适用于 TLS 的 FIPS 140-2 模式密码套件
密码套件十六进制代码 | 密码套件名称 |
[0xc024] | ECDHE-ECDSA-AES256-SHA384 |
[0xc02c] | ECDHE-ECDSA-AES256-GCM-SHA384 |
[0xc014] | ECDHE-RSA-AES256-SHA |
[0xc028] | ECDHE-RSA-AES256-SHA384 |
[0xc030] | ECDHE-RSA-AES256-GCM-SHA384 |
[0xc026] | ECDH-ECDSA-AES256-SHA384 |
[0xc02e] | ECDH-ECDSA-AES256-GCM-SHA384 |
[0xc02a] | ECDH-RSA-AES256-SHA384 |
[0xc032] | ECDH-RSA-AES256-GCM-SHA384 |
[0x3d] | AES256-SHA256 |
[0x9d] | AES256-GCM-SHA384 |
[0xc023] | ECDHE-ECDSA-AES128-SHA256 |
[0xc02b] | ECDHE-ECDSA-AES128-GCM-SHA256 |
[0xc027] | ECDHE-RSA-AES128-SHA256 |
[0xc02f] | ECDHE-RSA-AES128-GCM-SHA256 |
[0xc013] | ECDHE-RSA-AES128-SHA |
[0xc025] | ECDH-ECDSA-AES128-SHA256 |
[0xc02d] | ECDH-ECDSA-AES128-GCM-SHA256 |
[0xc029] | ECDH-RSA-AES128-SHA256 |
[0xc031] | ECDH-RSA-AES128-GCM-SHA256 |
[0x3c] | AES128-SHA256 |
[0x9c] | AES128-GCM-SHA256 |
[0x35] | AES256-SHA |
[0x2f] | AES128-SHA |
密码套件十六进制代码 | 密码套件名称 |
[0xc024] | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
[0xc02c] | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
[0xc014] | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
[0xc028] | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
[0xc030] | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
[0xc026] | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
[0xc02e] | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
[0xc02a] | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
[0xc032] | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
[0x3d] | TLS_RSA_WITH_AES_256_CBC_SHA256 |
[0x9d] | TLS_RSA_WITH_AES_256_GCM_SHA384 |
[0xc023] | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
[0xc02b] | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
[0xc027] | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
[0xc02f] | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
[0xc013] | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
[0xc025] | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
[0xc02d] | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
[0xc029] | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
[0xc031] | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
[0x3c] | TLS_RSA_WITH_AES_128_CBC_SHA256 |
[0x9c] | TLS_RSA_WITH_AES_128_GCM_SHA256 |
[0x35] | TLS_RSA_WITH_AES_256_CBC_SHA |
[0x2f] | TLS_RSA_WITH_AES_128_CBC_SHA |
[0xc00e] | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
[0xc009] | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
[0xc004] | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
[0xc005] | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
[0xc00f] | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
[0xc00a] | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
密码套件十六进制代码 | 密码套件名称 |
[0xc024] | ecdhe_ecdsa,aes_256_cbc,sha384,sha384 |
[0xc014] | ecdhe_rsa,aes_256_cbc,sha |
[0xc028] | ecdhe_rsa,aes_256_cbc,sha384,sha384 |
[0xc026] | ecdh_ecdsa,aes_256_cbc,sha384,sha384 |
[0xc02a] | ecdh_rsa,aes_256_cbc,sha384,sha384 |
[0x3d] | rsa,aes_256_cbc,sha256 |
[0xc023] | ecdhe_ecdsa,aes_128_cbc,sha256,sha256 |
[0xc027] | ecdhe_rsa,aes_128_cbc,sha256,sha256 |
[0xc02f] | ecdhe_rsa,aes_128_gcm,null,sha256 |
[0xc013] | ecdhe_rsa,aes_128_cbc,sha |
[0xc025] | ecdh_ecdsa,aes_128_cbc,sha256,sha256 |
[0xc029] | ecdh_rsa,aes_128_cbc,sha256,sha256 |
[0x3c] | rsa,aes_128_cbc,sha256 |
[0x35] | rsa,aes_256_cbc,sha |
[0x2f] | rsa,aes_128_cbc,sha |
密码套件十六进制代码 | 密码套件名称 |
[0xc02c] | security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384 |
[0xc014] | security.ssl3.ecdhe_rsa_aes_256_sha |
[0xc030] | security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 |
[0xc02b] | security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 |
[0xc02f] | security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 |
[0xc013] | security.ssl3.ecdhe_rsa_aes_128_sha |
[0x35] | security.ssl3.rsa_aes_256_sha |
[0x2f] | security.ssl3.rsa_aes_128_sha |
[0xcc14] | security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256 |
[0xcc13] | security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256 |
算法 |
SHA256WITHRSA |
SHA384WITHRSA |
SHA512WITHRSA |
SHA256WITHECDSA |
SHA384WITHECDSA |
SHA512WITHECDSA |
SHA1WITHDSA* |
SHA1WITHECDSA* |
SHA1WITHRSA* |
* 在装置证书上不支持 SHA1 算法,但允许在外部服务器或管理的设备证书上使用该算法。在尝试切换模式之前,必须重新创建并重新导入任何此类 SHA1 装置证书。
算法 |
RSA:2048 |
RSA:3072 |
RSA:4096 |
RSA:1024 * |
ECDSA:256 |
ECDSA:384 |
ECDSA:521 |
DSA:1024 * |
ECDH:384 |
ECDH:256 |
ECDH:521 |
DH:2048 |
DH:3072 |
ECCDH:256 |
ECCDH:384 |
ECCDH:521 |
ECMQV:256 |
ECMQV:384 |
ECMQV:521 |
EC:256 |
EC:384 |
EC:521 |
ECC:256 |
ECC:384 |
ECC:521 |
EC:192 * |
* 在 FIPS 140-2 规范的旧使用条款下,允许将这些算法用于外部服务器或受管设备证书,但不得用于装置证书。