in NetScaler |

Ciphersuites and their names

I was debugging on why ssllabs.com reported F sometimes on a CSVIP, but only sometimes, i knew i had to disable a certain cipher to get rid of it (POODLE vulnerability)

There is this nice list from openSSL that maps to IANA names.

https://testssl.sh/openssl-iana.mapping.html

However, 

[0xc027]ECDHE-RSA-AES128-SHA256ECDHAES128TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

is called something else in NetScaler.  I was looking for something with CBC, but thats apparently left out. so i matched on the hexcode instead.

10) Cipher Name: TLS1.2-ECDHE-RSA-AES-128-SHA256
Description: TLSv1.2 Kx=ECC-DHE Au=RSA Enc=AES(128) Mac=SHA-256 HexCode=0xc027

A list of ciphersuites names and the hexcode. (come search engine! do your work! 🙂 )

show ciphersuite
1) Cipher Name: TLS1-AES-256-CBC-SHA
Description: SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0x0035
2) Cipher Name: TLS1-AES-128-CBC-SHA
Description: SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0x002f
3) Cipher Name: TLS1.2-AES-256-SHA256
Description: TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA-256 HexCode=0x003d
4) Cipher Name: TLS1.2-AES-128-SHA256
Description: TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA-256 HexCode=0x003c
5) Cipher Name: TLS1.2-AES256-GCM-SHA384
Description: TLSv1.2 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=AEAD HexCode=0x009d
6) Cipher Name: TLS1.2-AES128-GCM-SHA256
Description: TLSv1.2 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=AEAD HexCode=0x009c
7) Cipher Name: TLS1-ECDHE-RSA-AES256-SHA
Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0xc014
8) Cipher Name: TLS1-ECDHE-RSA-AES128-SHA
Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0xc013
9) Cipher Name: TLS1.2-ECDHE-RSA-AES-256-SHA384
Description: TLSv1.2 Kx=ECC-DHE Au=RSA Enc=AES(256) Mac=SHA-384 HexCode=0xc028
10) Cipher Name: TLS1.2-ECDHE-RSA-AES-128-SHA256
Description: TLSv1.2 Kx=ECC-DHE Au=RSA Enc=AES(128) Mac=SHA-256 HexCode=0xc027
11) Cipher Name: TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
Description: TLSv1.2 Kx=ECC-DHE Au=RSA Enc=AES-GCM(256) Mac=AEAD HexCode=0xc030
12) Cipher Name: TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
Description: TLSv1.2 Kx=ECC-DHE Au=RSA Enc=AES-GCM(128) Mac=AEAD HexCode=0xc02f
13) Cipher Name: TLS1-ECDHE-ECDSA-AES256-SHA
Description: SSLv3 Kx=ECC-DHE Au=ECDSA Enc=AES(256) Mac=SHA1 HexCode=0xc00a
14) Cipher Name: TLS1-ECDHE-ECDSA-AES128-SHA
Description: SSLv3 Kx=ECC-DHE Au=ECDSA Enc=AES(128) Mac=SHA1 HexCode=0xc009
15) Cipher Name: TLS1.2-ECDHE-ECDSA-AES256-SHA384
Description: TLSv1.2 Kx=ECC-DHE Au=ECDSA Enc=AES(256) Mac=SHA-384 HexCode=0xc024
16) Cipher Name: TLS1.2-ECDHE-ECDSA-AES128-SHA256
Description: TLSv1.2 Kx=ECC-DHE Au=ECDSA Enc=AES(128) Mac=SHA-256 HexCode=0xc023
17) Cipher Name: TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384
Description: TLSv1.2 Kx=ECC-DHE Au=ECDSA Enc=AES-GCM(256) Mac=AEAD HexCode=0xc02c
18) Cipher Name: TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256
Description: TLSv1.2 Kx=ECC-DHE Au=ECDSA Enc=AES-GCM(128) Mac=AEAD HexCode=0xc02b
19) Cipher Name: TLS1.2-DHE-RSA-AES-256-SHA256
Description: TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA-256 HexCode=0x006b
20) Cipher Name: TLS1.2-DHE-RSA-AES-128-SHA256
Description: TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA-256 HexCode=0x0067
21) Cipher Name: TLS1.2-DHE-RSA-AES256-GCM-SHA384
Description: TLSv1.2 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=AEAD HexCode=0x009f
22) Cipher Name: TLS1.2-DHE-RSA-AES128-GCM-SHA256
Description: TLSv1.2 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=AEAD HexCode=0x009e
23) Cipher Name: TLS1-DHE-RSA-AES-256-CBC-SHA
Description: SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0x0039
24) Cipher Name: TLS1-DHE-RSA-AES-128-CBC-SHA
Description: SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0x0033
25) Cipher Name: TLS1-DHE-DSS-AES-256-CBC-SHA
Description: SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 HexCode=0x0038
26) Cipher Name: TLS1-DHE-DSS-AES-128-CBC-SHA
Description: SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 HexCode=0x0032
27) Cipher Name: TLS1-ECDHE-RSA-DES-CBC3-SHA
Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0xc012
28) Cipher Name: TLS1-ECDHE-ECDSA-DES-CBC3-SHA
Description: SSLv3 Kx=ECC-DHE Au=ECDSA Enc=3DES(168) Mac=SHA1 HexCode=0xc008
29) Cipher Name: SSL3-EDH-RSA-DES-CBC3-SHA
Description: SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0x0016
30) Cipher Name: SSL3-EDH-DSS-DES-CBC3-SHA
Description: SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 HexCode=0x0013
31) Cipher Name: TLS1-ECDHE-RSA-RC4-SHA
Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=RC4(128) Mac=SHA1 HexCode=0xc011
32) Cipher Name: TLS1-ECDHE-ECDSA-RC4-SHA
Description: SSLv3 Kx=ECC-DHE Au=ECDSA Enc=RC4(128) Mac=SHA1 HexCode=0xc007
33) Cipher Name: TLS1-DHE-DSS-RC4-SHA
Description: SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1 HexCode=0x0066
34) Cipher Name: SSL3-DES-CBC3-SHA
Description: SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0x000a
35) Cipher Name: SSL3-RC4-SHA
Description: SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 HexCode=0x0005
36) Cipher Name: SSL3-RC4-MD5
Description: SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 HexCode=0x0004
37) Cipher Name: SSL3-DES-CBC-SHA
Description: SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 HexCode=0x0009
38) Cipher Name: TLS1-EXP1024-RC4-SHA
Description: TLSv1 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 Export HexCode=0x0064
39) Cipher Name: SSL3-EXP-RC4-MD5
Description: SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 Export HexCode=0x0003
40) Cipher Name: SSL3-EXP-DES-CBC-SHA
Description: SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 Export HexCode=0x0008
41) Cipher Name: SSL3-EXP-RC2-CBC-MD5
Description: SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 Export HexCode=0x0006
42) Cipher Name: SSL2-RC4-MD5
Description: SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 HexCode=0x010080
43) Cipher Name: SSL2-DES-CBC3-MD5
Description: SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 HexCode=0x0700c0
44) Cipher Name: SSL2-RC2-CBC-MD5
Description: SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 HexCode=0x030080
45) Cipher Name: SSL2-DES-CBC-MD5
Description: SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 HexCode=0x060040
46) Cipher Name: SSL2-RC4-64-MD5
Description: SSLv2 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5 HexCode=0x080080
47) Cipher Name: SSL2-EXP-RC4-MD5
Description: SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 Export HexCode=0x020080
48) Cipher Name: SSL3-EDH-DSS-DES-CBC-SHA
Description: SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 HexCode=0x0012
49) Cipher Name: TLS1-EXP1024-DHE-DSS-DES-CBC-SHA
Description: TLSv1 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 Export HexCode=0x0063
50) Cipher Name: TLS1-EXP1024-DHE-DSS-RC4-SHA
Description: TLSv1 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 Export HexCode=0x0065
51) Cipher Name: SSL3-EXP-EDH-DSS-DES-CBC-SHA
Description: SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 Export HexCode=0x0011
52) Cipher Name: SSL3-EDH-RSA-DES-CBC-SHA
Description: SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 HexCode=0x0015
53) Cipher Name: SSL3-EXP-EDH-RSA-DES-CBC-SHA
Description: SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 Export HexCode=0x0014
54) Cipher Name: TLS1-EXP1024-RC4-MD5
Description: TLSv1 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 Export HexCode=0x0060
55) Cipher Name: TLS1-EXP1024-RC2-CBC-MD5
Description: TLSv1 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 Export HexCode=0x0061
56) Cipher Name: SSL2-EXP-RC2-CBC-MD5
Description: SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 Export HexCode=0x040080
57) Cipher Name: SSL3-ADH-RC4-MD5
Description: SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5 HexCode=0x0018
58) Cipher Name: SSL3-ADH-DES-CBC3-SHA
Description: SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1 HexCode=0x001b
59) Cipher Name: SSL3-ADH-DES-CBC-SHA
Description: SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1 HexCode=0x001a
60) Cipher Name: TLS1-ADH-AES-128-CBC-SHA
Description: SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 HexCode=0x0034
61) Cipher Name: TLS1-ADH-AES-256-CBC-SHA
Description: SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 HexCode=0x003a
62) Cipher Name: SSL3-EXP-ADH-RC4-MD5
Description: SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 Export HexCode=0x0017
63) Cipher Name: SSL3-EXP-ADH-DES-CBC-SHA
Description: SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 Export HexCode=0x0019
64) Cipher Name: SSL3-NULL-MD5
Description: SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5 HexCode=0x0001
65) Cipher Name: SSL3-NULL-SHA
Description: SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1 HexCode=0x0002
66) Cipher Name: TLS1.3-AES256-GCM-SHA384
Description: TLSv1.3 Kx=any Au=any Enc=AES-GCM(256) Mac=AEAD HexCode=0x1302
67) Cipher Name: TLS1.2-DHE-RSA-CHACHA20-POLY1305
Description: TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD HexCode=0xccaa
68) Cipher Name: TLS1.2-ECDHE-RSA-CHACHA20-POLY1305
Description: TLSv1.2 Kx=ECC-DHE Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD HexCode=0xcca8
69) Cipher Name: TLS1.2-ECDHE-ECDSA-CHACHA20-POLY1305
Description: TLSv1.2 Kx=ECC-DHE Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD HexCode=0xcca9
70) Cipher Name: TLS1.3-CHACHA20-POLY1305-SHA256
Description: TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD HexCode=0x1303
71) Cipher Name: TLS1.3-AES128-GCM-SHA256
Description: TLSv1.3 Kx=any Au=any Enc=AES-GCM(128) Mac=AEAD HexCode=0x1301
Done

NetScaler consultant that has been rocking since version 6.0, lots of work done with web technology, routing, DevOps, coding, reverse engineering - that kinda of guy. Always up for a "i dont think this is possible in NetScaler" challenge. Currently working at Conecto A/S

Published

What do you think?

Comment