Overview of ssl_funcs.inc

Public Function Summary

Public functions are intended to be called by the code that imports this library.

Name Summary
cert_summary
check_cert_validity
data_len
get_server_cert
open_ssl_socket
send_ssl_client_hello
ssl2_hello
ssl2_recv

Private Function Summary

Private functions are not intended to be called by the code that imports this library. There is no functional difference between private and public functions, only convention, and they may be called as normal.

Name Summary
_ssl3_tls_hello

Public Function Details

cert_summary

Named Parameters

key

Code

function cert_summary(key)
{
  return string("\nCertificate details:\n",
                "subject ...: ", get_kb_item(key + "subject"),"\n",
                "issued by .: ", get_kb_item(key + "issuer"), "\n",
                "serial ....: ", get_kb_item(key + "serial"), "\n",
                "valid from : ",
                isotime_print(get_kb_item(key + "notBefore")), " UTC\n",
                "valid until: ",
                isotime_print(get_kb_item(key + "notAfter")), " UTC\n",
                "fingerprint: ", get_kb_item(key + "fprSHA1"));
}

#

		
top

check_cert_validity

Named Parameters

check_for
fprlist
now
port
timeframe
vhost

Code

function check_cert_validity(fprlist, port, vhost, check_for, now, timeframe) {
    local_var key, certobj, valid_start, valid_end;    

    if( ! fprlist )
      set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#fprlist#-#check_cert_validity" );

    tmp = split(fprlist, sep:",", keep:FALSE);
    fpr = tmp[0];

    if (fpr[0] == "[") {
        debug_print("A SSL certificate on port ", port, " (" + vhost + ")",
                    " is erroneous.", level:0);
        return;
    }

    key = "HostDetails/Cert/" + fpr + "/";

    if (check_for == "expired") {
      valid_end = get_kb_item(key + "notAfter");
      if (valid_end < now)
        return key;
      else
        return;
    }

    if (check_for == "not_valid_yet") {
      valid_start = get_kb_item(key + "notBefore");
      if (valid_start > now)
        return key;
      else
        return;
    }

    if (check_for == "expire_soon") {
      valid_end =  get_kb_item(key + "notAfter");

      if(valid_end < now) return;

      if (valid_end < timeframe)
        return key;
      else
        return;
    }

    if (check_for == "too_long_valid") {
      valid_end = get_kb_item(key + "notAfter");
      if (valid_end > timeframe)
        return key;
      else
        return;
    }

    return;
}

function _ssl3_tls_hello( version , ciphers)

		
top

data_len

Named Parameters

data

Code

function data_len( data )
{
  data_len = strlen( data );
  return raw_string( data_len / 256, data_len % 256 );
}

function open_ssl_socket( port )

		
top

get_server_cert

Named Parameters

format
port

Code

function get_server_cert(port, format)
{
    local_var mesgoffset, off, mesgsize;

    if( ! port ) set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#port#-#get_server_cert" );

    if(get_port_state(port))
    {
      if( defined_func( 'socket_get_cert' ) && ! get_kb_item( 'TLS/' + port ) ) # r19165
      { 
        transport = get_port_transport( port );

        if( transport < 2 ) # not ssl encapsulated
          return;

        soc = open_sock_tcp(port, transport:transport );
        if( soc )
        {
          cert = socket_get_cert( socket:soc );
          close( soc );

          if( cert )
            return cert;

          return;
        }
        return;
      } 
      else
      {  
	soc = open_ssl_socket(port:port);

	if(soc)
	{
	    #send a client hello and get response
	    serverhello = send_ssl_client_hello(socket:soc);

	    #used to iterate over tls records
	    byteoffset = 0;

	    #certificate length - Used by substring to chunk out a cert
	    certsize = 0;

	    #check whether it's a handshake
            #display("len(serverhello)=", strlen(serverhello), "\n");
	    while (byteoffset < strlen(serverhello))
	    {
                recordsize = ord(serverhello[byteoffset+3])*256
                           + ord(serverhello[byteoffset+4]);
                #display("  reading record off=", byteoffset,
                #        " type=", hex(ord(serverhello[0+byteoffset])),
                #        " size=", recordsize, "\n");
	    	if (ord(serverhello[0+byteoffset]) == 0x16)
	    	{
                    #used to iterate over handshake messages.
                    mesgoffset = 0;

                    while (mesgoffset < recordsize)
                    {
                        off = byteoffset + mesgoffset + 5;
	    		mesgsize = ord(serverhello[off+1])*65536
                                 + ord(serverhello[off+2])*256
                                 + ord(serverhello[off+3]);
                        #display("    handshake mesg off=", mesgoffset,
                        #        " type=",
                        #        hex(ord(serverhello[off])),
                        #        " size=", mesgsize, "\n");

	    		#check for the handshake type:  certificate
	    		if (ord(serverhello[off]) == 0x0b)
	    		{
	    		    #Get the certificate size
	    		    certsize = ord(serverhello[off+7])*4096
                                     + ord(serverhello[off+8])*256
                                     + ord(serverhello[off+9]);
	    		    #Substring certificate
	    		    cert = substr(serverhello, off+10,
                                          off+10+certsize-1);

	    		    close(soc);

	    		    return cert;
	    		}
                        mesgoffset = mesgoffset + 4 + mesgsize;
                    }
	    	}
	    	#If we get here, this isn't the correct record type,
	    	#Lets offset,rinse and repeat
	    	byteoffset = byteoffset + 5 + recordsize;
	    }

	    #We didn't get a cert
	    close(soc);
	    return 0;
        }
    }
  }
}

function send_ssl_client_hello(socket, version, len)

		
top

open_ssl_socket

Named Parameters

port

Code

function open_ssl_socket( port )
{
  local_var soc, port, starttls_typ, starttls, st, search, stls;

  if( ! port )
  {
    set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#port#-#open_ssl_socket" );
    return;
  }

  soc = open_sock_tcp( port, transport:ENCAPS_IP );
  if( ! soc ) return FALSE;

  starttls_typ = get_kb_item('TLS/' + port);

  if( starttls_typ )
  {
    if( starttls_typ == "xmpp-client" )
    {
      host = get_host_name();

      req = "<stream:stream xmlns='jabber:client' " +
      "xmlns:stream='http://etherx.jabber.org/streams' " +
      "version='1.0' " +
      "to='" + host  + "'>";

      send( socket:soc, data:req );
      recv = recv( socket:soc, length:2048 );

      if( "stream:error" >< recv )
      {
        close( soc );
        return FALSE;
      }

      req = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>";
      send( socket:soc, data:req );
      recv = recv( socket:soc, length:256 );

      if( "<proceed" >!< recv )
      {
        close( soc );
        return FALSE;
      }
    }
    else if( starttls_typ == "xmpp-server" )
    {
      host = get_host_name();

      req = "<stream:stream xmlns='jabber:server' " +
      "xmlns:stream='http://etherx.jabber.org/streams' " +
      "version='1.0' " +
      "to='" + host  + "'>";

      send( socket:soc, data:req );
      recv = recv( socket:soc, length:2048 );

      if( "stream:error" >< recv )
      {
        close( soc );
        return FALSE;
      }

      req = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>";
      send( socket:soc, data:req );
      recv = recv( socket:soc, length:256 );

      if( "<proceed" >!< recv )
      {
        close( soc );
        return FALSE;
      }
    }
    else if ( starttls_typ == "ldap" )
    {
      req = raw_string(0x30,0x1d,0x02,0x01,0x01,0x77,0x18,0x84,
                       0x16,0x31,0x2e,0x33,0x2e,0x36,0x2e,0x31,
                       0x2e,0x34,0x2e,0x31,0x2e,0x31,0x34,0x36,
                       0x36,0x2e,0x32,0x30,0x30,0x33,0x37);

      send(socket:soc, data:req);
      recv = recv(socket:soc, length:1024);

      if( ord( recv[0] ) != 48 )
      {
        close( soc );
        return FALSE;
      }    
    }  
    else
    {
      tls_str = make_array(
                         'smtp', '220:STARTTLS\r\n' ,
                         'imap', 'OpenVAS1 OK:OpenVAS1 STARTTLS\r\n',
                         'pop3', '+OK:STLS\r\n',
                         'ftp',  '234:AUTH TLS\r\n',
                         'postgres','S:' + raw_string(0x00,0x00,0x00,0x08,0x04,0xD2,0x16,0x2F),
                         'nntp', '382 Continue:STARTTLS\r\n'
                        );

      if(  tls_str[starttls_typ] ) 
      { 
        starttls = tls_str[starttls_typ];

        if( starttls_typ == 'smtp' )
        {
           while( ! recv( socket:soc, length:1 ) ) continue;
           send( socket:soc, data:'EHLO ' + this_host() + '\r\n' );
        }

        st = split( starttls, sep:":", keep:FALSE );
        search = st[0];
        stls =  st[1];

        if( isnull( search ) || isnull( stls ) ) return  FALSE;
  
        send(socket:soc, data:stls);
        recv = recv( socket:soc, length:1024 );

        if( search >!< recv )
        { 
          close( soc );
          return FALSE;
        } 

      }  

    }

  }

  if( ! soc ) return;

  return soc;

}

function ssl2_hello( ciphers )

		
top

send_ssl_client_hello

Named Parameters

len
socket
version

Code

function send_ssl_client_hello(socket, version, len)
{

        if(!version) version = TLS_10;
        if(!len) len = 10000;

        if( ! socket )
        {
          set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#socket#-#send_ssl_client_hello" );
          return;
        }

	# Send an sslv2 client Hello
	req = raw_string (
			0x80, 0x74, 0x01) + 
                        version + 
                        raw_string(0x00, 0x4b, 0x00,
			0x00, 0x00, 0x20, 0x00, 0x00, 0x39, 0x00, 0x00,
			0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
			0x00, 0x13, 0x00, 0x00, 0x0a, 0x07, 0x00, 0xc0,
			0x00, 0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00,
			0x2f, 0x03, 0x00, 0x80, 0x00, 0x00, 0x05, 0x00,
			0x00, 0x04, 0x01, 0x00, 0x80, 0x00, 0x00, 0x15,
			0x00, 0x00, 0x12, 0x00, 0x00, 0x09, 0x06, 0x00,
			0x40, 0x00, 0x00, 0x14, 0x00, 0x00, 0x11, 0x00,
			0x00, 0x08, 0x00, 0x00, 0x06, 0x04, 0x00, 0x80,
			0x00, 0x00, 0x03, 0x02, 0x00, 0x80, 0x3a, 0xaa,
			0xc8, 0xd9, 0x60, 0xbe, 0x63, 0x7c, 0x85, 0xb3,
			0x17, 0xa6, 0xb7, 0xa8, 0xec, 0x2e, 0x45, 0x2c,
			0x8a, 0x63, 0xf0, 0x6f, 0x9d, 0x59, 0x70, 0x92,
			0x0a, 0xd1, 0xc6, 0xbf, 0xdd, 0xbf );
	send(socket:socket, data:req);

	#Get as much data as we can. We expect a server hello, certificate, kex, done ...
	response = recv(socket:socket, length:len);

	return response;

}

# Return a string with a brief summary of the certifciate.  KEY is the

		
top

ssl2_hello

Named Parameters

ciphers

Code

function ssl2_hello( ciphers )
{
  local_var ciphers, _ciphers, version, type, clen, sessionid, sessionid_len, challenge_len, hello_data, hd_len, hello;

  version = raw_string( 0x00, 0x02 );
  type = raw_string( 0x01 );

  if( ciphers )
    _ciphers = ciphers;
  else
    _ciphers =
      raw_string(0x00, 0x00, 0x00) + # SSL2_NULL_WITH_MD5 : Weak cipher
      raw_string(0x01, 0x00, 0x80) + # SSL2_RC4_128_MD5
      raw_string(0x02, 0x00, 0x80) + # SSL2_RC4_128_EXPORT40_WITH_MD5
      raw_string(0x03, 0x00, 0x80) + # SSL2_RC2_CBC_128_CBC_WITH_MD5
      raw_string(0x04, 0x00, 0x80) + # SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
      raw_string(0x05, 0x00, 0x80) + # SSL2_IDEA_128_CBC_WITH_MD5
      raw_string(0x06, 0x00, 0x40) + # SSL2_DES_64_CBC_WITH_MD5
      raw_string(0x06, 0x01, 0x40) + # SSL2_DES_64_CBC_WITH_SHA
      raw_string(0x07, 0x00, 0xc0) + # SSL2_DES_192_EDE3_CBC_WITH_MD5
      raw_string(0x07, 0x01, 0xc0) + # SSL2_DES_192_EDE3_CBC_WITH_SHA
      raw_string(0x08, 0x00, 0x80) + # SSL2_RC4_64_WITH_MD5
      raw_string(0xff, 0x08, 0x00) + # SSL2_DES_64_CFB64_WITH_MD5_1
      raw_string(0xff, 0x08, 0x10) + # SSL2_NULL
      raw_string(0x06, 0x00, 0x80);  # SSL2_UNKNOWN


  clen = data_len( data:_ciphers );

  sessionid = "";
  sessionid_len = data_len( data:sessionid );

  challenge = rand_str( length:16 );
  challenge_len = data_len( data:challenge );

  hello_data = type +
               version +
               clen +
               sessionid_len +
               challenge_len +
               _ciphers +
               sessionid +
               challenge;

  hd_len = strlen( hello_data );
  hello = raw_string( 0x80 | ( hd_len / 256 ), hd_len % 256) + hello_data;

  return hello;

}

function ssl2_recv( soc )

		
top

ssl2_recv

Named Parameters

soc

Code

function ssl2_recv( soc )
{
  local_var soc, hello, hdr, len, server_hello;

  if( ! soc ) 
  {
    set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#soc#-#ssl2_recv" );
    return;
  }

  hello = ssl2_hello();

  if( ! hello ) return;

  send( socket:soc, data:hello );

  hdr = recv( socket:soc, length:5, timeout:5 );

  if( ! hdr || strlen( hdr ) != 5 )
    return;

  # SSLv2 allows for two- or three-byte payload lengths.
  if( ord( hdr[0] ) & 0x80 )
  {
    len = ( ( ord( hdr[0] ) & 0x7f ) << 8 ) | ord( hdr[1] );
    len -= 3;
  }
  else
  {
    len = ( ( ord(hdr[0] ) & 0x3f ) << 8 ) | ord( hdr[1] );
    len -= 2;
  }

  if( len < 1 ) return;

  server_hello = hdr + recv( socket:soc, length:len, timeout:5 );

  if( strlen( server_hello ) < 6 ) return;

  if( ord( server_hello[2]) == 4 && ord( server_hello[5]) == 0 && ord( server_hello[6] ) == 2 )
    return server_hello;

}


		
top

Private Function Details

_ssl3_tls_hello

Named Parameters

ciphers
version

Code

function _ssl3_tls_hello( version , ciphers)
{
  local_var hello, data, hello_len, hde_len, hde, hello_data, time, clen, _ciphers, version;

  if( ! version ) version = TLS_10;

  if(ciphers){
    _ciphers = ciphers;
  } else {
    _ciphers =
      raw_string( 0x00,0x00 ) + #TLS_NULL_WITH_NULL_NULL,Y,[RFC5246]
      raw_string( 0x00,0x01 ) + #TLS_RSA_WITH_NULL_MD5,Y,[RFC5246]
      raw_string( 0x00,0x02 ) + #TLS_RSA_WITH_NULL_SHA,Y,[RFC5246]
      raw_string( 0x00,0x03 ) + #TLS_RSA_EXPORT_WITH_RC4_40_MD5,N,[RFC4346][RFC6347]
      raw_string( 0x00,0x04 ) + #TLS_RSA_WITH_RC4_128_MD5,N,[RFC5246][RFC6347]
      raw_string( 0x00,0x05 ) + #TLS_RSA_WITH_RC4_128_SHA,N,[RFC5246][RFC6347]
      raw_string( 0x00,0x06 ) + #TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,Y,[RFC4346]
      raw_string( 0x00,0x07 ) + #TLS_RSA_WITH_IDEA_CBC_SHA,Y,[RFC5469]
      raw_string( 0x00,0x08 ) + #TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
      raw_string( 0x00,0x09 ) + #TLS_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
      raw_string( 0x00,0x0A ) + #TLS_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x0B ) + #TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
      raw_string( 0x00,0x0C ) + #TLS_DH_DSS_WITH_DES_CBC_SHA,Y,[RFC5469]
      raw_string( 0x00,0x0D ) + #TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x0E ) + #TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
      raw_string( 0x00,0x0F ) + #TLS_DH_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
      raw_string( 0x00,0x10 ) + #TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x11 ) + #TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
      raw_string( 0x00,0x12 ) + #TLS_DHE_DSS_WITH_DES_CBC_SHA,Y,[RFC5469]
      raw_string( 0x00,0x13 ) + #TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x14 ) + #TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
      raw_string( 0x00,0x15 ) + #TLS_DHE_RSA_WITH_DES_CBC_SHA,Y,[RFC5469]
      raw_string( 0x00,0x16 ) + #TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x17 ) + #TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,N,[RFC4346][RFC6347]
      raw_string( 0x00,0x18 ) + #TLS_DH_anon_WITH_RC4_128_MD5,N,[RFC5246][RFC6347]
      raw_string( 0x00,0x19 ) + #TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,Y,[RFC4346]
      raw_string( 0x00,0x1A ) + #TLS_DH_anon_WITH_DES_CBC_SHA,Y,[RFC5469]
      raw_string( 0x00,0x1B ) + #TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x1E ) + #TLS_KRB5_WITH_DES_CBC_SHA,Y,[RFC2712]
      raw_string( 0x00,0x1F ) + #TLS_KRB5_WITH_3DES_EDE_CBC_SHA,Y,[RFC2712]
      raw_string( 0x00,0x20 ) + #TLS_KRB5_WITH_RC4_128_SHA,N,[RFC2712][RFC6347]
      raw_string( 0x00,0x21 ) + #TLS_KRB5_WITH_IDEA_CBC_SHA,Y,[RFC2712]
      raw_string( 0x00,0x22 ) + #TLS_KRB5_WITH_DES_CBC_MD5,Y,[RFC2712]
      raw_string( 0x00,0x23 ) + #TLS_KRB5_WITH_3DES_EDE_CBC_MD5,Y,[RFC2712]
      raw_string( 0x00,0x24 ) + #TLS_KRB5_WITH_RC4_128_MD5,N,[RFC2712][RFC6347]
      raw_string( 0x00,0x25 ) + #TLS_KRB5_WITH_IDEA_CBC_MD5,Y,[RFC2712]
      raw_string( 0x00,0x26 ) + #TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,Y,[RFC2712]
      raw_string( 0x00,0x27 ) + #TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,Y,[RFC2712]
      raw_string( 0x00,0x28 ) + #TLS_KRB5_EXPORT_WITH_RC4_40_SHA,N,[RFC2712][RFC6347]
      raw_string( 0x00,0x29 ) + #TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,Y,[RFC2712]
      raw_string( 0x00,0x2A ) + #TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,Y,[RFC2712]
      raw_string( 0x00,0x2B ) + #TLS_KRB5_EXPORT_WITH_RC4_40_MD5,N,[RFC2712][RFC6347]
      raw_string( 0x00,0x2C ) + #TLS_PSK_WITH_NULL_SHA,Y,[RFC4785]
      raw_string( 0x00,0x2D ) + #TLS_DHE_PSK_WITH_NULL_SHA,Y,[RFC4785]
      raw_string( 0x00,0x2E ) + #TLS_RSA_PSK_WITH_NULL_SHA,Y,[RFC4785]
      raw_string( 0x00,0x2F ) + #TLS_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x30 ) + #TLS_DH_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x31 ) + #TLS_DH_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x32 ) + #TLS_DHE_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x33 ) + #TLS_DHE_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x34 ) + #TLS_DH_anon_WITH_AES_128_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x35 ) + #TLS_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x36 ) + #TLS_DH_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x37 ) + #TLS_DH_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x38 ) + #TLS_DHE_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x39 ) + #TLS_DHE_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x3A ) + #TLS_DH_anon_WITH_AES_256_CBC_SHA,Y,[RFC5246]
      raw_string( 0x00,0x3B ) + #TLS_RSA_WITH_NULL_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x3C ) + #TLS_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x3D ) + #TLS_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x3E ) + #TLS_DH_DSS_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x3F ) + #TLS_DH_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x40 ) + #TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x41 ) + #TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x42 ) + #TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x43 ) + #TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x44 ) + #TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x45 ) + #TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x46 ) + #TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x67 ) + #TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x68 ) + #TLS_DH_DSS_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x69 ) + #TLS_DH_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x6A ) + #TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x6B ) + #TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x6C ) + #TLS_DH_anon_WITH_AES_128_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x6D ) + #TLS_DH_anon_WITH_AES_256_CBC_SHA256,Y,[RFC5246]
      raw_string( 0x00,0x84 ) + #TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x85 ) + #TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x86 ) + #TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x87 ) + #TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x88 ) + #TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x89 ) + #TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,Y,[RFC5932]
      raw_string( 0x00,0x8A ) + #TLS_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
      raw_string( 0x00,0x8B ) + #TLS_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x8C ) + #TLS_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x8D ) + #TLS_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x8E ) + #TLS_DHE_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
      raw_string( 0x00,0x8F ) + #TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x90 ) + #TLS_DHE_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x91 ) + #TLS_DHE_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x92 ) + #TLS_RSA_PSK_WITH_RC4_128_SHA,N,[RFC4279][RFC6347]
      raw_string( 0x00,0x93 ) + #TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x94 ) + #TLS_RSA_PSK_WITH_AES_128_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x95 ) + #TLS_RSA_PSK_WITH_AES_256_CBC_SHA,Y,[RFC4279]
      raw_string( 0x00,0x96 ) + #TLS_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
      raw_string( 0x00,0x97 ) + #TLS_DH_DSS_WITH_SEED_CBC_SHA,Y,[RFC4162]
      raw_string( 0x00,0x98 ) + #TLS_DH_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
      raw_string( 0x00,0x99 ) + #TLS_DHE_DSS_WITH_SEED_CBC_SHA,Y,[RFC4162]
      raw_string( 0x00,0x9A ) + #TLS_DHE_RSA_WITH_SEED_CBC_SHA,Y,[RFC4162]
      raw_string( 0x00,0x9B ) + #TLS_DH_anon_WITH_SEED_CBC_SHA,Y,[RFC4162]
      raw_string( 0x00,0x9C ) + #TLS_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
      raw_string( 0x00,0x9D ) + #TLS_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
      raw_string( 0x00,0x9E ) + #TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
      raw_string( 0x00,0x9F ) + #TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
      raw_string( 0x00,0xA0 ) + #TLS_DH_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
      raw_string( 0x00,0xA1 ) + #TLS_DH_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
      raw_string( 0x00,0xA2 ) + #TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
      raw_string( 0x00,0xA3 ) + #TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
      raw_string( 0x00,0xA4 ) + #TLS_DH_DSS_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
      raw_string( 0x00,0xA5 ) + #TLS_DH_DSS_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
      raw_string( 0x00,0xA6 ) + #TLS_DH_anon_WITH_AES_128_GCM_SHA256,Y,[RFC5288]
      raw_string( 0x00,0xA7 ) + #TLS_DH_anon_WITH_AES_256_GCM_SHA384,Y,[RFC5288]
      raw_string( 0x00,0xA8 ) + #TLS_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xA9 ) + #TLS_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xAA ) + #TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xAB ) + #TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xAC ) + #TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xAD ) + #TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xAE ) + #TLS_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xAF ) + #TLS_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xB0 ) + #TLS_PSK_WITH_NULL_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xB1 ) + #TLS_PSK_WITH_NULL_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xB2 ) + #TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xB3 ) + #TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xB4 ) + #TLS_DHE_PSK_WITH_NULL_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xB5 ) + #TLS_DHE_PSK_WITH_NULL_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xB6 ) + #TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xB7 ) + #TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xB8 ) + #TLS_RSA_PSK_WITH_NULL_SHA256,Y,[RFC5487]
      raw_string( 0x00,0xB9 ) + #TLS_RSA_PSK_WITH_NULL_SHA384,Y,[RFC5487]
      raw_string( 0x00,0xBA ) + #TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xBB ) + #TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xBC ) + #TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xBD ) + #TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xBE ) + #TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xBF ) + #TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xC0 ) + #TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xC1 ) + #TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xC2 ) + #TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xC3 ) + #TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xC4 ) + #TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xC5 ) + #TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,Y,[RFC5932]
      raw_string( 0x00,0xFF ) + #TLS_EMPTY_RENEGOTIATION_INFO_SCSV,Y,[RFC5746]
      raw_string( 0xC0,0x01 ) + #TLS_ECDH_ECDSA_WITH_NULL_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x02 ) + #TLS_ECDH_ECDSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
      raw_string( 0xC0,0x03 ) + #TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x04 ) + #TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x05 ) + #TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x06 ) + #TLS_ECDHE_ECDSA_WITH_NULL_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x07 ) + #TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
      raw_string( 0xC0,0x08 ) + #TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x09 ) + #TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x0A ) + #TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x0B ) + #TLS_ECDH_RSA_WITH_NULL_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x0C ) + #TLS_ECDH_RSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
      raw_string( 0xC0,0x0D ) + #TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x0E ) + #TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x0F ) + #TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x10 ) + #TLS_ECDHE_RSA_WITH_NULL_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x11 ) + #TLS_ECDHE_RSA_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
      raw_string( 0xC0,0x12 ) + #TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x13 ) + #TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x14 ) + #TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x15 ) + #TLS_ECDH_anon_WITH_NULL_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x16 ) + #TLS_ECDH_anon_WITH_RC4_128_SHA,N,[RFC4492][RFC6347]
      raw_string( 0xC0,0x17 ) + #TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x18 ) + #TLS_ECDH_anon_WITH_AES_128_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x19 ) + #TLS_ECDH_anon_WITH_AES_256_CBC_SHA,Y,[RFC4492]
      raw_string( 0xC0,0x1A ) + #TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x1B ) + #TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x1C ) + #TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x1D ) + #TLS_SRP_SHA_WITH_AES_128_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x1E ) + #TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x1F ) + #TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x20 ) + #TLS_SRP_SHA_WITH_AES_256_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x21 ) + #TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x22 ) + #TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,Y,[RFC5054]
      raw_string( 0xC0,0x23 ) + #TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
      raw_string( 0xC0,0x24 ) + #TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
      raw_string( 0xC0,0x25 ) + #TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
      raw_string( 0xC0,0x26 ) + #TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
      raw_string( 0xC0,0x27 ) + #TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
      raw_string( 0xC0,0x28 ) + #TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
      raw_string( 0xC0,0x29 ) + #TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,Y,[RFC5289]
      raw_string( 0xC0,0x2A ) + #TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,Y,[RFC5289]
      raw_string( 0xC0,0x2B ) + #TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
      raw_string( 0xC0,0x2C ) + #TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
      raw_string( 0xC0,0x2D ) + #TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
      raw_string( 0xC0,0x2E ) + #TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
      raw_string( 0xC0,0x2F ) + #TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
      raw_string( 0xC0,0x30 ) + #TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
      raw_string( 0xC0,0x31 ) + #TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,Y,[RFC5289]
      raw_string( 0xC0,0x32 ) + #TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,Y,[RFC5289]
      raw_string( 0xC0,0x33 ) + #TLS_ECDHE_PSK_WITH_RC4_128_SHA,N,[RFC5489][RFC6347]
      raw_string( 0xC0,0x34 ) + #TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,Y,[RFC5489]
      raw_string( 0xC0,0x35 ) + #TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,Y,[RFC5489]
      raw_string( 0xC0,0x36 ) + #TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,Y,[RFC5489]
      raw_string( 0xC0,0x37 ) + #TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,Y,[RFC5489]
      raw_string( 0xC0,0x38 ) + #TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,Y,[RFC5489]
      raw_string( 0xC0,0x39 ) + #TLS_ECDHE_PSK_WITH_NULL_SHA,Y,[RFC5489]
      raw_string( 0xC0,0x3A ) + #TLS_ECDHE_PSK_WITH_NULL_SHA256,Y,[RFC5489]
      raw_string( 0xC0,0x3B ) + #TLS_ECDHE_PSK_WITH_NULL_SHA384,Y,[RFC5489]
      raw_string( 0xC0,0x3C ) + #TLS_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x3D ) + #TLS_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x3E ) + #TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x3F ) + #TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x40 ) + #TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x41 ) + #TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x42 ) + #TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x43 ) + #TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x44 ) + #TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x45 ) + #TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x46 ) + #TLS_DH_anon_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x47 ) + #TLS_DH_anon_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x48 ) + #TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x49 ) + #TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x4A ) + #TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x4B ) + #TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x4C ) + #TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x4D ) + #TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x4E ) + #TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x4F ) + #TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x50 ) + #TLS_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x51 ) + #TLS_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x52 ) + #TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x53 ) + #TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x54 ) + #TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x55 ) + #TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x56 ) + #TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x57 ) + #TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x58 ) + #TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x59 ) + #TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x5A ) + #TLS_DH_anon_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x5B ) + #TLS_DH_anon_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x5C ) + #TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x5D ) + #TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x5E ) + #TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x5F ) + #TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x60 ) + #TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x61 ) + #TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x62 ) + #TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x63 ) + #TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x64 ) + #TLS_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x65 ) + #TLS_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x66 ) + #TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x67 ) + #TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x68 ) + #TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x69 ) + #TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x6A ) + #TLS_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x6B ) + #TLS_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x6C ) + #TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x6D ) + #TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x6E ) + #TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x6F ) + #TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x70 ) + #TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,Y,[RFC6209]
      raw_string( 0xC0,0x71 ) + #TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,Y,[RFC6209]
      raw_string( 0xC0,0x72 ) + #TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x73 ) + #TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x74 ) + #TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x75 ) + #TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x76 ) + #TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x77 ) + #TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x78 ) + #TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x79 ) + #TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x7A ) + #TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x7B ) + #TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x7C ) + #TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x7D ) + #TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x7E ) + #TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x7F ) + #TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x80 ) + #TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x81 ) + #TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x82 ) + #TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x83 ) + #TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x84 ) + #TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x85 ) + #TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x86 ) + #TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x87 ) + #TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x88 ) + #TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x89 ) + #TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x8A ) + #TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x8B ) + #TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x8C ) + #TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x8D ) + #TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x8E ) + #TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x8F ) + #TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x90 ) + #TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x91 ) + #TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x92 ) + #TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x93 ) + #TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x94 ) + #TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x95 ) + #TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x96 ) + #TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x97 ) + #TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x98 ) + #TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x99 ) + #TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x9A ) + #TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,Y,[RFC6367]
      raw_string( 0xC0,0x9B ) + #TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,Y,[RFC6367]
      raw_string( 0xC0,0x9C ) + #TLS_RSA_WITH_AES_128_CCM,Y,[RFC6655]
      raw_string( 0xC0,0x9D ) + #TLS_RSA_WITH_AES_256_CCM,Y,[RFC6655]
      raw_string( 0xC0,0x9E ) + #TLS_DHE_RSA_WITH_AES_128_CCM,Y,[RFC6655]
      raw_string( 0xC0,0x9F ) + #TLS_DHE_RSA_WITH_AES_256_CCM,Y,[RFC6655]
      raw_string( 0xC0,0xA0 ) + #TLS_RSA_WITH_AES_128_CCM_8,Y,[RFC6655]
      raw_string( 0xC0,0xA1 ) + #TLS_RSA_WITH_AES_256_CCM_8,Y,[RFC6655]
      raw_string( 0xC0,0xA2 ) + #TLS_DHE_RSA_WITH_AES_128_CCM_8,Y,[RFC6655]
      raw_string( 0xC0,0xA3 ) + #TLS_DHE_RSA_WITH_AES_256_CCM_8,Y,[RFC6655]
      raw_string( 0xC0,0xA4 ) + #TLS_PSK_WITH_AES_128_CCM,Y,[RFC6655]
      raw_string( 0xC0,0xA5 ) + #TLS_PSK_WITH_AES_256_CCM,Y,[RFC6655]
      raw_string( 0xC0,0xA6 ) + #TLS_DHE_PSK_WITH_AES_128_CCM,Y,[RFC6655]
      raw_string( 0xC0,0xA7 ) + #TLS_DHE_PSK_WITH_AES_256_CCM,Y,[RFC6655]
      raw_string( 0xC0,0xA8 ) + #TLS_PSK_WITH_AES_128_CCM_8,Y,[RFC6655]
      raw_string( 0xC0,0xA9 ) + #TLS_PSK_WITH_AES_256_CCM_8,Y,[RFC6655]
      raw_string( 0xC0,0xAA ) + #TLS_PSK_DHE_WITH_AES_128_CCM_8,Y,[RFC6655]
      raw_string( 0xC0,0xAB ) + #TLS_PSK_DHE_WITH_AES_256_CCM_8,Y,[RFC6655]
      raw_string( 0xC0,0xAC ) + #TLS_ECDHE_ECDSA_WITH_AES_128_CCM,Y,[RFC-mcgrew-tls-aes-ccm-ecc-08]
      raw_string( 0xC0,0xAD ) + #TLS_ECDHE_ECDSA_WITH_AES_256_CCM,Y,[RFC-mcgrew-tls-aes-ccm-ecc-08]
      raw_string( 0xC0,0xAE ) + #TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,Y,[RFC-mcgrew-tls-aes-ccm-ecc-08]
      raw_string( 0xC0,0xAF );  #TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,Y,[RFC-mcgrew-tls-aes-ccm-ecc-08]
  }
      
  clen = data_len( data:_ciphers  ); 
  time = dec2hex( num:unixtime() );

  hello_data = 
              version + 
              raw_string( time ) +
              raw_string( rand_str( length:28 ) ) +
              raw_string( 0x00 ) +
              clen +
              _ciphers + 
              raw_string( 0x01,0x00 );

  hde = raw_string( 0x00,0x0b,0x00,0x04,0x03,0x00,0x01,0x02 ) + # Extension: ec_point_formats

        raw_string( 0x00,0x0a,0x00,0x34,0x00,0x32,0x00,0x0e, 
                    0x00,0x0d,0x00,0x19,0x00,0x0b,0x00,0x0c,
                    0x00,0x18,0x00,0x09,0x00,0x0a,0x00,0x16,
                    0x00,0x17,0x00,0x08,0x00,0x06,0x00,0x07,
                    0x00,0x14,0x00,0x15,0x00,0x04,0x00,0x05,
                    0x00,0x12,0x00,0x13,0x00,0x01,0x00,0x02,
                    0x00,0x03,0x00,0x0f,0x00,0x10,0x00,0x11 ) + # Extension: elliptic_curves

        raw_string( 0x00,0x23,0x00,0x00 )                     + # Extension: SessionTicket TLS

        raw_string( 0xff,0x01,0x00,0x01,0x00 )                + # Type: renegotiation_info

        raw_string( 0x33,0x74,0x00,0x00 )                     + # Extension: next_protocol_negotiation

        raw_string( 0x00,0x05,0x00,0x05,0x01,0x00,0x00,0x00,
                    0x00 )                                    + # Extension: status_request

        raw_string( 0x00,0x0d,0x00,0x22,0x00,0x20,0x06,0x01,    
                    0x06,0x02,0x06,0x03,0x05,0x01,0x05,0x02,
                    0x05,0x03,0x04,0x01,0x04,0x02,0x04,0x03,
                    0x03,0x01,0x03,0x02,0x03,0x03,0x02,0x01,
                    0x02,0x02,0x02,0x03,0x01,0x01 )           + # Extension: signature_algorithms

        raw_string( 0x00,0x0f,0x00,0x01,0x01 );                 # Extension: Heartbeat

  hde_len = data_len( data:hde );

  hello_data += hde_len + hde;
  hdlen =  data_len( data:hello_data ); 

  data = raw_string( 0x01,0x00 ) + hdlen + hello_data;
  hello_len =  data_len( data:data );

  hello = raw_string( 0x16 ) + version + hello_len + data;
  
  return hello;
}

function data_len( data )

		
top