Cipher suites: same name, different IDs, why?

Question

Sorry if I missed with a community to ask.

Recently I stumbled on a fact that the same cipher suite can be designated by two different IDs, and this is not a typo nor single occasion.

For instance: http://www.thesprawl.org/research/tls-and-ssl-cipher-suites

TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047 and 0xC001
TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048 and 0xC002
SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE and 0xFFE1
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF and 0xFFE0

And few others more, like TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA and TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA.

So, the question is: why two codes are used to designate the same cipher suite? Is it a marker of legacy (broken?) implementation to distinguish? Or just a merge of two standards? Or something else?

Only pocketbeat uses 0x0047 and it is belong to Elasticsearch and all your first numbers belongs to them. Here a list from IBM — kelalaka, Nov 01 '18 at 19:05
It should be noted that all 4 of those examples are deprecated and should not be used — Richie Frame, Nov 01 '18 at 19:41
The official registry is https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 . All of your first numbers are unregistered and in violation of the standard. C001,C002 are standard but insecure and hence unpopular. FFxx are nonstandard but permitted. — dave_thompson_085, Nov 02 '18 at 02:55

score 8 · Accepted Answer · edited Oct 07 '21 at 07:59

8

These numbers belong to ElasticSearch;

TLS_ECDH_ECDSA_WITH_NULL_SHA is 0x0047
TLS_ECDH_ECDSA_WITH_RC4_128_SHA is 0x0048
SSL_RSA_FIPS_WITH_DES_CBC_SHA is 0xFEFE
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is 0xFEFF

and 0x0047 has almost 0% at tlsfingerprint.io

The second numbers in SSL/TLS in this format {0xC0,0x01},{0xC0,0x01},{0xFF,0xE1},{0xFF,0xE0}. The first two in rfc4492. These are deprecated in rfc8422. The last two is for private usage.

The implementations can have different control by the maintainers, therefore it is good to have different numbers. It is bad that your original source doesn't list where they took the numbers.

Note: in TLS 1.3, there are only 5 cipher suites with their id's;

{0x13,0x01} - TLS_AES_256_GCM_SHA384
{0x13,0x02} - TLS_CHACHA20_POLY1305_SHA256
{0x13,0x03} - TLS_AES_128_GCM_SHA256
{0x13,0x04} - TLS_AES_128_CCM_8_SHA256
{0x13,0x05} - TLS_AES_128_CCM_SHA256

edited Oct 07 '21 at 07:59

Community

1

answered Nov 01 '18 at 19:34

kelalaka

48,443
11
116
196

So, am I correct this is just a merge of two standards, Elastic and SSL? – Yury Schkatula Nov 01 '18 at 22:25
@YurySchkatula They just merge some lists, maybe contains more than two, as BearSLL/TLS... One has to look at all. – kelalaka Nov 01 '18 at 22:28
1

C001 and C002 are in rfc4492 which applies to TLS 1.0 and 1.1 and was carried forward to TLS 1.2 with some modifications (Appendix A.7 of rfc5246), but deleted by rfc8422 in 2018-08 shortly before this A. FFE0 and FFE1 were and are 'private use' for TLS only, and not mentioned on the page you link. Neither is related to SSLv2 at all; SSLv2 ciphersuites were three octets and those obviously arent. – dave_thompson_085 Jul 19 '20 at 02:13
1

First two 'code' lines in section 6. Although often treated as a 16-bit bigendian number, SSL/TLS actually defines CipherSuite as two 8-bit bytes, see e.g. rfc5246 section A.4.1 and A.5. (And https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 .) – dave_thompson_085 Jul 20 '20 at 06:24

Cipher suites: same name, different IDs, why?

1 Answers1

Linked