Cipher suites: same name, different IDs, why?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
Sorry if I missed with a community to ask.
Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.
For instance:
http://www.thesprawl.org/research/tls-and-ssl-cipher-suites
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
and0xC001
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
and0xC002
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
and0xFFE1
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and0xFFE0
And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.
So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?
tls ciphersuite
New contributor
add a comment |Â
up vote
3
down vote
favorite
Sorry if I missed with a community to ask.
Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.
For instance:
http://www.thesprawl.org/research/tls-and-ssl-cipher-suites
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
and0xC001
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
and0xC002
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
and0xFFE1
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and0xFFE0
And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.
So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?
tls ciphersuite
New contributor
TLS fingerprints. 0x0047 0%, 0xc001 0.07%
â kelalaka
2 hours ago
Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
â kelalaka
2 hours ago
1
It should be noted that all 4 of those examples are deprecated and should not be used
â Richie Frame
2 hours ago
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
Sorry if I missed with a community to ask.
Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.
For instance:
http://www.thesprawl.org/research/tls-and-ssl-cipher-suites
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
and0xC001
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
and0xC002
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
and0xFFE1
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and0xFFE0
And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.
So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?
tls ciphersuite
New contributor
Sorry if I missed with a community to ask.
Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.
For instance:
http://www.thesprawl.org/research/tls-and-ssl-cipher-suites
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
and0xC001
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
and0xC002
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
and0xFFE1
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and0xFFE0
And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.
So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?
tls ciphersuite
tls ciphersuite
New contributor
New contributor
edited 3 hours ago
kelalaka
2,199522
2,199522
New contributor
asked 4 hours ago
Yury Schkatula
1163
1163
New contributor
New contributor
TLS fingerprints. 0x0047 0%, 0xc001 0.07%
â kelalaka
2 hours ago
Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
â kelalaka
2 hours ago
1
It should be noted that all 4 of those examples are deprecated and should not be used
â Richie Frame
2 hours ago
add a comment |Â
TLS fingerprints. 0x0047 0%, 0xc001 0.07%
â kelalaka
2 hours ago
Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
â kelalaka
2 hours ago
1
It should be noted that all 4 of those examples are deprecated and should not be used
â Richie Frame
2 hours ago
TLS fingerprints. 0x0047 0%, 0xc001 0.07%
â kelalaka
2 hours ago
TLS fingerprints. 0x0047 0%, 0xc001 0.07%
â kelalaka
2 hours ago
Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
â kelalaka
2 hours ago
Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
â kelalaka
2 hours ago
1
1
It should be noted that all 4 of those examples are deprecated and should not be used
â Richie Frame
2 hours ago
It should be noted that all 4 of those examples are deprecated and should not be used
â Richie Frame
2 hours ago
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
3
down vote
These numbers belong to ElasticSeach;
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and 0x0047
has almost 0% at tlsfingerprint.io
The second numbers (0xC001
,0xC001
,0xFFE1
,0xFFE0
) belong to SSL V2.
The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
These numbers belong to ElasticSeach;
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and 0x0047
has almost 0% at tlsfingerprint.io
The second numbers (0xC001
,0xC001
,0xFFE1
,0xFFE0
) belong to SSL V2.
The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.
add a comment |Â
up vote
3
down vote
These numbers belong to ElasticSeach;
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and 0x0047
has almost 0% at tlsfingerprint.io
The second numbers (0xC001
,0xC001
,0xFFE1
,0xFFE0
) belong to SSL V2.
The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.
add a comment |Â
up vote
3
down vote
up vote
3
down vote
These numbers belong to ElasticSeach;
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and 0x0047
has almost 0% at tlsfingerprint.io
The second numbers (0xC001
,0xC001
,0xFFE1
,0xFFE0
) belong to SSL V2.
The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.
These numbers belong to ElasticSeach;
- TLS_ECDH_ECDSA_WITH_NULL_SHA is
0x0047
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA is
0x0048
- SSL_RSA_FIPS_WITH_DES_CBC_SHA is
0xFEFE
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is
0xFEFF
and 0x0047
has almost 0% at tlsfingerprint.io
The second numbers (0xC001
,0xC001
,0xFFE1
,0xFFE0
) belong to SSL V2.
The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.
answered 2 hours ago
kelalaka
2,199522
2,199522
add a comment |Â
add a comment |Â
Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.
Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.
Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.
Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63635%2fcipher-suites-same-name-different-ids-why%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
TLS fingerprints. 0x0047 0%, 0xc001 0.07%
â kelalaka
2 hours ago
Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
â kelalaka
2 hours ago
1
It should be noted that all 4 of those examples are deprecated and should not be used
â Richie Frame
2 hours ago