Cipher suites: same name, different IDs, why?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












Sorry if I missed with a community to ask.



Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.



For instance:
http://www.thesprawl.org/research/tls-and-ssl-cipher-suites



  • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047 and 0xC001

  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048 and 0xC002

  • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE and 0xFFE1

  • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF and 0xFFE0

And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.



So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?










share|improve this question









New contributor




Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • TLS fingerprints. 0x0047 0%, 0xc001 0.07%
    – kelalaka
    2 hours ago











  • Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
    – kelalaka
    2 hours ago







  • 1




    It should be noted that all 4 of those examples are deprecated and should not be used
    – Richie Frame
    2 hours ago














up vote
3
down vote

favorite












Sorry if I missed with a community to ask.



Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.



For instance:
http://www.thesprawl.org/research/tls-and-ssl-cipher-suites



  • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047 and 0xC001

  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048 and 0xC002

  • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE and 0xFFE1

  • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF and 0xFFE0

And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.



So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?










share|improve this question









New contributor




Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • TLS fingerprints. 0x0047 0%, 0xc001 0.07%
    – kelalaka
    2 hours ago











  • Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
    – kelalaka
    2 hours ago







  • 1




    It should be noted that all 4 of those examples are deprecated and should not be used
    – Richie Frame
    2 hours ago












up vote
3
down vote

favorite









up vote
3
down vote

favorite











Sorry if I missed with a community to ask.



Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.



For instance:
http://www.thesprawl.org/research/tls-and-ssl-cipher-suites



  • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047 and 0xC001

  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048 and 0xC002

  • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE and 0xFFE1

  • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF and 0xFFE0

And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.



So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?










share|improve this question









New contributor




Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Sorry if I missed with a community to ask.



Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.



For instance:
http://www.thesprawl.org/research/tls-and-ssl-cipher-suites



  • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047 and 0xC001

  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048 and 0xC002

  • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE and 0xFFE1

  • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF and 0xFFE0

And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.



So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?







tls ciphersuite






share|improve this question









New contributor




Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 3 hours ago









kelalaka

2,199522




2,199522






New contributor




Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 4 hours ago









Yury Schkatula

1163




1163




New contributor




Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Yury Schkatula is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • TLS fingerprints. 0x0047 0%, 0xc001 0.07%
    – kelalaka
    2 hours ago











  • Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
    – kelalaka
    2 hours ago







  • 1




    It should be noted that all 4 of those examples are deprecated and should not be used
    – Richie Frame
    2 hours ago
















  • TLS fingerprints. 0x0047 0%, 0xc001 0.07%
    – kelalaka
    2 hours ago











  • Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
    – kelalaka
    2 hours ago







  • 1




    It should be noted that all 4 of those examples are deprecated and should not be used
    – Richie Frame
    2 hours ago















TLS fingerprints. 0x0047 0%, 0xc001 0.07%
– kelalaka
2 hours ago





TLS fingerprints. 0x0047 0%, 0xc001 0.07%
– kelalaka
2 hours ago













Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
– kelalaka
2 hours ago





Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM
– kelalaka
2 hours ago





1




1




It should be noted that all 4 of those examples are deprecated and should not be used
– Richie Frame
2 hours ago




It should be noted that all 4 of those examples are deprecated and should not be used
– Richie Frame
2 hours ago










1 Answer
1






active

oldest

votes

















up vote
3
down vote













These numbers belong to ElasticSeach;



  • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047

  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048

  • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE

  • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF

and 0x0047 has almost 0% at tlsfingerprint.io



The second numbers (0xC001,0xC001,0xFFE1,0xFFE0) belong to SSL V2.



The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.






share|improve this answer




















    Your Answer





    StackExchange.ifUsing("editor", function ()
    return StackExchange.using("mathjaxEditing", function ()
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
    );
    );
    , "mathjax-editing");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "281"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );






    Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.









     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63635%2fcipher-suites-same-name-different-ids-why%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    3
    down vote













    These numbers belong to ElasticSeach;



    • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047

    • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048

    • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE

    • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF

    and 0x0047 has almost 0% at tlsfingerprint.io



    The second numbers (0xC001,0xC001,0xFFE1,0xFFE0) belong to SSL V2.



    The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.






    share|improve this answer
























      up vote
      3
      down vote













      These numbers belong to ElasticSeach;



      • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047

      • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048

      • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE

      • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF

      and 0x0047 has almost 0% at tlsfingerprint.io



      The second numbers (0xC001,0xC001,0xFFE1,0xFFE0) belong to SSL V2.



      The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.






      share|improve this answer






















        up vote
        3
        down vote










        up vote
        3
        down vote









        These numbers belong to ElasticSeach;



        • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047

        • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048

        • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE

        • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF

        and 0x0047 has almost 0% at tlsfingerprint.io



        The second numbers (0xC001,0xC001,0xFFE1,0xFFE0) belong to SSL V2.



        The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.






        share|improve this answer












        These numbers belong to ElasticSeach;



        • TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047

        • TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048

        • SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE

        • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF

        and 0x0047 has almost 0% at tlsfingerprint.io



        The second numbers (0xC001,0xC001,0xFFE1,0xFFE0) belong to SSL V2.



        The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 2 hours ago









        kelalaka

        2,199522




        2,199522




















            Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.









             

            draft saved


            draft discarded


















            Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.












            Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.











            Yury Schkatula is a new contributor. Be nice, and check out our Code of Conduct.













             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63635%2fcipher-suites-same-name-different-ids-why%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?