nghttp2/mkcipherlist.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# This script read cipher suite list csv file [1] and prints out id
# and name of black listed cipher suites.  The output is used by
# src/ssl.cc.
#
# [1] http://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv
# [2] http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

import re
import sys
import csv

# From RFC 7540
blacklist = [
    'TLS_NULL_WITH_NULL_NULL',
    'TLS_RSA_WITH_NULL_MD5',
    'TLS_RSA_WITH_NULL_SHA',
    'TLS_RSA_EXPORT_WITH_RC4_40_MD5',
    'TLS_RSA_WITH_RC4_128_MD5',
    'TLS_RSA_WITH_RC4_128_SHA',
    'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5',
    'TLS_RSA_WITH_IDEA_CBC_SHA',
    'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA',
    'TLS_RSA_WITH_DES_CBC_SHA',
    'TLS_RSA_WITH_3DES_EDE_CBC_SHA',
    'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA',
    'TLS_DH_DSS_WITH_DES_CBC_SHA',
    'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA',
    'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA',
    'TLS_DH_RSA_WITH_DES_CBC_SHA',
    'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA',
    'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA',
    'TLS_DHE_DSS_WITH_DES_CBC_SHA',
    'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA',
    'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA',
    'TLS_DHE_RSA_WITH_DES_CBC_SHA',
    'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA',
    'TLS_DH_anon_EXPORT_WITH_RC4_40_MD5',
    'TLS_DH_anon_WITH_RC4_128_MD5',
    'TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA',
    'TLS_DH_anon_WITH_DES_CBC_SHA',
    'TLS_DH_anon_WITH_3DES_EDE_CBC_SHA',
    'TLS_KRB5_WITH_DES_CBC_SHA',
    'TLS_KRB5_WITH_3DES_EDE_CBC_SHA',
    'TLS_KRB5_WITH_RC4_128_SHA',
    'TLS_KRB5_WITH_IDEA_CBC_SHA',
    'TLS_KRB5_WITH_DES_CBC_MD5',
    'TLS_KRB5_WITH_3DES_EDE_CBC_MD5',
    'TLS_KRB5_WITH_RC4_128_MD5',
    'TLS_KRB5_WITH_IDEA_CBC_MD5',
    'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA',
    'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA',
    'TLS_KRB5_EXPORT_WITH_RC4_40_SHA',
    'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5',
    'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5',
    'TLS_KRB5_EXPORT_WITH_RC4_40_MD5',
    'TLS_PSK_WITH_NULL_SHA',
    'TLS_DHE_PSK_WITH_NULL_SHA',
    'TLS_RSA_PSK_WITH_NULL_SHA',
    'TLS_RSA_WITH_AES_128_CBC_SHA',
    'TLS_DH_DSS_WITH_AES_128_CBC_SHA',
    'TLS_DH_RSA_WITH_AES_128_CBC_SHA',
    'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',
    'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
    'TLS_DH_anon_WITH_AES_128_CBC_SHA',
    'TLS_RSA_WITH_AES_256_CBC_SHA',
    'TLS_DH_DSS_WITH_AES_256_CBC_SHA',
    'TLS_DH_RSA_WITH_AES_256_CBC_SHA',
    'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',
    'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
    'TLS_DH_anon_WITH_AES_256_CBC_SHA',
    'TLS_RSA_WITH_NULL_SHA256',
    'TLS_RSA_WITH_AES_128_CBC_SHA256',
    'TLS_RSA_WITH_AES_256_CBC_SHA256',
    'TLS_DH_DSS_WITH_AES_128_CBC_SHA256',
    'TLS_DH_RSA_WITH_AES_128_CBC_SHA256',
    'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256',
    'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA',
    'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA',
    'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA',
    'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA',
    'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA',
    'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA',
    'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
    'TLS_DH_DSS_WITH_AES_256_CBC_SHA256',
    'TLS_DH_RSA_WITH_AES_256_CBC_SHA256',
    'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256',
    'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
    'TLS_DH_anon_WITH_AES_128_CBC_SHA256',
    'TLS_DH_anon_WITH_AES_256_CBC_SHA256',
    'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA',
    'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA',
    'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA',
    'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA',
    'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA',
    'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA',
    'TLS_PSK_WITH_RC4_128_SHA',
    'TLS_PSK_WITH_3DES_EDE_CBC_SHA',
    'TLS_PSK_WITH_AES_128_CBC_SHA',
    'TLS_PSK_WITH_AES_256_CBC_SHA',
    'TLS_DHE_PSK_WITH_RC4_128_SHA',
    'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA',
    'TLS_DHE_PSK_WITH_AES_128_CBC_SHA',
    'TLS_DHE_PSK_WITH_AES_256_CBC_SHA',
    'TLS_RSA_PSK_WITH_RC4_128_SHA',
    'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA',
    'TLS_RSA_PSK_WITH_AES_128_CBC_SHA',
    'TLS_RSA_PSK_WITH_AES_256_CBC_SHA',
    'TLS_RSA_WITH_SEED_CBC_SHA',
    'TLS_DH_DSS_WITH_SEED_CBC_SHA',
    'TLS_DH_RSA_WITH_SEED_CBC_SHA',
    'TLS_DHE_DSS_WITH_SEED_CBC_SHA',
    'TLS_DHE_RSA_WITH_SEED_CBC_SHA',
    'TLS_DH_anon_WITH_SEED_CBC_SHA',
    'TLS_RSA_WITH_AES_128_GCM_SHA256',
    'TLS_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_DH_RSA_WITH_AES_128_GCM_SHA256',
    'TLS_DH_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_DH_DSS_WITH_AES_128_GCM_SHA256',
    'TLS_DH_DSS_WITH_AES_256_GCM_SHA384',
    'TLS_DH_anon_WITH_AES_128_GCM_SHA256',
    'TLS_DH_anon_WITH_AES_256_GCM_SHA384',
    'TLS_PSK_WITH_AES_128_GCM_SHA256',
    'TLS_PSK_WITH_AES_256_GCM_SHA384',
    'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256',
    'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384',
    'TLS_PSK_WITH_AES_128_CBC_SHA256',
    'TLS_PSK_WITH_AES_256_CBC_SHA384',
    'TLS_PSK_WITH_NULL_SHA256',
    'TLS_PSK_WITH_NULL_SHA384',
    'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256',
    'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384',
    'TLS_DHE_PSK_WITH_NULL_SHA256',
    'TLS_DHE_PSK_WITH_NULL_SHA384',
    'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256',
    'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384',
    'TLS_RSA_PSK_WITH_NULL_SHA256',
    'TLS_RSA_PSK_WITH_NULL_SHA384',
    'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256',
    'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256',
    'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256',
    'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256',
    'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256',
    'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256',
    'TLS_EMPTY_RENEGOTIATION_INFO_SCSV',
    'TLS_ECDH_ECDSA_WITH_NULL_SHA',
    'TLS_ECDH_ECDSA_WITH_RC4_128_SHA',
    'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA',
    'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA',
    'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA',
    'TLS_ECDHE_ECDSA_WITH_NULL_SHA',
    'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA',
    'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA',
    'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
    'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
    'TLS_ECDH_RSA_WITH_NULL_SHA',
    'TLS_ECDH_RSA_WITH_RC4_128_SHA',
    'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA',
    'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA',
    'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA',
    'TLS_ECDHE_RSA_WITH_NULL_SHA',
    'TLS_ECDHE_RSA_WITH_RC4_128_SHA',
    'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA',
    'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
    'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
    'TLS_ECDH_anon_WITH_NULL_SHA',
    'TLS_ECDH_anon_WITH_RC4_128_SHA',
    'TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA',
    'TLS_ECDH_anon_WITH_AES_128_CBC_SHA',
    'TLS_ECDH_anon_WITH_AES_256_CBC_SHA',
    'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA',
    'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA',
    'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA',
    'TLS_SRP_SHA_WITH_AES_128_CBC_SHA',
    'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA',
    'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA',
    'TLS_SRP_SHA_WITH_AES_256_CBC_SHA',
    'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA',
    'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA',
    'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
    'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
    'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256',
    'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384',
    'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
    'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
    'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256',
    'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384',
    'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256',
    'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384',
    'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256',
    'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_ECDHE_PSK_WITH_RC4_128_SHA',
    'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA',
    'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA',
    'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA',
    'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256',
    'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384',
    'TLS_ECDHE_PSK_WITH_NULL_SHA',
    'TLS_ECDHE_PSK_WITH_NULL_SHA256',
    'TLS_ECDHE_PSK_WITH_NULL_SHA384',
    'TLS_RSA_WITH_ARIA_128_CBC_SHA256',
    'TLS_RSA_WITH_ARIA_256_CBC_SHA384',
    'TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256',
    'TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384',
    'TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256',
    'TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384',
    'TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256',
    'TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384',
    'TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256',
    'TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384',
    'TLS_DH_anon_WITH_ARIA_128_CBC_SHA256',
    'TLS_DH_anon_WITH_ARIA_256_CBC_SHA384',
    'TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256',
    'TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384',
    'TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256',
    'TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384',
    'TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256',
    'TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384',
    'TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256',
    'TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384',
    'TLS_RSA_WITH_ARIA_128_GCM_SHA256',
    'TLS_RSA_WITH_ARIA_256_GCM_SHA384',
    'TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256',
    'TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384',
    'TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256',
    'TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384',
    'TLS_DH_anon_WITH_ARIA_128_GCM_SHA256',
    'TLS_DH_anon_WITH_ARIA_256_GCM_SHA384',
    'TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256',
    'TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384',
    'TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256',
    'TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384',
    'TLS_PSK_WITH_ARIA_128_CBC_SHA256',
    'TLS_PSK_WITH_ARIA_256_CBC_SHA384',
    'TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256',
    'TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384',
    'TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256',
    'TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384',
    'TLS_PSK_WITH_ARIA_128_GCM_SHA256',
    'TLS_PSK_WITH_ARIA_256_GCM_SHA384',
    'TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256',
    'TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384',
    'TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256',
    'TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384',
    'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384',
    'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384',
    'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384',
    'TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384',
    'TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256',
    'TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384',
    'TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256',
    'TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384',
    'TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256',
    'TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384',
    'TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256',
    'TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384',
    'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256',
    'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384',
    'TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256',
    'TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384',
    'TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256',
    'TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384',
    'TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256',
    'TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384',
    'TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384',
    'TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384',
    'TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384',
    'TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256',
    'TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384',
    'TLS_RSA_WITH_AES_128_CCM',
    'TLS_RSA_WITH_AES_256_CCM',
    'TLS_RSA_WITH_AES_128_CCM_8',
    'TLS_RSA_WITH_AES_256_CCM_8',
    'TLS_PSK_WITH_AES_128_CCM',
    'TLS_PSK_WITH_AES_256_CCM',
    'TLS_PSK_WITH_AES_128_CCM_8',
    'TLS_PSK_WITH_AES_256_CCM_8',
]

ciphers = []
found = set()
for hl, name, _, _, _ in csv.reader(sys.stdin):
    if name not in blacklist:
        continue

    found.add(name)

    high, low = hl.split(',')

    id = high + low[2:] + 'u'
    ciphers.append((id, name))

print('''\
enum {''')

for id, name in ciphers:
    print('{} = {},'.format(name, id))

print('''\
};
''')

for id, name in ciphers:
    print('''\
case {}:'''.format(name))

if len(found) != len(blacklist):
    print('{} found out of {}; not all cipher was found: {}'.format(
        len(found), len(blacklist),
        found.symmetric_difference(blacklist)))
Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`#!/usr/bin/env python3`
mkcipherlist.py: Update doc 2014-10-24 17:46:01 +02:00			`# -- coding: utf-8 --`

nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection 2015-08-19 16:33:53 +02:00			`# This script read cipher suite list csv file [1] and prints out id`
			`# and name of black listed cipher suites. The output is used by`
			`# src/ssl.cc.`
mkcipherlist.py: Update doc 2014-10-24 17:46:01 +02:00			`#`
			`# [1] http://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv`
			`# [2] http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml`

nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2 Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD). Now default cipher list is the one recommended by Mozilla web site. The --honor-cipher-order option is removed and now it is always assumed. 2014-06-10 15:47:22 +02:00			`import re`
			`import sys`
			`import csv`

nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection 2015-08-19 16:33:53 +02:00			`# From RFC 7540`
			`blacklist = [`
			`'TLS_NULL_WITH_NULL_NULL',`
			`'TLS_RSA_WITH_NULL_MD5',`
			`'TLS_RSA_WITH_NULL_SHA',`
			`'TLS_RSA_EXPORT_WITH_RC4_40_MD5',`
			`'TLS_RSA_WITH_RC4_128_MD5',`
			`'TLS_RSA_WITH_RC4_128_SHA',`
			`'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5',`
			`'TLS_RSA_WITH_IDEA_CBC_SHA',`
			`'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA',`
			`'TLS_RSA_WITH_DES_CBC_SHA',`
			`'TLS_RSA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA',`
			`'TLS_DH_DSS_WITH_DES_CBC_SHA',`
			`'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA',`
			`'TLS_DH_RSA_WITH_DES_CBC_SHA',`
			`'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA',`
			`'TLS_DHE_DSS_WITH_DES_CBC_SHA',`
			`'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA',`
			`'TLS_DHE_RSA_WITH_DES_CBC_SHA',`
			`'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_DH_anon_EXPORT_WITH_RC4_40_MD5',`
			`'TLS_DH_anon_WITH_RC4_128_MD5',`
			`'TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA',`
			`'TLS_DH_anon_WITH_DES_CBC_SHA',`
			`'TLS_DH_anon_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_KRB5_WITH_DES_CBC_SHA',`
			`'TLS_KRB5_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_KRB5_WITH_RC4_128_SHA',`
			`'TLS_KRB5_WITH_IDEA_CBC_SHA',`
			`'TLS_KRB5_WITH_DES_CBC_MD5',`
			`'TLS_KRB5_WITH_3DES_EDE_CBC_MD5',`
			`'TLS_KRB5_WITH_RC4_128_MD5',`
			`'TLS_KRB5_WITH_IDEA_CBC_MD5',`
			`'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA',`
			`'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA',`
			`'TLS_KRB5_EXPORT_WITH_RC4_40_SHA',`
			`'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5',`
			`'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5',`
			`'TLS_KRB5_EXPORT_WITH_RC4_40_MD5',`
			`'TLS_PSK_WITH_NULL_SHA',`
			`'TLS_DHE_PSK_WITH_NULL_SHA',`
			`'TLS_RSA_PSK_WITH_NULL_SHA',`
			`'TLS_RSA_WITH_AES_128_CBC_SHA',`
			`'TLS_DH_DSS_WITH_AES_128_CBC_SHA',`
			`'TLS_DH_RSA_WITH_AES_128_CBC_SHA',`
			`'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',`
			`'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',`
			`'TLS_DH_anon_WITH_AES_128_CBC_SHA',`
			`'TLS_RSA_WITH_AES_256_CBC_SHA',`
			`'TLS_DH_DSS_WITH_AES_256_CBC_SHA',`
			`'TLS_DH_RSA_WITH_AES_256_CBC_SHA',`
			`'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',`
			`'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',`
			`'TLS_DH_anon_WITH_AES_256_CBC_SHA',`
			`'TLS_RSA_WITH_NULL_SHA256',`
			`'TLS_RSA_WITH_AES_128_CBC_SHA256',`
			`'TLS_RSA_WITH_AES_256_CBC_SHA256',`
			`'TLS_DH_DSS_WITH_AES_128_CBC_SHA256',`
			`'TLS_DH_RSA_WITH_AES_128_CBC_SHA256',`
			`'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256',`
			`'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA',`
			`'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA',`
			`'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA',`
			`'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA',`
			`'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA',`
			`'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA',`
			`'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',`
			`'TLS_DH_DSS_WITH_AES_256_CBC_SHA256',`
			`'TLS_DH_RSA_WITH_AES_256_CBC_SHA256',`
			`'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256',`
			`'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',`
			`'TLS_DH_anon_WITH_AES_128_CBC_SHA256',`
			`'TLS_DH_anon_WITH_AES_256_CBC_SHA256',`
			`'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA',`
			`'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA',`
			`'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA',`
			`'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA',`
			`'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA',`
			`'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA',`
			`'TLS_PSK_WITH_RC4_128_SHA',`
			`'TLS_PSK_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_PSK_WITH_AES_128_CBC_SHA',`
			`'TLS_PSK_WITH_AES_256_CBC_SHA',`
			`'TLS_DHE_PSK_WITH_RC4_128_SHA',`
			`'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_DHE_PSK_WITH_AES_128_CBC_SHA',`
			`'TLS_DHE_PSK_WITH_AES_256_CBC_SHA',`
			`'TLS_RSA_PSK_WITH_RC4_128_SHA',`
			`'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_RSA_PSK_WITH_AES_128_CBC_SHA',`
			`'TLS_RSA_PSK_WITH_AES_256_CBC_SHA',`
			`'TLS_RSA_WITH_SEED_CBC_SHA',`
			`'TLS_DH_DSS_WITH_SEED_CBC_SHA',`
			`'TLS_DH_RSA_WITH_SEED_CBC_SHA',`
			`'TLS_DHE_DSS_WITH_SEED_CBC_SHA',`
			`'TLS_DHE_RSA_WITH_SEED_CBC_SHA',`
			`'TLS_DH_anon_WITH_SEED_CBC_SHA',`
			`'TLS_RSA_WITH_AES_128_GCM_SHA256',`
			`'TLS_RSA_WITH_AES_256_GCM_SHA384',`
			`'TLS_DH_RSA_WITH_AES_128_GCM_SHA256',`
			`'TLS_DH_RSA_WITH_AES_256_GCM_SHA384',`
			`'TLS_DH_DSS_WITH_AES_128_GCM_SHA256',`
			`'TLS_DH_DSS_WITH_AES_256_GCM_SHA384',`
			`'TLS_DH_anon_WITH_AES_128_GCM_SHA256',`
			`'TLS_DH_anon_WITH_AES_256_GCM_SHA384',`
			`'TLS_PSK_WITH_AES_128_GCM_SHA256',`
			`'TLS_PSK_WITH_AES_256_GCM_SHA384',`
			`'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256',`
			`'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384',`
			`'TLS_PSK_WITH_AES_128_CBC_SHA256',`
			`'TLS_PSK_WITH_AES_256_CBC_SHA384',`
			`'TLS_PSK_WITH_NULL_SHA256',`
			`'TLS_PSK_WITH_NULL_SHA384',`
			`'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256',`
			`'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384',`
			`'TLS_DHE_PSK_WITH_NULL_SHA256',`
			`'TLS_DHE_PSK_WITH_NULL_SHA384',`
			`'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256',`
			`'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384',`
			`'TLS_RSA_PSK_WITH_NULL_SHA256',`
			`'TLS_RSA_PSK_WITH_NULL_SHA384',`
			`'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256',`
			`'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256',`
			`'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256',`
			`'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256',`
			`'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256',`
			`'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256',`
			`'TLS_EMPTY_RENEGOTIATION_INFO_SCSV',`
			`'TLS_ECDH_ECDSA_WITH_NULL_SHA',`
			`'TLS_ECDH_ECDSA_WITH_RC4_128_SHA',`
			`'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA',`
			`'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA',`
			`'TLS_ECDHE_ECDSA_WITH_NULL_SHA',`
			`'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA',`
			`'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',`
			`'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',`
			`'TLS_ECDH_RSA_WITH_NULL_SHA',`
			`'TLS_ECDH_RSA_WITH_RC4_128_SHA',`
			`'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA',`
			`'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA',`
			`'TLS_ECDHE_RSA_WITH_NULL_SHA',`
			`'TLS_ECDHE_RSA_WITH_RC4_128_SHA',`
			`'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',`
			`'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',`
			`'TLS_ECDH_anon_WITH_NULL_SHA',`
			`'TLS_ECDH_anon_WITH_RC4_128_SHA',`
			`'TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_ECDH_anon_WITH_AES_128_CBC_SHA',`
			`'TLS_ECDH_anon_WITH_AES_256_CBC_SHA',`
			`'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_SRP_SHA_WITH_AES_128_CBC_SHA',`
			`'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA',`
			`'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA',`
			`'TLS_SRP_SHA_WITH_AES_256_CBC_SHA',`
			`'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA',`
			`'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA',`
			`'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',`
			`'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',`
			`'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256',`
			`'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384',`
			`'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',`
			`'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',`
			`'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256',`
			`'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384',`
			`'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256',`
			`'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384',`
			`'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256',`
			`'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384',`
			`'TLS_ECDHE_PSK_WITH_RC4_128_SHA',`
			`'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA',`
			`'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA',`
			`'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA',`
			`'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256',`
			`'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384',`
			`'TLS_ECDHE_PSK_WITH_NULL_SHA',`
			`'TLS_ECDHE_PSK_WITH_NULL_SHA256',`
			`'TLS_ECDHE_PSK_WITH_NULL_SHA384',`
			`'TLS_RSA_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_RSA_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_DH_anon_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_DH_anon_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_RSA_WITH_ARIA_128_GCM_SHA256',`
			`'TLS_RSA_WITH_ARIA_256_GCM_SHA384',`
			`'TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256',`
			`'TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384',`
			`'TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256',`
			`'TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384',`
			`'TLS_DH_anon_WITH_ARIA_128_GCM_SHA256',`
			`'TLS_DH_anon_WITH_ARIA_256_GCM_SHA384',`
			`'TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256',`
			`'TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384',`
			`'TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256',`
			`'TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384',`
			`'TLS_PSK_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_PSK_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_PSK_WITH_ARIA_128_GCM_SHA256',`
			`'TLS_PSK_WITH_ARIA_256_GCM_SHA384',`
			`'TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256',`
			`'TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384',`
			`'TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256',`
			`'TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384',`
			`'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384',`
			`'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384',`
			`'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384',`
			`'TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384',`
			`'TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256',`
			`'TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384',`
			`'TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256',`
			`'TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384',`
			`'TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256',`
			`'TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384',`
			`'TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256',`
			`'TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384',`
			`'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256',`
			`'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384',`
			`'TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256',`
			`'TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384',`
			`'TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256',`
			`'TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384',`
			`'TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256',`
			`'TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384',`
			`'TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384',`
			`'TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384',`
			`'TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384',`
			`'TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256',`
			`'TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384',`
			`'TLS_RSA_WITH_AES_128_CCM',`
			`'TLS_RSA_WITH_AES_256_CCM',`
			`'TLS_RSA_WITH_AES_128_CCM_8',`
			`'TLS_RSA_WITH_AES_256_CCM_8',`
			`'TLS_PSK_WITH_AES_128_CCM',`
			`'TLS_PSK_WITH_AES_256_CCM',`
			`'TLS_PSK_WITH_AES_128_CCM_8',`
			`'TLS_PSK_WITH_AES_256_CCM_8',`
			`]`
nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2 Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD). Now default cipher list is the one recommended by Mozilla web site. The --honor-cipher-order option is removed and now it is always assumed. 2014-06-10 15:47:22 +02:00
			`ciphers = []`
nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection 2015-08-19 16:33:53 +02:00			`found = set()`
Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`for hl, name, _, _, _ in csv.reader(sys.stdin):`
nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection 2015-08-19 16:33:53 +02:00			`if name not in blacklist:`
nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2 Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD). Now default cipher list is the one recommended by Mozilla web site. The --honor-cipher-order option is removed and now it is always assumed. 2014-06-10 15:47:22 +02:00			`continue`

nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection 2015-08-19 16:33:53 +02:00			`found.add(name)`

nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2 Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD). Now default cipher list is the one recommended by Mozilla web site. The --honor-cipher-order option is removed and now it is always assumed. 2014-06-10 15:47:22 +02:00			`high, low = hl.split(',')`

			`id = high + low[2:] + 'u'`
			`ciphers.append((id, name))`

Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`print('''\`
			`enum {''')`
nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2 Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD). Now default cipher list is the one recommended by Mozilla web site. The --honor-cipher-order option is removed and now it is always assumed. 2014-06-10 15:47:22 +02:00
			`for id, name in ciphers:`
Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`print('{} = {},'.format(name, id))`
nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2 Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD). Now default cipher list is the one recommended by Mozilla web site. The --honor-cipher-order option is removed and now it is always assumed. 2014-06-10 15:47:22 +02:00
Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`print('''\`
nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2 Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD). Now default cipher list is the one recommended by Mozilla web site. The --honor-cipher-order option is removed and now it is always assumed. 2014-06-10 15:47:22 +02:00			`};`
Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`''')`
nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2 Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD). Now default cipher list is the one recommended by Mozilla web site. The --honor-cipher-order option is removed and now it is always assumed. 2014-06-10 15:47:22 +02:00
			`for id, name in ciphers:`
Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`print('''\`
			`case {}:'''.format(name))`
nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection 2015-08-19 16:33:53 +02:00
			`if len(found) != len(blacklist):`
Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`print('{} found out of {}; not all cipher was found: {}'.format(`
nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection 2015-08-19 16:33:53 +02:00			`len(found), len(blacklist),`
Require python3 for python scripts 2020-12-29 09:01:31 +01:00			`found.symmetric_difference(blacklist)))`