Content deleted Content added
add actual citations to RFCs |
actually cite RFCs |
||
Line 713:
|-
! Implementation
! [[RSA (cryptosystem)|RSA]]<ref name="tls">
! [[RSA (cryptosystem)|RSA]]-EXPORT (insecure)<ref name=tls/>
! [[Diffie–Hellman key exchange|DHE]]-[[RSA (cryptosystem)|RSA]] ([[forward secrecy]])<ref name=tls/>
! [[Diffie–Hellman key exchange|DHE]]-[[Digital Signature Algorithm|DSS]] ([[forward secrecy]])<ref name=tls/>
! [[Elliptic curve Diffie–Hellman|ECDH]]-[[Elliptic Curve DSA|ECDSA]]<ref name="rfc4492">
! [[Elliptic curve Diffie–Hellman|ECDHE]]-[[Elliptic Curve DSA|ECDSA]] ([[forward secrecy]])<ref name="rfc4492"/>
! [[Elliptic curve Diffie–Hellman|ECDH]]-[[RSA (cryptosystem)|RSA]]<ref name="rfc4492"/>
Line 961:
|-
! Implementation
! [[Secure Remote Password protocol|SRP]]<ref name="srp">
! [[Secure Remote Password protocol|SRP]]-[[Digital Signature Algorithm|DSS]]<ref name=srp/>
! [[Secure Remote Password protocol|SRP]]-[[RSA (cryptosystem)|RSA]]<ref name=srp/>
! [[Pre-shared key|PSK]]-[[RSA (cryptosystem)|RSA]]<ref name="psk">
! [[Pre-shared key|PSK]]<ref name=psk/>
! [[Diffie–Hellman key exchange|DHE]]-[[Pre-shared key|PSK]] ([[forward secrecy]])<ref name=psk/>
! [[Elliptic curve Diffie–Hellman|ECDHE]]-[[Pre-shared key|PSK]] ([[forward secrecy]])<ref name="ecdhepsk">
! [[Kerberos (protocol)|KRB5]]<ref name="Kerberos">
! [[Diffie–Hellman key exchange|DH]]-ANON<ref name=tls/> (insecure)
! [[Elliptic curve Diffie–Hellman|ECDH]]-ANON<ref name="rfc4492"/> (insecure)
Line 1,160:
! Implementation
! Application-defined
! PKIX path validation<ref>
! [[Revocation list|CRL]]<ref>
! [[Online Certificate Status Protocol|OCSP]]<ref>
! [[DNS-based Authentication of Named Entities|DANE]] (DNSSEC)<ref>
! Trust on First Use (TOFU)
! [[Certificate Transparency|CT]]<ref>{{cite IETF |title=Certificate Transparency |rfc=6962 |idlink=Certificate Transparency |last1=Laurie |authorlink1=Ben Laurie |first1=B. |last2=Langley |first2=A. |last3=Kasper |first3=E. |date=June 2013 |publisher=[[Internet Engineering Task Force|IETF]] |access-date=2020-08-31 |issn=2070-1721}}</ref>
Line 1,331:
! [[Advanced Encryption Standard|AES]] [[CCM mode|CCM]]<br /><ref name="aes-ccm">RFC 6655, RFC 7251</ref>
! [[Advanced Encryption Standard|AES]] [[Cipher block chaining|CBC]]
! [[Camellia (cipher)|Camellia]] [[Galois/Counter Mode|GCM]]<br /><ref name="camellia-gcm">
! [[Camellia (cipher)|Camellia]] [[Cipher block chaining|CBC]]<br /><ref name="camellia-cbc">
! [[ARIA (cipher)|ARIA]] [[Galois/Counter Mode|GCM]]<br /><ref name=aria/>
! [[ARIA (cipher)|ARIA]] [[Cipher block chaining|CBC]]<br /><ref name="aria">RFC 6209</ref>
Line 1,338:
! {{nowrap|[[Triple DES|3DES EDE]]}} [[Cipher block chaining|CBC]]<br />(insecure)<ref name="sweet32.info">{{cite web|url=https://sweet32.info/|title=Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN|website=sweet32.info}}</ref>
! {{nowrap|[[GOST 28147-89]]}} [[Block cipher mode of operation#Counter (CTR)|CNT]]<br />(proposed)<br /><ref name=gostlink/><ref group="n" name="draft">This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.</ref>
! [[ChaCha20]]-[[Poly1305]]<br /><ref name="chacha20-poly1305">
! Null<br />(insecure)<br /><ref group="n" name="NULL">authentication only, no encryption</ref>
|-
Line 1,614:
! [[Advanced Encryption Standard|AES]] [[Cipher block chaining|CBC]]
! [[Camellia (cipher)|Camellia]] [[Galois/Counter Mode|GCM]]<br /><ref name="camellia-gcm"/>
! [[Camellia (cipher)|Camellia]] [[Cipher block chaining|CBC]]<br /><ref name="camellia-cbc"/><ref name="camellia-gcm"/>
! [[ARIA (cipher)|ARIA]] [[Galois/Counter Mode|GCM]]<br /><ref name=aria/>
! [[ARIA (cipher)|ARIA]] [[Cipher block chaining|CBC]]<br /><ref name=aria/>
| |||