Table 1.1.1 GnuTLS 2.8.6 Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version	GnuTLS Cipher Suite Name
1	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_NULL_MD5
2	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_EXPORT_ARCFOUR_40_MD5
3	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_ARCFOUR_MD5
4	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_ARCFOUR_SHA1
5	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_3DES_EDE_CBC_SHA1
6	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_DSS_3DES_EDE_CBC_SHA1
7	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_RSA_3DES_EDE_CBC_SHA1
8	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_ANON_DH_ARCFOUR_MD5
9	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_ANON_DH_3DES_EDE_CBC_SHA1
10	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_AES_128_CBC_SHA1
11	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_DSS_AES_128_CBC_SHA1
12	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_RSA_AES_128_CBC_SHA1
13	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_ANON_DH_AES_128_CBC_SHA1
14	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_AES_256_CBC_SHA1
15	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_DSS_AES_256_CBC_SHA1
16	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_RSA_AES_256_CBC_SHA1
17	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_ANON_DH_AES_256_CBC_SHA1
18	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_CAMELLIA_128_CBC_SHA1
19	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1
20	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1
21	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_ANON_DH_CAMELLIA_128_CBC_SHA1
22	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_DSS_ARCFOUR_SHA1
23	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_RSA_CAMELLIA_256_CBC_SHA1
24	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1
25	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1
26	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0\|TLS 1.1	TLS_ANON_DH_CAMELLIA_256_CBC_SHA1
27	TLS_PSK_WITH_RC4_128_SHA	0x008A	TLS 1.0\|TLS 1.1	TLS_PSK_SHA_ARCFOUR_SHA1
28	TLS_PSK_WITH_3DES_EDE_CBC_SHA	0x008B	TLS 1.0\|TLS 1.1	TLS_PSK_SHA_3DES_EDE_CBC_SHA1
29	TLS_PSK_WITH_AES_128_CBC_SHA	0x008C	TLS 1.0\|TLS 1.1	TLS_PSK_SHA_AES_128_CBC_SHA1
30	TLS_PSK_WITH_AES_256_CBC_SHA	0x008D	TLS 1.0\|TLS 1.1	TLS_PSK_SHA_AES_256_CBC_SHA1
31	TLS_DHE_PSK_WITH_RC4_128_SHA	0x008E	TLS 1.0\|TLS 1.1	TLS_DHE_PSK_SHA_ARCFOUR_SHA1
32	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA	0x008F	TLS 1.0\|TLS 1.1	TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1
33	TLS_DHE_PSK_WITH_AES_128_CBC_SHA	0x0090	TLS 1.0\|TLS 1.1	TLS_DHE_PSK_SHA_AES_128_CBC_SHA1
34	TLS_DHE_PSK_WITH_AES_256_CBC_SHA	0x0091	TLS 1.0\|TLS 1.1	TLS_DHE_PSK_SHA_AES_256_CBC_SHA1
35	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA	0xC01A	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_3DES_EDE_CBC_SHA1
36	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	0xC01B	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1
37	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	0xC01C	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1
38	TLS_SRP_SHA_WITH_AES_128_CBC_SHA	0xC01D	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_AES_128_CBC_SHA1
39	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	0xC01E	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_RSA_AES_128_CBC_SHA1
40	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	0xC01F	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_DSS_AES_128_CBC_SHA1
41	TLS_SRP_SHA_WITH_AES_256_CBC_SHA	0xC020	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_AES_256_CBC_SHA1
42	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0xC021	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_RSA_AES_256_CBC_SHA1
43	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0xC022	TLS 1.0\|TLS 1.1	TLS_SRP_SHA_DSS_AES_256_CBC_SHA1

No.	Keyword	Quick Info
1	3DES-CBC	3DES cipher
2	AES-128-CBC	AES 128-bit cipher
3	AES-256-CBC	AES 256-bit cipher
4	ARCFOUR-40	RC4 export 40-bit cipher
5	ARCFOUR-128	RC4 128-bit
6	CAMELLIA-128-CBC	Camellia 128-bit cipher
7	CAMELLIA-256-CBC	Camellia 256-bit cipher
8	ANON-DH	Anonymous DH
9	DHE-DSS	DSS authenticated DHE key exchange
10	DHE-RSA	RSA authenticated DHE key exchange
11	RSA	RSA authentication and key exchange
12	RSA-EXPORT	RSA-EXPORT authentication and key exchange
13	SRP	SRP authentication
14	SRP-DSS	SRP-DSS authentication
15	SRP-RSA	SRP-RSA authentication
16	MD5	MD5 MAC
17	SHA1	SHA1 MAC
18	COMP-DEFLATE	Deflate compression
19	COMP-NULL	NULL compression
20	COMP-LZO	LZO compression(experimental)
21	VERS-SSL3.0	SSL 3.0
22	VERS-TLS1.0	TLS 1.0
23	VERS-TLS1.1	TLS 1.1
24	%COMPAT	Disable MAC padding to assure compatibility with some broken clients
25	%SSL3_RECORD_VERSION	use SSL3.0 record version in Client Hello
26	CTYPE-OPENPGP	Certificate type OpenPGP(can be used to add the OpenPGP certificate type extension to a Client Hello)
27	CTYPE-X.509	Certificate type X.509

Table 1.1.4 GnuTLS 2.8.6 cipher suites(and the priority categories under the respective cipher suite can be found)

No.	Cipher Suite	Hex Value	SSL/TLS Version	GnuTLS priority
1	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0\|TLS 1.1	?
2	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT
3	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
4	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
5	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
6	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
7	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
8	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE128:+ANON-DH
9	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE128:+ANON-DH
10	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
11	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
12	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
13	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE128:+ANON-DH
14	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
15	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
16	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
17	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE256:+ANON-DH
18	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
19	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
20	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
21	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE128:+ANON-DH
22	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
23	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
24	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
25	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
26	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE256:+ANON-DH
27	TLS_PSK_WITH_RC4_128_SHA	0x008A	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
28	TLS_PSK_WITH_3DES_EDE_CBC_SHA	0x008B	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
29	TLS_PSK_WITH_AES_128_CBC_SHA	0x008C	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
30	TLS_PSK_WITH_AES_256_CBC_SHA	0x008D	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
31	TLS_DHE_PSK_WITH_RC4_128_SHA	0x008E	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
32	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA	0x008F	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
33	TLS_DHE_PSK_WITH_AES_128_CBC_SHA	0x0090	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
34	TLS_DHE_PSK_WITH_AES_256_CBC_SHA	0x0091	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
35	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA	0xC01A	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
36	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	0xC01B	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
37	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	0xC01C	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
38	TLS_SRP_SHA_WITH_AES_128_CBC_SHA	0xC01D	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
39	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	0xC01E	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
40	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	0xC01F	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
41	TLS_SRP_SHA_WITH_AES_256_CBC_SHA	0xC020	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
42	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0xC021	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
43	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0xC022	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256

Table 1.1.5 GnuTLS 2.8.6 cipher suites(and a combination of values to enable the respective cipher suite under priority)

No.	Cipher Suite	Hex Value	SSL/TLS Version	GnuTLS priority
1	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0\|TLS 1.1	?
2	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-40:+RSA-EXPORT:+MD5:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
3	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:+MD5:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
4	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
5	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+3DES-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
6	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+3DES-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
7	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+3DES-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
8	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:+ANON-DH:+MD5:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
9	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+3DES-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
10	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
11	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
12	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
13	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
14	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
15	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-256-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
16	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
17	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-256-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
18	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-128-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
19	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-128-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
20	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-128-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
21	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-128-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
22	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
23	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-256-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
24	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-256-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
25	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-256-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
26	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-256-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
27	TLS_PSK_WITH_RC4_128_SHA	0x008A	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+ARCFOUR-128:+PSK:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
28	TLS_PSK_WITH_3DES_EDE_CBC_SHA	0x008B	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+3DES-CBC:+PSK:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
29	TLS_PSK_WITH_AES_128_CBC_SHA	0x008C	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:+PSK:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
30	TLS_PSK_WITH_AES_256_CBC_SHA	0x008D	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-CBC:+PSK:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
31	TLS_DHE_PSK_WITH_RC4_128_SHA	0x008E	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+ARCFOUR-128:+DHE-PSK:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
32	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA	0x008F	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+3DES-CBC:+DHE-PSK:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
33	TLS_DHE_PSK_WITH_AES_128_CBC_SHA	0x0090	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:+DHE-PSK:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
34	TLS_DHE_PSK_WITH_AES_256_CBC_SHA	0x0091	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-CBC:+DHE-PSK:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
35	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA	0xC01A	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+3DES-CBC:+SRP:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
36	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	0xC01B	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+3DES-CBC:+SRP-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
37	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	0xC01C	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+3DES-CBC:+SRP-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
38	TLS_SRP_SHA_WITH_AES_128_CBC_SHA	0xC01D	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:+SRP:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
39	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	0xC01E	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:+SRP-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
40	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	0xC01F	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:+SRP-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
41	TLS_SRP_SHA_WITH_AES_256_CBC_SHA	0xC020	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-CBC:+SRP:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
42	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0xC021	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-CBC:+SRP-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO
43	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0xC022	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-CBC:+SRP-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE:+COMP-LZO

No.	Keyword	Quick Info
1	3DES-CBC	3DES cipher
2	AES-128-CBC	AES 128-bit cipher
3	AES-256-CBC	AES 256-bit cipher
4	ARCFOUR-40	RC4 export 40-bit cipher
5	ARCFOUR-128	RC4 128-bit
6	CAMELLIA-128-CBC	Camellia 128-bit cipher
7	CAMELLIA-256-CBC	Camellia 256-bit cipher
8	ANON-DH	Anonymous DH
9	DHE-DSS	DSS authenticated DHE key exchange
10	DHE-RSA	RSA authenticated DHE key exchange
11	RSA	RSA authentication and key exchange
12	RSA-EXPORT	RSA-EXPORT authentication and key exchange
13	SRP	SRP authentication
14	SRP-DSS	SRP-DSS authentication
15	SRP-RSA	SRP-RSA authentication
16	MD5	MD5 MAC
17	SHA1	SHA1 MAC
18	COMP-DEFLATE	Deflate compression
19	COMP-NULL	NULL compression
20	VERS-SSL3.0	SSL 3.0
21	VERS-TLS1.0	TLS 1.0
22	VERS-TLS1.1	TLS 1.1
23	%COMPAT	Disable MAC padding to assure compatibility with some broken clients
25	CTYPE-OPENPGP	Certificate type OpenPGP(sometimes you may need to add this to the GnuTLSPriorities directive)
26	CTYPE-X.509	Certificate type X.509

Table 1.2.3 mod_gnutls 0.5.5 (GnuTLS 2.8.6 + Apache 2.2.15) cipher suites(and the categories under the respective cipher suite can be found)

No.	Cipher Suite	Hex Value	SSL/TLS Version	mod_gnutls GnuTLSPriorities
1	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT
2	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
3	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
4	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
5	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
6	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
7	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE128:+ANON-DH
8	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE128:+ANON-DH
9	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
10	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
11	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
12	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE128:+ANON-DH
13	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
14	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
15	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
16	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE256:+ANON-DH
17	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
18	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
19	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
20	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE128:+ANON-DH
21	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
22	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
23	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
24	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
25	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0\|TLS 1.1	EXPORT:+ANON-DH\|NORMAL:+ANON-DH\|PERFORMANCE:+ANON-DH\|SECURE:+ANON-DH\|SECURE256:+ANON-DH
26	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA	0xC01A	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
27	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	0xC01B	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
28	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	0xC01C	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
29	TLS_SRP_SHA_WITH_AES_128_CBC_SHA	0xC01D	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
30	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	0xC01E	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
31	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	0xC01F	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE128
32	TLS_SRP_SHA_WITH_AES_256_CBC_SHA	0xC020	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
33	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0xC021	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256
34	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0xC022	TLS 1.0\|TLS 1.1	EXPORT\|NORMAL\|PERFORMANCE\|SECURE\|SECURE256

Table 1.2.4 mod_gnutls 0.5.5 (GnuTLS 2.8.6 + Apache 2.2.15) cipher suites(and a combination of values to enable the respective cipher suite)

No.	Cipher Suite	Hex Value	SSL/TLS Version	mod_gnutls GnuTLSPriorities
1	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-40:+RSA-EXPORT:+MD5:+COMP-NULL:+COMP-DEFLATE
2	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:+MD5:+COMP-NULL:+COMP-DEFLATE
3	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
4	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+3DES-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
5	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+3DES-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE
6	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+3DES-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
7	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:+ANON-DH:+MD5:+COMP-NULL:+COMP-DEFLATE
8	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+3DES-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE
9	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
10	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE
11	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
12	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE
13	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
14	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-256-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE
15	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
16	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+AES-256-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE
17	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-128-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
18	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-128-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE
19	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-128-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
20	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-128-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE
21	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ARCFOUR-128:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE
22	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-256-CBC:+RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
23	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-256-CBC:+DHE-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE
24	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-256-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
25	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+CAMELLIA-256-CBC:+ANON-DH:+SHA1:+COMP-NULL:+COMP-DEFLATE
26	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA	0xC01A	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+3DES-CBC:+SRP:+SHA1:+COMP-NULL:+COMP-DEFLATE
27	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	0xC01B	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+3DES-CBC:+SRP-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
28	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	0xC01C	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+3DES-CBC:+SRP-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE
29	TLS_SRP_SHA_WITH_AES_128_CBC_SHA	0xC01D	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:+SRP:+SHA1:+COMP-NULL:+COMP-DEFLATE
30	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	0xC01E	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:+SRP-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
31	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	0xC01F	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:+SRP-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE
32	TLS_SRP_SHA_WITH_AES_256_CBC_SHA	0xC020	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-CBC:+SRP:+SHA1:+COMP-NULL:+COMP-DEFLATE
33	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0xC021	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-CBC:+SRP-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE
34	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0xC022	TLS 1.0\|TLS 1.1	NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-CBC:+SRP-DSS:+SHA1:+COMP-NULL:+COMP-DEFLATE

No.	Cipher Suite	Hex Value	SSL/TLS Version
1	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0
2	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0
3	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0
4	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0
5	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008	SSL 3.0\|TLS 1.0
6	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0
7	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0
8	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011	SSL 3.0\|TLS 1.0
9	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0
10	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0
11	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014	SSL 3.0\|TLS 1.0
12	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0
13	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0
14	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
15	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0
16	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
17	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0
18	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0
19	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0

No.	Cipher Suite	Hex Value	SSL/TLS Version
1	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0
2	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0
3	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0
4	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0
5	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008	SSL 3.0\|TLS 1.0
6	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0
7	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0
8	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011	SSL 3.0\|TLS 1.0
9	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0
10	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0
11	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014	SSL 3.0\|TLS 1.0
12	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0
13	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0
14	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
15	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0
16	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
17	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0
18	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0
19	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0
20	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0
21	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0
22	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0
23	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0
24	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0
25	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0
26	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0
27	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0
28	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0
29	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0
30	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0
31	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0
32	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0
33	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0
34	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0
35	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0

3. NSS(Network Security Services)
NSS 3.12.4 and NSS 3.12.5 were currently analyzed.

NSS is used by browsers(Firefox, Google Chrome), web servers(Apache with mod_nss), etc.

Usually NSS is built with support for ECC(Elliptic Curve Cryptography). However some Linux distros, like Fedora(version 12 as writing), come with support for ECC disabled by default. As a result applications that use NSS, for example the Firefox version that ships with Fedora, will not be able to use ECC cipher suites.

NSS supports the three “popular” elliptic curves(which should assure interoperability):
- secp256r1(aka NIST P-256)
- secp384r1(aka NIST P-384)
- secp521r1(aka NIST P-521)

NSS currently supports: SSL 2.0, SSL 3.0, TLS 1.0.

The current cipher suites implemented by NSS are listed within the security/source/security/nss/lib/ssl/sslenum.c file(if you have downloaded the source code). Or online at:
http://mxr.mozilla.org/security/source/security/nss/lib/ssl/sslenum.c

DHE cipher suites are not supported on the server side.

As of NSS 3.11, Fortezza based cipher suites have been deprecated.

DH 2236-bit modulus is the NSS upper limitation.
RSA 8192-bit modulus is the NSS upper limitation.

3.1. NSS 3.12.5 Cipher Suites

Table 3.1 lists the cipher suites currently supported by NSS 3.12.5. For more details about each cipher suite refer to the main tables.
Since the FORTEZZA based cipher suites were deprecated, they are not listed below.

Table 3.1 NSS 3.12.5 Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0
7	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0
8	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0
9	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0
10	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0
11	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0
12	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0
13	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0
14	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0
15	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0
16	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0
17	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0
18	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0
19	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
20	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0
21	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
22	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0
23	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0
24	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0
25	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0
26	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0
27	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0
28	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0
29	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0
30	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0
31	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0
32	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0
33	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0
34	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0
35	TLS_ECDH_ECDSA_WITH_NULL_SHA	0xC001	SSL 3.0\|TLS 1.0
36	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0
37	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0
38	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0
39	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0
40	TLS_ECDHE_ECDSA_WITH_NULL_SHA	0xC006	SSL 3.0\|TLS 1.0
41	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0
42	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0
43	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0
44	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0
45	TLS_ECDH_RSA_WITH_NULL_SHA	0xC00B	SSL 3.0\|TLS 1.0
46	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0
47	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0
48	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0
49	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0
50	TLS_ECDHE_RSA_WITH_NULL_SHA	0xC010	SSL 3.0\|TLS 1.0
51	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0
52	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0
53	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0
54	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0
55	SSL_RSA_FIPS_WITH_DES_CBC_SHA	0xFEFE	SSL 3.0\|TLS 1.0
56	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	0xFEFF	SSL 3.0\|TLS 1.0

3.2. Firefox 3.6.x Cipher Suites

Firefox 2.x, 3.x, 3.5.x and 3.6(latest 3.6.13) were analyzed. As mentioned above, due to some ECC restrictions on some Linux distros, the Firefox version shipped on those Linux distros might not support ECC cipher suites.

You can adjust the SSL/TLS settings from Options(on Windows) or Preferences(on Linux or Mac), Advanced tab, Encryption tab, from where you can enable or disable the SSL/TLS version used.

For more granular settings, type about:config in the address bar and hit enter. You will access like so the advanced settings

Table 3.2.1 lists the configuration settings names(advanced settings) that can be used to enable/disable a specific SSL/TLS version currently supported by Firefox 3.6.13. The color red means that the protocol version is disabled by default, and the color green means that the protocol version is enabled by default.

Table 3.2.1 Firefox 3.6 Protocol Settings

No.	Firefox Setting Name	Enables/Disables	Default Value
1	security.enable_ssl2	SSL 2.0	false
2	security.enable_ssl3	SSL 3.0	true
3	security.enable_tls	TLS 1.0	true

Table 3.2.2 lists the cipher suites currently supported by Firefox 3.6.13. For more details about each cipher suite or other versions of Firefox, refer to the main tables. The color red means that the cipher suite is disabled by default, and the color green means that the cipher suite is enabled by default. SSL 3.0 is gray shaded for ECC cipher suites as if you just enable SSL 3.0 in Firefox, Firefox does not add these cipher suites to its SSL 3.0 Client Hello. However, for example, in the default Firefox configuration(TLS 1.0 and SSL 3.0 enabled), if the server replies with SSL 3.0 and an ECC cipher suite, Firefox will accept this.

Table 3.2.2 Firefox 3.6.13 Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version	Firefox Setting Name	Default Value
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	security.ssl2.rc4_128	false
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	security.ssl2.rc4_40	false
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	security.ssl2.rc2_128	false
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	security.ssl2.rc2_40	false
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	security.ssl2.des_64	false
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	security.ssl2.des_ede3_192	false
7	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0	security.ssl3.rsa_null_md5	false
8	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0	security.ssl3.rsa_null_sha	false
9	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	security.ssl3.rsa_rc4_40_md5	false
10	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	security.ssl3.rsa_rc4_128_md5	true
11	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	security.ssl3.rsa_rc4_128_sha	true
12	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	security.ssl3.rsa_rc2_40_md5	false
13	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	security.ssl3.rsa_des_sha	false
14	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	security.ssl3.rsa_des_ede3_sha	true
15	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_des_sha	false
16	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_des_ede3_sha	true
17	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_des_sha	false
18	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_des_ede3_sha	true
19	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	security.ssl3.rsa_aes_128_sha	true
20	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_aes_128_sha	true
21	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_aes_128_sha	true
22	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	security.ssl3.rsa_aes_256_sha	true
23	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_aes_256_sha	true
24	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_aes_256_sha	true
25	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0	security.ssl3.rsa_camellia_128_sha	true
26	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_camellia_128_sha	true
27	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_camellia_128_sha	true
28	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	security.ssl3.rsa_1024_des_cbc_sha	false
29	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	security.ssl3.rsa_1024_rc4_56_sha	false
30	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0	security.ssl3.rsa_camellia_256_sha	true
31	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_camellia_256_sha	true
32	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_camellia_256_sha	true
33	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0	security.ssl3.rsa_seed_sha	true
34	TLS_ECDH_ECDSA_WITH_NULL_SHA	0xC001	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_ecdsa_null_sha	false
35	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_ecdsa_rc4_128_sha	true
36	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_ecdsa_des_ede3_sha	true
37	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_ecdsa_aes_128_sha	true
38	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_ecdsa_aes_256_sha	true
39	TLS_ECDHE_ECDSA_WITH_NULL_SHA	0xC006	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_ecdsa_null_sha	false
40	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_ecdsa_rc4_128_sha	true
41	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_ecdsa_des_ede3_sha	true
42	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_ecdsa_aes_128_sha	true
43	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_ecdsa_aes_256_sha	true
44	TLS_ECDH_RSA_WITH_NULL_SHA	0xC00B	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_rsa_null_sha	false
45	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_rsa_rc4_128_sha	true
46	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_rsa_des_ede3_sha	true
47	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_rsa_aes_128_sha	true
48	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0	security.ssl3.ecdh_rsa_aes_256_sha	true
49	TLS_ECDHE_RSA_WITH_NULL_SHA	0xC010	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_rsa_null_sha	false
50	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_rsa_rc4_128_sha	true
51	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_rsa_des_ede3_sha	true
52	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_rsa_aes_128_sha	true
53	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0	security.ssl3.ecdhe_rsa_aes_256_sha	true
54	SSL_RSA_FIPS_WITH_DES_CBC_SHA	0xFEFE	SSL 3.0\|TLS 1.0	security.ssl3.rsa_fips_des_sha	false
55	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	0xFEFF	SSL 3.0\|TLS 1.0	security.ssl3.rsa_fips_des_ede3_sha	true

3.3. Google Chrome 5 Beta on Linux Cipher Suites

Google Chrome 5 Beta on Ubuntu 9.1 and Debian 5.0.3 x64 were analyzed.

The SSL/TLS settings can be adjusted from Options, Under the Hood tab, Security area, for example to enable or disable a specific SSL/TLS version.

Table 3.3 lists the cipher suites currently supported by Google Chrome 5 Beta on Linux. For more details about each cipher suite, refer to the main tables. The color red means that the cipher suite is disabled by default, and the color green means that the cipher suite is enabled by default. SSL 3.0 is gray shaded for ECC cipher suites as if you just enable SSL 3.0 in Chrome, Chrome does not add these cipher suites to its SSL 3.0 Client Hello. However, for example, in the default Chrome configuration(TLS 1.0 and SSL 3.0 enabled), if the server replies with SSL 3.0 and an ECC cipher suite, Chrome will accept this.

Table 3.3 Google Chrome 5 Beta on Linux Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	disabled
2	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	disabled
3	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	disabled
4	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	enabled
5	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	enabled
6	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	enabled
7	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	enabled
8	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0	enabled
9	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	enabled
10	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0	enabled
11	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0	enabled
12	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	enabled
13	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0	enabled
14	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0	enabled
15	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0	enabled
16	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0	enabled
17	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0	enabled
18	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0	enabled
19	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0	enabled
20	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0	enabled
21	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0	enabled
22	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0	enabled
23	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0	enabled
24	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0	enabled
25	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0	enabled
26	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0	enabled
27	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0	enabled
28	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0	enabled
29	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0	enabled
30	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0	enabled
31	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0	enabled
32	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0	enabled
33	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0	enabled
34	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0	enabled
35	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0	enabled
36	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0	enabled
37	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0	enabled
38	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0	enabled
39	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	0xFEFF	SSL 3.0\|TLS 1.0	enabled

3.4. Google Chrome 9.0.x Cipher Suites
Google Chrome 9.0.597.94 was tested; running on Windows XP/Vista/7, Ubuntu 10.04(not the version from Ubuntu repository), and Mac OS X 10.5.8/10.6.6.

Table 3.4 lists the cipher suites currently supported by Google Chrome 9. For more details about each cipher suite, refer to the main tables. The color red means that the cipher suite is disabled by default, and the color green means that the cipher suite is enabled by default. SSL 3.0 is gray shaded for ECC cipher suites as if you just enable SSL 3.0 in Chrome, Chrome does not add these cipher suites to its SSL 3.0 Client Hello. However, for example, in the default Chrome configuration(TLS 1.0 and SSL 3.0 enabled), if the server replies with SSL 3.0 and an ECC cipher suite, Chrome will accept this.

Table 3.4 Google Chrome 9.0.x Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	disabled
2	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	disabled
3	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	disabled
4	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	enabled
5	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	enabled
6	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	enabled
7	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	enabled
8	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0	enabled
9	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	enabled
10	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0	enabled
11	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0	enabled
12	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	enabled
13	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0	enabled
14	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0	enabled
15	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0	enabled
16	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0	enabled
17	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0	enabled
18	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0	enabled
19	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0	enabled
20	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0	enabled
21	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0	enabled
22	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0	enabled
23	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0	enabled
24	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0	enabled
25	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0	enabled
26	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0	enabled
27	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0	enabled
28	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0	enabled
29	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0	enabled
30	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0	enabled
31	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0	enabled
32	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0	enabled
33	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0	enabled
34	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0	enabled
35	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0	enabled
36	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0	enabled
37	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0	enabled
38	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0	enabled
39	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	0xFEFF	SSL 3.0\|TLS 1.0	enabled

3.5. mod_nss 1.0.8 Cipher Suites

mod_nss (according to its web site) is an SSL provider derived from the mod_ssl module for the Apache web server that uses the NSS libraries.

mod_nss 1.0.8 was fingerprinted running on Fedora 12, Apache 2.2.14(the version shipped on Fedora) with NSS 3.12.5 + NSPR 4.8.2. Because Fedora comes without support for ECC, NSS with support for ECC was manually built and the resulted libraries were used.

mod_nss 1.0.8 comes with support for SSL 2.0 disabled by default.

mod_nss 1.0.8 comes with support for ECC disabled by default.

If compiled with support for ECC, mod_nss 1.0.8 can use in the same time a RSA and an ECC certificate, decisions on which cipher suite to be used being made based on the Client Hello message, if the client lists support for ECC cipher suites that the server supports too, ECC cipher suites will be used.

NSS always chooses the "best/strongest" cipher. You can't specify preferred order.

mod_nss does not support by default Caemellia or Seed cipher suites. You can adjust this if you modify the nss_engine_init.c file.

mod_nss does not have support for DHE cipher suites due to the NSS mentioned above server side limitation.

SSL/TLS related configuration can be done within the nss.conf file(usually found at /etc/httpd/conf.d/).

NSSNickname directive specifies the RSA server certificate to be used

NSSECCNickname directive specifies the ECC server certificate to be used.

NSSProtocol directive specifies the SSL/TLS protocol to be used. Supported values are: SSLv2, SSLv3, TLSv1, ALL.

Example:
NSSProtocol SSLv3,TLSv1.
NSSCipherSuite directive specifies the cipher suites to be used. Use + to allow a cipher suite, and – to disallow a cipher suite. Within the original nss.conf file for the ECC configuration example, there is a small typo for the -echde_rsa_null cipher suite, it should be -ecdhe_rsa_null.

Example, without ECC:
NSSProtocol SSLv3,TLSv1
NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,-fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha

The example enables:

No.	Cipher Suite	Hex Value	SSL/TLS Version
1	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0
2	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0
3	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0
4	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
5	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0

Example, with ECC:
NSSProtocol SSLv3,TLSv1
NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,-fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,-ecdh_ecdsa_rc4_128_sha,-ecdh_ecdsa_3des_sha,-ecdh_ecdsa_aes_128_sha,-ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,-ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,-ecdh_rsa_128_sha,-ecdh_rsa_3des_sha,-ecdh_rsa_aes_128_sha,-ecdh_rsa_aes_256_sha,-ecdhe_rsa_null,-ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha

The example enables(assuming both a RSA and and ECC certificate are used simultaneously):

No.	Cipher Suite	Hex Value	SSL/TLS Version
1	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0
2	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0
3	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0
4	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
5	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0
6	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0
7	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0
8	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0
9	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0
10	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0
11	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0

Table 3.5 lists the cipher suites currently supported by mod_nss 1.0.8(Apache 2.2.14) with NSS 3.12.5 and NSPR 4.8.2(source builds). Therefore, the status enabled/disabled of the cipher suites is only valid for this particular configuration. For more details about each cipher suite, refer to the main tables. The color red means that the cipher suite is disabled by default, the color green means that the cipher suite is enabled by default, the color orange means that the cipher suite was deprecated within the NSS library.

Table 3.5 mod_nss 1.0.8(Apache 2.2.14) with NSS 3.12.5 and NSPR 4.8.2 Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version	mod_nss Setting Name	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	rc4	disabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	rc4export	disabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	rc2	disabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	rc2export	disabled
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	des	disabled
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	desede3	disabled
7	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0	rsa_null_md5	disabled
8	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0	rsa_null_sha	disabled
9	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	rsa_rc4_40_md5	disabled
10	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	rsa_rc4_128_md5	enabled
11	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	rsa_rc4_128_sha	enabled
12	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	rsa_rc2_40_md5	disabled
13	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	rsa_des_sha	disabled
14	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	rsa_3des_sha	enabled
15	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	rsa_aes_128_sha	enabled
16	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	rsa_aes_256_sha	enabled
17	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	rsa_des_56_sha	disabled
18	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	rsa_rc4_56_sha	disabled
19	TLS_ECDH_ECDSA_WITH_NULL_SHA	0xC001	SSL 3.0\|TLS 1.0	ecdh_ecdsa_null_sha	disabled
20	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0	ecdh_ecdsa_rc4_128_sha	disabled
22	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0	ecdh_ecdsa_3des_sha	disabled
23	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0	ecdh_ecdsa_aes_128_sha	disabled
24	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0	ecdh_ecdsa_aes_256_sha	disabled
25	TLS_ECDHE_ECDSA_WITH_NULL_SHA	0xC006	SSL 3.0\|TLS 1.0	ecdhe_ecdsa_null_sha	disabled
26	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0	ecdhe_ecdsa_rc4_128_sha	disabled
27	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0	ecdhe_ecdsa_3des_sha	disabled
28	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0	ecdhe_ecdsa_aes_128_sha	disabled
29	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0	ecdhe_ecdsa_aes_256_sha	disabled
30	TLS_ECDH_RSA_WITH_NULL_SHA	0xC00B	SSL 3.0\|TLS 1.0	ecdh_rsa_null_sha	disabled
31	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0	ecdh_rsa_128_sha	disabled
32	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0	ecdh_rsa_3des_sha	disabled
33	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0	ecdh_rsa_aes_128_sha	disabled
34	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0	ecdh_rsa_aes_256_sha	disabled
35	TLS_ECDHE_RSA_WITH_NULL_SHA	0xC010	SSL 3.0\|TLS 1.0	echde_rsa_null	disabled
36	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0	ecdhe_rsa_rc4_128_sha	disabled
37	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0	ecdhe_rsa_3des_sha	disabled
38	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0	ecdhe_rsa_aes_128_sha	disabled
39	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0	ecdhe_rsa_aes_256_sha	disabled
40	SSL_RSA_FIPS_WITH_DES_CBC_SHA	0xFEFE	SSL 3.0\|TLS 1.0	fips_des_sha	disabled
41	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	0xFEFF	SSL 3.0\|TLS 1.0	fips_3des_sha	enabled
44	SSL_FORTEZZA_KEA_WITH_NULL_SHA	0X001C	-	fortezza_null	deprecated
42	SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA	0x001D	-	fortezza	deprecated
43	SSL_FORTEZZA_KEA_WITH_RC4_128_SHA	0x001E	-	fortezza_rc4_128_sha	deprecated

3.6 Firefox 3.6.x on Fedora 14

Table 3.6 lists the cipher suites currently supported by Firefox 3.6.13(the Firefox version shipped with Fedora) on Fedora 14. For more details about each cipher suite or other versions of Firefox, refer to the main tables. The color red means that the cipher suite is disabled by default, and the color green means that the cipher suite is enabled by default.
ECC cipher suites are not available for the Firefox version shipped with Fedora.

Table 3.6 Firefox 3.6.13 Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version	Firefox Setting Name	Default Value
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	security.ssl2.rc4_128	false
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	security.ssl2.rc4_40	false
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	security.ssl2.rc2_128	false
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	security.ssl2.rc2_40	false
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	security.ssl2.des_64	false
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	security.ssl2.des_ede3_192	false
7	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0	security.ssl3.rsa_null_md5	false
8	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0	security.ssl3.rsa_null_sha	false
9	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	security.ssl3.rsa_rc4_40_md5	false
10	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	security.ssl3.rsa_rc4_128_md5	true
11	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	security.ssl3.rsa_rc4_128_sha	true
12	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	security.ssl3.rsa_rc2_40_md5	false
13	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	security.ssl3.rsa_des_sha	false
14	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	security.ssl3.rsa_des_ede3_sha	true
15	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_des_sha	false
16	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_des_ede3_sha	true
17	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_des_sha	false
18	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_des_ede3_sha	true
19	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	security.ssl3.rsa_aes_128_sha	true
20	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_aes_128_sha	true
21	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_aes_128_sha	true
22	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	security.ssl3.rsa_aes_256_sha	true
23	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_aes_256_sha	true
24	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_aes_256_sha	true
25	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0	security.ssl3.rsa_camellia_128_sha	true
26	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_camellia_128_sha	true
27	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_camellia_128_sha	true
28	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	security.ssl3.rsa_1024_des_cbc_sha	false
29	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	security.ssl3.rsa_1024_rc4_56_sha	false
30	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0	security.ssl3.rsa_camellia_256_sha	true
31	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0	security.ssl3.dhe_dss_camellia_256_sha	true
32	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0	security.ssl3.dhe_rsa_camellia_256_sha	true
33	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0	security.ssl3.rsa_seed_sha	true
34	SSL_RSA_FIPS_WITH_DES_CBC_SHA	0xFEFE	SSL 3.0\|TLS 1.0	security.ssl3.rsa_fips_des_sha	false
35	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	0xFEFF	SSL 3.0\|TLS 1.0	security.ssl3.rsa_fips_des_ede3_sha	true

Table 4.1.1 OpenSSL 0.9.8m(source build) Cipher Strings

No.	OpenSSL String Name	Meaning
1	-ssl2	only SSL 2.0 cipher suites
2	-ssl3	only SSL 3.0 cipher suites(not including eNULL and aNULL)
3	-tls1	only TLS 1.0 cipher suites(not including eNULL and aNULL)
4	SSLv2	only SSL 2.0 cipher suites
5	SSLv3	all the SSL 3.0 or TLS 1.0 cipher suites(including eNULL and aNULL)
6	TLSv1	all the SSL 3.0 or TLS 1.0 cipher suites(including eNULL and aNULL)
7	AES	cipher suites using AES
8	CAMELLIA	cipher suites using Camellia
9	DES	cipher suites using DES
10	3DES	cipher suites using 3DES
11	IDEA	cipher suites using IDEA
12	RC2	cipher suites using RC2
13	RC4	cipher suites using RC4
14	SEED	cipher suites using SEED
15	MD5	cipher suites using MD5
16	SHA1	cipher suites using SHA1
17	SHA	cipher suites using SHA1
18	ALL	all cipher suites except the eNULL ciphers
19	COMPLEMENTOFALL	the cipher suites not enabled by ALL, currently being eNULL
20	COMPLEMENTOFDEFAULT	the cipher suites not included in DEFAULT, currently being ADH and anonymous ECDH(aNULL)
21	DEFAULT	the default cipher suites list(determined at compile time, default this is: ALL:!aNULL:!eNULL)
22	HIGH	high encryption cipher suites(key lengths larger than 128-bits, + some cipher suites with 128-bit keys)
23	MEDIUM	medium encryption cipher suites, some of the ones using 128-bit encryption
24	LOW	low encryption cipher suites, the ones using 64-bit or 56-bit encryption algorithms(excluding export cipher suites)
25	EXP	export encryption algorithms(including 40-bit and 56-bits algorithms) cipher suites
26	EXPORT	export encryption algorithms(including 40-bit and 56-bits algorithms) cipher suites
27	EXPORT40	40-bit export encryption algorithms cipher suites
28	EXPORT56	56-bit export encryption algorithms cipher suites
29	eNULL	cipher suites offering no encryption
30	NULL	cipher suites offering no encryption
31	aNULL	cipher suites offering no authentication. The anonymous DH and anonymous ECDH algorithms.
32	DSS	cipher suites using DSS authentication
33	aDSS	cipher suites using DSS authentication
34	RSA	cipher suites using RSA key exchange
35	aRSA	cipher suites using RSA authentication
36	kRSA	cipher suites using RSA key exchange
37	DH	cipher suites using DH, including anonymous DH
38	ADH	anonymous DH cipher suites
39	EDH *	cipher suites using DH, excluding anonymous DH
40	kEDH	cipher suites using ephemeral DH key agreement
41	aGOST **	cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
42	aGOST01 **	cipher suites using GOST R 34.10-2001 authentication.
43	aGOST94 **	cipher suites using GOST R 34.10-94 authentication
44	kGOST **	cipher suites using VKO 34.10 key exchange
45	GOST94 **	cipher suites using HMAC based on GOST R 34.11-94
46	GOST89MAC **	cipher suites using GOST 28147-89 MAC instead of HMAC
47	@STRENGTH	can be used at any point to sort the current cipher list in order of encryption algorithm key length

* There are some issues with this string. May be usable or not depending on how OpenSSL is compiled.
** Needs an external engine supporting GOST algorithms.

Table 4.1.2 OpenSSL 0.9.8m(source build) Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version	OpenSSL Cipher Suite String	OpenSSL Cipher String	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	RC4-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|MEDIUM\|DEFAULT	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	EXP-RC4-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	RC2-CBC-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|MEDIUM\|DEFAULT	enabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	EXP-RC2-CBC-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
5	SSL_CK_IDEA_128_CBC_WITH_MD5	0x050080	SSL 2.0	IDEA-CBC-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|IDEA\|MD5\|MEDIUM\|DEFAULT	enabled
6	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	DES-CBC-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|DES\|MD5\|LOW\|DEFAULT	enabled
7	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	DES-CBC3-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|3DES\|MD5\|HIGH\|DEFAULT	enabled
8	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0	NULL-MD5	SSLv3\|TLSv1\|RSA\|aRSA\|kRSA\|eNULL\|NULL\|MD5\|COMPLEMENTOFALL	enabled
9	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0	NULL-SHA	SSLv3\|TLSv1\|RSA\|aRSA\|kRSA\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	enabled
10	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	EXP-RC4-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
11	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	RC4-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|MEDIUM\|DEFAULT	enabled
12	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
13	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	EXP-RC2-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
14	TLS_RSA_WITH_IDEA_CBC_SHA	0x0007	SSL 3.0\|TLS 1.0	IDEA-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|IDEA\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
15	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008	SSL 3.0\|TLS 1.0	EXP-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
16	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
17	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
18	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011	SSL 3.0\|TLS 1.0	EXP-EDH-DSS-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
19	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	EDH-DSS-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
20	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	EDH-DSS-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
21	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014	SSL 3.0\|TLS 1.0	EXP-EDH-RSA-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
22	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0	EDH-RSA-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
23	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0	EDH-RSA-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
24	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017	SSL 3.0\|TLS 1.0	EXP-ADH-RC4-MD5	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|RC4\|MD5\|EXP\|EXPORT40\|COMPLEMENTOFDEFAULT	enabled
25	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0	ADH-RC4-MD5	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|RC4\|MD5\|MEDIUM\|COMPLEMENTOFDEFAULT	enabled
26	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019	SSL 3.0\|TLS 1.0	EXP-ADH-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|COMPLEMENTOFDEFAULT	enabled
27	TLS_DH_anon_WITH_DES_CBC_SHA	0x001A	SSL 3.0\|TLS 1.0	ADH-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|DES\|SHA1\|SHA\|LOW\|COMPLEMENTOFDEFAULT	enabled
28	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0	ADH-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|3DES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
29	TLS_KRB5_WITH_DES_CBC_SHA	0x001E	SSL 3.0\|TLS 1.0	KRB5-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|DES\|SHA1\|SHA\|LOW\|DEFAULT	disabled
30	TLS_KRB5_WITH_3DES_EDE_CBC_SHA	0x001F	SSL 3.0\|TLS 1.0	KRB5-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
31	TLS_KRB5_WITH_RC4_128_SHA	0x0020	SSL 3.0\|TLS 1.0	KRB5-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	disabled
32	TLS_KRB5_WITH_IDEA_CBC_SHA	0x0021	SSL 3.0\|TLS 1.0	KRB5-IDEA-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|IDEA\|SHA1\|SHA\|MEDIUM\|DEFAULT	disabled
33	TLS_KRB5_WITH_DES_CBC_MD5	0x0022	SSL 3.0\|TLS 1.0	KRB5-DES-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|DES\|MD5\|LOW\|DEFAULT	disabled
34	TLS_KRB5_WITH_3DES_EDE_CBC_MD5	0x0023	SSL 3.0\|TLS 1.0	KRB5-DES-CBC3-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|3DES\|MD5\|HIGH\|DEFAULT	disabled
35	TLS_KRB5_WITH_RC4_128_MD5	0x0024	SSL 3.0\|TLS 1.0	KRB5-RC4-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC4\|MD5\|MEDIUM\|DEFAULT	disabled
36	TLS_KRB5_WITH_IDEA_CBC_MD5	0x0025	SSL 3.0\|TLS 1.0	KRB5-IDEA-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|IDEA\|MD5\|MEDIUM\|DEFAULT	disabled
37	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA	0x0026	SSL 3.0\|TLS 1.0	EXP-KRB5-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	disabled
38	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA	0x0027	SSL 3.0\|TLS 1.0	EXP-KRB5-RC2-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC2\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	disabled
39	TLS_KRB5_EXPORT_WITH_RC4_40_SHA	0x0028	SSL 3.0\|TLS 1.0	EXP-KRB5-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC4\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	disabled
40	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5	0x0029	SSL 3.0\|TLS 1.0	EXP-KRB5-DES-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|DES\|MD5\|EXP\|EXPORT40\|DEFAULT	disabled
41	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5	0x002A	SSL 3.0\|TLS 1.0	EXP-KRB5-RC2-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC2\|MD5\|EXP\|EXPORT40\|DEFAULT	disabled
42	TLS_KRB5_EXPORT_WITH_RC4_40_MD5	0x002B	SSL 3.0\|TLS 1.0	EXP-KRB5-RC4-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC4\|MD5\|EXP\|EXPORT40\|DEFAULT	disabled
43	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
44	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0	DHE-DSS-AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
45	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0	DHE-RSA-AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
46	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0	ADH-AES128-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|AES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
47	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
48	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0	DHE-DSS-AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
49	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0	DHE-RSA-AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
50	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0	ADH-AES256-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|AES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
51	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0	CAMELLIA128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|CAMELLIA\|SHA1\|SHA \|HIGH\|DEFAULT	disabled
52	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0	DHE-DSS-CAMELLIA128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
53	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0	DHE-RSA-CAMELLIA128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
54	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0	ADH-CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|CAMELLIA\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
55	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	EXP1024-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
56	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	EXP1024-DHE-DSS-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
57	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	EXP1024-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
58	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x0065	SSL 3.0\|TLS 1.0	EXP1024-DHE-DSS-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|RC4\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
59	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0	DHE-DSS-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|kEDH\|DH\|EDH*\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	disabled
60	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0	CAMELLIA256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
61	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0	DHE-DSS-CAMELLIA256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
62	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0	DHE-RSA-CAMELLIA256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
63	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0	ADH-CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|CAMELLIA\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
64	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0	SEED-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|SEED\|SHA1\|SHA\|MEDIUM	disabled
65	TLS_DHE_DSS_WITH_SEED_CBC_SHA	0x0099	SSL 3.0\|TLS 1.0	DHE-DSS-SEED-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|SEED\|SHA1\|SHA\|MEDIUM	disabled
66	TLS_DHE_RSA_WITH_SEED_CBC_SHA	0x009A	SSL 3.0\|TLS 1.0	DHE-RSA-SEED-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|SEED\|SHA1\|SHA\|MEDIUM	disabled
67	TLS_DH_anon_WITH_SEED_CBC_SHA	0x009B	SSL 3.0\|TLS 1.0	ADH-SEED-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|SEED\|SHA1\|SHA\|MEDIUM\|COMPLEMENTOFDEFAULT	disabled
68	TLS_ECDH_ECDSA_WITH_NULL_SHA	0xC001	SSL 3.0\|TLS 1.0	ECDH-ECDSA-NULL-SHA	-	enabled
69	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0	ECDH-ECDSA-RC4-SHA	-	enabled
70	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0	ECDH-ECDSA-DES-CBC3-SHA	-	enabled
71	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0	ECDH-ECDSA-AES128-SHA	-	enabled
72	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0	ECDH-ECDSA-AES256-SHA	-	enabled
73	TLS_ECDHE_ECDSA_WITH_NULL_SHA	0xC006	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-NULL-SHA	-	enabled
74	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-RC4-SHA	-	enabled
75	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-DES-CBC3-SHA	-	enabled
76	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-AES128-SHA	-	enabled
77	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-AES256-SHA	-	enabled
78	TLS_ECDH_RSA_WITH_NULL_SHA	0xC00B	SSL 3.0\|TLS 1.0	ECDH-RSA-NULL-SHA	aRSA	unusable
79	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0	ECDH-RSA-RC4-SHA	aRSA	unusable
80	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0	ECDH-RSA-DES-CBC3-SHA	aRSA	unusable
81	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0	ECDH-RSA-AES128-SHA	aRSA	unusable
82	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0	ECDH-RSA-AES256-SHA	aRSA	unusable
83	TLS_ECDHE_RSA_WITH_NULL_SHA	0xC010	SSL 3.0\|TLS 1.0	ECDHE-RSA-NULL-SHA	aRSA	enabled
84	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0	ECDHE-RSA-RC4-SHA	aRSA	enabled
85	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0	ECDHE-RSA-DES-CBC3-SHA	aRSA	enabled
86	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0	ECDHE-RSA-AES128-SHA	aRSA	enabled
87	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0	ECDHE-RSA-AES256-SHA	aRSA	enabled
88	TLS_ECDH_anon_WITH_NULL_SHA	0xC015	SSL 3.0\|TLS 1.0	AECDH-NULL-SHA	aNULL\|COMPLEMENTOFDEFAULT	enabled
89	TLS_ECDH_anon_WITH_RC4_128_SHA	0xC016	SSL 3.0\|TLS 1.0	AECDH-RC4-SHA	aNULL\|COMPLEMENTOFDEFAULT	enabled
90	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA	0xC017	SSL 3.0\|TLS 1.0	AECDH-DES-CBC3-SHA	aNULL\|COMPLEMENTOFDEFAULT	enabled
91	TLS_ECDH_anon_WITH_AES_128_CBC_SHA	0xC018	SSL 3.0\|TLS 1.0	AECDH-AES128-SHA	aNULL\|COMPLEMENTOFDEFAULT	enabled
92	TLS_ECDH_anon_WITH_AES_256_CBC_SHA	0xC019	SSL 3.0\|TLS 1.0	AECDH-AES256-SHA	aNULL\|COMPLEMENTOFDEFAULT	enabled

* There are some issues with this string. May be usable or not depending on how OpenSSL is compiled.

Table 4.2.3 OpenSSL 1.0.0(source build) Cipher Strings

No.	Open String Name	Meaning
1	-ssl2	only SSL 2.0 cipher suites
2	-ssl3	only SSL 3.0 cipher suites(not including eNULL and aNULL)
3	-tls1	only TLS 1.0 cipher suites(not including eNULL and aNULL)
4	SSLv2	only SSL 2.0 cipher suites
5	SSLv3	all the SSL 3.0 or TLS 1.0 cipher suites(including eNULL and aNULL)
6	TLSv1	all the SSL 3.0 or TLS 1.0 cipher suites(including eNULL and aNULL)
7	AES	cipher suites using AES
8	AES128	cipher suites using AES 128-bit
9	AES256	cipher suites using AES 256-bit
10	CAMELLIA	cipher suites using Camellia
11	CAMELLIA128	cipher suites using Camellia 128-bit
12	CAMELLIA256	cipher suites using Camellia 256-bit
13	DES	cipher suites using DES
14	3DES	cipher suites using 3DES
15	IDEA	cipher suites using IDEA
16	RC2	cipher suites using RC2
17	RC4	cipher suites using RC4
18	SEED	cipher suites using SEED
19	MD5	cipher suites using MD5
20	SHA1	cipher suites using SHA1
21	SHA	cipher suites using SHA1
22	ALL	all cipher suites except the eNULL ciphers
23	COMPLEMENTOFALL	the cipher suites not enabled by ALL, currently being eNULL
24	COMPLEMENTOFDEFAULT	the cipher suites not included in DEFAULT, currently being ADH and AECDH(aNULL).
25	DEFAULT	the default cipher suites list(determined at compile time, default this is: ALL:!aNULL:!eNULL)
26	HIGH	high encryption cipher suites(key lengths larger than 128-bits, + some cipher suites with 128-bit keys)
27	MEDIUM	medium encryption cipher suites, some of the ones using 128-bit encryption
28	LOW	low encryption cipher suites, the ones using 64-bit or 56-bit encryption algorithms(excluding export cipher suites)
29	EXP	export encryption algorithms(including 40-bit and 56-bits algorithms) cipher suites
30	EXPORT	export encryption algorithms(including 40-bit and 56-bits algorithms) cipher suites
31	EXPORT40	40-bit export encryption algorithms cipher suites
32	EXPORT56	56-bit export encryption algorithms cipher suites
33	eNULL	cipher suites offering no encryption
34	NULL	cipher suites offering no encryption
35	aNULL	cipher suites offering no authentication. The anonymous DH and anonymous ECDH algorithms(ADH and AECDH).
36	DSS	cipher suites using DSS authentication
37	aDSS	cipher suites using DSS authentication
38	RSA	cipher suites using RSA key exchange
39	aRSA	cipher suites using RSA authentication
40	kRSA	cipher suites using RSA key exchange
41	DH	cipher suites using DH, including anonymous DH
42	ADH	anonymous DH cipher suites
43	EDH	cipher suites using DH, excluding anonymous DH
44	kEDH	cipher suites using ephemeral DH key agreement
45	ECDH	ECDH cert or ephemeral ECDH
46	aECDH	ECDH cert
47	AECDH	anonymous ECDH
48	EECDH	non-anonymous ephemeral ECDH
49	kECDH	ECDH cert (signed with either RSA or ECDSA)
50	kECDHe	ECDH cert, signed with ECDSA
51	kECDHr	ECDH cert, signed with RSA
52	kEECDH	ephemeral ECDH
53	ECDSA	ECDSA cert
54	aECDSA	ECDSA cert
55	PSK	PSK authentication
56	aGOST	cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
57	aGOST01	cipher suites using GOST R 34.10-2001 authentication.
58	aGOST94	cipher suites using GOST R 34.10-94 authentication
59	kGOST	cipher suites using VKO 34.10 key exchange
60	GOST94	cipher suites using HMAC based on GOST R 34.11-94
62	GOST89MAC	cipher suites using GOST 28147-89 MAC instead of HMAC
63	@STRENGTH	can be used at any point to sort the current cipher list in order of encryption algorithm key length

Table 4.2.4 OpenSSL 1.0.0(source build) Cipher Suites

No.	Cipher Suite	Hex Value	SSL/TLS Version	OpenSSL Cipher Suite String	OpenSSL Cipher String	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	RC4-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|MEDIUM	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	EXP-RC4-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|EXP\|EXPORT40	enabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	RC2-CBC-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|MEDIUM	enabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	EXP-RC2-CBC-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|EXP\|EXPORT40	enabled
5	SSL_CK_IDEA_128_CBC_WITH_MD5	0x050080	SSL 2.0	IDEA-CBC-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|IDEA\|MD5\|MEDIUM	enabled
6	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	DES-CBC-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|DES\|MD5\|LOW	enabled
7	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	DES-CBC3-MD5	-ssl2\|SSLv2\|ALL\|RSA\|aRSA\|kRSA\|3DES\|MD5\|HIGH	enabled
8	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0	NULL-MD5	SSLv3\|TLSv1\|RSA\|aRSA\|kRSA\|MD5\|eNULL\|NULL\|COMPLEMENTOFALL	enabled
9	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0	NULL-SHA	SSLv3\|TLSv1\|RSA\|aRSA\|kRSA\|SHA1\|eNULL\|NULL\|COMPLEMENTOFALL	enabled
10	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	EXP-RC4-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
11	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	RC4-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|MEDIUM\|DEFAULT	enabled
12	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
13	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	EXP-RC2-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
14	TLS_RSA_WITH_IDEA_CBC_SHA	0x0007	SSL 3.0\|TLS 1.0	IDEA-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|IDEA\|SHA1\|SHA\|MEDIUMDEFAULT	enabled
15	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008	SSL 3.0\|TLS 1.0	EXP-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|EXP\|EXPORT40 \|DEFAULT	enabled
16	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
17	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
18	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011	SSL 3.0\|TLS 1.0	EXP-EDH-DSS-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
19	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	EDH-DSS-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
20	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	EDH-DSS-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
21	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014	SSL 3.0\|TLS 1.0	EXP-EDH-RSA-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
22	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0	EDH-RSA-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
23	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0	EDH-RSA-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
24	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017	SSL 3.0\|TLS 1.0	EXP-ADH-RC4-MD5	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|RC4\|MD5\|EXP\|EXPORT40\|COMPLEMENTOFDEFAULT	enabled
25	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0	ADH-RC4-MD5	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|RC4\|MD5\|MEDIUM\|COMPLEMENTOFDEFAULT	enabled
26	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019	SSL 3.0\|TLS 1.0	EXP-ADH-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|COMPLEMENTOFDEFAULT	enabled
27	TLS_DH_anon_WITH_DES_CBC_SHA	0x001A	SSL 3.0\|TLS 1.0	ADH-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|DES\|SHA1\|SHA\|LOW\|COMPLEMENTOFDEFAULT	enabled
28	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0	ADH-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|3DES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
29	TLS_KRB5_WITH_DES_CBC_SHA	0x001E	SSL 3.0\|TLS 1.0	KRB5-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|DES\|SHA1\|SHA\|LOW\|DEFAULT	disabled
30	TLS_KRB5_WITH_3DES_EDE_CBC_SHA	0x001F	SSL 3.0\|TLS 1.0	KRB5-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
31	TLS_KRB5_WITH_RC4_128_SHA	0x0020	SSL 3.0\|TLS 1.0	KRB5-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	disabled
32	TLS_KRB5_WITH_IDEA_CBC_SHA	0x0021	SSL 3.0\|TLS 1.0	KRB5-IDEA-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|IDEA\|SHA1\|SHA\|MEDIUM\|DEFAULT	disabled
33	TLS_KRB5_WITH_DES_CBC_MD5	0x0022	SSL 3.0\|TLS 1.0	KRB5-DES-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|DES\|MD5\|LOW\|DEFAULT	disabled
34	TLS_KRB5_WITH_3DES_EDE_CBC_MD5	0x0023	SSL 3.0\|TLS 1.0	KRB5-DES-CBC3-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|3DES\|MD5\|HIGH\|DEFAULT	disabled
35	TLS_KRB5_WITH_RC4_128_MD5	0x0024	SSL 3.0\|TLS 1.0	KRB5-RC4-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC4\|MD5\|MEDIUM\|DEFAULT	disabled
36	TLS_KRB5_WITH_IDEA_CBC_MD5	0x0025	SSL 3.0\|TLS 1.0	KRB5-IDEA-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|IDEA\|MD5\|MEDIUM\|DEFAULT	disabled
37	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA	0x0026	SSL 3.0\|TLS 1.0	EXP-KRB5-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	disabled
38	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA	0x0027	SSL 3.0\|TLS 1.0	EXP-KRB5-RC2-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC2\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	disabled
39	TLS_KRB5_EXPORT_WITH_RC4_40_SHA	0x0028	SSL 3.0\|TLS 1.0	EXP-KRB5-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC4\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	disabled
40	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5	0x0029	SSL 3.0\|TLS 1.0	EXP-KRB5-DES-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|DES\|MD5\|EXP\|EXPORT40\|DEFAULT	disabled
41	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5	0x002A	SSL 3.0\|TLS 1.0	EXP-KRB5-RC2-CBC-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC2\|MD5\|EXP\|EXPORT40\|DEFAULT	disabled
42	TLS_KRB5_EXPORT_WITH_RC4_40_MD5	0x002B	SSL 3.0\|TLS 1.0	EXP-KRB5-RC4-MD5	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|KRB5\|RC4\|MD5\|EXP\|EXPORT40\|DEFAULT	disabled
43	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|AES\|AES128 \|SHA1\|SHA\|HIGH\|DEFAULT	enabled
44	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0	DHE-DSS-AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
45	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0	DHE-RSA-AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|AES\|AES128\|SHA1\|HIGH\|DEFAULT	enabled
46	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0	ADH-AES128-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|AES\|AES128\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
47	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
48	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0	DHE-DSS-AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
49	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0	DHE-RSA-AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
50	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0	ADH-AES256-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|AES\|AES256\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
51	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0	CAMELLIA128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|CAMELLIA\|CAMELLIA128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
52	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0	DHE-DSS-CAMELLIA128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|CAMELLIA\|CAMELLIA128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
53	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0	DHE-RSA-CAMELLIA128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|CAMELLIA\|CAMELLIA128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
54	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0	ADH-CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|CAMELLIA\|CAMELLIA128\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
55	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	EXP1024-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
56	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	EXP1024-DHE-DSS-DES-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|kEDH\|DH\|DES\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
57	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	EXP1024-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
58	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x0065	SSL 3.0\|TLS 1.0	EXP1024-DHE-DSS-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|RC4\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
59	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0	DHE-DSS-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	disabled
60	TLS_GOSTR341094_WITH_28147_CNT_IMIT	0x0080	SSL 3.0\|TLS 1.0	GOST94-GOST89-GOST89	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aGOST\|aGOST94\|kGOST\|GOST89MAC\|HIGH	disabled
61	TLS_GOSTR341001_WITH_28147_CNT_IMIT	0x0081	SSL 3.0\|TLS 1.0	GOST2001-GOST89-GOST89	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aGOST\|aGOST01\|kGOST\|GOST89MAC\|HIGH	disabled
62	TLS_GOSTR341094_WITH_NULL_GOSTR3411	0x0082	SSL 3.0\|TLS 1.0	GOST94-NULL-GOST94	SSLv3\|TLSv1\|aGOST\|aGOST94\|kGOST\|eNULL\|NULL\|GOST94\|COMPLEMENTOFALL	disabled
63	TLS_GOSTR341001_WITH_NULL_GOSTR3411	0x0083	SSL 3.0\|TLS 1.0	GOST2001-NULL-GOST94	SSLv3\|TLSv1\|aGOST\|aGOST01\|kGOST\|eNULL\|NULL\|GOST94\|COMPLEMENTOFALL	disabled
64	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0	CAMELLIA256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|CAMELLIA\|CAMELLIA256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
65	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0	DHE-DSS-CAMELLIA256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|CAMELLIA\|CAMELLIA256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
66	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0	DHE-RSA-CAMELLIA256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|CAMELLIA\|CAMELLIA256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
67	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0	ADH-CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|CAMELLIA\|CAMELLIA256\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
68	TLS_PSK_WITH_RC4_128_SHA	0x008A	SSL 3.0\|TLS 1.0	PSK-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|PSK\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
69	TLS_PSK_WITH_3DES_EDE_CBC_SHA	0x008B	SSL 3.0\|TLS 1.0	PSK-3DES-EDE-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|PSK\|3DES\|SHA1\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
70	TLS_PSK_WITH_AES_128_CBC_SHA	0x008C	SSL 3.0\|TLS 1.0	PSK-AES128-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|PSK\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
71	TLS_PSK_WITH_AES_256_CBC_SHA	0x008D	SSL 3.0\|TLS 1.0	PSK-AES256-CBC-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|PSK\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
72	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0	SEED-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|SEED\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
73	TLS_DHE_DSS_WITH_SEED_CBC_SHA	0x0099	SSL 3.0\|TLS 1.0	DHE-DSS-SEED-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|SEED\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
74	TLS_DHE_RSA_WITH_SEED_CBC_SHA	0x009A	SSL 3.0\|TLS 1.0	DHE-RSA-SEED-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|SEED\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
75	TLS_DH_anon_WITH_SEED_CBC_SHA	0x009B	SSL 3.0\|TLS 1.0	ADH-SEED-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|SEED\|SHA1\|SHA\|MEDIUM\|COMPLEMENTOFDEFAULT	enabled
76	TLS_ECDH_ECDSA_WITH_NULL_SHA	0xC001	SSL 3.0\|TLS 1.0	ECDH-ECDSA-NULL-SHA	SSLv3\|TLSv1\|aECDH\|ECDH\|kECDH\|kECDHe\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	enabled
77	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0	ECDH-ECDSA-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHe\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
78	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0	ECDH-ECDSA-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHe\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
79	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0	ECDH-ECDSA-AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHe\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
80	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0	ECDH-ECDSA-AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHe\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
81	TLS_ECDHE_ECDSA_WITH_NULL_SHA	0xC006	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-NULL-SHA	SSLv3\|TLSv1\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	enabled
82	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
83	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
84	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
85	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
86	TLS_ECDH_RSA_WITH_NULL_SHA	0xC00B	SSL 3.0\|TLS 1.0	ECDH-RSA-NULL-SHA	SSLv3\|TLSv1\|aECDH\|ECDH\|kECDH\|kECDHr\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	enabled
87	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0	ECDH-RSA-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|KECDHr\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
88	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0	ECDH-RSA-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHr\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
89	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0	ECDH-RSA-AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHr\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
90	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0	ECDH-RSA-AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHr\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
91	TLS_ECDHE_RSA_WITH_NULL_SHA	0xC010	SSL 3.0\|TLS 1.0	ECDHE-RSA-NULL-SHA	SSLv3\|TLSv1\|aRSA\|ECDH\|EECDH\|kEECDH\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	enabled
92	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0	ECDHE-RSA-RC4-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|ECDH\|EECDH\|kEECDH\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
93	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0	ECDHE-RSA-DES-CBC3-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|ECDH\|EECDH\|kEECDH\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
94	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0	ECDHE-RSA-AES128-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|ECDH\|EECDH\|kEECDH\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
95	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0	ECDHE-RSA-AES256-SHA	-ssl3\|-tls1\|SSLv3\|TLSv1\|ALL\|aRSA\|ECDH\|EECDH\|kEECDH\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
96	TLS_ECDH_anon_WITH_NULL_SHA	0xC015	SSL 3.0\|TLS 1.0	AECDH-NULL-SHA	SSLv3\|TLSv1\|AECDH\|ECDH\|kEECDH\|aNULL\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	enabled
97	TLS_ECDH_anon_WITH_RC4_128_SHA	0xC016	SSL 3.0\|TLS 1.0	AECDH-RC4-SHA	SSLv3\|TLSv1\|ALL\|AECDH\|ECDH\|kEECDH\|aNULL\|RC4\|SHA1\|SHA\|MEDIUM\|COMPLEMENTOFDEFAULT	enabled
98	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA	0xC017	SSL 3.0\|TLS 1.0	AECDH-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|AECDH\|ECDH\|kEECDH\|aNULL\|3DES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
99	TLS_ECDH_anon_WITH_AES_128_CBC_SHA	0xC018	SSL 3.0\|TLS 1.0	AECDH-AES128-SHA	SSLv3\|TLSv1\|ALL\|AECDH\|ECDH\|kEECDH\|aNULL\|AES\|AES128\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
100	TLS_ECDH_anon_WITH_AES_256_CBC_SHA	0xC019	SSL 3.0\|TLS 1.0	AECDH-AES256-SHA	SSLv3\|TLSv1\|ALL\|AECDH\|ECDH\|kEECDH\|aNULL\|AES\|AES256\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled

4.3. mod_ssl (Apache 2.2.15 + OpenSSL 0.9.8m) Cipher Suites

mod_ssl became part of the Apache HTTP Server with the release of the Apache 2 web server.

Can use in the same time a RSA and a DSA certificate.

For the DHE exchanges, by default a 1024-bit modulus is used.

SSLCertificateFile directive points to the PEM encoded server certificate.

SSLCertificateKeyFile directive can be used to point at the key file if the key is not combined with the certificate.

Example, both a RSA and a DSA certificate are used in the same time:

SSLCertificateFile "/usr/local/apache2/conf/rsa_server.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/rsa_server.key"

SSLCertificateFile "/usr/local/apache2/conf/dsa_server.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/dsa_server.key"

Table 4.3.1 lists the general mod_ssl aliases that can be used with the SSLCipherSuite directive.

SSLProtocol directive can be used to control the SSL protocol flavors. Acceptable values are: all, SSLv2, SSLv3, TLSv1.
Normally you don’t really need to use this, unless you want to disable just SSL 3.0 or just TLS 1.0.

Example 1:
SSLCipherSuite AES+kEDH+aRSA

Enables(not necessarily in the preferred order(it relates to the way the cipher suites were listed by the client), TLS 1.0 is used by default):

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
2	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0

Example 2:
SSLCipherSuite DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA:AES128-SHA

Enables(not necessarily in the preferred order(it relates to the way the cipher suites were listed by the client), TLS 1.0 is used by default):

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
2	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
3	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0
4	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0

Example 3:
SSLCipherSuite HIGH:!ADH:!SSLv2

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0
2	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0
3	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0
4	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0
5	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
6	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
7	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0
8	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0
9	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0

Example 4:
SSLProtocol all -SSLv3
SSLCipherSuite aRSA+AES

Note: Normally there aren’t any AES cipher suites under SSL 2.0, so there aren’t such cipher suites under the aRSA+AES cipher suites list(so we don’t have to add a !SSLv2 under the SSLCipherSuite directive too).
Enables(not necessarily in the preferred order(it relates to the way the cipher suites were listed by the client), only TLS 1.0 is allowed):

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0
2	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	TLS 1.0
3	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0
4	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	TLS 1.0

Table 4.3.2 lists the cipher suites supported by mod_ssl, Apache 2.2.15 + OpenSSL 0.9.8m were analyzed, both built from source. Therefore, the status enabled/disabled of the cipher suites is only relevant for this particular configuration. Note that a RSA and a DSA certificate were used in the same time.
The default configuration on Apache 2.2.15 is(according to the httpd-ssl.conf file):
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
Which in case of a default source built of OpenSSL 0.9.m is somehow misleading. Note that the eNULL cipher suites are not enabled by this configuration.

No.	mod_ssl category Alias	Meaning
1	SSLv2	only SSL 2.0 cipher suites
2	SSLv3	all the SSL 3.0 or TLS 1.0 cipher suites(including eNULL and aNULL)
3	TLSv1	all the SSL 3.0 or TLS 1.0 cipher suites(including eNULL and aNULL)
4	AES	cipher suites using AES
5	CAMELLIA	cipher suites using Camellia
6	DES	cipher suites using DES
7	3DES	cipher suites using 3DES
8	IDEA	cipher suites using IDEA
9	RC2	cipher suites using RC2
10	RC4	cipher suites using RC4
11	SEED	cipher suites using SEED
12	MD5	cipher suites using MD5
13	SHA1	cipher suites using SHA1
14	SHA	cipher suites using SHA1
15	ALL	all cipher suites except the eNULL ciphers
16	COMPLEMENTOFALL	the cipher suites not enabled by ALL, currently being eNULL
17	COMPLEMENTOFDEFAULT	the cipher suites not included in DEFAULT, currently being ADH(or aNULL)
18	DEFAULT	the default cipher suites list(determined at OpenSSL compile time, default this is: ALL:!aNULL:!eNULL)
19	HIGH	high encryption cipher suites(key lengths larger than 128-bits, + some cipher suites with 128-bit keys)
20	MEDIUM	medium encryption cipher suites, some of the ones using 128-bit encryption
21	LOW	low encryption cipher suites, the ones using 64-bit or 56-bit encryption algorithms(excluding export cipher suites)
22	EXP	export encryption algorithms(including 40-bit and 56-bits algorithms) cipher suites
23	EXPORT	export encryption algorithms(including 40-bit and 56-bits algorithms) cipher suites
24	EXPORT40	40-bit export encryption algorithms cipher suites
25	EXPORT56	56-bit export encryption algorithms cipher suites
26	eNULL	cipher suites offering no encryption
27	NULL	cipher suites offering no encryption
28	aNULL	cipher suites offering no authentication. The anonymous DH algorithms(ADH).
29	DSS	cipher suites using DSS authentication
30	aDSS	cipher suites using DSS authentication
31	RSA	cipher suites using RSA key exchange
32	aRSA	cipher suites using RSA authentication
33	kRSA	cipher suites using RSA key exchange
34	DH	cipher suites using DH, including anonymous DH
35	ADH	anonymous DH cipher suites
36	EDH *	cipher suites using DH, excluding anonymous DH
37	kEDH	cipher suites using ephemeral DH key agreement

Table 4.3.2 mod_ssl Apache 2.2.15(source build) + OpenSSL 0.9.8m(source build) Cipher Suites and Aliases usable with the SSLCipherSuite Directive

No.	Cipher Suite	Hex Value	SSL/TLS Version	mod_ssl Cipher Suite Aliases	mod_ssl category Aliases	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	RC4-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|MEDIUM\|DEFAULT	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	EXP-RC4-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	RC2-CBC-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|MEDIUM\|DEFAULT	enabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	EXP-RC2-CBC-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
5	SSL_CK_IDEA_128_CBC_WITH_MD5	0x050080	SSL 2.0	IDEA-CBC-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|IDEA\|MD5\|MEDIUM\|DEFAULT	enabled
6	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	DES-CBC-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|DES\|MD5\|LOW\|DEFAULT	enabled
7	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	DES-CBC3-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|3DES\|MD5\|HIGH\|DEFAULT	enabled
8	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0	NULL-MD5	SSLv3\|TLSv1\|RSA\|aRSA\|kRSA\|eNULL\|NULL\|MD5\|COMPLEMENTOFALL	disabled
9	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0	NULL-SHA	SSLv3\|TLSv1\|RSA\|aRSA\|kRSA\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	disabled
10	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	EXP-RC4-MD5	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
11	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	RC4-MD5	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|MEDIUM\|DEFAULT	enabled
12	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	RC4-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
13	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	EXP-RC2-CBC-MD5	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
14	TLS_RSA_WITH_IDEA_CBC_SHA	0x0007	SSL 3.0\|TLS 1.0	IDEA-CBC-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|IDEA\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
15	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008	SSL 3.0\|TLS 1.0	EXP-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
16	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
17	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
18	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011	SSL 3.0\|TLS 1.0	EXP-EDH-DSS-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
19	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	EDH-DSS-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DSS\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
20	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	EDH-DSS-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
21	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014	SSL 3.0\|TLS 1.0	EXP-EDH-RSA-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
22	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0	EDH-RSA-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
23	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0	EDH-RSA-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
24	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017	SSL 3.0\|TLS 1.0	EXP-ADH-RC4-MD5	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|RC4\|MD5\|EXP\|EXPORT40\|COMPLEMENTOFDEFAULT	disabled
25	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0	ADH-RC4-MD5	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|RC4\|MD5\|MEDIUM\|COMPLEMENTOFDEFAULT	disabled
26	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019	SSL 3.0\|TLS 1.0	EXP-ADH-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|COMPLEMENTOFDEFAULT	disabled
27	TLS_DH_anon_WITH_DES_CBC_SHA	0x001A	SSL 3.0\|TLS 1.0	ADH-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|DES\|SHA1\|SHA\|LOW\|COMPLEMENTOFDEFAULT	disabled
28	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0	ADH-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|3DES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
29	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	AES128-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
30	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0	DHE-DSS-AES128-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
31	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0	DHE-RSA-AES128-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
32	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0	ADH-AES128-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|AES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
33	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	AES256-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
34	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0	DHE-DSS-AES256-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
35	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0	DHE-RSA-AES256-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|AES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
36	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0	ADH-AES256-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|AES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
37	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0	CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|CAMELLIA\|SHA1\|SHA \|HIGH\|DEFAULT	disabled
38	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0	DHE-DSS-CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
39	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0	DHE-RSA-CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
40	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0	ADH-CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|CAMELLIA\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
41	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	EXP1024-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
42	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	EXP1024-DHE-DSS-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|DES\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
43	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	EXP1024-RC4-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
44	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x0065	SSL 3.0\|TLS 1.0	EXP1024-DHE-DSS-RC4-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|RC4\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
45	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0	DHE-DSS-RC4-SHA	SSLv3\|TLSv1\|ALL\|DSS\|kEDH\|DH\|EDH*\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	disabled
46	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0	CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
47	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0	DHE-DSS-CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
48	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0	DHE-RSA-CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|CAMELLIA\|SHA1\|SHA\|HIGH\|DEFAULT	disabled
49	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0	ADH-CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|CAMELLIA\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
50	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0	SEED-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|SEED\|SHA1\|SHA\|MEDIUM	disabled
51	TLS_DHE_DSS_WITH_SEED_CBC_SHA	0x0099	SSL 3.0\|TLS 1.0	DHE-DSS-SEED-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH*\|SEED\|SHA1\|SHA\|MEDIUM	disabled
52	TLS_DHE_RSA_WITH_SEED_CBC_SHA	0x009A	SSL 3.0\|TLS 1.0	DHE-RSA-SEED-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH*\|SEED\|SHA1\|SHA\|MEDIUM	disabled
53	TLS_DH_anon_WITH_SEED_CBC_SHA	0x009B	SSL 3.0\|TLS 1.0	ADH-SEED-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|SEED\|SHA1\|SHA\|MEDIUM\|COMPLEMENTOFDEFAULT	disabled

* There are some issues with this string. May be usable or not depending on how OpenSSL 0.9.m is compiled.

4.4. mod_ssl (Apache 2.3.5 Alpha + OpenSSL 1.0.0) Cipher Suites

mod_ssl became part of the Apache HTTP Server with the release of the Apache 2 web server.

ECC is supported with mod_ssl(Apache 2.3.5 Alpha) if built against an OpenSSL version supporting ECC(we tested with OpenSSL 1.0.0).

mod_ssl(Apache 2.3.5 Alpha) can use in the same time a RSA, a DSA certificate and an ECC certificate(this was an ECDSA signed certificate or a RSA signed one containing an ECC key).

Apache 2.3.5 Alpha mod_ssl(OpenSSL 1.0.0) supports the three “popular” elliptic curves(which should assure interoperability):
- secp256r1(aka NIST P-256)
- secp384r1(aka NIST P-384)
- secp521r1(aka NIST P-521)

For the DHE exchanges, by default a 1024-bit modulus is used.

SSLCertificateFile directive points to the PEM encoded server certificate.

SSLCertificateKeyFile directive can be used to point at the key file if the key is not combined with the certificate.

Example, both a RSA , a DSA and an ECC certificate are used in the same time:

SSLCertificateFile "/usr/local/apache2/conf/rsa_server.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/rsa_server.key"

SSLCertificateFile "/usr/local/apache2/conf/dsa_server.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/dsa_server.key"

SSLCertificateFile "/usr/local/apache2/conf/ecc_server.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/ecc_server.key"

SSLCipherSuite directive is a complex one, being used to specify the cipher suites. The values usable with this directive are similar with the cipher strings from OpenSSL.
The SSLv3 and TLS 1.0 values(aliases) are equivalent(SSLv3 = TLSv1), either of these enables both SSL 3.0 and TLS 1.0. And SSLv3 or TLSv1 enable all the SSL 3.0 or TLSv1 cipher suites, including the eNULL and aNULL ones.
You cannot really dictate the preferred cipher suite with (just) the SSLCipherSuite directive. For example say you do(in order to list in a desired order some cipher suites):
openssl ciphers AES:RC4:+AES –v
Which basically first lists the AES and RC4 cipher suites, and then moves the AES ciphers to the end of the list. If you put:
SSLCipherSuite AES:RC4:+AES
and the client lists first AES cipher suites, an AES based cipher suite will be used.
This behavior may prevent you, when using an ECDSA and a RSA certificate in the same time(to support clients that only can use RSA based cipher suites), from selecting on the server side an ECDSA based cipher suites when the client support such cipher suites, if the client lists first the RSA based ones. For example Firefox 3.6 lists first an ECDSA based cipher suite, while IE8 on Windows 7 a RSA based one with a kRSA exchange.
To use the server’s preferred cipher suite order enable the SSLHonorCipherOrder directive:
SSLHonorCipherOrder on

Table 4.4.1 lists the general mod_ssl aliases that can be used with the SSLCipherSuite directive. If a green shade is present near a string(No. column), then this string is new in Apache 2.3.5 Alpha compared to Apache 2.2.25.

Example 1:
SSLCipherSuite AES+kEDH+aRSA

Enables(not necessarily in the preferred order(it relates to the way the cipher suites were listed by the client), TLS 1.0 is used by default):

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
2	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0

Example 2:
SSLCipherSuite ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA:AES128-SHA

Enables(not necessarily in the preferred order(it relates to the way the cipher suites were listed by the client), TLS 1.0 is used by default), assuming you use a RSA certificate(signed with RSA and containing a RSA key):

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
2	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
3	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0
4	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0
5	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0
6	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0

Example 3:
SSLCipherSuite HIGH:!ADH:!AECDH:!SSLv2

Enables(not necessarily in the preferred order(it relates to the way the cipher suites were listed by the client), TLS 1.0 is used by default), assuming you use in the same time a RSA(signed with RSA and containing a RSA key) and an ECDSA certificate(signed with ECDSA and containing an ECC key):

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0
2	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0
3	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0
4	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0
5	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0
6	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0
7	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0
7	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0
9	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0
10	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0
11	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0
12	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0
13	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0
14	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0
15	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0
16	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0
17	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0
18	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0
19	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0

Example 4:
SSLProtocol all -SSLv3
SSLCipherSuite aRSA+AES

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0
2	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	TLS 1.0
3	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0
4	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	TLS 1.0

Example 5:
SSLProtocol all -SSLv3
SSLCipherSuite aECDSA+AES:aRSA+AES

Note: Normally there aren’t any AES cipher suites under SSL 2.0, so there aren’t such cipher suites under the aECDSA+AES:aRSA+AES cipher suites list(so we don’t have to add a !SSLv2 under the SSLCipherSuite directive too).
Enables(not necessarily in the preferred order(it relates to the way the cipher suites were listed by the client), only TLS 1.0 is allowed), assuming you use a RSA(signed with RSA and containing a RSA key) and an ECDSA certificate(signed with ECDSA and containing an ECC key) in the same time:

No.	Cipher Suite	Hex Value	SSL/TLS Protocol Version
1	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0
2	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	TLS 1.0
3	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0
4	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	TLS 1.0
5	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	TLS 1.0
6	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	TLS 1.0
7	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	TLS 1.0
8	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	TLS 1.0

Table 4.4.2 lists the cipher suites supported by mod_ssl, Apache 2.3.5 Alpha + OpenSSL 1.0.0 were analyzed, both built from source. Therefore, the status enabled/disabled of the cipher suites is only relevant for this particular configuration. Note that a RSA, a DSA and an ECC certificate(the ECC one was an ECDSA signed certificate or a RSA signed one containing an ECC key) were used in the same time.
The default configuration on Apache 2.3.5 Alpha is(according to the httpd-ssl.conf file):
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
Which in case of a default source built of OpenSSL 1.0.0 is somehow misleading. Note that the eNULL cipher suites are not enabled by this configuration. And that some AECDH cipher suites are enabled by default. To disable them add to the SSLCipherSuite directive the !AECDH cipher string.

Table 4.4.1 mod_ssl(Apache 2.3.5 Alpha + OpenSSL 1.0.0, both source builds) SSLCipherSuite General Aliases

No.	mod_ssl Category Alias	Meaning
1	SSLv2	only SSL 2.0 cipher suites
2	SSLv3	all the SSL 3.0 or TLS 1.0 cipher suites(including eNULL and aNULL)
3	TLSv1	all the SSL 3.0 or TLS 1.0 cipher suites(including eNULL and aNULL)
4	AES	cipher suites using AES
5	AES128	cipher suites using AES 128-bit
6	AES256	cipher suites using AES 256-bit
7	CAMELLIA	cipher suites using Camellia
8	CAMELLIA128	cipher suites using Camellia 128-bit
9	CAMELLIA256	cipher suites using Camellia 256-bit
10	DES	cipher suites using DES
11	3DES	cipher suites using 3DES
12	IDEA	cipher suites using IDEA
13	RC2	cipher suites using RC2
14	RC4	cipher suites using RC4
15	SEED	cipher suites using SEED
16	MD5	cipher suites using MD5
17	SHA1, SHA	cipher suites using SHA1
18	SHA	cipher suites using SHA1
19	ALL	all cipher suites except the eNULL ciphers
20	COMPLEMENTOFALL	the cipher suites not enabled by ALL, currently being eNULL
21	COMPLEMENTOFDEFAULT	the cipher suites not included in DEFAULT, currently being ADH and AECDH(aNULL).
22	DEFAULT	the default cipher suites list(determined at compile time, default this is: ALL:!aNULL:!eNULL)
23	HIGH	high encryption cipher suites(key lengths larger than 128-bits, + some cipher suites with 128-bit keys)
24	MEDIUM	medium encryption cipher suites, some of the ones using 128-bit encryption
25	LOW	low encryption cipher suites, the ones using 64-bit or 56-bit encryption algorithms(excluding export cipher suites)
26	EXP	export encryption algorithms(including 40-bit and 56-bits algorithms) cipher suites
27	EXPORT	export encryption algorithms(including 40-bit and 56-bits algorithms) cipher suites
28	EXPORT40	40-bit export encryption algorithms cipher suites
29	EXPORT56	56-bit export encryption algorithms cipher suites
30	eNULL	cipher suites offering no encryption
31	NULL	cipher suites offering no encryption
32	aNULL	cipher suites offering no authentication. The anonymous DH and ECDH algorithms.
33	DSS	cipher suites using DSS authentication
34	aDSS	cipher suites using DSS authentication
35	RSA	cipher suites using RSA key exchange
36	aRSA	cipher suites using RSA authentication
37	kRSA	cipher suites using RSA key exchange
38	DH	cipher suites using DH, including anonymous DH
39	ADH	anonymous DH cipher suites
40	EDH	cipher suites using DH, excluding anonymous DH
41	kEDH	cipher suites using ephemeral DH key agreement
42	ECDH	ECDH cert or ephemeral ECDH
43	aECDH	ECDH cert
44	AECDH	anonymous ECDH
45	EECDH	non-anonymous ephemeral ECDH
46	kECDH	ECDH cert (signed with either RSA or ECDSA)
47	kECDHe	ECDH cert, signed with ECDSA
48	kECDHr	ECDH cert, signed with RSA
49	kEECDH	ephemeral ECDH
50	ECDSA	ECDSA cert
51	aECDSA	ECDSA cert

Table 4.4.2 mod_ssl Apache 2.3.5 Alpha(source build) + OpenSSL 1.0.0(source build) Cipher Suites and Aliases usable with the SSLCipherSuite Directive

No.	Cipher Suite	Hex Value	SSL/TLS Version	mod_ssl Cipher Suite Alias	mod_ssl category Alias	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	RC4-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|MEDIUM	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	EXP-RC4-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|EXP\|EXPORT40	enabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	RC2-CBC-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|MEDIUM	enabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	EXP-RC2-CBC-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|EXP\|EXPORT40	enabled
5	SSL_CK_IDEA_128_CBC_WITH_MD5	0x050080	SSL 2.0	IDEA-CBC-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|IDEA\|MD5\|MEDIUM	enabled
6	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	DES-CBC-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|DES\|MD5\|LOW	enabled
7	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	DES-CBC3-MD5	SSLv2\|ALL\|RSA\|aRSA\|kRSA\|3DES\|MD5\|HIGH	enabled
8	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0	NULL-MD5	SSLv3\|TLSv1\|RSA\|aRSA\|kRSA\|MD5\|eNULL\|NULL\|COMPLEMENTOFALL	disabled
9	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0	NULL-SHA	SSLv3\|TLSv1\|RSA\|aRSA\|kRSA\|SHA1\|eNULL\|NULL\|COMPLEMENTOFALL	disabled
10	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	EXP-RC4-MD5	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
11	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	RC4-MD5	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|MD5\|MEDIUM\|DEFAULT	enabled
12	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	RC4-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
13	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	EXP-RC2-CBC-MD5	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC2\|MD5\|EXP\|EXPORT40\|DEFAULT	enabled
14	TLS_RSA_WITH_IDEA_CBC_SHA	0x0007	SSL 3.0\|TLS 1.0	IDEA-CBC-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|IDEA\|SHA1\|SHA\|MEDIUMDEFAULT	enabled
15	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008	SSL 3.0\|TLS 1.0	EXP-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|EXP\|EXPORT40 \|DEFAULT	enabled
16	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
17	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
18	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011	SSL 3.0\|TLS 1.0	EXP-EDH-DSS-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
19	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	EDH-DSS-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
20	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	EDH-DSS-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
21	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014	SSL 3.0\|TLS 1.0	EXP-EDH-RSA-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|DEFAULT	enabled
22	TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	SSL 3.0\|TLS 1.0	EDH-RSA-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|DES\|SHA1\|SHA\|LOW\|DEFAULT	enabled
23	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0	EDH-RSA-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
24	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017	SSL 3.0\|TLS 1.0	EXP-ADH-RC4-MD5	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|RC4\|MD5\|EXP\|EXPORT40\|COMPLEMENTOFDEFAULT	disabled
25	TLS_DH_anon_WITH_RC4_128_MD5	0x0018	SSL 3.0\|TLS 1.0	ADH-RC4-MD5	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|RC4\|MD5\|MEDIUM\|COMPLEMENTOFDEFAULT	disabled
26	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019	SSL 3.0\|TLS 1.0	EXP-ADH-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|DES\|SHA1\|SHA\|EXP\|EXPORT40\|COMPLEMENTOFDEFAULT	disabled
27	TLS_DH_anon_WITH_DES_CBC_SHA	0x001A	SSL 3.0\|TLS 1.0	ADH-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|DES\|SHA1\|SHA\|LOW\|COMPLEMENTOFDEFAULT	disabled
28	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0	ADH-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|3DES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
29	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0	AES128-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|AES\|AES128 \|SHA1\|SHA\|HIGH\|DEFAULT	enabled
30	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0	DHE-DSS-AES128-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
31	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0	DHE-RSA-AES128-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|AES\|AES128\|SHA1\|HIGH\|DEFAULT	enabled
32	TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034	SSL 3.0\|TLS 1.0	ADH-AES128-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|AES\|AES128\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
33	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0	AES256-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
34	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0	DHE-DSS-AES256-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
35	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0	DHE-RSA-AES256-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
36	TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A	SSL 3.0\|TLS 1.0	ADH-AES256-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|AES\|AES256\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
37	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	SSL 3.0\|TLS 1.0	CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|CAMELLIA\|CAMELLIA128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
38	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	SSL 3.0\|TLS 1.0	DHE-DSS-CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|CAMELLIA\|CAMELLIA128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
39	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	SSL 3.0\|TLS 1.0	DHE-RSA-CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|CAMELLIA\|CAMELLIA128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
40	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA	0x0046	SSL 3.0\|TLS 1.0	ADH-CAMELLIA128-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|CAMELLIA\|CAMELLIA128\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
41	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	EXP1024-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|DES\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
42	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	EXP1024-DHE-DSS-DES-CBC-SHA	SSLv3\|TLSv1\|ALL\|DSS\|kEDH\|DH\|DES\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
43	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	EXP1024-RC4-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|RC4\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
44	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x0065	SSL 3.0\|TLS 1.0	EXP1024-DHE-DSS-RC4-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|RC4\|SHA1\|SHA\|EXP\|EXPORT56\|DEFAULT	disabled
45	TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	SSL 3.0\|TLS 1.0	DHE-DSS-RC4-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	disabled
46	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	SSL 3.0\|TLS 1.0	CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|CAMELLIA\|CAMELLIA256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
47	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	SSL 3.0\|TLS 1.0	DHE-DSS-CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|CAMELLIA\|CAMELLIA256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
48	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	SSL 3.0\|TLS 1.0	DHE-RSA-CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|CAMELLIA\|CAMELLIA256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
49	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA	0x0089	SSL 3.0\|TLS 1.0	ADH-CAMELLIA256-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|CAMELLIA\|CAMELLIA256\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	disabled
50	TLS_RSA_WITH_SEED_CBC_SHA	0x0096	SSL 3.0\|TLS 1.0	SEED-SHA	SSLv3\|TLSv1\|ALL\|RSA\|aRSA\|kRSA\|SEED\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
51	TLS_DHE_DSS_WITH_SEED_CBC_SHA	0x0099	SSL 3.0\|TLS 1.0	DHE-DSS-SEED-SHA	SSLv3\|TLSv1\|ALL\|DSS\|aDSS\|kEDH\|DH\|EDH\|SEED\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
52	TLS_DHE_RSA_WITH_SEED_CBC_SHA	0x009A	SSL 3.0\|TLS 1.0	DHE-RSA-SEED-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|kEDH\|DH\|EDH\|SEED\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
53	TLS_DH_anon_WITH_SEED_CBC_SHA	0x009B	SSL 3.0\|TLS 1.0	ADH-SEED-SHA	SSLv3\|TLSv1\|ALL\|DH\|kEDH\|aDH\|aNULL\|SEED\|SHA1\|SHA\|MEDIUM\|COMPLEMENTOFDEFAULT	disabled
54	TLS_ECDH_ECDSA_WITH_NULL_SHA	0xC001	SSL 3.0\|TLS 1.0	ECDH-ECDSA-NULL-SHA	SSLv3\|TLSv1\|aECDH\|ECDH\|kECDH\|kECDHe\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	disabled
55	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002	SSL 3.0\|TLS 1.0	ECDH-ECDSA-RC4-SHA	SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHe\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
56	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003	SSL 3.0\|TLS 1.0	ECDH-ECDSA-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHe\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
57	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004	SSL 3.0\|TLS 1.0	ECDH-ECDSA-AES128-SHA	SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHe\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
58	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005	SSL 3.0\|TLS 1.0	ECDH-ECDSA-AES256-SHA	SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHe\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
59	TLS_ECDHE_ECDSA_WITH_NULL_SHA	0xC006	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-NULL-SHA	SSLv3\|TLSv1\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	disabled
60	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-RC4-SHA	SSLv3\|TLSv1\|ALL\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
61	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
62	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-AES128-SHA	SSLv3\|TLSv1\|ALL\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
63	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	SSL 3.0\|TLS 1.0	ECDHE-ECDSA-AES256-SHA	SSLv3\|TLSv1\|ALL\|aECDSA\|ECDSA\|ECDH\|EECDH\|kEECDH\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
64	TLS_ECDH_RSA_WITH_NULL_SHA	0xC00B	SSL 3.0\|TLS 1.0	ECDH-RSA-NULL-SHA	SSLv3\|TLSv1\|aECDH\|ECDH\|kECDH\|kECDHr\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	disabled
65	TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C	SSL 3.0\|TLS 1.0	ECDH-RSA-RC4-SHA	SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|KECDHr\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
66	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D	SSL 3.0\|TLS 1.0	ECDH-RSA-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHr\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
67	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E	SSL 3.0\|TLS 1.0	ECDH-RSA-AES128-SHA	SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHr\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
68	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F	SSL 3.0\|TLS 1.0	ECDH-RSA-AES256-SHA	SSLv3\|TLSv1\|ALL\|aECDH\|ECDH\|kECDH\|kECDHr\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
69	TLS_ECDHE_RSA_WITH_NULL_SHA	0xC010	SSL 3.0\|TLS 1.0	ECDHE-RSA-NULL-SHA	SSLv3\|TLSv1\|aRSA\|ECDH\|EECDH\|kEECDH\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	disabled
70	TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011	SSL 3.0\|TLS 1.0	ECDHE-RSA-RC4-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|ECDH\|EECDH\|kEECDH\|RC4\|SHA1\|SHA\|MEDIUM\|DEFAULT	enabled
71	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012	SSL 3.0\|TLS 1.0	ECDHE-RSA-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|ECDH\|EECDH\|kEECDH\|3DES\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
72	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	SSL 3.0\|TLS 1.0	ECDHE-RSA-AES128-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|ECDH\|EECDH\|kEECDH\|AES\|AES128\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
73	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	SSL 3.0\|TLS 1.0	ECDHE-RSA-AES256-SHA	SSLv3\|TLSv1\|ALL\|aRSA\|ECDH\|EECDH\|kEECDH\|AES\|AES256\|SHA1\|SHA\|HIGH\|DEFAULT	enabled
74	TLS_ECDH_anon_WITH_NULL_SHA	0xC015	SSL 3.0\|TLS 1.0	AECDH-NULL-SHA	SSLv3\|TLSv1\|AECDH\|ECDH\|kEECDH\|aNULL\|eNULL\|NULL\|SHA1\|SHA\|COMPLEMENTOFALL	disabled
75	TLS_ECDH_anon_WITH_RC4_128_SHA	0xC016	SSL 3.0\|TLS 1.0	AECDH-RC4-SHA	SSLv3\|TLSv1\|ALL\|AECDH\|ECDH\|kEECDH\|aNULL\|RC4\|SHA1\|SHA\|MEDIUM\|COMPLEMENTOFDEFAULT	enabled
76	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA	0xC017	SSL 3.0\|TLS 1.0	AECDH-DES-CBC3-SHA	SSLv3\|TLSv1\|ALL\|AECDH\|ECDH\|kEECDH\|aNULL\|3DES\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
77	TLS_ECDH_anon_WITH_AES_128_CBC_SHA	0xC018	SSL 3.0\|TLS 1.0	AECDH-AES128-SHA	SSLv3\|TLSv1\|ALL\|AECDH\|ECDH\|kEECDH\|aNULL\|AES\|AES128\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled
78	TLS_ECDH_anon_WITH_AES_256_CBC_SHA	0xC019	SSL 3.0\|TLS 1.0	AECDH-AES256-SHA	SSLv3\|TLSv1\|ALL\|AECDH\|ECDH\|kEECDH\|aNULL\|AES\|AES256\|SHA1\|SHA\|HIGH\|COMPLEMENTOFDEFAULT	enabled

5. Opera

Test

5.1 Opera 11.0x
Opera 11.01 was tested.

SSL 2.0 is not supported.
SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2 are supported and enabled by default.

Opera is a little bit tricky to fingerprint.

The RSA-SHA256 based cipher suites were successfully tested also under TLS 1.0 and TLS 1.1 against https://www.mikestoolbox.net/.
Note that Opera adds SHA256-based cipher suites to a SSL 3.0 Client Hello, which is not “normal” behavior. Not sure what happens if the server actually replies with such a cipher suite under SSL 3.0.

Could not successfully establish a TLS session with the ADH-based cipher suites, either with GnuTLS(2.10 version) or with OpenSSL 1.0.0c.

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	disabled
2	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
3	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
4	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
5	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000D	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
6	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
7	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
8	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
9	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2 ?	disabled
10	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
11	TLS_DH_DSS_WITH_AES_128_CBC_SHA	0x0030	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
12	TLS_DH_RSA_WITH_AES_128_CBC_SHA	0x0031	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
13	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
14	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
15	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
16	TLS_DH_DSS_WITH_AES_256_CBC_SHA	0x0036	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
17	TLS_DH_RSA_WITH_AES_256_CBC_SHA	0x0037	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
18	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
19	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
20	TLS_RSA_WITH_NULL_SHA256	0x003B	TLS 1.0\|TLS 1.1\|TLS 1.2 ?	disabled
21	TLS_RSA_WITH_AES_128_CBC_SHA256	0x003C	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
22	TLS_RSA_WITH_AES_256_CBC_SHA256	0x003D	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
23	TLS_DH_DSS_WITH_AES_128_CBC_SHA256	0x003E	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
24	TLS_DH_RSA_WITH_AES_128_CBC_SHA256	0x003F	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
25	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	0x0040	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
26	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256	0x0067	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
27	TLS_DH_DSS_WITH_AES_256_CBC_SHA256	0x0068	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
28	TLS_DH_RSA_WITH_AES_256_CBC_SHA256	0x0069	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
29	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	0x006A	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
30	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256	0x006B	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
31	TLS_DH_anon_WITH_AES_128_CBC_SHA256	0x006C	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2 ?	disabled
32	TLS_DH_anon_WITH_AES_256_CBC_SHA256	0x006D	(SSL 3.0)\|TLS 1.0\|TLS 1.1\|TLS 1.2 ?	disabled

No.	Cipher Suite	Hex Value	SSL/TLS Version
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0
7	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0
8	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0
9	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0
10	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0
11	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0
12	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0
13	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0
14	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0
15	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0
16	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0
17	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0
18	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0
19	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0
20	SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0
21	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	enabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	enabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	enabled
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	enabled
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	enabled
7	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	enabled
8	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	enabled
9	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	enabled
10	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	enabled
11	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	enabled
12	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	enabled
13	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	enabled
14	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	enabled
15	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0 *	disabled
16	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0 *	disabled
17	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	enabled
18	SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	enabled
19	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	enabled

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	disabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	disabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	disabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	disabled
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	disabled
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	disabled
7	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	enabled
8	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	enabled
9	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	enabled
10	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	enabled
11	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	enabled
12	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	enabled
13	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	enabled
14	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	enabled
15	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0 *	disabled
16	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0 *	disabled
17	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	enabled
18	SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	enabled
19	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	enabled

6.1.3. IE8 (Windows XP SP3 / Windows XP x64 SP2) Cipher Suites

Table 6.1.3 lists the cipher suites currently supported by IE8(NT 5.1.2600).

Note that SSL 2.0 is disabled by default within IE8.

Windows XP x64(SP2 tested) supports two AES-based cipher suites with the help of a KB patch(these two are usable under TLS 1.0 and are marked with red within Table 6.1.2).

Table 6.1.3

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	disabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	disabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	disabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	disabled
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	disabled
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	disabled
7	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	enabled
8	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	enabled
9	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	enabled
10	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	enabled
11	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	enabled
12	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	enabled
13	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	enabled
14	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	enabled
15	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0 *	disabled
16	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0 *	disabled
17	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	enabled
18	SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	enabled
19	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	enabled

* Windows XP x64 SP2 cipher suites only

6.1.4. IIS 6.0 (Windows Server 2003 R2 SP2)

Table 6.1.4 lists the cipher suites currently supported by IIS6.0(NT 5.1.2600).

Windows Server 2003(R2 SP2 tested) supports two AES-based cipher suites with the help of a KB patch(these two are usable under TLS 1.0 and are marked with red within Table 6.1.4).

Table 6.1.4

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	enabled
3	SSL_CK_RC2_128_CBC_WITH_MD5	0x030080	SSL 2.0	enabled
4	SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x040080	SSL 2.0	enabled
5	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	enabled
6	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	enabled
7	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	enabled
8	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	enabled
9	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	enabled
10	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	enabled
11	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	enabled
12	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	enabled
13	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	enabled **
14	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	enabled **
15	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0 *	disabled
16	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0 *	disabled
17	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	enabled
18	SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	enabled
19	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	enabled

* Windows XP x64 SP2 cipher suites only
** Attempt to use it resulted in a “Record Overflow” TLS alert.

6.1.5. Safari 5.0.x (Windows XP SP3 / Windows XP x64 SP2) Cipher Suites

Table 6.1.5 lists the cipher suites currently supported by Safari 5.0.3(NT 5.1.2600).

Note that Safari 5.0.x does not seem to support SSL 2.0.

Windows XP x64(SP2 tested) supports two AES-based cipher suites with the help of a KB patch(these two are usable under TLS 1.0 and are marked with red within Table 6.1.5).

Table 6.1.5

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	enabled
2	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	enabled
3	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	enabled
4	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	SSL 3.0\|TLS 1.0	enabled
5	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	enabled
6	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	enabled
7	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	enabled
8	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	enabled
9	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0 *	disabled
10	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0 *	disabled
11	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	enabled
12	SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	enabled
13	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	enabled

* Windows XP x64 SP2 cipher suites only

6.2. Schannel(NT 6.0.6002) Cipher Suites

Table 6.2 lists the cipher suites currently supported by Schannel(NT 6.0.6002). For more details about each cipher suite refer to the main tables.

Schannel(NT 6.0.6002) supports SSL 2.0, SSL 3.0 and TLS 1.0.

Compared with Schannel(NT 5.1.2600), Schannel(NT 6.0.6002) adds native support for some AES based cipher suites, and some ECC based cipher suites.

Schannel(NT 6.0.6002) supports the three “popular” elliptic curves(which should assure interoperability):
- secp256r1(aka NIST P-256)
- secp384r1(aka NIST P-384)
- secp521r1(aka NIST P-521)

Schannel(NT 6.0.6002) is used by IIS 7.0(Windows Server 2008 SP2 tested), IE7/IE8(Windows Vista SP2 tested). Additionally the Safari browser makes use of the Schannel.
Latest versions of Chrome(9.0.x as writing) moved away from Schannel and use NSS instead.

Table 6.2

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	disabled
3	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	disabled
4	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	enabled
5	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0	enabled
6	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0	enabled
7	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	disabled
8	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0	enabled
9	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0	enabled
10	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	disabled
11	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0	enabled
12	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	disabled
13	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0	enabled
14	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0	enabled
15	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	TLS 1.0	enabled
16	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0	enabled
17	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	TLS 1.0	enabled
18	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	disabled
19	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	disabled
20	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	disabled
21	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	TLS 1.0	enabled
22	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	TLS 1.0	enabled
23	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	TLS 1.0	enabled
24	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	TLS 1.0	enabled

The following cipher suites(all supported cipher suites) are listed under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Providers\Microsoft SSL Protocol Provider\KM\00010002\Functions
and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Providers\Microsoft SSL Protocol Provider\UM\00010002\Functions

The following cipher suites(all enabled cipher suites) are listed under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002\Functions

6.3. Schannel (NT 6.1.7600) Cipher Suites

Table 6.3 lists the cipher suites currently supported by Schannel(NT 6.1.7600); (protocol TLS 1.1 and TLS 1.2 may be disabled by default, they are at least for the server side). For more details about each cipher suite refer to the main tables.

Schannel(NT 6.1.7600) supports SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2.

Compared with Schannel(NT 6.0.6002), Schannel(NT 6.1.7600) adds support for TLS 1.1, TLS 1.2, and some SHA256 based cipher suites.

Schannel(NT 6.1.7600) supports the three “popular” elliptic curves(which should assure interoperability):
- secp256r1(aka NIST P-256)
- secp384r1(aka NIST P-384)
- secp521r1(aka NIST P-521); this one is disabled by default

Schannel(NT 6.1.7600) supports the signature algorithms(used within the TLS 1.2 signature_algorithms extension):
- RSA/SHA256
- RSA/SHA384
- RSA/SHA512; disabled by default
- RSA/SHA1
- ECDSA/SHA256
- ECDSA/SHA384
- ECDSA/SHA512; disabled by default
- ECDSA/SHA1
- DSA/SHA1

Schannel(NT 6.1.7600) is used by IIS 7.5(Windows Server 2008 R2 tested), IE8(Windows 7 tested). Additionally the Safari browser makes use of the Schannel.
Latest versions of Chrome(9.0.x as writing) moved away from Schannel and use NSS instead.

Table 6.3

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	disabled
3	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	disabled
4	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	enabled
5	TLS_RSA_WITH_NULL_MD5	0x0001	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	disabled
6	TLS_RSA_WITH_NULL_SHA	0x0002	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
7	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	disabled
8	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
9	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
10	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	disabled
11	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
12	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	disabled
13	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
14	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
15	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
16	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
17	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
18	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	disabled
19	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	disabled
20	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	disabled
21	TLS_RSA_WITH_NULL_SHA256	0x003B	TLS 1.2	enabled
22	TLS_RSA_WITH_AES_128_CBC_SHA256	0x003C	TLS 1.2	enabled
23	TLS_RSA_WITH_AES_256_CBC_SHA256	0x003D	TLS 1.2	enabled
24	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	0x0040	TLS 1.2	enabled
25	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	0x006A	TLS 1.2	enabled
26	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
27	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
28	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
29	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
30	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256	0xC023	TLS 1.2	enabled
31	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384	0xC024	TLS 1.2	enabled
32	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	0xC027	TLS 1.2	enabled
33	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	0xC028	TLS 1.2	disabled
34	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	0xC02B	TLS 1.2	enabled
35	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	0xC02C	TLS 1.2	enabled

The following cipher suites(all supported cipher suites) are listed under:

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL_CK_DES_64_CBC_WITH_MD5
SSL_CK_RC4_128_EXPORT40_WITH_MD5
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_RSA_WITH_NULL_SHA256

The following cipher suites(all enabled cipher suites) are listed under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002\Functions

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA

The following signatures algorithms(used within the TLS 1.2 signature_algorithms extension, all enabled by default) are listed under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003\Functions

RSA/SHA256
RSA/SHA384
RSA/SHA1
ECDSA/SHA256
ECDSA/SHA384
ECDSA/SHA1
DSA/SHA1

6.3.1. IE8 (Windows 7) Cipher Suites

Table 6.3.1 lists the cipher suites currently supported by IE8(NT 6.1.7600).

Protocols TLS 1.1 and TLS 1.2 are disabled by default in IE8(but you can enable them from the UI).
SSL 2.0 is also disabled by default within IE8.

Table 6.3.1

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	disabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	disabled
3	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	disabled
4	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	disabled
5	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	disabled
6	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
7	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
8	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	disabled
9	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
10	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	disabled
11	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
12	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
13	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
14	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
15	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
16	TLS_RSA_WITH_AES_128_CBC_SHA256	0x003C	TLS 1.2	disabled
17	TLS_RSA_WITH_AES_256_CBC_SHA256	0x003D	TLS 1.2	disabled
18	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	0x0040	TLS 1.2	disabled
19	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	0x006A	TLS 1.2	disabled
20	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	disabled
21	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	disabled
22	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	disabled
23	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
24	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
25	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
26	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
27	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256	0xC023	TLS 1.2	disabled
28	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384	0xC024	TLS 1.2	disabled
29	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	0xC027	TLS 1.2	disabled
30	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	0xC028	TLS 1.2	disabled
31	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	0xC02B	TLS 1.2	disabled
32	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	0xC02C	TLS 1.2	disabled

6.3.2. IIS 7.5 (Windows Server 2008 R2) Cipher Suites

Test Table 6.3.2 lists the cipher suites currently supported by IIS 7.5(NT 6.1.7600).

Protocols TLS 1.1 and TLS 1.2 for server side are disabled by default for IIS 7.5(but you can enable them from the registry).

Table 6.3.2

No.	Cipher Suite	Hex Value	SSL/TLS Version	Status
1	SSL_CK_RC4_128_WITH_MD5	0x010080	SSL 2.0	enabled
2	SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x020080	SSL 2.0	disabled
3	SSL_CK_DES_64_CBC_WITH_MD5	0x060040	SSL 2.0	disabled
4	SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x0700C0	SSL 2.0	enabled
5	TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	SSL 3.0\|TLS 1.0	disabled
6	TLS_RSA_WITH_RC4_128_MD5	0x0004	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
7	TLS_RSA_WITH_RC4_128_SHA	0x0005	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
8	TLS_RSA_WITH_DES_CBC_SHA	0x0009	SSL 3.0\|TLS 1.0	disabled
9	TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000A	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
10	TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	SSL 3.0\|TLS 1.0	disabled
11	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	SSL 3.0\|TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
12	TLS_RSA_WITH_AES_128_CBC_SHA	0x002F	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
13	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
14	TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
15	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
16	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	SSL 3.0\|TLS 1.0	disabled
17	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063	SSL 3.0\|TLS 1.0	disabled
18	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	SSL 3.0\|TLS 1.0	disabled
19	TLS_RSA_WITH_AES_128_CBC_SHA256	0x003C	TLS 1.2	disabled
20	TLS_RSA_WITH_AES_256_CBC_SHA256	0x003D	TLS 1.2	disabled
21	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	0x0040	TLS 1.2	disabled
22	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	0x006A	TLS 1.2	disabled
23	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
24	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
25	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
26	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014	TLS 1.0\|TLS 1.1\|TLS 1.2	enabled
27	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256	0xC023	TLS 1.2	disabled
28	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384	0xC024	TLS 1.2	disabled
29	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	0xC027	TLS 1.2	disabled
30	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	0xC028	TLS 1.2	disabled
31	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	0xC02B	TLS 1.2	disabled
32	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	0xC02C	TLS 1.2	disabled

1. GnuTLS

1.1. GnuTLS 2.8.6 Cipher Suites

1.2. mod_gnutls 0.5.5(GnuTLS 2.8.6 + Apache 2.2.15) Cipher Suites

2. Mac OS X

2.1. Safari 5.0.x on Mac OS X 10.5.8 Cipher Suites

2.2. Safari 5.0.x on Mac OS X 10.6.6 Cipher Suites

3.1. NSS 3.12.5 Cipher Suites

3.2. Firefox 3.6.x Cipher Suites

3.3. Google Chrome 5 Beta on Linux Cipher Suites

3.5. mod_nss 1.0.8 Cipher Suites

3.6 Firefox 3.6.x on Fedora 14

4. OpenSSL

4.1. OpenSSL 0.9.8m Cipher Suites

4.2. OpenSSL 1.0.0 Cipher Suites

4.3. mod_ssl (Apache 2.2.15 + OpenSSL 0.9.8m) Cipher Suites

4.4. mod_ssl (Apache 2.3.5 Alpha + OpenSSL 1.0.0) Cipher Suites

5. Opera

6. Schannel

6.1. Schannel(NT 5.1.2600) Cipher Suites

6.1.1. IE6 (Windows XP SP3 / Windows XP x64 SP2) Cipher Suites

6.1.2. IE7 (Windows XP SP3 / Windows XP x64 SP2) Cipher Suites

6.1.3. IE8 (Windows XP SP3 / Windows XP x64 SP2) Cipher Suites

6.1.4. IIS 6.0 (Windows Server 2003 R2 SP2)

6.2. Schannel(NT 6.0.6002) Cipher Suites

6.2.1. IE7 (Windows Vista SP2) Cipher Suites

6.2.2. IE8 (Windows Vista SP2) Cipher Suites

6.2.3. IIS 7.0 (Windows Server 2008 SP2) Cipher Suites

6.2.4. Safari 5.0.x (Windows Vista SP2) Cipher Suites

6.3. Schannel (NT 6.1.7600) Cipher Suites

6.3.1. IE8 (Windows 7) Cipher Suites

6.3.2. IIS 7.5 (Windows Server 2008 R2) Cipher Suites

6.3.3. Safari 5.0.x (Windows 7) Cipher Suites

7. SSL Labs

8. Wireshark

No.	Cipher Suite	Hex Value	SSL/TLS Version
1	TLS_PSK_WITH_RC4_128_SHA	0x008A	SSL 3.0\|TLS 1.0
2	TLS_PSK_WITH_3DES_EDE_CBC_SHA	0x008B	SSL 3.0\|TLS 1.0
3	TLS_PSK_WITH_AES_128_CBC_SHA	0x008C	SSL 3.0\|TLS 1.0
4	TLS_PSK_WITH_AES_256_CBC_SHA	0x008D	SSL 3.0\|TLS 1.0