Conscrypt is relatively selective in choosing the set of primitives to provide, focusing on the most important and widely-used algorithms. Following is a list of JCA algorithm names and other identifiers that are supported by Conscrypt.
SSLv3
(ignored)TLSv1
TLSv1.1
TLSv1.2
TLSv1.3
Conscrypt supports TLS v1.0-1.3. For backwards compatibility it will accept
SSLv3
in calls to methods like
setEnabledProtocols()
but will ignore it.
Default
SSL
TLS
TLSv1
TLSv1.1
TLSv1.2
TLSv1.3
Conscrypt provides the above set of SSLContext algorithm names for JSSE
purposes, including the special value Default
, which is used to determine the
value of
SSLContext.getDefault()
.
The Default
, SSL
, TLS
, and TLSv1.3
values return a context where TLS
v1.0-1.3 are all enabled; the others return a context with TLS v1.0-1.2 enabled.
- TLS 1.0-1.2
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS 1.3
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
The above cipher suites are enabled by default when the associated version of
the protocol is enabled. The TLS 1.3 cipher suites cannot be customized; they
are always enabled when TLS 1.3 is enabled, and any attempt to disable them via
a call to
setEnabledCipherSuites()
is ignored.
- TLS 1.0-1.2
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_256_CBC_SHA
The above cipher suites are supported, but not enabled by default. TLS 1.3 cipher suites cannot be customized, so there are no cipher suites that are supported but not enabled.
AES/CBC/NoPadding
AES/CBC/PKCS5Padding
AES/CTR/NoPadding
AES/ECB/NoPadding
AES/ECB/PKCS5Padding
AES with 128, 192, or 256-bit keys.
AES/GCM/NoPadding
AES/GCM with 128 or 256-bit keys.
AES_128/CBC/NoPadding
AES_128/CBC/PKCS5Padding
AES_128/ECB/NoPadding
AES_128/ECB/PKCS5Padding
AES_128/GCM/NoPadding
AES_256/CBC/NoPadding
AES_256/CBC/PKCS5Padding
AES_256/ECB/NoPadding
AES_256/ECB/PKCS5Padding
AES_256/GCM/NoPadding
Key-restricted versions of the AES ciphers.
ARC4
The RC4 stream cipher.
ChaCha20/NONE/NoPadding
ChaCha20/Poly1305/NoPadding
ChaCha with 20 rounds, 96-bit nonce, and 32-bit counter as described in RFC 7539, either with or without a Poly1305 AEAD authenticator.
DESEDE/CBC/NoPadding
DESEDE/CBC/PKCS5Padding
Triple DES with either two or three intermediate keys.
RSA/ECB/NoPadding
RSA/ECB/OAEPPadding
RSA/ECB/OAEPWithSHA-1AndMGF1Padding
RSA/ECB/OAEPWithSHA-224AndMGF1Padding
RSA/ECB/OAEPWithSHA-256AndMGF1Padding
RSA/ECB/OAEPWithSHA-384AndMGF1Padding
RSA/ECB/OAEPWithSHA-512AndMGF1Padding
RSA/ECB/PKCS1Padding
Conscrypt's OAEP ciphers (eg, RSA/ECB/OAEPWithSHA-256AndMGF1Padding
) use the named digest for
both the main digest and the MGF1 digest. This differs from the behavior of some other
providers, including the ones bundled with OpenJDK, which always use SHA-1 for the MGF1 digest.
For maximum compatibility, you should use RSA/ECB/OAEPPadding
and initialize it with an
OAEPParameterSpec
.
AES
ChaCha20
DESEDE
EC
GCM
OAEP
PSS
Conscrypt's EC AlgorithmParameters implementation only supports named curves.
X509
ECDH
EC
RSA
AES
ARC4
ChaCha20
DESEDE
HmacMD5
HmacSHA1
HmacSHA224
HmacSHA256
HmacSHA384
HmacSHA512
EC
RSA
HmacMD5
HmacSHA1
HmacSHA224
HmacSHA256
HmacSHA384
HmacSHA512
MD5
SHA-1
SHA-224
SHA-256
SHA-384
SHA-512
DESEDE
SHA1PRNG
MD5withRSA
NONEwithECDSA
NONEwithRSA
SHA1withRSA
SHA1withECDSA
SHA1withRSA/PSS
SHA224withRSA
SHA224withECDSA
SHA224withRSA/PSS
SHA256withRSA
SHA256withECDSA
SHA256withRSA/PSS
SHA384withRSA
SHA384withECDSA
SHA384withRSA/PSS
SHA512withRSA
SHA512withECDSA
SHA512withRSA/PSS
Conscrypt supports the following curves in EC crypto operations (such as ECDSA signatures) and TLS:
Curve | EC Crypto | TLS |
---|---|---|
secp224r1 | X | |
prime256v1 (aka secp256r1) |
X | X |
secp384r1 | X | X |
secp521r1 | X | |
x25519 | X |