id: weak-cipher-suites info: name: Weak Cipher Suites Detection author: pussycat0x severity: low description: A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken. reference: - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/ - http://ciphersuite.info metadata: max-request: 4 tags: ssl,tls,misconfig ssl: - address: "{{Host}}:{{Port}}" min_version: tls10 max_version: tls10 extractors: - type: dsl dsl: - "tls_version, cipher" matchers: - type: word name: tls-1.0 part: cipher words: - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_IDEA_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DH_RSA_WITH_SEED_CBC_SHA" - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" - "TLS_RSA_WITH_AES_128_CBC_SHA" - "TLS_PSK_WITH_AES_256_CBC_SHA384" - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_RSA_WITH_AES_128_CCM" - "TLS_RSA_WITH_AES_256_CCM" - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_PSK_WITH_AES_256_CBC_SHA" - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_DSS_WITH_SEED_CBC_SHA" - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" - "TLS_PSK_WITH_AES_128_CCM_8" - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_RSA_WITH_AES_256_CCM_8" - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_128_CCM_8" - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_PSK_WITH_AES_128_CCM" - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" - "TLS_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" - "TLS_PSK_WITH_AES_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_RSA_WITH_AES_256_CBC_SHA256" - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" - "TLS_PSK_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_PSK_WITH_AES_256_GCM_SHA384" - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_WITH_SEED_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" - "TLS_PSK_WITH_AES_256_CCM" - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_PSK_WITH_AES_256_CCM_8" - "TLS_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_KRB5_WITH_IDEA_CBC_SHA" condition: or - address: "{{Host}}:{{Port}}" min_version: tls11 max_version: tls11 extractors: - type: dsl dsl: - "tls_version, cipher" matchers: - type: word name: tls-1.1 part: cipher words: - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_IDEA_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DH_RSA_WITH_SEED_CBC_SHA" - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" - "TLS_RSA_WITH_AES_128_CBC_SHA" - "TLS_PSK_WITH_AES_256_CBC_SHA384" - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_RSA_WITH_AES_128_CCM" - "TLS_RSA_WITH_AES_256_CCM" - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_PSK_WITH_AES_256_CBC_SHA" - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_DSS_WITH_SEED_CBC_SHA" - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" - "TLS_PSK_WITH_AES_128_CCM_8" - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_RSA_WITH_AES_256_CCM_8" - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_128_CCM_8" - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_PSK_WITH_AES_128_CCM" - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" - "TLS_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" - "TLS_PSK_WITH_AES_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_RSA_WITH_AES_256_CBC_SHA256" - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" - "TLS_PSK_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_PSK_WITH_AES_256_GCM_SHA384" - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_WITH_SEED_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" - "TLS_PSK_WITH_AES_256_CCM" - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_PSK_WITH_AES_256_CCM_8" - "TLS_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_KRB5_WITH_IDEA_CBC_SHA" condition: or - address: "{{Host}}:{{Port}}" min_version: tls12 max_version: tls12 extractors: - type: dsl dsl: - "tls_version, cipher" matchers: - type: word name: tls-1.2 part: cipher words: - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_IDEA_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DH_RSA_WITH_SEED_CBC_SHA" - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" - "TLS_RSA_WITH_AES_128_CBC_SHA" - "TLS_PSK_WITH_AES_256_CBC_SHA384" - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_RSA_WITH_AES_128_CCM" - "TLS_RSA_WITH_AES_256_CCM" - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_PSK_WITH_AES_256_CBC_SHA" - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_DSS_WITH_SEED_CBC_SHA" - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" - "TLS_PSK_WITH_AES_128_CCM_8" - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_RSA_WITH_AES_256_CCM_8" - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_128_CCM_8" - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_PSK_WITH_AES_128_CCM" - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" - "TLS_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" - "TLS_PSK_WITH_AES_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_RSA_WITH_AES_256_CBC_SHA256" - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" - "TLS_PSK_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_PSK_WITH_AES_256_GCM_SHA384" - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_WITH_SEED_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" - "TLS_PSK_WITH_AES_256_CCM" - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_PSK_WITH_AES_256_CCM_8" - "TLS_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_KRB5_WITH_IDEA_CBC_SHA" condition: or - address: "{{Host}}:{{Port}}" min_version: tls13 max_version: tls13 extractors: - type: dsl dsl: - "tls_version, cipher" matchers: - type: word name: tls-1.3 part: cipher words: - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_IDEA_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DH_RSA_WITH_SEED_CBC_SHA" - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" - "TLS_RSA_WITH_AES_128_CBC_SHA" - "TLS_PSK_WITH_AES_256_CBC_SHA384" - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_RSA_WITH_AES_128_CCM" - "TLS_RSA_WITH_AES_256_CCM" - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_PSK_WITH_AES_256_CBC_SHA" - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_DSS_WITH_SEED_CBC_SHA" - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" - "TLS_PSK_WITH_AES_128_CCM_8" - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_RSA_WITH_AES_256_CCM_8" - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_128_CCM_8" - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_PSK_WITH_AES_128_CCM" - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" - "TLS_PSK_WITH_AES_128_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" - "TLS_PSK_WITH_AES_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_RSA_WITH_AES_256_CBC_SHA256" - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" - "TLS_PSK_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" - "TLS_PSK_WITH_AES_256_GCM_SHA384" - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_WITH_SEED_CBC_SHA" - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" - "TLS_PSK_WITH_AES_256_CCM" - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" - "TLS_PSK_WITH_AES_256_CCM_8" - "TLS_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" - "TLS_KRB5_WITH_IDEA_CBC_SHA" condition: or # digest: 490a0046304402201579cfe155780ba82a116137bf988f1513ae7e3cb55bea64341ca55b3053d1df02205e88c41a09207bed46d183f1e25097f233389770a9793545a5ceeb3e1a6639a1:922c64590222798bb761d5b6d8e72950