm."; + reference + "RFC 9150: + TLS 1.3 Authentication and Integrity-Only Cipher + Suites"; + } + enum TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC' + algorithm."; + reference + "RFC 9189: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.2"; + } + enum TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC' algorithm."; + reference + "RFC 9189: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.2"; + } + enum TLS_GOSTR341112_256_WITH_28147_CNT_IMIT { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_28147_CNT_IMIT' algorithm."; + reference + "RFC 9189: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.2"; + } + enum TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L' algorithm."; + reference + "RFC 9367: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.3"; + } + enum TLS_GOSTR341112_256_WITH_MAGMA_MGM_L { + status deprecated; + description + "Enumeration for the 'TLS_GOSTR341112_256_WITH_MAGMA_MGM_L' + algorithm."; + reference + "RFC 9367: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.3"; + } + enum TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S' algorithm."; + reference + "RFC 9367: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.3"; + } + enum TLS_GOSTR341112_256_WITH_MAGMA_MGM_S { + status deprecated; + description + "Enumeration for the 'TLS_GOSTR341112_256_WITH_MAGMA_MGM_S' + algorithm."; + reference + "RFC 9367: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.3"; + } + enum TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256' + algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_PSK_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 8442: + ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS + 1.2 and DTLS 1.2"; + } + enum TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 8442: + ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS + 1.2 and DTLS 1.2"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256' algorithm."; + reference + "RFC 8442: + ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS + 1.2 and DTLS 1.2"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256' algorithm."; + reference + "RFC 8442: + ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS + 1.2 and DTLS 1.2"; + } + } + description + "An enumeration for TLS cipher-suite algorithms."; + } + +} diff --git a/modules/ietf-tls-client@2024-10-10.yang b/modules/ietf-tls-client@2024-10-10.yang new file mode 100644 index 00000000..d504afe4 --- /dev/null +++ b/modules/ietf-tls-client@2024-10-10.yang @@ -0,0 +1,515 @@ +module ietf-tls-client { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tls-client"; + prefix tlsc; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + import ietf-crypto-types { + prefix ct; + reference + "RFC 9640: YANG Data Types and Groupings for Cryptography"; + } + import ietf-truststore { + prefix ts; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + } + import ietf-keystore { + prefix ks; + reference + "RFC 9642: A YANG Data Model for a Keystore"; + } + import ietf-tls-common { + prefix tlscmn; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG List: NETCONF WG list + WG Web: https://datatracker.ietf.org/wg/netconf + Author: Kent Watsen + Author: Jeff Hartley "; + description + "This module defines reusable groupings for TLS clients that + can be used as a basis for specific TLS client instances. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2024 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Revised + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 9645 + (https://www.rfc-editor.org/info/rfc9645); see the RFC + itself for full legal notices."; + + revision 2024-10-10 { + description + "Initial version"; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + // Features + + feature tls-client-keepalives { + description + "Per-socket TLS keepalive parameters are configurable for + TLS clients on the server implementing this feature."; + } + + feature client-ident-x509-cert { + description + "Indicates that the client supports identifying itself + using X.509 certificates."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile"; + } + + feature client-ident-raw-public-key { + description + "Indicates that the client supports identifying itself + using raw public keys."; + reference + "RFC 7250: + Using Raw Public Keys in Transport Layer Security (TLS) + and Datagram Transport Layer Security (DTLS)"; + } + + feature client-ident-tls12-psk { + if-feature "tlscmn:tls12"; + description + "Indicates that the client supports identifying itself + using TLS 1.2 PSKs (pre-shared or pairwise symmetric keys)."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + + feature client-ident-tls13-epsk { + if-feature "tlscmn:tls13"; + description + "Indicates that the client supports identifying itself + using TLS 1.3 External PSKs (pre-shared keys)."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version 1.3"; + } + + feature server-auth-x509-cert { + description + "Indicates that the client supports authenticating servers + using X.509 certificates."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile"; + } + + feature server-auth-raw-public-key { + description + "Indicates that the client supports authenticating servers + using raw public keys."; + reference + "RFC 7250: + Using Raw Public Keys in Transport Layer Security (TLS) + and Datagram Transport Layer Security (DTLS)"; + } + + feature server-auth-tls12-psk { + description + "Indicates that the client supports authenticating servers + using PSKs (pre-shared or pairwise symmetric keys)."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + + feature server-auth-tls13-epsk { + description + "Indicates that the client supports authenticating servers + using TLS 1.3 External PSKs (pre-shared keys)."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version 1.3"; + } + + // Groupings + + grouping tls-client-grouping { + description + "A reusable grouping for configuring a TLS client without + any consideration for how an underlying TCP session is + established. + + Note that this grouping uses fairly typical descendant + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'tls-client-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + container client-identity { + nacm:default-deny-write; + presence "Indicates that a TLS-level client identity has been + configured. This statement is present so the + mandatory descendant nodes do not imply that this + node must be configured."; + description + "Identity credentials the TLS client MAY present when + establishing a connection to a TLS server. If not + configured, then client authentication is presumed to + occur in a protocol layer above TLS. When configured, + and requested by the TLS server when establishing a + TLS session, these credentials are passed in the + Certificate message defined in Section 7.4.2 of + RFC 5246 and Section 4.4.2 of RFC 8446."; + reference + "RFC 5246: The Transport Layer Security (TLS) + Protocol Version 1.2 + RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3 + RFC 9642: A YANG Data Model for a Keystore"; + choice auth-type { + mandatory true; + description + "A choice amongst authentication types, of which one must + be enabled (via its associated 'feature') and selected."; + case certificate { + if-feature "client-ident-x509-cert"; + container certificate { + description + "Specifies the client identity using a certificate."; + uses "ks:inline-or-keystore-end-entity-cert-with-key-" + + "grouping" { + refine "inline-or-keystore/inline/inline-definition" { + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:subject-public-key-' + + 'info-format")'; + } + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference/asymmetric-key" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-' + + 'key-format, "ct:subject-public-key-info-' + + 'format")'; + } + } + } + } + case raw-public-key { + if-feature "client-ident-raw-public-key"; + container raw-private-key { + description + "Specifies the client identity using a raw + private key."; + uses ks:inline-or-keystore-asymmetric-key-grouping { + refine "inline-or-keystore/inline/inline-definition" { + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:subject-public-key-' + + 'info-format")'; + } + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-' + + 'key-format, "ct:subject-public-key-info-' + + 'format")'; + } + } + } + } + case tls12-psk { + if-feature "client-ident-tls12-psk"; + container tls12-psk { + description + "Specifies the client identity using a PSK (pre-shared + or pairwise symmetric key)."; + uses ks:inline-or-keystore-symmetric-key-grouping; + leaf id { + type string; + description + "The key 'psk_identity' value used in the TLS + 'ClientKeyExchange' message."; + reference + "RFC 4279: Pre-Shared Key Ciphersuites for + Transport Layer Security (TLS)"; + } + } + } + case tls13-epsk { + if-feature "client-ident-tls13-epsk"; + container tls13-epsk { + description + "An External Pre-Shared Key (EPSK) is established + or provisioned out of band, i.e., not from a TLS + connection. An EPSK is a tuple of (Base Key, + External Identity, Hash). EPSKs MUST NOT be + imported for (D)TLS 1.2 or prior versions. When + PSKs are provisioned out of band, the PSK identity + and the Key Derivation Function (KDF) hash algorithm + to be used with the PSK MUST also be provisioned. + + The structure of this container is designed to satisfy + the requirements in Section 4.2.11 of RFC 8446, the + recommendations from Section 6 of RFC 9257, and the + EPSK input fields detailed in Section 5.1 of RFC 9258. + The base-key is based upon + 'ks:inline-or-keystore-symmetric-key-grouping' in + order to provide users with flexible and secure + storage options."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3 + RFC 9257: Guidance for External Pre-Shared Key + (PSK) Usage in TLS + RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; + uses ks:inline-or-keystore-symmetric-key-grouping; + leaf external-identity { + type string; + mandatory true; + description + "As per Section 4.2.11 of RFC 8446 and Section 4.1 + of RFC 9257, a sequence of bytes used to identify + an EPSK. A label for a pre-shared key established + externally."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3 + RFC 9257: Guidance for External Pre-Shared Key + (PSK) Usage in TLS"; + } + leaf hash { + type tlscmn:epsk-supported-hash; + default "sha-256"; + description + "As per Section 4.2.11 of RFC 8446, for EPSKs, + the hash algorithm MUST be set when the PSK is + established; otherwise, default to SHA-256 if + no such algorithm is defined. The server MUST + ensure that it selects a compatible PSK (if any) + and cipher suite. Each PSK MUST only be used + with a single hash function."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3"; + } + leaf context { + type string; + description + "As per Section 5.1 of RFC 9258, context MUST + include the context used to determine the EPSK, + if any exists. For example, context may include + information about peer roles or identities + to mitigate Selfie-style reflection attacks. + Since the EPSK is a key derived from an external + protocol or a sequence of protocols, context MUST + include a channel binding for the deriving + protocols (see RFC 5056). The details of this + binding are protocol specific and out of scope + for this document."; + reference + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; + } + leaf target-protocol { + type uint16; + description + "As per Section 3 of RFC 9258, the protocol + for which a PSK is imported for use."; + reference + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; + } + leaf target-kdf { + type uint16; + description + "As per Section 3 of RFC 9258, the Key Derivation + Function (KDF) for which a PSK is imported for + use."; + reference + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; + } + } + } + } + } // container client-identity + container server-authentication { + nacm:default-deny-write; + must "ca-certs or ee-certs or raw-public-keys or tls12-psks + or tls13-epsks"; + description + "Specifies how the TLS client can authenticate TLS servers. + Any combination of credentials is additive and unordered. + + Note that no configuration is required for authentication + based on PSK (pre-shared or pairwise symmetric key) as + the key is necessarily the same as configured in the + '../client-identity' node."; + container ca-certs { + if-feature "server-auth-x509-cert"; + presence "Indicates that Certification Authority (CA) + certificates have been configured. This + statement is present so the mandatory + descendant nodes do not imply that this + node must be configured."; + description + "A set of CA certificates used by the TLS client to + authenticate TLS server certificates. A server + certificate is authenticated if it has a valid chain of + trust to a configured CA certificate."; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + uses ts:inline-or-truststore-certs-grouping; + } + container ee-certs { + if-feature "server-auth-x509-cert"; + presence "Indicates that End-Entity (EE) certificates have + been configured. This statement is present so + the mandatory descendant nodes do not imply + that this node must be configured."; + description + "A set of server certificates (i.e., EE certificates) used + by the TLS client to authenticate certificates presented + by TLS servers. A server certificate is authenticated if + it is an exact match to a configured server certificate."; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + uses ts:inline-or-truststore-certs-grouping; + } + container raw-public-keys { + if-feature "server-auth-raw-public-key"; + presence "Indicates that raw public keys have been + configured. This statement is present so + the mandatory descendant nodes do not imply + that this node must be configured."; + description + "A set of raw public keys used by the TLS client to + authenticate raw public keys presented by the TLS + server. A raw public key is authenticated if it + is an exact match to a configured raw public key."; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + uses ts:inline-or-truststore-public-keys-grouping { + refine "inline-or-truststore/inline/inline-definition/" + + "public-key" { + must 'derived-from-or-self(public-key-format,' + + ' "ct:subject-public-key-info-format")'; + } + refine "inline-or-truststore/central-truststore/" + + "central-truststore-reference" { + must 'not(deref(.)/../ts:public-key/ts:public-key-' + + 'format[not(derived-from-or-self(., "ct:subject-' + + 'public-key-info-format"))])'; + } + } + } + leaf tls12-psks { + if-feature "server-auth-tls12-psk"; + type empty; + description + "Indicates that the TLS client can authenticate TLS servers + using configured PSKs (pre-shared or pairwise symmetric + keys). + + No configuration is required since the PSK value is the + same as the PSK value configured in the 'client-identity' + node."; + } + leaf tls13-epsks { + if-feature "server-auth-tls13-epsk"; + type empty; + description + "Indicates that the TLS client can authenticate TLS servers + using configured External PSKs (pre-shared keys). + + No configuration is required since the PSK value is the + same as the PSK value configured in the 'client-identity' + node."; + } + } // container server-authentication + container hello-params { + nacm:default-deny-write; + if-feature "tlscmn:hello-params"; + uses tlscmn:hello-params-grouping; + description + "Configurable parameters for the TLS hello message."; + } // container hello-params + container keepalives { + nacm:default-deny-write; + if-feature "tls-client-keepalives"; + description + "Configures the keepalive policy for the TLS client."; + leaf peer-allowed-to-send { + type empty; + description + "Indicates that the remote TLS server is allowed to send + HeartbeatRequest messages, as defined by RFC 6520, + to this TLS client."; + reference + "RFC 6520: Transport Layer Security (TLS) and Datagram + Transport Layer Security (DTLS) Heartbeat Extension"; + } + container test-peer-aliveness { + presence "Indicates that the TLS client proactively tests the + aliveness of the remote TLS server."; + description + "Configures the keepalive policy to proactively test + the aliveness of the TLS server. An unresponsive + TLS server is dropped after approximately max-wait + * max-attempts seconds. The TLS client MUST send + HeartbeatRequest messages, as defined in RFC 6520."; + reference + "RFC 6520: Transport Layer Security (TLS) and Datagram + Transport Layer Security (DTLS) Heartbeat Extension"; + leaf max-wait { + type uint16 { + range "1..max"; + } + units "seconds"; + default "30"; + description + "Sets the amount of time in seconds, after which a + TLS-level message will be sent to test the + aliveness of the TLS server if no data has been + received from the TLS server."; + } + leaf max-attempts { + type uint8; + default "3"; + description + "Sets the maximum number of sequential keepalive + messages that can fail to obtain a response from + the TLS server before assuming the TLS server is + no longer alive."; + } + } + } + } // grouping tls-client-grouping + +} diff --git a/modules/ietf-tls-common@2023-12-28.yang b/modules/ietf-tls-common@2024-10-10.yang similarity index 59% rename from modules/ietf-tls-common@2023-12-28.yang rename to modules/ietf-tls-common@2024-10-10.yang index 79107ac9..a4d5ef3d 100644 --- a/modules/ietf-tls-common@2023-12-28.yang +++ b/modules/ietf-tls-common@2024-10-10.yang @@ -6,19 +6,19 @@ module ietf-tls-common { import iana-tls-cipher-suite-algs { prefix tlscsa; reference - "RFC FFFF: YANG Groupings for TLS Clients and SSH Servers"; + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; } import ietf-crypto-types { prefix ct; reference - "RFC AAAA: YANG Data Types and Groupings for Cryptography"; + "RFC 9640: YANG Data Types and Groupings for Cryptography"; } import ietf-keystore { prefix ks; reference - "RFC CCCC: A YANG Data Model for a Keystore"; + "RFC 9642: A YANG Data Model for a Keystore"; } organization @@ -28,14 +28,21 @@ module ietf-tls-common { "WG List: NETCONF WG list WG Web: https://datatracker.ietf.org/wg/netconf Author: Kent Watsen - Author: Jeff Hartley + Author: Jeff Hartley Author: Gary Wu "; description - "This module defines a common features and groupings for + "This module defines common features and groupings for Transport Layer Security (TLS). - Copyright (c) 2023 IETF Trust and the persons identified + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2024 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with @@ -45,49 +52,22 @@ module ietf-tls-common { Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC FFFF - (https://www.rfc-editor.org/info/rfcFFFF); see the RFC - itself for full legal notices. + This version of this YANG module is part of RFC 9645 + (https://www.rfc-editor.org/info/rfc9645); see the RFC + itself for full legal notices."; - The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', - 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', - 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document - are to be interpreted as described in BCP 14 (RFC 2119) - (RFC 8174) when, and only when, they appear in all - capitals, as shown here."; - - revision 2023-12-28 { + revision 2024-10-10 { description - "Initial version"; + "Initial version."; reference - "RFC FFFF: YANG Groupings for TLS Clients and TLS Servers"; + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; } // Features - feature tls10 { - status "obsolete"; - description - "TLS Protocol Version 1.0 is supported. TLS 1.0 is obsolete - and thus it is NOT RECOMMENDED to enable this feature."; - reference - "RFC 2246: The TLS Protocol Version 1.0"; - } - - feature tls11 { - status "obsolete"; - description - "TLS Protocol Version 1.1 is supported. TLS 1.1 is obsolete - and thus it is NOT RECOMMENDED to enable this feature."; - reference - "RFC 4346: The Transport Layer Security (TLS) Protocol - Version 1.1"; - } - feature tls12 { - status "deprecated"; description - "TLS Protocol Version 1.2 is supported. TLS 1.2 is obsolete + "TLS Protocol Version 1.2 is supported. TLS 1.2 is obsolete, and thus it is NOT RECOMMENDED to enable this feature."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol @@ -107,44 +87,28 @@ module ietf-tls-common { "TLS hello message parameters are configurable."; } - feature public-key-generation { + feature algorithm-discovery { description "Indicates that the server implements the - 'generate-public-key' RPC."; + 'supported-algorithms' container."; } - // Identities - - identity tls-version-base { + feature asymmetric-key-pair-generation { description - "Base identity used to identify TLS protocol versions."; + "Indicates that the server implements the + 'generate-asymmetric-key-pair' RPC."; } - identity tls10 { - if-feature "tls10"; - base tls-version-base; - status "obsolete"; - description - "TLS Protocol Version 1.0."; - reference - "RFC 2246: The TLS Protocol Version 1.0"; - } + // Identities - identity tls11 { - if-feature "tls11"; - base tls-version-base; - status "obsolete"; + identity tls-version-base { description - "TLS Protocol Version 1.1."; - reference - "RFC 4346: The Transport Layer Security (TLS) Protocol - Version 1.1"; + "Base identity used to identify TLS protocol versions."; } identity tls12 { if-feature "tls12"; base tls-version-base; - status "deprecated"; description "TLS Protocol Version 1.2."; reference @@ -168,11 +132,11 @@ module ietf-tls-common { type enumeration { enum sha-256 { description - "The SHA-256 Hash."; + "The SHA-256 hash."; } enum sha-384 { description - "The SHA-384 Hash."; + "The SHA-384 hash."; } } description @@ -184,7 +148,6 @@ module ietf-tls-common { Protocol Version 1.3"; } - // Groupings grouping hello-params-grouping { @@ -197,74 +160,94 @@ module ietf-tls-common { Version 1.3"; container tls-versions { description - "Parameters regarding TLS versions."; - leaf-list tls-version { + "Parameters limiting which TLS versions, amongst + those enabled by 'features', are presented during + the TLS handshake."; + leaf min { type identityref { base tls-version-base; } - ordered-by user; description - "Acceptable TLS protocol versions. - - If this leaf-list is not configured (has zero elements) - the acceptable TLS protocol versions are implementation- - defined."; + "If not specified, then there is no configured + minimum version."; + } + leaf max { + type identityref { + base tls-version-base; + } + description + "If not specified, then there is no configured + maximum version."; } } container cipher-suites { description "Parameters regarding cipher suites."; leaf-list cipher-suite { - type identityref { - base tlscsa:cipher-suite-alg-base; - } + type tlscsa:tls-cipher-suite-algorithm; ordered-by user; description "Acceptable cipher suites in order of descending preference. The configured host key algorithms should be compatible with the algorithm used by the configured - private key. Please see Section 5 of RFC FFFF for + private key. Please see Section 5 of RFC 9645 for valid combinations. - If this leaf-list is not configured (has zero elements) + If this leaf-list is not configured (has zero elements), the acceptable cipher suites are implementation- defined."; reference - "RFC FFFF: YANG Groupings for TLS Clients and TLS Servers"; + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; } } } // hello-params-grouping - rpc generate-public-key { - if-feature "public-key-generation"; + // Protocol-accessible Nodes + + container supported-algorithms { + if-feature "algorithm-discovery"; + config false; + description + "A container for a list of cipher suite algorithms supported + by the server."; + leaf-list supported-algorithm { + type tlscsa:tls-cipher-suite-algorithm; + description + "A cipher suite algorithm supported by the server."; + } + } + + rpc generate-asymmetric-key-pair { + if-feature "asymmetric-key-pair-generation"; description - "Requests the device to generate an public key using - the specified key algorithm."; + "Requests the device to generate an 'asymmetric-key-pair' + key using the specified key algorithm."; input { leaf algorithm { - type tlscsa:cipher-suite-algorithm-ref; + type tlscsa:tls-cipher-suite-algorithm; mandatory true; description - "The cipher suite algorithm that the generated key is - to work with. Implementations derive the public key - algorithm from the cipher suite algorithm. Example: - cipher suite 'tls-rsa-with-aes-256-cbc-sha256' maps - to the RSA public key."; + "The cipher suite algorithm that the generated key + works with. Implementations derive the public key + algorithm from the cipher suite algorithm. For + example, cipher suite + 'tls-rsa-with-aes-256-cbc-sha256' maps to the RSA + public key."; } leaf num-bits { type uint16; description - "Specifies the number of bits in the key to create. - For RSA keys, the minimum size is 1024 bits and - the default is 3072 bits. Generally, 3072 bits is - considered sufficient. DSA keys must be exactly 1024 - bits as specified by FIPS 186-2. For elliptical - keys, the 'num-bits' value determines the key length - of the curve (e.g., 256, 384 or 521), where valid - values supported by the server are conveyed via an - unspecified mechanism. For some public algorithms, - the keys have a fixed length and thus the 'num-bits' - value is not specified."; + "Specifies the number of bits to create in the key. + For RSA keys, the minimum size is 1024 bits, and + the default is 3072 bits. Generally, 3072 bits is + considered sufficient. DSA keys must be exactly + 1024 bits as specified by FIPS 186-2. For + elliptical keys, the 'num-bits' value determines + the key length of the curve (e.g., 256, 384, or 521), + where valid values supported by the server are + conveyed via an unspecified mechanism. For some + public algorithms, the keys have a fixed length, and + thus the 'num-bits' value is not specified."; } container private-key-encoding { description @@ -286,8 +269,8 @@ module ietf-tls-common { if-feature "ct:encrypted-private-keys"; container encrypted { description - "Indicates that the key is to be encrypted using - the specified symmetric or asymmetric key."; + "Indicates that the key is to be encrypted using + the specified symmetric or asymmetric key."; uses ks:encrypted-by-grouping; } } @@ -300,8 +283,8 @@ module ietf-tls-common { Unlike the 'cleartext' and 'encrypt' options, the key returned is a placeholder for an internally - stored key. See the 'Support for Built-in Keys' - section in RFC CCCC for information about hidden + stored key. See Section 3 of RFC 9642 ('Support + for Built-In Keys') for information about hidden keys."; } } @@ -309,8 +292,23 @@ module ietf-tls-common { } } output { - uses ct:asymmetric-key-pair-grouping; + choice key-or-hidden { + case key { + uses ct:asymmetric-key-pair-grouping; + } + case hidden { + leaf location { + type instance-identifier; + description + "The location to where a hidden key was created."; + } + } + description + "The output can be either a key (for cleartext and + encrypted keys) or the location to where the key + was created (for hidden keys)."; + } } - } // end generate-public-key + } // end generate-asymmetric-key-pair } diff --git a/modules/ietf-tls-server@2023-12-28.yang b/modules/ietf-tls-server@2024-10-10.yang similarity index 71% rename from modules/ietf-tls-server@2023-12-28.yang rename to modules/ietf-tls-server@2024-10-10.yang index 4b33cf3b..2f628545 100644 --- a/modules/ietf-tls-server@2023-12-28.yang +++ b/modules/ietf-tls-server@2024-10-10.yang @@ -8,45 +8,46 @@ module ietf-tls-server { reference "RFC 8341: Network Configuration Access Control Model"; } - import ietf-crypto-types { prefix ct; reference - "RFC AAAA: YANG Data Types and Groupings for Cryptography"; + "RFC 9640: YANG Data Types and Groupings for Cryptography"; } - import ietf-truststore { prefix ts; reference - "RFC BBBB: A YANG Data Model for a Truststore"; + "RFC 9641: A YANG Data Model for a Truststore"; } - import ietf-keystore { prefix ks; reference - "RFC CCCC: A YANG Data Model for a Keystore"; + "RFC 9642: A YANG Data Model for a Keystore"; } - import ietf-tls-common { prefix tlscmn; reference - "RFC FFFF: YANG Groupings for TLS Clients and TLS Servers"; + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; } organization "IETF NETCONF (Network Configuration) Working Group"; - contact "WG List: NETCONF WG list WG Web: https://datatracker.ietf.org/wg/netconf Author: Kent Watsen - Author: Jeff Hartley "; - + Author: Jeff Hartley "; description "This module defines reusable groupings for TLS servers that can be used as a basis for specific TLS server instances. - Copyright (c) 2023 IETF Trust and the persons identified + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2024 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with @@ -56,29 +57,22 @@ module ietf-tls-server { Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC FFFF - (https://www.rfc-editor.org/info/rfcFFFF); see the RFC - itself for full legal notices. + This version of this YANG module is part of RFC 9645 + (https://www.rfc-editor.org/info/rfc9645); see the RFC + itself for full legal notices."; - The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', - 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', - 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document - are to be interpreted as described in BCP 14 (RFC 2119) - (RFC 8174) when, and only when, they appear in all - capitals, as shown here."; - - revision 2023-12-28 { + revision 2024-10-10 { description - "Initial version"; + "Initial version."; reference - "RFC FFFF: YANG Groupings for TLS Clients and TLS Servers"; + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; } // Features feature tls-server-keepalives { description - "Per socket TLS keepalive parameters are configurable for + "Per-socket TLS keepalive parameters are configurable for TLS servers on the server implementing this feature."; } @@ -106,7 +100,7 @@ module ietf-tls-server { if-feature "tlscmn:tls12"; description "Indicates that the server supports identifying itself - using TLS-1.2 PSKs (pre-shared or pairwise-symmetric keys)."; + using TLS 1.2 PSKs (pre-shared or pairwise symmetric keys)."; reference "RFC 4279: Pre-Shared Key Ciphersuites for Transport Layer Security @@ -117,7 +111,7 @@ module ietf-tls-server { if-feature "tlscmn:tls13"; description "Indicates that the server supports identifying itself - using TLS-1.3 External PSKs (pre-shared keys)."; + using TLS 1.3 External PSKs (pre-shared keys)."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3"; @@ -154,7 +148,7 @@ module ietf-tls-server { feature client-auth-tls12-psk { description "Indicates that the server supports authenticating clients - using PSKs (pre-shared or pairwise-symmetric keys)."; + using PSKs (pre-shared or pairwise symmetric keys)."; reference "RFC 4279: Pre-Shared Key Ciphersuites for Transport Layer Security @@ -164,7 +158,7 @@ module ietf-tls-server { feature client-auth-tls13-epsk { description "Indicates that the server supports authenticating clients - using TLS-1.3 External PSKs (pre-shared keys)."; + using TLS 1.3 External PSKs (pre-shared keys)."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3"; @@ -186,21 +180,20 @@ module ietf-tls-server { 'tls-server-parameters'). This model purposely does not do this itself so as to provide maximum flexibility to consuming models."; - container server-identity { nacm:default-deny-write; description - "A locally-defined or referenced end-entity certificate, - including any configured intermediate certificates, the - TLS server will present when establishing a TLS connection - in its Certificate message, as defined in Section 7.4.2 - in RFC 5246 and Section 4.4.2 in RFC 8446."; + "A locally defined or referenced End-Entity (EE) certificate, + including any configured intermediate certificates, that + the TLS server will present when establishing a TLS + connection in its Certificate message, as defined in + Section 7.4.2 of RFC 5246 and Section 4.4.2 of RFC 8446."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 - RFC CCCC: A YANG Data Model for a Keystore"; + RFC 9642: A YANG Data Model for a Keystore"; choice auth-type { mandatory true; description @@ -211,12 +204,12 @@ module ietf-tls-server { container certificate { description "Specifies the server identity using a certificate."; - uses - "ks:inline-or-keystore-end-entity-cert-with-key-" - + "grouping" { + uses "ks:inline-or-keystore-end-entity-cert-with-key-" + + "grouping" { refine "inline-or-keystore/inline/inline-definition" { must 'not(public-key-format) or derived-from-or-self' - + '(public-key-format,' + ' "ct:subject-public-' + + '(public-key-format,' + + ' "ct:subject-public-' + 'key-info-format")'; } refine "inline-or-keystore/central-keystore/" @@ -237,7 +230,8 @@ module ietf-tls-server { uses ks:inline-or-keystore-asymmetric-key-grouping { refine "inline-or-keystore/inline/inline-definition" { must 'not(public-key-format) or derived-from-or-self' - + '(public-key-format,' + ' "ct:subject-public-' + + '(public-key-format,' + + ' "ct:subject-public-' + 'key-info-format")'; } refine "inline-or-keystore/central-keystore/" @@ -254,7 +248,7 @@ module ietf-tls-server { container tls12-psk { description "Specifies the server identity using a PSK (pre-shared - or pairwise-symmetric key)."; + or pairwise symmetric key)."; uses ks:inline-or-keystore-symmetric-key-grouping; leaf id-hint { type string; @@ -272,22 +266,22 @@ module ietf-tls-server { container tls13-epsk { description "An External Pre-Shared Key (EPSK) is established - or provisioned out-of-band, i.e., not from a TLS - connection. An EPSK is a tuple of (Base Key, - External Identity, Hash). External PSKs MUST - NOT be imported for (D)TLS 1.2 or prior versions. - When PSKs are provisioned out of band, the PSK - identity and the KDF hash algorithm to be used - with the PSK MUST also be provisioned. - - The structure of this container is designed to - satisfy the requirements of RFC 8446 Section - 4.2.11, the recommendations from Section 6 in - RFC 9257, and the EPSK input fields detailed in - Section 5.1 in RFC 9258. The base-key is based - upon ks:inline-or-keystore-symmetric-key-grouping - in order to provide users with flexible and - secure storage options."; + or provisioned out of band, i.e., not from a TLS + connection. An EPSK is a tuple of (Base Key, + External Identity, Hash). EPSKs MUST NOT be + imported for (D)TLS 1.2 or prior versions. + When PSKs are provisioned out of band, the PSK + identity and the KDF hash algorithm to be used + with the PSK MUST also be provisioned. + + The structure of this container is designed to + satisfy the requirements in Section 4.2.11 of + RFC 8446, the recommendations from Section 6 of + RFC 9257, and the EPSK input fields detailed in + Section 5.1 of RFC 9258. The base-key is based + upon 'ks:inline-or-keystore-symmetric-key-grouping' + in order to provide users with flexible and + secure storage options."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 @@ -300,9 +294,9 @@ module ietf-tls-server { type string; mandatory true; description - "As per Section 4.2.11 of RFC 8446, and Section 4.1 + "As per Section 4.2.11 of RFC 8446 and Section 4.1 of RFC 9257, a sequence of bytes used to identify - an EPSK. A label for a pre-shared key established + an EPSK. A label for a pre-shared key established externally."; reference "RFC 8446: The Transport Layer Security (TLS) @@ -312,12 +306,12 @@ module ietf-tls-server { } leaf hash { type tlscmn:epsk-supported-hash; - default sha-256; + default "sha-256"; description - "As per Section 4.2.11 of RFC 8446, for externally - established PSKs, the Hash algorithm MUST be set - when the PSK is established or default to SHA-256 - if no such algorithm is defined. The server MUST + "As per Section 4.2.11 of RFC 8446, for EPSKs, + the hash algorithm MUST be set when the PSK is + established; otherwise, default to SHA-256 if + no such algorithm is defined. The server MUST ensure that it selects a compatible PSK (if any) and cipher suite. Each PSK MUST only be used with a single hash function."; @@ -328,16 +322,16 @@ module ietf-tls-server { leaf context { type string; description - "Per Section 5.1 of RFC 9258, context MUST include - the context used to determine the EPSK, if - any exists. For example, context may include + "As per Section 5.1 of RFC 9258, context MUST + include the context used to determine the EPSK, + if any exists. For example, context may include information about peer roles or identities to mitigate Selfie-style reflection attacks. Since the EPSK is a key derived from an external protocol or sequence of protocols, context MUST include a channel binding for the deriving - protocols [RFC5056]. The details of this - binding are protocol specfic and out of scope + protocols (see RFC 5056). The details of this + binding are protocol specific and out of scope for this document."; reference "RFC 9258: Importing External Pre-Shared Keys @@ -365,69 +359,69 @@ module ietf-tls-server { } } } // container server-identity - container client-authentication { if-feature "client-auth-supported"; nacm:default-deny-write; - must 'ca-certs or ee-certs or raw-public-keys or tls12-psks - or tls13-epsks'; - presence - "Indicates that client authentication is supported (i.e., - that the server will request clients send certificates). - If not configured, the TLS server SHOULD NOT request the - TLS clients provide authentication credentials."; + must "ca-certs or ee-certs or raw-public-keys or tls12-psks + or tls13-epsks"; + presence "Indicates that client authentication is supported + (i.e., that the server will request clients send + certificates). If not configured, the TLS server + SHOULD NOT request that TLS clients provide + authentication credentials."; description "Specifies how the TLS server can authenticate TLS clients. Any combination of credentials is additive and unordered. - Note that no configuration is required for PSK (pre-shared - or pairwise-symmetric key) based authentication as the key - is necessarily the same as configured in the '../server- - identity' node."; + Note that no configuration is required for authentication + based on PSK (pre-shared or pairwise symmetric key) as the + the key is necessarily the same as configured in the + '../server-identity' node."; container ca-certs { if-feature "client-auth-x509-cert"; - presence - "Indicates that CA certificates have been configured. - This statement is present so the mandatory descendant - nodes do not imply that this node must be configured."; + presence "Indicates that Certification Authority (CA) + certificates have been configured. This + statement is present so the mandatory + descendant nodes do not imply that this node + must be configured."; description - "A set of certificate authority (CA) certificates used by - the TLS server to authenticate TLS client certificates. - A client certificate is authenticated if it has a valid - chain of trust to a configured CA certificate."; + "A set of CA certificates used by the TLS server to + authenticate TLS client certificates. A client + certificate is authenticated if it has a valid chain + of trust to a configured CA certificate."; reference - "RFC BBBB: A YANG Data Model for a Truststore"; + "RFC 9641: A YANG Data Model for a Truststore"; uses ts:inline-or-truststore-certs-grouping; } container ee-certs { if-feature "client-auth-x509-cert"; - presence - "Indicates that EE certificates have been configured. - This statement is present so the mandatory descendant - nodes do not imply that this node must be configured."; + presence "Indicates that EE certificates have been + configured. This statement is present so the + mandatory descendant nodes do not imply that + this node must be configured."; description - "A set of client certificates (i.e., end entity - certificates) used by the TLS server to authenticate - certificates presented by TLS clients. A client + "A set of client certificates (i.e., EE certificates) + used by the TLS server to authenticate + certificates presented by TLS clients. A client certificate is authenticated if it is an exact match to a configured client certificate."; reference - "RFC BBBB: A YANG Data Model for a Truststore"; + "RFC 9641: A YANG Data Model for a Truststore"; uses ts:inline-or-truststore-certs-grouping; } container raw-public-keys { if-feature "client-auth-raw-public-key"; - presence - "Indicates that raw public keys have been configured. - This statement is present so the mandatory descendant - nodes do not imply that this node must be configured."; + presence "Indicates that raw public keys have been + configured. This statement is present so + the mandatory descendant nodes do not imply + that this node must be configured."; description "A set of raw public keys used by the TLS server to authenticate raw public keys presented by the TLS client. A raw public key is authenticated if it is an exact match to a configured raw public key."; reference - "RFC BBBB: A YANG Data Model for a Truststore"; + "RFC 9641: A YANG Data Model for a Truststore"; uses ts:inline-or-truststore-public-keys-grouping { refine "inline-or-truststore/inline/inline-definition/" + "public-key" { @@ -447,7 +441,7 @@ module ietf-tls-server { type empty; description "Indicates that the TLS server can authenticate TLS clients - using configured PSKs (pre-shared or pairwise-symmetric + using configured PSKs (pre-shared or pairwise symmetric keys). No configuration is required since the PSK value is the @@ -459,14 +453,13 @@ module ietf-tls-server { type empty; description "Indicates that the TLS 1.3 server can authenticate TLS - clients using configured external PSKs (pre-shared keys). + clients using configured External PSKs (pre-shared keys). No configuration is required since the PSK value is the same as PSK value configured in the 'server-identity' node."; } } // container client-authentication - container hello-params { nacm:default-deny-write; if-feature "tlscmn:hello-params"; @@ -474,7 +467,6 @@ module ietf-tls-server { description "Configurable parameters for the TLS hello message."; } // container hello-params - container keepalives { nacm:default-deny-write; if-feature "tls-server-keepalives"; @@ -484,18 +476,17 @@ module ietf-tls-server { type empty; description "Indicates that the remote TLS client is allowed to send - HeartbeatRequest messages, as defined by RFC 6520 + HeartbeatRequest messages, as defined by RFC 6520, to this TLS server."; reference "RFC 6520: Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension"; } container test-peer-aliveness { - presence - "Indicates that the TLS server proactively tests the - aliveness of the remote TLS client."; + presence "Indicates that the TLS server proactively tests the + aliveness of the remote TLS client."; description - "Configures the keep-alive policy to proactively test + "Configures the keepalive policy to proactively test the aliveness of the TLS client. An unresponsive TLS client is dropped after approximately max-wait * max-attempts seconds."; @@ -506,16 +497,16 @@ module ietf-tls-server { units "seconds"; default "30"; description - "Sets the amount of time in seconds after which if - no data has been received from the TLS client, a + "Sets the amount of time in seconds, after which a TLS-level message will be sent to test the - aliveness of the TLS client."; + aliveness of the TLS client if no data has been + received from the TLS client."; } leaf max-attempts { type uint8; default "3"; description - "Sets the maximum number of sequential keep-alive + "Sets the maximum number of sequential keepalive messages that can fail to obtain a response from the TLS client before assuming the TLS client is no longer alive."; diff --git a/src/server_config.c b/src/server_config.c index ffbede28..3f3d27ac 100644 --- a/src/server_config.c +++ b/src/server_config.c @@ -3140,11 +3140,7 @@ nc_server_config_tls_version(const struct lyd_node *node, enum nc_operation op) /* str to tls_version */ version = ((struct lyd_node_term *)node)->value.ident->name; - if (!strcmp(version, "tls10")) { - tls_version = NC_TLS_VERSION_10; - } else if (!strcmp(version, "tls11")) { - tls_version = NC_TLS_VERSION_11; - } else if (!strcmp(version, "tls12")) { + if (!strcmp(version, "tls12")) { tls_version = NC_TLS_VERSION_12; } else if (!strcmp(version, "tls13")) { tls_version = NC_TLS_VERSION_13; @@ -4020,7 +4016,7 @@ nc_server_config_load_modules(struct ly_ctx **ctx) /* all features */ const char *ietf_truststore[] = {"central-truststore-supported", "inline-definitions-supported", "certificates", "public-keys", NULL}; /* no public-key-generation */ - const char *ietf_tls_common[] = {"tls10", "tls11", "tls12", "tls13", "hello-params", NULL}; + const char *ietf_tls_common[] = {"tls12", "tls13", "hello-params", NULL}; /* no tls-server-keepalives, server-ident-raw-public-key, server-ident-tls12-psk, server-ident-tls13-epsk, * client-auth-raw-public-key, client-auth-tls12-psk, client-auth-tls13-epsk */ const char *ietf_tls_server[] = {"server-ident-x509-cert", "client-auth-supported", "client-auth-x509-cert", NULL};