JSSE Oracle Provider Preference of TLS Cipher Suites

Perference Order Value Description
1 0xC0,0x24 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
2 0xC0,0x28 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
3 0x00,0x3D TLS_RSA_WITH_AES_256_CBC_SHA256
4 0xC0,0x26 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
5 0xC0,0x2A TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
6 0x00,0x6B TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
7 0x00,0x6A TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
8 0xC0,0x0A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
9 0xC0,0x14 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
10 0x00,0x35 TLS_RSA_WITH_AES_256_CBC_SHA
11 0xC0,0x05 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
12 0xC0,0x0F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
13 0x00,0x39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
14 0x00,0x38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
15 0xC0,0x23 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
16 0xC0,0x27 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
17 0x00,0x3C TLS_RSA_WITH_AES_128_CBC_SHA256
18 0xC0,0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
19 0xC0,0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
20 0x00,0x67 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
21 0x00,0x40 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
22 0xC0,0x09 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
23 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
24 0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA
25 0xC0,0x04 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
26 0xC0,0x0E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
27 0x00,0x33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
28 0x00,0x32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
29 0xC0,0x07 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
30 0xC0,0x11 TLS_ECDHE_RSA_WITH_RC4_128_SHA
31 0x00,0x05 SSL_RSA_WITH_RC4_128_SHA
32 0xC0,0x02 TLS_ECDH_ECDSA_WITH_RC4_128_SHA
33 0xC0,0x0C TLS_ECDH_RSA_WITH_RC4_128_SHA
34 0xC0,0x08 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
35 0xC0,0x12 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
36 0x00,0x0A SSL_RSA_WITH_3DES_EDE_CBC_SHA
37 0xC0,0x03 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
38 0xC0,0x0D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
39 0x00,0x16 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
40 0x00,0x13 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
41 0x00,0x04 SSL_RSA_WITH_RC4_128_MD5
42 0x00,0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV [1]

Note that the data was from the Java SE doc of SunJSSE provider.

[1] TLS_EMPTY_RENEGOTIATION_INFO_SCSV means that secure TLS renegotiation [RFC 5746] is supported.

Popular posts from this blog

Java™ SE 7 Release Security Enhancements - Weak Cryptography Control

JEP 114: TLS SNI Extension - Virtual Servers Dispatcher