* 仕様書

[REFS[
- [15] [CITE@en[RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2]] ([TIME[2015-03-25 03:49:56 +09:00]] 版) <https://tools.ietf.org/html/rfc5246#section-7.4.1.2>
- [6] [CITE@en[RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2]] ([TIME[2015-03-25 03:49:56 +09:00]] 版) <https://tools.ietf.org/html/rfc5246#section-9>
- [10] [CITE@en[RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2]] ([TIME[2015-03-25 03:49:56 +09:00]] 版) <https://tools.ietf.org/html/rfc5246#section-12>
- [12] [CITE@en[RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2]] ([TIME[2015-03-25 03:49:56 +09:00]] 版) <https://tools.ietf.org/html/rfc5246#appendix-A.5>
- [13] [CITE@en[RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2]] ([TIME[2015-03-25 03:49:56 +09:00]] 版) <https://tools.ietf.org/html/rfc5246#appendix-C>
- [14] [CITE@en[RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2]] ([TIME[2015-03-25 03:49:56 +09:00]] 版) <https://tools.ietf.org/html/rfc5246#appendix-D.3>
- [2] [CITE[Transport Layer Security (TLS) Parameters]]
([TIME[2015-02-27 12:03:35 +09:00]] 版)
<http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4>
- [22] [CITE@en[RFC 7540 - Hypertext Transfer Protocol Version 2 (HTTP/2)]] ([TIME[2015-05-15 10:14:54 +09:00]] 版) <https://tools.ietf.org/html/rfc7540#section-9.2.2>
- [24] [CITE@en[RFC 7540 - Hypertext Transfer Protocol Version 2 (HTTP/2)]] ([TIME[2015-05-15 10:14:54 +09:00]] 版) <https://tools.ietf.org/html/rfc7540#appendix-A>
]REFS]

* 値

[8] 値は、2バイトの列です。各値には英数字と [CODE[_]] で構成される名前が割り振られています。

[16] [CODE[0x00,0x00]] ([CODE[TLS_NULL_WITH_NULL_NULL]]) は初期状態を表す特別な値です。

[17] 次の範囲には有効な値が割り振られています。
[FIG(short list)[
- [CODE[0x00]],[CODE[0x01]]-[CODE[0x02]] [SRC[[[RFC 5246]]]]
- [CODE[0x00]],[CODE[0x06]]-[CODE[0x16]] [SRC[[[RFC 4346]], [[RFC 5246]]]]
- [CODE[0x00]],[CODE[0x19]]-[CODE[0x1B]] [SRC[[[RFC 4346]], [[RFC 5246]]]]
- [CODE[0x00]],[CODE[0x1E]]-[CODE[0x1F]] [SRC[[[RFC 2712]]]]
- [CODE[0x00]],[CODE[0x21]]-[CODE[0x23]] [SRC[[[RFC 2712]]]]
- [CODE[0x00]],[CODE[0x25]]-[CODE[0x27]] [SRC[[[RFC 2712]]]]
- [CODE[0x00]],[CODE[0x29]]-[CODE[0x2A]] [SRC[[[RFC 2712]]]]
- [CODE[0x00]],[CODE[0x2C]]-[CODE[0x46]] [SRC[[[RFC 4785]], [[RFC 5246]], [[RFC 5932]]]]
- [CODE[0x00]],[CODE[0x67]]-[CODE[0x6D]] [SRC[[[RFC 5246]]]]
- [CODE[0x00]],[CODE[0x84]]-[CODE[0x89]] [SRC[[[RFC 5932]]]]
- [CODE[0x00]],[CODE[0x8B]]-[CODE[0x8D]] [SRC[[[RFC 4279]]]]
- [CODE[0x00]],[CODE[0x8F]]-[CODE[0x91]] [SRC[[[RFC 4279]]]]
- [CODE[0x00]],[CODE[0x93]]-[CODE[0xC5]] [SRC[[[RFC 4162]], [[RFC 4279]], [[RFC 5288]], [[RFC 5487]], [[RFC 5932]]]]
- [CODE[0x00]],[CODE[0xFF]] [SRC[[[RFC 5746]]]]
- [CODE[0x56]],[CODE[0x00]] = [[TLS_FALLBACK_SCSV]] [SRC[[[RFC 7507]]]]
- [CODE[0xC0]],[CODE[0x01]]-[CODE[0xAF]] [SRC[[[RFC 4429]], [[RFC 5054]], [[RFC 5289]], [[RFC 5489]], [[RFC 6209]], [[RFC 6347]], [[RFC 6367]], [[RFC 6655]], [[RFC 7251]]]]
]FIG]

;; [19] しかしこのうちのいくつかは安全ではなく使うべきではないとされています。

[18] 次の値はかつて使われていましたが、現在では使われていません。
[FIG(middle list)[
- [CODE[0x00]],[CODE[0x03]]-[CODE[0x05]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x17]]-[CODE[0x18]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x1C]] [SRC[[[RFC 5246]]]]
- [CODE[0x00]],[CODE[0x1D]] [SRC[[[RFC 5246]]]]
- [CODE[0x00]],[CODE[0x20]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x24]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x28]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x2B]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x8A]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x8E]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x92]] [SRC[[[RFC 7465]]]]
- [CODE[0x00]],[CODE[0x47]]-[CODE[0x5C]] [SRC[[[IANAREG]]]]
- [CODE[0x00]],[CODE[0x60]]-[CODE[0x66]] [SRC[[[IANAREG]]]]
- [CODE[0xFE]],[CODE[0xFE]]-[CODE[0xFF]] [SRC[[[IANAREG]]]]
]FIG]

[9] 第1バイト [CODE[0xFF]] は、[[私用]]です [SRC[>>10, >>2]]。

[7] [[アプリケーション]]により別途規定が無い限り、
[CODE[[[TLS_RSA_WITH_AES_128_CBC_SHA]]]] を実装しなければ[['''なりません''']] [SRC[>>6]]。

[11] [[IANA登録簿]] [SRC[>>2]] があります [SRC[>>10]]。

[23] [[HTTP/2]] はブラックリストを規定しています [SRC[>>22]]。

;; [28] >>27/>>36 に [[JSON]] 形式の一覧データファイルがあります。
[REFS[
- [27] [CITE@en[data-web-defs/tls.txt at master · manakai/data-web-defs]] ([TIME[2015-05-28 13:20:43 +09:00]] 版) <https://github.com/manakai/data-web-defs/blob/master/doc/tls.txt>
- [36] [CITE@en[data-web-defs/tls.json at master · manakai/data-web-defs]] ([TIME[2015-10-20 17:30:32 +09:00]] 版) <https://github.com/manakai/data-web-defs/blob/master/data/tls.json>
]REFS]

[31] 次の各項も参照。
[FIG(short list)[
- [[RC4]]
- [[SRP]]
- [[楕円曲線暗号]]
]FIG]

* GnuTLS 用

[48] [CITE@en[Gnutls support · Issue #321 · mozilla/ssl-config-generator]], [TIME[2025-02-11T12:59:26.000Z]] <https://github.com/mozilla/ssl-config-generator/issues/321>

[49] [CITE@en[Exim with GnuTLS · Issue #115 · mozilla/ssl-config-generator]], [TIME[2025-02-11T12:59:42.000Z]] <https://github.com/mozilla/ssl-config-generator/issues/115>



* メモ

[1] [CITE@en[Cipher suite - Wikipedia, the free encyclopedia]]
([TIME[2015-02-14 22:05:20 +09:00]] 版)
<http://en.wikipedia.org/wiki/Cipher_suite>

[3] [CITE@en[Security/Server Side TLS - MozillaWiki]]
([TIME[2015-03-22 14:32:49 +09:00]] 版)
<https://wiki.mozilla.org/Security/Server_Side_TLS>

[4] [CITE[ciphers - SSL cipher display and cipher list tool.]]
([TIME[2015-03-22 19:34:30 +09:00]] 版)
<https://www.openssl.org/docs/apps/ciphers.html>

[5] [CITE@en[jvehent/cipherscan]]
([TIME[2015-04-03 19:12:53 +09:00]] 版)
<https://github.com/jvehent/cipherscan>

[20] [CITE[SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties]]
([TIME[2015-04-18 21:26:32 +09:00]] 版)
<https://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html>

[21] [CITE[ciphers - SSL cipher display and cipher list tool.]]
([TIME[2015-04-18 21:27:56 +09:00]] 版)
<https://www.openssl.org/docs/apps/ciphers.html>

[25] [CITE@en[jvehent/tlsnames]]
([TIME[2015-05-28 12:27:20 +09:00]] 版)
<https://github.com/jvehent/tlsnames>

[26] [CITE@en[jvehent/tlsnames]]
([TIME[2015-05-28 13:02:40 +09:00]] 版)
<https://github.com/jvehent/tlsnames>

[29] [CITE@en[RFC 7525 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)]]
([TIME[2015-05-29 03:22:56 +09:00]] 版)
<https://tools.ietf.org/html/rfc7525#section-4>

[FIG(quote)[
[FIGCAPTION[
[30] [CITE[Web Security Context: User Interface Guidelines]]
([TIME[2010-08-04 20:09:50 +09:00]] 版)
<http://www.w3.org/TR/wsc-ui/#typesoftls>
]FIGCAPTION]

> When this document speaks of '''['''Definition: Strong TLS algorithms''']''', then the following must hold:
> No version of the TLS protocol that suffers known security flaws has been negotiated. At the point of writing of this document, versions of SSL prior to SSLv3 '''['''SSLv3''']''' MUST NOT be considered strong.
> A cipher suite has been selected for which key and algorithm strengths correspond to industry practice. At the time of writing of this document, the "export" cipher suites explicitly forbidden in appendix A.5 of '''['''TLSv11''']''' MUST NOT be considered strong.

]FIG]


[32] [CITE@en[1121706 – Firefox 35.0 security.ssl3 Problem - Unable to connect to Google]]
([TIME[2015-09-24 20:35:43 +09:00]] 版)
<https://bugzilla.mozilla.org/show_bug.cgi?id=1121706>

[33] [CITE[Issue 442572 - chromium - Disable AES-256-CBC modes by default - An open-source project to help move the web forward. - Google Project Hosting]]
([TIME[2015-09-27 00:55:36 +09:00]] 版)
<https://code.google.com/p/chromium/issues/detail?id=442572>

[34] [CITE@en[1113974 – Disable AES-256-CBC modes by default]]
([TIME[2015-09-27 00:55:51 +09:00]] 版)
<https://bugzilla.mozilla.org/show_bug.cgi?id=1113974>

[35] [CITE@en[1084554 – Implement TLS 1.2 DHE AES-GCM cipher suites]]
([TIME[2015-09-27 11:12:31 +09:00]] 版)
<https://bugzilla.mozilla.org/show_bug.cgi?id=1084554>

[37] [CITE@en-US[What cipher suites does CloudFlare use for SSL? – CloudFlare Support]]
([TIME[2015-06-30 07:58:00 +09:00]] 版)
<https://support.cloudflare.com/hc/en-us/articles/200933580-What-cipher-suites-does-CloudFlare-use-for-SSL->

[38] [CITE[API Deprecations and Removals in Chrome 53 | Web Updates - Google Developers]]
( ([TIME[2016-08-11 18:27:47 +09:00]]))
<https://developers.google.com/web/updates/2016/08/chrome-53-deprecations#dhe-based-ciphers-being-phased-out>

[FIG(quote)[
[FIGCAPTION[
[39] [CITE@en[mod_http2 - Apache HTTP Server Version 2.4]]
( ([TIME[2017-01-15 21:40:17 +09:00]]))
<https://httpd.apache.org/docs/2.4/mod/mod_http2.html#H2ModernTLSOnly>
]FIGCAPTION]

> The security checks require that the TSL protocol is at least TLSv1.2 and that none of the ciphers listed in RFC 7540, Appendix A is used. These checks will be extended once new security requirements come into place.
> The name stems from the Security/Server Side TLS definitions at mozilla where "modern compatibility" is defined. Mozilla Firefox and other browsers require modern compatibility for HTTP/2 connections. As everything in OpSec, this is a moving target and can be expected to evolve in the future.

]FIG]


[40] [CITE@en[Editorial: spell cypher as cipher]]
([[foolip]]著, [TIME[2017-12-20 18:39:26 +09:00]])
<https://github.com/whatwg/fetch/commit/0b6c2b170be77ba1f889a7ff25b7e181f5dc1524>

[41] [CITE@en[Editorial: spell cypher as cipher by foolip · Pull Request #649 · whatwg/fetch]]
([TIME[2017-12-21 11:47:35 +09:00]])
<https://github.com/whatwg/fetch/pull/649>

[42] [CITE@en[Editorial: spell cyphertext ciphertext]]
([[annevk]]著, [TIME[2017-12-20 19:08:31 +09:00]])
<https://github.com/whatwg/html/commit/81656488e77d37b177ffd27272cddb36416e226e>

[43] [CITE@en[Editorial: spell cyphertext ciphertext by annevk · Pull Request #3307 · whatwg/html]]
([TIME[2017-12-21 11:51:04 +09:00]])
<https://github.com/whatwg/html/pull/3307>


[44] [CITE[SSL ciphers]], [TIME[2020-09-21T09:01:13.000Z]], [TIME[2020-10-01T05:57:44.742Z]] <https://curl.haxx.se/docs/ssl-ciphers.html>

[45] [CITE[curl - How To Use]], [TIME[2020-09-21T09:01:13.000Z]], [TIME[2020-10-01T06:27:53.735Z]] <https://curl.haxx.se/docs/manpage.html#--proxy-ciphers>

[FIG(quote)[
[FIGCAPTION[
[46] [CITE@en-US[Deprecating TLS v1.0 and v1.1 | Slack]]
([[Slack]], [TIME[2021-01-30T03:07:53.000Z]])
<https://api.slack.com/changelog/2019-07-deprecate-early-tls-versions#what>
]FIGCAPTION]

> TLS connections must support at least one of the following supported cipher suites:
> ECDHE-RSA-AES128-GCM-SHA256
> ECDHE-RSA-AES256-GCM-SHA384
> ECDHE-RSA-AES128-SHA
> ECDHE-RSA-AES256-SHA
> AES128-GCM-SHA256
> AES256-GCM-SHA384

]FIG]


[FIG(quote)[
[FIGCAPTION[
[47] [CITE@en-US[Using the Slack Web API | Slack]]
([[Slack]], [TIME[2021-01-30T03:08:19.000Z]])
<https://api.slack.com/web#ssl>
]FIGCAPTION]

> TLS connections must support at least one of the following supported cipher suites:
> ECDHE-RSA-AES128-GCM-SHA256
> ECDHE-RSA-AES256-GCM-SHA384
> ECDHE-RSA-AES128-SHA256
> ECDHE-RSA-AES256-SHA384

]FIG]