Both sides previous revisionPrevious revisionNext revision | Previous revision |
howtos:cipher_list_for_datagroups [01/09/2017 14:33] – domingo | howtos:cipher_list_for_datagroups [07/11/2020 16:41] (current) – domingo |
---|
| This is a datagroup you can use for lookup in iRules for logging or debugging SSL connection errors. |
| |
| I've extracted this from the tables found here https://support.f5.com/csp/article/K13163 |
| |
| Put it into a file and import it with the type "String" and "Key / Value Pair Separator" as ":=". |
| |
| The file has these headers: |
| |
| "Hex value, Cipher Suite, Bits, Protocols, Key Exchange, Authentication, Cipher, MAC" |
| |
| <file> |
| "0x15" := "DHE-RSA-DES-CBC-SHA 64 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA DES SHA", |
| "0x16" := "DHE-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA DES SHA", |
| "0x18" := "ADH-RC4-MD5 128 TLS1 ADH None RC4 MD5", |
| "0x1a" := "ADH-DES-CBC-SHA 64 TLS1 ADH None DES SHA", |
| "0x1b" := "ADH-DES-CBC3-SHA 168 TLS1 ADH None DES SHA", |
| "0x2f" := "AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA AES SHA", |
| "0x32" := "DHE-DSS-AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 DHE DSS AES SHA", |
| "0x33" := "DHE-RSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA AES SHA", |
| "0x34" := "ADH-AES128-SHA 128 TLS1 ADH None AES SHA", |
| "0x35" := "AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA AES SHA", |
| "0x38" := "DHE-DSS-AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 DHE DSS AES SHA", |
| "0x39" := "DHE-RSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2-DTLS1 EDH RSA AES SHA", |
| "0x3a" := "ADH-AES256-SHA 256 TLS1 ADH None AES SHA", |
| "0x3c" := "AES128-SHA256 128 TLS1.2 RSA RSA AES SHA256", |
| "0x3d" := "AES256-SHA256 256 TLS1.2 RSA RSA AES SHA256", |
| "0x4" := "RC4-MD5 128 TLS1-TLS1.1-TLS1.2 RSA RSA RC4 MD5", |
| "0x40" := "DHE-DSS-AES128-SHA256 128 TLS1.2 DHE DSS AES SHA256", |
| "0x41" := "CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 RSA RSA CAMELLIA SHA", |
| "0x44" := "DHE-DSS-CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 DHE DSS CAMELLIA SHA", |
| "0x45" := "DHE-RSA-CAMELLIA128-SHA 128 TLS1-TLS1.1-TLS1.2 EDH RSA CAMELLIA SHA", |
| "0x5" := "RC4-SHA 128 TLS1-TLS1.1-TLS1.2 RSA RSA RC4 SHA", |
| "0x67" := "DHE-RSA-AES128-SHA256 128 TLS1.2 EDH RSA AES SHA256", |
| "0x6a" := "DHE-DSS-AES256-SHA256 256 TLS1.2 DHE DSS AES SHA256", |
| "0x6b" := "DHE-RSA-AES256-SHA256 256 TLS1.2 EDH RSA AES SHA256", |
| "0x84" := "CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 RSA RSA CAMELLIA SHA", |
| "0x87" := "DHE-DSS-CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 DHE DSS CAMELLIA SHA", |
| "0x88" := "DHE-RSA-CAMELLIA256-SHA 256 TLS1-TLS1.1-TLS1.2 EDH RSA CAMELLIA SHA", |
| "0x9" := "DES-CBC-SHA 64 TLS1-TLS1.1-DTLS1 RSA RSA DES SHA", |
| "0x9c" := "AES128-GCM-SHA256 128 TLS1.2 RSA RSA AES-GCM SHA256", |
| "0x9d" := "AES256-GCM-SHA384 256 TLS1.2 RSA RSA AES-GCM SHA384", |
| "0x9e" := "DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 EDH RSA AES-GCM SHA256", |
| "0x9f" := "DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 EDH RSA AES-GCM SHA384", |
| "0xa" := "DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2-DTLS1 RSA RSA DES SHA", |
| "0xa2" := "DHE-DSS-AES128-GCM-SHA256 128 TLS1.2 DHE DSS AES-GCM SHA256", |
| "0xa3" := "DHE-DSS-AES256-GCM-SHA384 256 TLS1.2 DHE DSS AES-GCM SHA384", |
| "0xa6" := "ADH-AES128-GCM-SHA256 128 TLS1.2 ADH None AES-GCM SHA256", |
| "0xa7" := "ADH-AES256-GCM-SHA384 256 TLS1.2 ADH None AES-GCM SHA384", |
| "0xc003" := "ECDH-ECDSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDH ECDSA DES SHA", |
| "0xc004" := "ECDH-ECDSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDH ECDSA AES SHA", |
| "0xc005" := "ECDH-ECDSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDH ECDSA AES SHA", |
| "0xc008" := "ECDHE-ECDSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA DES SHA", |
| "0xc009" := "ECDHE-ECDSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA AES SHA", |
| "0xc00a" := "ECDHE-ECDSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDHE ECDSA AES SHA", |
| "0xc00d" := "ECDH-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDH RSA DES SHA", |
| "0xc00e" := "ECDH-RSA-AES128-SHA 128 TLS1-TLS1.1-TLS1.2 ECDH RSA AES SHA", |
| "0xc00f" := "ECDH-RSA-AES256-SHA 256 TLS1-TLS1.1-TLS1.2 ECDH RSA AES SHA", |
| "0xc012" := "ECDHE-RSA-DES-CBC3-SHA 168 TLS1-TLS1.1-TLS1.2 ECDHE RSA DES SHA", |
| "0xc013" := "ECDHE-RSA-AES128-CBC-SHA 128 TLS1-TLS1.1-TLS1.2 ECDHE RSA AES SHA", |
| "0xc014" := "ECDHE-RSA-AES256-CBC-SHA 256 TLS1-TLS1.1-TLS1.2 ECDHE RSA AES SHA", |
| "0xc023" := "ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 ECDHE ECDSA AES SHA256", |
| "0xc024" := "ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 ECDHE ECDSA AES SHA384", |
| "0xc025" := "ECDH-ECDSA-AES128-SHA256 128 TLS1.2 ECDH ECDSA AES SHA256", |
| "0xc026" := "ECDH-ECDSA-AES256-SHA384 256 TLS1.2 ECDH ECDSA AES SHA384", |
| "0xc027" := "ECDHE-RSA-AES128-SHA256 128 TLS1.2 ECDHE RSA AES SHA256", |
| "0xc028" := "ECDHE-RSA-AES256-SHA384 256 TLS1.2 ECDHE RSA AES SHA384", |
| "0xc029" := "ECDH-RSA-AES128-SHA256 128 TLS1.2 ECDH RSA AES SHA256", |
| "0xc02a" := "ECDH-RSA-AES256-SHA384 256 TLS1.2 ECDH RSA AES SHA384", |
| "0xc02b" := "ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE ECDSA AES-GCM SHA256", |
| "0xc02c" := "ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE ECDSA AES-GCM SHA384", |
| "0xc02d" := "ECDH-ECDSA-AES128-GCM-SHA256 128 TLS1.2 ECDH ECDSA AES-GCM SHA256", |
| "0xc02e" := "ECDH-ECDSA-AES256-GCM-SHA384 256 TLS1.2 ECDH ECDSA AES-GCM SHA384", |
| "0xc02f" := "ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDHE RSA AES-GCM SHA256", |
| "0xc030" := "ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDHE RSA AES-GCM SHA384", |
| "0xc031" := "ECDH-RSA-AES128-GCM-SHA256 128 TLS1.2 ECDH RSA AES-GCM SHA256", |
| "0xc032" := "ECDH-RSA-AES256-GCM-SHA384 256 TLS1.2 ECDH RSA AES-GCM SHA384", |
| </file> |
| |
| You create the list by copying the table into a file and parse it with awk: |
| <code> |
| cat ssl.txt|awk -F'[(|)]' '{print $2" \:\= "$1" "$3"\,"}' |
| </code> |