1*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt's Capabilities 2*cd0cc2e3SAndroid Build Coastguard Worker======================================== 3*cd0cc2e3SAndroid Build Coastguard Worker 4*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt is relatively selective in choosing the set of primitives to provide, focusing 5*cd0cc2e3SAndroid Build Coastguard Workeron the most important and widely-used algorithms. Following is a list of JCA algorithm names 6*cd0cc2e3SAndroid Build Coastguard Workerand other identifiers that are supported by Conscrypt. 7*cd0cc2e3SAndroid Build Coastguard Worker 8*cd0cc2e3SAndroid Build Coastguard Worker## TLS 9*cd0cc2e3SAndroid Build Coastguard Worker 10*cd0cc2e3SAndroid Build Coastguard Worker### Protocol Versions 11*cd0cc2e3SAndroid Build Coastguard Worker 12*cd0cc2e3SAndroid Build Coastguard Worker* `SSLv3` (ignored) 13*cd0cc2e3SAndroid Build Coastguard Worker* `TLSv1` 14*cd0cc2e3SAndroid Build Coastguard Worker* `TLSv1.1` 15*cd0cc2e3SAndroid Build Coastguard Worker* `TLSv1.2` 16*cd0cc2e3SAndroid Build Coastguard Worker* `TLSv1.3` 17*cd0cc2e3SAndroid Build Coastguard Worker 18*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt supports TLS v1.0-1.3. For backwards compatibility it will accept 19*cd0cc2e3SAndroid Build Coastguard Worker`SSLv3` in calls to methods like 20*cd0cc2e3SAndroid Build Coastguard Worker[`setEnabledProtocols()`](https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLSocket.html#setEnabledProtocols-java.lang.String:A-) 21*cd0cc2e3SAndroid Build Coastguard Workerbut will ignore it. 22*cd0cc2e3SAndroid Build Coastguard Worker 23*cd0cc2e3SAndroid Build Coastguard Worker### SSLContext 24*cd0cc2e3SAndroid Build Coastguard Worker 25*cd0cc2e3SAndroid Build Coastguard Worker* `Default` 26*cd0cc2e3SAndroid Build Coastguard Worker* `SSL` 27*cd0cc2e3SAndroid Build Coastguard Worker* `TLS` 28*cd0cc2e3SAndroid Build Coastguard Worker* `TLSv1` 29*cd0cc2e3SAndroid Build Coastguard Worker* `TLSv1.1` 30*cd0cc2e3SAndroid Build Coastguard Worker* `TLSv1.2` 31*cd0cc2e3SAndroid Build Coastguard Worker* `TLSv1.3` 32*cd0cc2e3SAndroid Build Coastguard Worker 33*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt provides the above set of SSLContext algorithm names for JSSE 34*cd0cc2e3SAndroid Build Coastguard Workerpurposes, including the special value `Default`, which is used to determine the 35*cd0cc2e3SAndroid Build Coastguard Workervalue of 36*cd0cc2e3SAndroid Build Coastguard Worker[`SSLContext.getDefault()`](https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLContext.html#getDefault--). 37*cd0cc2e3SAndroid Build Coastguard WorkerThe `Default`, `SSL`, `TLS`, and `TLSv1.3` values return a context where TLS 38*cd0cc2e3SAndroid Build Coastguard Workerv1.0-1.3 are all enabled; the others return a context with TLS v1.0-1.2 enabled. 39*cd0cc2e3SAndroid Build Coastguard Worker 40*cd0cc2e3SAndroid Build Coastguard Worker### Cipher Suites 41*cd0cc2e3SAndroid Build Coastguard Worker 42*cd0cc2e3SAndroid Build Coastguard Worker#### Enabled 43*cd0cc2e3SAndroid Build Coastguard Worker* TLS 1.0-1.2 44*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` 45*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256` 46*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` 47*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384` 48*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256` 49*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` 50*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` 51*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` 52*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` 53*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256` 54*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_RSA_WITH_AES_128_CBC_SHA` 55*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_RSA_WITH_AES_128_GCM_SHA256` 56*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_RSA_WITH_AES_256_CBC_SHA` 57*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_RSA_WITH_AES_256_GCM_SHA384` 58*cd0cc2e3SAndroid Build Coastguard Worker* TLS 1.3 59*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_AES_128_GCM_SHA256` 60*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_AES_256_GCM_SHA384` 61*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_CHACHA20_POLY1305_SHA256` 62*cd0cc2e3SAndroid Build Coastguard Worker 63*cd0cc2e3SAndroid Build Coastguard WorkerThe above cipher suites are enabled by default when the associated version of 64*cd0cc2e3SAndroid Build Coastguard Workerthe protocol is enabled. The TLS 1.3 cipher suites cannot be customized; they 65*cd0cc2e3SAndroid Build Coastguard Workerare always enabled when TLS 1.3 is enabled, and any attempt to disable them via 66*cd0cc2e3SAndroid Build Coastguard Workera call to 67*cd0cc2e3SAndroid Build Coastguard Worker[`setEnabledCipherSuites()`](https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites-java.lang.String:A-) 68*cd0cc2e3SAndroid Build Coastguard Workeris ignored. 69*cd0cc2e3SAndroid Build Coastguard Worker 70*cd0cc2e3SAndroid Build Coastguard Worker#### Supported But Not Enabled 71*cd0cc2e3SAndroid Build Coastguard Worker* TLS 1.0-1.2 72*cd0cc2e3SAndroid Build Coastguard Worker * `SSL_RSA_WITH_3DES_EDE_CBC_SHA` 73*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA` 74*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA` 75*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256` 76*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_PSK_WITH_AES_128_CBC_SHA` 77*cd0cc2e3SAndroid Build Coastguard Worker * `TLS_PSK_WITH_AES_256_CBC_SHA` 78*cd0cc2e3SAndroid Build Coastguard Worker 79*cd0cc2e3SAndroid Build Coastguard WorkerThe above cipher suites are supported, but not enabled by default. TLS 1.3 80*cd0cc2e3SAndroid Build Coastguard Workercipher suites cannot be customized, so there are no cipher suites that are 81*cd0cc2e3SAndroid Build Coastguard Workersupported but not enabled. 82*cd0cc2e3SAndroid Build Coastguard Worker 83*cd0cc2e3SAndroid Build Coastguard Worker## Cryptography 84*cd0cc2e3SAndroid Build Coastguard Worker 85*cd0cc2e3SAndroid Build Coastguard Worker### Cipher 86*cd0cc2e3SAndroid Build Coastguard Worker 87*cd0cc2e3SAndroid Build Coastguard Worker* `AES/CBC/NoPadding` 88*cd0cc2e3SAndroid Build Coastguard Worker* `AES/CBC/PKCS5Padding` 89*cd0cc2e3SAndroid Build Coastguard Worker* `AES/CTR/NoPadding` 90*cd0cc2e3SAndroid Build Coastguard Worker* `AES/ECB/NoPadding` 91*cd0cc2e3SAndroid Build Coastguard Worker* `AES/ECB/PKCS5Padding` 92*cd0cc2e3SAndroid Build Coastguard Worker* `AES/GCM-SIV/NoPadding` 93*cd0cc2e3SAndroid Build Coastguard Worker 94*cd0cc2e3SAndroid Build Coastguard WorkerAES with 128, 192, or 256-bit keys. 95*cd0cc2e3SAndroid Build Coastguard Worker 96*cd0cc2e3SAndroid Build Coastguard Worker* `AES/GCM/NoPadding` 97*cd0cc2e3SAndroid Build Coastguard Worker 98*cd0cc2e3SAndroid Build Coastguard WorkerAES/GCM with 128 or 256-bit keys. 99*cd0cc2e3SAndroid Build Coastguard Worker 100*cd0cc2e3SAndroid Build Coastguard Worker* `AES_128/CBC/NoPadding` 101*cd0cc2e3SAndroid Build Coastguard Worker* `AES_128/CBC/PKCS5Padding` 102*cd0cc2e3SAndroid Build Coastguard Worker* `AES_128/ECB/NoPadding` 103*cd0cc2e3SAndroid Build Coastguard Worker* `AES_128/ECB/PKCS5Padding` 104*cd0cc2e3SAndroid Build Coastguard Worker* `AES_128/GCM/NoPadding` 105*cd0cc2e3SAndroid Build Coastguard Worker* `AES_128/GCM-SIV/NoPadding` 106*cd0cc2e3SAndroid Build Coastguard Worker* `AES_256/CBC/NoPadding` 107*cd0cc2e3SAndroid Build Coastguard Worker* `AES_256/CBC/PKCS5Padding` 108*cd0cc2e3SAndroid Build Coastguard Worker* `AES_256/ECB/NoPadding` 109*cd0cc2e3SAndroid Build Coastguard Worker* `AES_256/ECB/PKCS5Padding` 110*cd0cc2e3SAndroid Build Coastguard Worker* `AES_256/GCM/NoPadding` 111*cd0cc2e3SAndroid Build Coastguard Worker* `AES_256/GCM-SIV/NoPadding` 112*cd0cc2e3SAndroid Build Coastguard Worker 113*cd0cc2e3SAndroid Build Coastguard WorkerKey-restricted versions of the AES ciphers. 114*cd0cc2e3SAndroid Build Coastguard Worker 115*cd0cc2e3SAndroid Build Coastguard Worker* `ARC4` 116*cd0cc2e3SAndroid Build Coastguard Worker 117*cd0cc2e3SAndroid Build Coastguard WorkerThe RC4 stream cipher. 118*cd0cc2e3SAndroid Build Coastguard Worker 119*cd0cc2e3SAndroid Build Coastguard Worker* `ChaCha20/NONE/NoPadding` 120*cd0cc2e3SAndroid Build Coastguard Worker* `ChaCha20/Poly1305/NoPadding` 121*cd0cc2e3SAndroid Build Coastguard Worker 122*cd0cc2e3SAndroid Build Coastguard WorkerChaCha with 20 rounds, 96-bit nonce, and 32-bit counter as described in 123*cd0cc2e3SAndroid Build Coastguard Worker[RFC 7539](https://tools.ietf.org/html/rfc7539), either with or without a Poly1305 AEAD 124*cd0cc2e3SAndroid Build Coastguard Workerauthenticator. 125*cd0cc2e3SAndroid Build Coastguard Worker 126*cd0cc2e3SAndroid Build Coastguard Worker* `DESEDE/CBC/NoPadding` 127*cd0cc2e3SAndroid Build Coastguard Worker* `DESEDE/CBC/PKCS5Padding` 128*cd0cc2e3SAndroid Build Coastguard Worker 129*cd0cc2e3SAndroid Build Coastguard WorkerTriple DES with either two or three intermediate keys. 130*cd0cc2e3SAndroid Build Coastguard Worker 131*cd0cc2e3SAndroid Build Coastguard Worker* `RSA/ECB/NoPadding` 132*cd0cc2e3SAndroid Build Coastguard Worker* `RSA/ECB/OAEPPadding` 133*cd0cc2e3SAndroid Build Coastguard Worker* `RSA/ECB/OAEPWithSHA-1AndMGF1Padding` 134*cd0cc2e3SAndroid Build Coastguard Worker* `RSA/ECB/OAEPWithSHA-224AndMGF1Padding` 135*cd0cc2e3SAndroid Build Coastguard Worker* `RSA/ECB/OAEPWithSHA-256AndMGF1Padding` 136*cd0cc2e3SAndroid Build Coastguard Worker* `RSA/ECB/OAEPWithSHA-384AndMGF1Padding` 137*cd0cc2e3SAndroid Build Coastguard Worker* `RSA/ECB/OAEPWithSHA-512AndMGF1Padding` 138*cd0cc2e3SAndroid Build Coastguard Worker* `RSA/ECB/PKCS1Padding` 139*cd0cc2e3SAndroid Build Coastguard Worker 140*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt's OAEP ciphers (eg, `RSA/ECB/OAEPWithSHA-256AndMGF1Padding`) use the named digest for 141*cd0cc2e3SAndroid Build Coastguard Workerboth the main digest and the MGF1 digest. This differs from the behavior of some other 142*cd0cc2e3SAndroid Build Coastguard Workerproviders, including the ones bundled with OpenJDK, which always use SHA-1 for the MGF1 digest. 143*cd0cc2e3SAndroid Build Coastguard WorkerFor maximum compatibility, you should use `RSA/ECB/OAEPPadding` and initialize it with an 144*cd0cc2e3SAndroid Build Coastguard Worker[`OAEPParameterSpec`](https://docs.oracle.com/javase/9/docs/api/javax/crypto/spec/OAEPParameterSpec.html). 145*cd0cc2e3SAndroid Build Coastguard Worker 146*cd0cc2e3SAndroid Build Coastguard Worker### AlgorithmParameters 147*cd0cc2e3SAndroid Build Coastguard Worker* `AES` 148*cd0cc2e3SAndroid Build Coastguard Worker* `ChaCha20` 149*cd0cc2e3SAndroid Build Coastguard Worker* `DESEDE` 150*cd0cc2e3SAndroid Build Coastguard Worker* `EC` 151*cd0cc2e3SAndroid Build Coastguard Worker* `GCM` 152*cd0cc2e3SAndroid Build Coastguard Worker* `OAEP` 153*cd0cc2e3SAndroid Build Coastguard Worker* `PSS` 154*cd0cc2e3SAndroid Build Coastguard Worker 155*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt's EC AlgorithmParameters implementation only supports named curves. 156*cd0cc2e3SAndroid Build Coastguard Worker 157*cd0cc2e3SAndroid Build Coastguard Worker### CertificateFactory 158*cd0cc2e3SAndroid Build Coastguard Worker* `X509` 159*cd0cc2e3SAndroid Build Coastguard Worker 160*cd0cc2e3SAndroid Build Coastguard Worker### KeyAgreement 161*cd0cc2e3SAndroid Build Coastguard Worker* `ECDH` 162*cd0cc2e3SAndroid Build Coastguard Worker 163*cd0cc2e3SAndroid Build Coastguard Worker### KeyFactory 164*cd0cc2e3SAndroid Build Coastguard Worker* `EC` 165*cd0cc2e3SAndroid Build Coastguard Worker* `RSA` 166*cd0cc2e3SAndroid Build Coastguard Worker 167*cd0cc2e3SAndroid Build Coastguard Worker### KeyGenerator 168*cd0cc2e3SAndroid Build Coastguard Worker* `AES` 169*cd0cc2e3SAndroid Build Coastguard Worker* `ARC4` 170*cd0cc2e3SAndroid Build Coastguard Worker* `ChaCha20` 171*cd0cc2e3SAndroid Build Coastguard Worker* `DESEDE` 172*cd0cc2e3SAndroid Build Coastguard Worker* `HmacMD5` 173*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA1` 174*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA224` 175*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA256` 176*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA384` 177*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA512` 178*cd0cc2e3SAndroid Build Coastguard Worker 179*cd0cc2e3SAndroid Build Coastguard Worker### KeyPairGenerator 180*cd0cc2e3SAndroid Build Coastguard Worker* `EC` 181*cd0cc2e3SAndroid Build Coastguard Worker* `RSA` 182*cd0cc2e3SAndroid Build Coastguard Worker 183*cd0cc2e3SAndroid Build Coastguard Worker### Mac 184*cd0cc2e3SAndroid Build Coastguard Worker* `HmacMD5` 185*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA1` 186*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA224` 187*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA256` 188*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA384` 189*cd0cc2e3SAndroid Build Coastguard Worker* `HmacSHA512` 190*cd0cc2e3SAndroid Build Coastguard Worker 191*cd0cc2e3SAndroid Build Coastguard Worker### MessageDigest 192*cd0cc2e3SAndroid Build Coastguard Worker* `MD5` 193*cd0cc2e3SAndroid Build Coastguard Worker* `SHA-1` 194*cd0cc2e3SAndroid Build Coastguard Worker* `SHA-224` 195*cd0cc2e3SAndroid Build Coastguard Worker* `SHA-256` 196*cd0cc2e3SAndroid Build Coastguard Worker* `SHA-384` 197*cd0cc2e3SAndroid Build Coastguard Worker* `SHA-512` 198*cd0cc2e3SAndroid Build Coastguard Worker 199*cd0cc2e3SAndroid Build Coastguard Worker### SecretKeyFactory 200*cd0cc2e3SAndroid Build Coastguard Worker* `DESEDE` 201*cd0cc2e3SAndroid Build Coastguard Worker 202*cd0cc2e3SAndroid Build Coastguard Worker### SecureRandom 203*cd0cc2e3SAndroid Build Coastguard Worker* `SHA1PRNG` 204*cd0cc2e3SAndroid Build Coastguard Worker 205*cd0cc2e3SAndroid Build Coastguard Worker### Signature 206*cd0cc2e3SAndroid Build Coastguard Worker* `MD5withRSA` 207*cd0cc2e3SAndroid Build Coastguard Worker* `NONEwithECDSA` 208*cd0cc2e3SAndroid Build Coastguard Worker* `NONEwithRSA` 209*cd0cc2e3SAndroid Build Coastguard Worker* `SHA1withRSA` 210*cd0cc2e3SAndroid Build Coastguard Worker* `SHA1withECDSA` 211*cd0cc2e3SAndroid Build Coastguard Worker* `SHA1withRSA/PSS` 212*cd0cc2e3SAndroid Build Coastguard Worker* `SHA224withRSA` 213*cd0cc2e3SAndroid Build Coastguard Worker* `SHA224withECDSA` 214*cd0cc2e3SAndroid Build Coastguard Worker* `SHA224withRSA/PSS` 215*cd0cc2e3SAndroid Build Coastguard Worker* `SHA256withRSA` 216*cd0cc2e3SAndroid Build Coastguard Worker* `SHA256withECDSA` 217*cd0cc2e3SAndroid Build Coastguard Worker* `SHA256withRSA/PSS` 218*cd0cc2e3SAndroid Build Coastguard Worker* `SHA384withRSA` 219*cd0cc2e3SAndroid Build Coastguard Worker* `SHA384withECDSA` 220*cd0cc2e3SAndroid Build Coastguard Worker* `SHA384withRSA/PSS` 221*cd0cc2e3SAndroid Build Coastguard Worker* `SHA512withRSA` 222*cd0cc2e3SAndroid Build Coastguard Worker* `SHA512withECDSA` 223*cd0cc2e3SAndroid Build Coastguard Worker* `SHA512withRSA/PSS` 224*cd0cc2e3SAndroid Build Coastguard Worker 225*cd0cc2e3SAndroid Build Coastguard Worker### Elliptic Curves 226*cd0cc2e3SAndroid Build Coastguard Worker 227*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt supports the following curves in EC crypto operations (such as ECDSA signatures) and TLS: 228*cd0cc2e3SAndroid Build Coastguard Worker 229*cd0cc2e3SAndroid Build Coastguard Worker| Curve | EC Crypto | TLS | 230*cd0cc2e3SAndroid Build Coastguard Worker| ----- | :-------: | :---: | 231*cd0cc2e3SAndroid Build Coastguard Worker| secp224r1 | X | | 232*cd0cc2e3SAndroid Build Coastguard Worker| prime256v1<br/>(aka secp256r1) | X | X | 233*cd0cc2e3SAndroid Build Coastguard Worker| secp384r1 | X | X | 234*cd0cc2e3SAndroid Build Coastguard Worker| secp521r1 | X | | 235*cd0cc2e3SAndroid Build Coastguard Worker| x25519 | | X | 236