User Tools

Site Tools


howtos:cipher_list_for_datagroups

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:cipher_list_for_datagroups [01/09/2017 14:33] domingohowtos:cipher_list_for_datagroups [07/11/2020 16:41] (current) domingo
Line 1: Line 1:
 +This is a datagroup you can use for lookup in iRules for logging or debugging SSL connection errors.
  
 +I've extracted this from the tables found here https://support.f5.com/csp/article/K13163
 +
 +Put it into a file and import it with the type "String" and "Key / Value Pair Separator" as ":=".
 +
 +The file has these headers:
 +
 +"Hex value, Cipher Suite, Bits, Protocols, Key Exchange, Authentication, Cipher, MAC"
 +
 +<file>
 +"0x15" := "DHE-RSA-DES-CBC-SHA 64 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA DES SHA",
 +"0x16" := "DHE-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA DES SHA",
 +"0x18" := "ADH-RC4-MD5 128 TLS1 ADH None RC4 MD5",
 +"0x1a" := "ADH-DES-CBC-SHA 64 TLS1 ADH None DES SHA",
 +"0x1b" := "ADH-DES-CBC3-SHA 168 TLS1 ADH None DES SHA",
 +"0x2f" := "AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA AES SHA",
 +"0x32" := "DHE-DSS-AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 DHE DSS AES SHA",
 +"0x33" := "DHE-RSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA AES SHA",
 +"0x34" := "ADH-AES128-SHA 128 TLS1 ADH None AES SHA",
 +"0x35" := "AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA AES SHA",
 +"0x38" := "DHE-DSS-AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 DHE DSS AES SHA",
 +"0x39" := "DHE-RSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA AES SHA",
 +"0x3a" := "ADH-AES256-SHA 256 TLS1 ADH None AES SHA",
 +"0x3c" := "AES128-SHA256 128 TLS1.2 RSA RSA AES SHA256",
 +"0x3d" := "AES256-SHA256 256 TLS1.2 RSA RSA AES SHA256",
 +"0x4" := "RC4-MD5 128 TLS1-TLS1.1-TLS1.2 RSA RSA RC4 MD5",
 +"0x40" := "DHE-DSS-AES128-SHA256 128 TLS1.2 DHE DSS AES SHA256",
 +"0x41" := "CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 RSA RSA CAMELLIA SHA",
 +"0x44" := "DHE-DSS-CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 DHE DSS CAMELLIA SHA",
 +"0x45" := "DHE-RSA-CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 EDH RSA CAMELLIA SHA",
 +"0x5" := "RC4-SHA 128 TLS1-TLS1.1-TLS1.2 RSA RSA RC4 SHA",
 +"0x67" := "DHE-RSA-AES128-SHA256 128 TLS1.2 EDH RSA AES SHA256",
 +"0x6a" := "DHE-DSS-AES256-SHA256 256 TLS1.2 DHE DSS AES SHA256",
 +"0x6b" := "DHE-RSA-AES256-SHA256 256 TLS1.2 EDH RSA AES SHA256",
 +"0x84" := "CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 RSA RSA CAMELLIA SHA",
 +"0x87" := "DHE-DSS-CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 DHE DSS CAMELLIA SHA",
 +"0x88" := "DHE-RSA-CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 EDH RSA CAMELLIA SHA",
 +"0x9" := "DES-CBC-SHA 64 TLS1-TLS1.1-DTLS1 RSA RSA DES SHA",
 +"0x9c" := "AES128-GCM-SHA256 128 TLS1.2 RSA RSA AES-GCM SHA256",
 +"0x9d" := "AES256-GCM-SHA384 256 TLS1.2 RSA RSA AES-GCM SHA384",
 +"0x9e" := "DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 EDH RSA AES-GCM SHA256",
 +"0x9f" := "DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 EDH RSA AES-GCM SHA384",
 +"0xa" := "DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA DES SHA",
 +"0xa2" := "DHE-DSS-AES128-GCM-SHA256 128 TLS1.2 DHE DSS AES-GCM SHA256",
 +"0xa3" := "DHE-DSS-AES256-GCM-SHA384 256 TLS1.2 DHE DSS AES-GCM SHA384",
 +"0xa6" := "ADH-AES128-GCM-SHA256 128 TLS1.2 ADH None AES-GCM SHA256",
 +"0xa7" := "ADH-AES256-GCM-SHA384 256 TLS1.2 ADH None AES-GCM SHA384",
 +"0xc003" := "ECDH-ECDSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDH ECDSA DES SHA",
 +"0xc004" := "ECDH-ECDSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDH ECDSA AES SHA",
 +"0xc005" := "ECDH-ECDSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDH ECDSA AES SHA",
 +"0xc008" := "ECDHE-ECDSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA DES SHA",
 +"0xc009" := "ECDHE-ECDSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA AES SHA",
 +"0xc00a" := "ECDHE-ECDSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA AES SHA",
 +"0xc00d" := "ECDH-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDH RSA DES SHA",
 +"0xc00e" := "ECDH-RSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDH RSA AES SHA",
 +"0xc00f" := "ECDH-RSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDH RSA AES SHA",
 +"0xc012" := "ECDHE-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDHE RSA DES SHA",
 +"0xc013" := "ECDHE-RSA-AES128-CBC-SHA 128 TLS1-TLS1.1-TLS1.2 ECDHE RSA AES SHA",
 +"0xc014" := "ECDHE-RSA-AES256-CBC-SHA 256 TLS1-TLS1.1-TLS1.2 ECDHE RSA AES SHA",
 +"0xc023" := "ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 ECDHE ECDSA AES SHA256",
 +"0xc024" := "ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 ECDHE ECDSA AES SHA384",
 +"0xc025" := "ECDH-ECDSA-AES128-SHA256 128 TLS1.2 ECDH ECDSA AES SHA256",
 +"0xc026" := "ECDH-ECDSA-AES256-SHA384 256 TLS1.2 ECDH ECDSA AES SHA384",
 +"0xc027" := "ECDHE-RSA-AES128-SHA256 128 TLS1.2 ECDHE RSA AES SHA256",
 +"0xc028" := "ECDHE-RSA-AES256-SHA384 256 TLS1.2 ECDHE RSA AES SHA384",
 +"0xc029" := "ECDH-RSA-AES128-SHA256 128 TLS1.2 ECDH RSA AES SHA256",
 +"0xc02a" := "ECDH-RSA-AES256-SHA384 256 TLS1.2 ECDH RSA AES SHA384",
 +"0xc02b" := "ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE ECDSA AES-GCM SHA256",
 +"0xc02c" := "ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE ECDSA AES-GCM SHA384",
 +"0xc02d" := "ECDH-ECDSA-AES128-GCM-SHA256 128 TLS1.2 ECDH ECDSA AES-GCM SHA256",
 +"0xc02e" := "ECDH-ECDSA-AES256-GCM-SHA384 256 TLS1.2 ECDH ECDSA AES-GCM SHA384",
 +"0xc02f" := "ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE RSA AES-GCM SHA256",
 +"0xc030" := "ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE RSA AES-GCM SHA384",
 +"0xc031" := "ECDH-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDH RSA AES-GCM SHA256",
 +"0xc032" := "ECDH-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDH RSA AES-GCM SHA384",
 +</file>
 +
 +You create the list by copying the table into a file and parse it with awk:
 +<code>
 +cat ssl.txt|awk -F'[(|)]' '{print $2" \:\= "$1" "$3"\,"}'
 +</code>