13.8. Cipher Suites

The SSL protocol does not restrict clients and servers to a single encryption brew for the secure exchange of information. There are a number of possible cryptographic ingredients, but as in any cookpot, some ingredients go better together than others. The seriously interested can refer to Bruce Schneier's Applied Crytography ( John Wiley & Sons), in conjunction with the SSL specification (from http://www.netscape.com/). The list of cipher suites is in the SSLeay software at ... /ssl/ssl.h. The macro names give a better idea of what is meant than the text strings.

SSLeay name Config name Keysize EncryptedKeysize
SSL3_TXT_RSA_IDEA_128_SHA
IDEA-CBC-SHA
128 128
SSL3_TXT_RSA_NULL_MD5
NULL-MD5
0 0
SSL3_TXT_RSA_NULL_SHA
NULL-SHA
0 0
SSL3_TXT_RSA_RC4_40_MD5
EXP-RC4-MD5
128 40
SSL3_TXT_RSA_RC4_128_MD5
RC4-MD5
128 128
SSL3_TXT_RSA_RC4_128_SHA
RC4-SHA
128 128
SSL3_TXT_RSA_RC2_40_MD5
EXP-RC2-CBC-MD5
128 40
SSL3_TXT_RSA_IDEA_128_SHA
IDEA-CBC-MD5
128 128
SSL3_TXT_RSA_DES_40_CBC_SHA
EXP-DES-CBC-SHA
56 40
SSL3_TXT_RSA_DES_64_CBC_SHA
DES-CBC-SHA
56 56
SSL3_TXT_RSA_DES_192_CBC3_SHA
DES-CBC3-SHA
168 168
SSL3_TXT_DH_DSS_DES_40_CBC_SHA
EXP-DH-DSS-DES-CBC-SHA
56 40
SSL3_TXT_DH_DSS_DES_64_CBC_SHA
DH-DSS-DES-CBC-SHA
56 56
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA
DH-DSS-DES-CBC3-SHA
168 168
SSL3_TXT_DH_RSA_DES_40_CBC_SHA
EXP-DH-RSA-DES-CBC-SHA
56 40
SSL3_TXT_DH_RSA_DES_64_CBC_SHA
DH-RSA-DES-CBC-SHA
56 56
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA ...

Get Apache: The Definitive Guide, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.