Skip to content

Commit

Permalink
Merge pull request #15 from valentinxxx/patch-1
Browse files Browse the repository at this point in the history 
TLS_Cipher_String_Cheat_Sheet: added markdown tables
  • Loading branch information
@righettod
righettod authored Feb 18, 2019
2 parents cfe5c27 + 13820cc commit 79e1101
Showing 1 changed file with 35 additions and 1 deletion.
36 changes: 35 additions & 1 deletion cheatsheets/TLS_Cipher_String_Cheat_Sheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,30 @@ IANA, OpenSSL and other crypto libraries use slightly different names for the sa

This table lists the names used by IANA and by openssl in brackets `[]`. Additional you can find the unambiguously hex values defined by IANA. Mozilla offers a larger *[cipher names correspondence table](https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_names_correspondence_table)*.

<!-- markdownlint-disable MD033 -->
| Cipher name:<br>IANA, [OpenSSL] | Cipher HEX value | Advanced+<br>(A+) | Advanced<br>(A) | Broad Compatibility<br>(B) | Widest Compatibility<br>(C) | Legacy<br>(C-) |
| --- | :---: | :---: | :---: | :---: | :---: | :---: |
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`,<br>[`DHE-RSA-AES256-GCM-SHA384`] | 0x009f | 1 | 1 | 1 | 1 | 1 |
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`,<br>[`DHE-RSA-AES128-GCM-SHA256`] | 0x009e | 2 | 2 | 2 | 2 | 2 |
| `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`,<br>[`ECDHE-RSA-AES256-GCM-SHA384`] | 0xc030 | 3 | 3 | 3 | 3 | 3 |
| `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`,<br>[`ECDHE-RSA-AES128-GCM-SHA256`] | 0xc02f | 4 | 4 | 4 | 4 | 4 |
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256`,<br>[`DHE-RSA-AES256-SHA256`] | 0x006b | | 5 | 5 | 5 | 5 |
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256`,<br>[`DHE-RSA-AES128-SHA256`] | 0x0067 | | 6 | 6 | 6 | 6 |
| `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`,<br>[`ECDHE-RSA-AES256-SHA384`] | 0xc028 | | 7 | 7 | 7 | 7 |
| `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`,<br>[`ECDHE-RSA-AES128-SHA256`] | 0xc027 | | 8 | 8 | 8 | 8 |
| `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`,<br>[`ECDHE-RSA-AES256-SHA`] | 0xc014 | | | 9 | 9 | 9 |
| `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`,<br>[`ECDHE-RSA-AES128-SHA`] | 0xc013 | | | 10 | 10 | 10 |
| `TLS_RSA_WITH_AES_256_GCM_SHA384`,<br>[`AES256-GCM-SHA384`] | 0x009d | | | | 11 | 11 |
| `TLS_RSA_WITH_AES_128_GCM_SHA256`,<br>[`AES128-GCM-SHA256`] | 0x009c | | | | 12 | 12 |
| `TLS_RSA_WITH_AES_256_CBC_SHA256`,<br>[`AES256-SHA256`] | 0x003d | | | | 13 | 13 |
| `TLS_RSA_WITH_AES_128_CBC_SHA256`,<br>[`AES128-SHA256`] | 0x003c | | | | 14 | 14 |
| `TLS_RSA_WITH_AES_256_CBC_SHA`,<br>[`AES256-SHA`] | 0x0035 | | | | 15 | 15 |
| `TLS_RSA_WITH_AES_128_CBC_SHA`,<br>[`AES128-SHA`] | 0x002f | | | | 16 | 16 |
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA`,<br>[`DES-CBC3-SHA`] | 0x000a | | | | | 17 |
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA`,<br>[`DHE-RSA-AES256-SHA`] | 0x0039 | | | 11 | 17 | 18 |
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA`,<br>[`DHE-RSA-AES128-SHA`] | 0x0033 | | | 12 | 18 | 19 |
<!-- markdownlint-enable MD033 -->

![CipherTable01](../assets/TLS_Cipher_String_Cheat_Sheet_CipherTable01.png)

**Remarks:**
Expand All @@ -74,6 +98,16 @@ Other option: *Delete this two ciphers from your list*.

### OpenSSL

<!-- markdownlint-disable MD033 -->
| Cipher-String | OpenSSL syntax |
| --- | --- |
| Advanced+<br>(A+) | `DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256` |
| Advanced<br>(A) | `DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256` |
| Broad Compatibility<br>(B) | `DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA` |
| Widest Compatibility<br>(C) | `DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA` |
| Legacy<br>(C-) | `DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA` |
<!-- markdownlint-enable MD033 -->

![CipherTable02](../assets/TLS_Cipher_String_Cheat_Sheet_CipherTable02.png)

# How to use this Cipher Strings?
Expand Down Expand Up @@ -135,4 +169,4 @@ openssl ciphers -V "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RS

Torsten Gigler - torsten.gigler@owasp.org

Achim Hoffmann - achim@owasp.org
Achim Hoffmann - achim@owasp.org

0 comments on commit 79e1101

Please sign in to comment.