// TLS lookup tables mapping numeric IDs to human-readable names. // Generated from IANA registries. Include only assigned (non-reserved, non-unassigned) entries. // // Registry sources: // - Cipher suites: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 // - Extensions: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml // - Supported groups: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 // - Signature algorithms: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme // - EC point formats: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-9 // - Compression methods: https://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xhtml // // Last updated: 2026-03-25 // Lookup table type: known numeric keys return definite string literals, // arbitrary numeric keys return string | undefined. type LookupTable> = Readonly & { readonly [key: number]: string | undefined }; function lookupTable>(table: T): LookupTable { return table as LookupTable; } export const TLS_VERSIONS = lookupTable({ 0x0300: 'SSL 3.0', 0x0301: 'TLS 1.0', 0x0302: 'TLS 1.1', 0x0303: 'TLS 1.2', 0x0304: 'TLS 1.3', }); // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 export const CIPHER_SUITES = lookupTable({ 0x0000: 'TLS_NULL_WITH_NULL_NULL', 0x0001: 'TLS_RSA_WITH_NULL_MD5', 0x0002: 'TLS_RSA_WITH_NULL_SHA', 0x0003: 'TLS_RSA_EXPORT_WITH_RC4_40_MD5', 0x0004: 'TLS_RSA_WITH_RC4_128_MD5', 0x0005: 'TLS_RSA_WITH_RC4_128_SHA', 0x0006: 'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5', 0x0007: 'TLS_RSA_WITH_IDEA_CBC_SHA', 0x0008: 'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA', 0x0009: 'TLS_RSA_WITH_DES_CBC_SHA', 0x000A: 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 0x000B: 'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA', 0x000C: 'TLS_DH_DSS_WITH_DES_CBC_SHA', 0x000D: 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA', 0x000E: 'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA', 0x000F: 'TLS_DH_RSA_WITH_DES_CBC_SHA', 0x0010: 'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA', 0x0011: 'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA', 0x0012: 'TLS_DHE_DSS_WITH_DES_CBC_SHA', 0x0013: 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA', 0x0014: 'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA', 0x0015: 'TLS_DHE_RSA_WITH_DES_CBC_SHA', 0x0016: 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 0x0017: 'TLS_DH_anon_EXPORT_WITH_RC4_40_MD5', 0x0018: 'TLS_DH_anon_WITH_RC4_128_MD5', 0x0019: 'TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA', 0x001A: 'TLS_DH_anon_WITH_DES_CBC_SHA', 0x001B: 'TLS_DH_anon_WITH_3DES_EDE_CBC_SHA', 0x001E: 'TLS_KRB5_WITH_DES_CBC_SHA', 0x001F: 'TLS_KRB5_WITH_3DES_EDE_CBC_SHA', 0x0020: 'TLS_KRB5_WITH_RC4_128_SHA', 0x0021: 'TLS_KRB5_WITH_IDEA_CBC_SHA', 0x0022: 'TLS_KRB5_WITH_DES_CBC_MD5', 0x0023: 'TLS_KRB5_WITH_3DES_EDE_CBC_MD5', 0x0024: 'TLS_KRB5_WITH_RC4_128_MD5', 0x0025: 'TLS_KRB5_WITH_IDEA_CBC_MD5', 0x0026: 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA', 0x0027: 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA', 0x0028: 'TLS_KRB5_EXPORT_WITH_RC4_40_SHA', 0x0029: 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5', 0x002A: 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5', 0x002B: 'TLS_KRB5_EXPORT_WITH_RC4_40_MD5', 0x002C: 'TLS_PSK_WITH_NULL_SHA', 0x002D: 'TLS_DHE_PSK_WITH_NULL_SHA', 0x002E: 'TLS_RSA_PSK_WITH_NULL_SHA', 0x002F: 'TLS_RSA_WITH_AES_128_CBC_SHA', 0x0030: 'TLS_DH_DSS_WITH_AES_128_CBC_SHA', 0x0031: 'TLS_DH_RSA_WITH_AES_128_CBC_SHA', 0x0032: 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA', 0x0033: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 0x0034: 'TLS_DH_anon_WITH_AES_128_CBC_SHA', 0x0035: 'TLS_RSA_WITH_AES_256_CBC_SHA', 0x0036: 'TLS_DH_DSS_WITH_AES_256_CBC_SHA', 0x0037: 'TLS_DH_RSA_WITH_AES_256_CBC_SHA', 0x0038: 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA', 0x0039: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 0x003A: 'TLS_DH_anon_WITH_AES_256_CBC_SHA', 0x003B: 'TLS_RSA_WITH_NULL_SHA256', 0x003C: 'TLS_RSA_WITH_AES_128_CBC_SHA256', 0x003D: 'TLS_RSA_WITH_AES_256_CBC_SHA256', 0x003E: 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256', 0x003F: 'TLS_DH_RSA_WITH_AES_128_CBC_SHA256', 0x0040: 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256', 0x0041: 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA', 0x0042: 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA', 0x0043: 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA', 0x0044: 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA', 0x0045: 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA', 0x0046: 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA', 0x0067: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 0x0068: 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256', 0x0069: 'TLS_DH_RSA_WITH_AES_256_CBC_SHA256', 0x006A: 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256', 0x006B: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 0x006C: 'TLS_DH_anon_WITH_AES_128_CBC_SHA256', 0x006D: 'TLS_DH_anon_WITH_AES_256_CBC_SHA256', 0x006E: 'TLS_ASCONAEAD128_ASCONHASH256', 0x006F: 'TLS_ASCONAEAD128_SHA256', 0x0070: 'TLS_AES_128_GCM_ASCONHASH256', 0x0071: 'TLS_AES_128_CCM_ASCONHASH256', 0x0084: 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA', 0x0085: 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA', 0x0086: 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA', 0x0087: 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA', 0x0088: 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA', 0x0089: 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA', 0x008A: 'TLS_PSK_WITH_RC4_128_SHA', 0x008B: 'TLS_PSK_WITH_3DES_EDE_CBC_SHA', 0x008C: 'TLS_PSK_WITH_AES_128_CBC_SHA', 0x008D: 'TLS_PSK_WITH_AES_256_CBC_SHA', 0x008E: 'TLS_DHE_PSK_WITH_RC4_128_SHA', 0x008F: 'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA', 0x0090: 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA', 0x0091: 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA', 0x0092: 'TLS_RSA_PSK_WITH_RC4_128_SHA', 0x0093: 'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA', 0x0094: 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA', 0x0095: 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA', 0x0096: 'TLS_RSA_WITH_SEED_CBC_SHA', 0x0097: 'TLS_DH_DSS_WITH_SEED_CBC_SHA', 0x0098: 'TLS_DH_RSA_WITH_SEED_CBC_SHA', 0x0099: 'TLS_DHE_DSS_WITH_SEED_CBC_SHA', 0x009A: 'TLS_DHE_RSA_WITH_SEED_CBC_SHA', 0x009B: 'TLS_DH_anon_WITH_SEED_CBC_SHA', 0x009C: 'TLS_RSA_WITH_AES_128_GCM_SHA256', 0x009D: 'TLS_RSA_WITH_AES_256_GCM_SHA384', 0x009E: 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 0x009F: 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 0x00A0: 'TLS_DH_RSA_WITH_AES_128_GCM_SHA256', 0x00A1: 'TLS_DH_RSA_WITH_AES_256_GCM_SHA384', 0x00A2: 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256', 0x00A3: 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384', 0x00A4: 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256', 0x00A5: 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384', 0x00A6: 'TLS_DH_anon_WITH_AES_128_GCM_SHA256', 0x00A7: 'TLS_DH_anon_WITH_AES_256_GCM_SHA384', 0x00A8: 'TLS_PSK_WITH_AES_128_GCM_SHA256', 0x00A9: 'TLS_PSK_WITH_AES_256_GCM_SHA384', 0x00AA: 'TLS_DHE_PSK_WITH_AES_128_GCM_SHA256', 0x00AB: 'TLS_DHE_PSK_WITH_AES_256_GCM_SHA384', 0x00AC: 'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256', 0x00AD: 'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384', 0x00AE: 'TLS_PSK_WITH_AES_128_CBC_SHA256', 0x00AF: 'TLS_PSK_WITH_AES_256_CBC_SHA384', 0x00B0: 'TLS_PSK_WITH_NULL_SHA256', 0x00B1: 'TLS_PSK_WITH_NULL_SHA384', 0x00B2: 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256', 0x00B3: 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384', 0x00B4: 'TLS_DHE_PSK_WITH_NULL_SHA256', 0x00B5: 'TLS_DHE_PSK_WITH_NULL_SHA384', 0x00B6: 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256', 0x00B7: 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384', 0x00B8: 'TLS_RSA_PSK_WITH_NULL_SHA256', 0x00B9: 'TLS_RSA_PSK_WITH_NULL_SHA384', 0x00BA: 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0x00BB: 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256', 0x00BC: 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0x00BD: 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256', 0x00BE: 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0x00BF: 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256', 0x00C0: 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256', 0x00C1: 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256', 0x00C2: 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256', 0x00C3: 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256', 0x00C4: 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256', 0x00C5: 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256', 0x00C6: 'TLS_SM4_GCM_SM3', 0x00C7: 'TLS_SM4_CCM_SM3', 0x00FF: 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV', // TLS 1.3 cipher suites 0x1301: 'TLS_AES_128_GCM_SHA256', 0x1302: 'TLS_AES_256_GCM_SHA384', 0x1303: 'TLS_CHACHA20_POLY1305_SHA256', 0x1304: 'TLS_AES_128_CCM_SHA256', 0x1305: 'TLS_AES_128_CCM_8_SHA256', 0x1306: 'TLS_AEGIS_256_SHA512', 0x1307: 'TLS_AEGIS_128L_SHA256', // Signaling cipher suite value 0x5600: 'TLS_FALLBACK_SCSV', // ECDH/ECDHE cipher suites 0xC001: 'TLS_ECDH_ECDSA_WITH_NULL_SHA', 0xC002: 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', 0xC003: 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', 0xC004: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', 0xC005: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', 0xC006: 'TLS_ECDHE_ECDSA_WITH_NULL_SHA', 0xC007: 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 0xC008: 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 0xC009: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 0xC00A: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 0xC00B: 'TLS_ECDH_RSA_WITH_NULL_SHA', 0xC00C: 'TLS_ECDH_RSA_WITH_RC4_128_SHA', 0xC00D: 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', 0xC00E: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', 0xC00F: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', 0xC010: 'TLS_ECDHE_RSA_WITH_NULL_SHA', 0xC011: 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', 0xC012: 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 0xC013: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 0xC014: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 0xC015: 'TLS_ECDH_anon_WITH_NULL_SHA', 0xC016: 'TLS_ECDH_anon_WITH_RC4_128_SHA', 0xC017: 'TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA', 0xC018: 'TLS_ECDH_anon_WITH_AES_128_CBC_SHA', 0xC019: 'TLS_ECDH_anon_WITH_AES_256_CBC_SHA', 0xC01A: 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', 0xC01B: 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', 0xC01C: 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA', 0xC01D: 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', 0xC01E: 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', 0xC01F: 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA', 0xC020: 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', 0xC021: 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', 0xC022: 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA', 0xC023: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 0xC024: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 0xC025: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 0xC026: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', 0xC027: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 0xC028: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 0xC029: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', 0xC02A: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', 0xC02B: 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 0xC02C: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 0xC02D: 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 0xC02E: 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 0xC02F: 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 0xC030: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 0xC031: 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', 0xC032: 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', 0xC033: 'TLS_ECDHE_PSK_WITH_RC4_128_SHA', 0xC034: 'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA', 0xC035: 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA', 0xC036: 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA', 0xC037: 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256', 0xC038: 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384', 0xC039: 'TLS_ECDHE_PSK_WITH_NULL_SHA', 0xC03A: 'TLS_ECDHE_PSK_WITH_NULL_SHA256', 0xC03B: 'TLS_ECDHE_PSK_WITH_NULL_SHA384', 0xC03C: 'TLS_RSA_WITH_ARIA_128_CBC_SHA256', 0xC03D: 'TLS_RSA_WITH_ARIA_256_CBC_SHA384', 0xC03E: 'TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256', 0xC03F: 'TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384', 0xC040: 'TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256', 0xC041: 'TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384', 0xC042: 'TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256', 0xC043: 'TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384', 0xC044: 'TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256', 0xC045: 'TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384', 0xC046: 'TLS_DH_anon_WITH_ARIA_128_CBC_SHA256', 0xC047: 'TLS_DH_anon_WITH_ARIA_256_CBC_SHA384', 0xC048: 'TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256', 0xC049: 'TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384', 0xC04A: 'TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256', 0xC04B: 'TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384', 0xC04C: 'TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256', 0xC04D: 'TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384', 0xC04E: 'TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256', 0xC04F: 'TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384', 0xC050: 'TLS_RSA_WITH_ARIA_128_GCM_SHA256', 0xC051: 'TLS_RSA_WITH_ARIA_256_GCM_SHA384', 0xC052: 'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256', 0xC053: 'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384', 0xC054: 'TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256', 0xC055: 'TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384', 0xC056: 'TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256', 0xC057: 'TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384', 0xC058: 'TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256', 0xC059: 'TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384', 0xC05A: 'TLS_DH_anon_WITH_ARIA_128_GCM_SHA256', 0xC05B: 'TLS_DH_anon_WITH_ARIA_256_GCM_SHA384', 0xC05C: 'TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256', 0xC05D: 'TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384', 0xC05E: 'TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256', 0xC05F: 'TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384', 0xC060: 'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256', 0xC061: 'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384', 0xC062: 'TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256', 0xC063: 'TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384', 0xC064: 'TLS_PSK_WITH_ARIA_128_CBC_SHA256', 0xC065: 'TLS_PSK_WITH_ARIA_256_CBC_SHA384', 0xC066: 'TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256', 0xC067: 'TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384', 0xC068: 'TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256', 0xC069: 'TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384', 0xC06A: 'TLS_PSK_WITH_ARIA_128_GCM_SHA256', 0xC06B: 'TLS_PSK_WITH_ARIA_256_GCM_SHA384', 0xC06C: 'TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256', 0xC06D: 'TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384', 0xC06E: 'TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256', 0xC06F: 'TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384', 0xC070: 'TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256', 0xC071: 'TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384', 0xC072: 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256', 0xC073: 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384', 0xC074: 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256', 0xC075: 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384', 0xC076: 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0xC077: 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384', 0xC078: 'TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0xC079: 'TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384', 0xC07A: 'TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC07B: 'TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC07C: 'TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC07D: 'TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC07E: 'TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC07F: 'TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC080: 'TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256', 0xC081: 'TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384', 0xC082: 'TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256', 0xC083: 'TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384', 0xC084: 'TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256', 0xC085: 'TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384', 0xC086: 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC087: 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC088: 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC089: 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC08A: 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC08B: 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC08C: 'TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC08D: 'TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC08E: 'TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256', 0xC08F: 'TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384', 0xC090: 'TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256', 0xC091: 'TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384', 0xC092: 'TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256', 0xC093: 'TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384', 0xC094: 'TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256', 0xC095: 'TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384', 0xC096: 'TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256', 0xC097: 'TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384', 0xC098: 'TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256', 0xC099: 'TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384', 0xC09A: 'TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256', 0xC09B: 'TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384', 0xC09C: 'TLS_RSA_WITH_AES_128_CCM', 0xC09D: 'TLS_RSA_WITH_AES_256_CCM', 0xC09E: 'TLS_DHE_RSA_WITH_AES_128_CCM', 0xC09F: 'TLS_DHE_RSA_WITH_AES_256_CCM', 0xC0A0: 'TLS_RSA_WITH_AES_128_CCM_8', 0xC0A1: 'TLS_RSA_WITH_AES_256_CCM_8', 0xC0A2: 'TLS_DHE_RSA_WITH_AES_128_CCM_8', 0xC0A3: 'TLS_DHE_RSA_WITH_AES_256_CCM_8', 0xC0A4: 'TLS_PSK_WITH_AES_128_CCM', 0xC0A5: 'TLS_PSK_WITH_AES_256_CCM', 0xC0A6: 'TLS_DHE_PSK_WITH_AES_128_CCM', 0xC0A7: 'TLS_DHE_PSK_WITH_AES_256_CCM', 0xC0A8: 'TLS_PSK_WITH_AES_128_CCM_8', 0xC0A9: 'TLS_PSK_WITH_AES_256_CCM_8', 0xC0AA: 'TLS_PSK_DHE_WITH_AES_128_CCM_8', 0xC0AB: 'TLS_PSK_DHE_WITH_AES_256_CCM_8', 0xC0AC: 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM', 0xC0AD: 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM', 0xC0AE: 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8', 0xC0AF: 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8', 0xC0B0: 'TLS_ECCPWD_WITH_AES_128_GCM_SHA256', 0xC0B1: 'TLS_ECCPWD_WITH_AES_256_GCM_SHA384', 0xC0B2: 'TLS_ECCPWD_WITH_AES_128_CCM_SHA256', 0xC0B3: 'TLS_ECCPWD_WITH_AES_256_CCM_SHA384', 0xC0B4: 'TLS_SHA256_SHA256', 0xC0B5: 'TLS_SHA384_SHA384', 0xC100: 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC', 0xC101: 'TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC', 0xC102: 'TLS_GOSTR341112_256_WITH_28147_CNT_IMIT', 0xC103: 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L', 0xC104: 'TLS_GOSTR341112_256_WITH_MAGMA_MGM_L', 0xC105: 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S', 0xC106: 'TLS_GOSTR341112_256_WITH_MAGMA_MGM_S', // ChaCha20-Poly1305 suites 0xCCA8: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 0xCCA9: 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 0xCCAA: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 0xCCAB: 'TLS_PSK_WITH_CHACHA20_POLY1305_SHA256', 0xCCAC: 'TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256', 0xCCAD: 'TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256', 0xCCAE: 'TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256', // ECDHE-PSK with AES GCM 0xD001: 'TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256', 0xD002: 'TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384', 0xD003: 'TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256', 0xD005: 'TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256', }); // https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml // Internal const object — the single source of truth for both EXTENSIONS and EXTENSION_IDS. const _extensions = { 0: 'server_name', 1: 'max_fragment_length', 2: 'client_certificate_url', 3: 'trusted_ca_keys', 4: 'truncated_hmac', 5: 'status_request', 6: 'user_mapping', 7: 'client_authz', 8: 'server_authz', 9: 'cert_type', 10: 'supported_groups', 11: 'ec_point_formats', 12: 'srp', 13: 'signature_algorithms', 14: 'use_srtp', 15: 'heartbeat', 16: 'application_layer_protocol_negotiation', 17: 'status_request_v2', 18: 'signed_certificate_timestamp', 19: 'client_certificate_type', 20: 'server_certificate_type', 21: 'padding', 22: 'encrypt_then_mac', 23: 'extended_master_secret', 24: 'token_binding', 25: 'cached_info', 26: 'tls_lts', 27: 'compress_certificate', 28: 'record_size_limit', 29: 'pwd_protect', 30: 'pwd_clear', 31: 'password_salt', 32: 'ticket_pinning', 33: 'tls_cert_with_extern_psk', 34: 'delegated_credential', 35: 'session_ticket', 36: 'TLMSP', 37: 'TLMSP_proxying', 38: 'TLMSP_delegate', 39: 'supported_ekt_ciphers', 41: 'pre_shared_key', 42: 'early_data', 43: 'supported_versions', 44: 'cookie', 45: 'psk_key_exchange_modes', 47: 'certificate_authorities', 48: 'oid_filters', 49: 'post_handshake_auth', 50: 'signature_algorithms_cert', 51: 'key_share', 52: 'transparency_info', 53: 'connection_id_deprecated', 54: 'connection_id', 55: 'external_id_hash', 56: 'external_session_id', 57: 'quic_transport_parameters', 58: 'ticket_request', 59: 'dnssec_chain', 60: 'sequence_number_encryption_algorithms', 61: 'rrc', 62: 'tls_flags', 64768: 'ech_outer_extensions', 65037: 'encrypted_client_hello', 65281: 'renegotiation_info', // Non-IANA but widely deployed 17513: 'application_settings', } as const satisfies Record; export const EXTENSIONS: LookupTable = _extensions as LookupTable; // Reverse mapping: extension name (or alias) → numeric ID, derived from _extensions. type ExtKey = keyof typeof _extensions; type ExtVal = (typeof _extensions)[ExtKey]; type ReverseExtensions = { readonly [V in ExtVal]: { [K in ExtKey]: (typeof _extensions)[K] extends V ? K : never }[ExtKey] }; const _extensionAliases = { sni: 0, alpn: 16, alps: 17513, ech: 65037, } as const satisfies Record; export const EXTENSION_IDS: ReverseExtensions & typeof _extensionAliases & Record = Object.assign( Object.fromEntries( Object.entries(_extensions).map(([id, name]) => [name, Number(id)]) ), _extensionAliases ) as any; export type ExtensionName = keyof (ReverseExtensions & typeof _extensionAliases); // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 export const SUPPORTED_GROUPS = lookupTable({ 1: 'sect163k1', 2: 'sect163r1', 3: 'sect163r2', 4: 'sect193r1', 5: 'sect193r2', 6: 'sect233k1', 7: 'sect233r1', 8: 'sect239k1', 9: 'sect283k1', 10: 'sect283r1', 11: 'sect409k1', 12: 'sect409r1', 13: 'sect571k1', 14: 'sect571r1', 15: 'secp160k1', 16: 'secp160r1', 17: 'secp160r2', 18: 'secp192k1', 19: 'secp192r1', 20: 'secp224k1', 21: 'secp224r1', 22: 'secp256k1', 23: 'secp256r1', 24: 'secp384r1', 25: 'secp521r1', 26: 'brainpoolP256r1', 27: 'brainpoolP384r1', 28: 'brainpoolP512r1', 29: 'x25519', 30: 'x448', 31: 'brainpoolP256r1tls13', 32: 'brainpoolP384r1tls13', 33: 'brainpoolP512r1tls13', 34: 'GC256A', 35: 'GC256B', 36: 'GC256C', 37: 'GC256D', 38: 'GC512A', 39: 'GC512B', 40: 'GC512C', 41: 'curveSM2', 256: 'ffdhe2048', 257: 'ffdhe3072', 258: 'ffdhe4096', 259: 'ffdhe6144', 260: 'ffdhe8192', // Post-quantum / hybrid key exchange 512: 'MLKEM512', 513: 'MLKEM768', 514: 'MLKEM1024', 4587: 'SecP256r1MLKEM768', 4588: 'X25519MLKEM768', 4589: 'SecP384r1MLKEM1024', 4590: 'curveSM2MLKEM768', // Obsolete pre-standard Kyber 25497: 'X25519Kyber768Draft00', 25498: 'SecP256r1Kyber768Draft00', // Legacy explicit curves 65281: 'arbitrary_explicit_prime_curves', 65282: 'arbitrary_explicit_char2_curves', }); // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme // Also includes legacy TLS 1.2 (hash, signature) byte-pair values from RFC 5246 section 7.4.1.4.1 export const SIGNATURE_ALGORITHMS = lookupTable({ // Legacy TLS 1.2 byte-pair schemes (hash << 8 | sig): hash 2=SHA-1, 3=SHA-224, 4=SHA-256, // 5=SHA-384, 6=SHA-512; sig 1=RSA, 2=DSA, 3=ECDSA 0x0201: 'rsa_pkcs1_sha1', 0x0202: 'dsa_sha1', 0x0203: 'ecdsa_sha1', 0x0301: 'rsa_pkcs1_sha224', 0x0302: 'dsa_sha224', 0x0303: 'ecdsa_sha224', // TLS 1.3 named signature schemes 0x0401: 'rsa_pkcs1_sha256', 0x0402: 'dsa_sha256', 0x0403: 'ecdsa_secp256r1_sha256', 0x0420: 'rsa_pkcs1_sha256_legacy', 0x0501: 'rsa_pkcs1_sha384', 0x0502: 'dsa_sha384', 0x0503: 'ecdsa_secp384r1_sha384', 0x0520: 'rsa_pkcs1_sha384_legacy', 0x0601: 'rsa_pkcs1_sha512', 0x0602: 'dsa_sha512', 0x0603: 'ecdsa_secp521r1_sha512', 0x0620: 'rsa_pkcs1_sha512_legacy', 0x0704: 'eccsi_sha256', 0x0705: 'iso_ibs1', 0x0706: 'iso_ibs2', 0x0707: 'iso_chinese_ibs', 0x0708: 'sm2sig_sm3', 0x0709: 'gostr34102012_256a', 0x070A: 'gostr34102012_256b', 0x070B: 'gostr34102012_256c', 0x070C: 'gostr34102012_256d', 0x070D: 'gostr34102012_512a', 0x070E: 'gostr34102012_512b', 0x070F: 'gostr34102012_512c', 0x0804: 'rsa_pss_rsae_sha256', 0x0805: 'rsa_pss_rsae_sha384', 0x0806: 'rsa_pss_rsae_sha512', 0x0807: 'ed25519', 0x0808: 'ed448', 0x0809: 'rsa_pss_pss_sha256', 0x080A: 'rsa_pss_pss_sha384', 0x080B: 'rsa_pss_pss_sha512', 0x081A: 'ecdsa_brainpoolP256r1tls13_sha256', 0x081B: 'ecdsa_brainpoolP384r1tls13_sha384', 0x081C: 'ecdsa_brainpoolP512r1tls13_sha512', // Post-quantum signatures 0x0904: 'mldsa44', 0x0905: 'mldsa65', 0x0906: 'mldsa87', 0x0911: 'slhdsa_sha2_128s', 0x0912: 'slhdsa_sha2_128f', 0x0913: 'slhdsa_sha2_192s', 0x0914: 'slhdsa_sha2_192f', 0x0915: 'slhdsa_sha2_256s', 0x0916: 'slhdsa_sha2_256f', 0x0917: 'slhdsa_shake_128s', 0x0918: 'slhdsa_shake_128f', 0x0919: 'slhdsa_shake_192s', 0x091A: 'slhdsa_shake_192f', 0x091B: 'slhdsa_shake_256s', 0x091C: 'slhdsa_shake_256f', }); // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-9 export const EC_POINT_FORMATS = lookupTable({ 0: 'uncompressed', 1: 'ansiX962_compressed_prime', 2: 'ansiX962_compressed_char2', }); // https://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xhtml export const COMPRESSION_METHODS = lookupTable({ 0: 'null', 1: 'DEFLATE', }); // RFC 8446 section 4.2.9 export const PSK_KEY_EXCHANGE_MODES = lookupTable({ 0: 'psk_ke', 1: 'psk_dhe_ke', }); // https://www.iana.org/assignments/tls-certificate-compression/tls-certificate-compression.xhtml export const CERTIFICATE_COMPRESSION_ALGORITHMS = lookupTable({ 1: 'zlib', 2: 'brotli', 3: 'zstd', }); // RFC 6066 / RFC 6961 export const CERTIFICATE_STATUS_TYPES = lookupTable({ 1: 'ocsp', 2: 'ocsp_multi', });