TLS密码套件（cipher suite）

597.9高地

已于 2023-12-24 22:53:00 修改

阅读量1k

点赞数 9

分类专栏：密评文章标签：网络协议信息安全

于 2023-12-20 22:16:10 首次发布

本文链接：https://blog.csdn.net/Hyacinth12138/article/details/135118716

版权

密评专栏收录该内容

7 篇文章

订阅专栏

Table 1. SSL V2的密码套件定义

Cipher number	Description	Base security level FMID HCPT430	Security level 3 FMID JCPT431
1	128-bit RC4 encryption with MD5 message authentication (128-bit secret key)		X
2	128-bit RC4 export encryption with MD5 message authentication (40-bit secret key)	X	X
3	128-bit RC2 encryption with MD5 message authentication (128-bit secret key)		X
4	128-bit RC2 export encryption with MD5 message authentication (40-bit secret key)	X	X
6	56-bit DES encryption with MD5 message authentication (56-bit secret key)	X	X
7	168-bit Triple DES encryption with MD5 message authentication (168-bit secret key)		X

Table 2. SSL V3、TLS V1.0、TLS V1.1和TLS V1.2的2字符和4字符密码套件定义

character cipher number	character cipher number	Short name	Description 1	FIPS 140-2	Base security level FMID HCPT430	Security level 3 FMID JCPT431
00	0000	TLS_NULL_WITH_NULL_NULL	No encryption or message authentication and RSA key exchange		X	X
01	0001	TLS_RSA_WITH_NULL_MD5	No encryption with MD5 message authentication and RSA key exchange		X	X
02	0002	TLS_RSA_WITH_NULL_SHA	No encryption with SHA-1 message authentication and RSA key exchange		X	X
03	0003	TLS_RSA_EXPORT_WITH_RC4_40_MD5	40-bit RC4 encryption with MD5 message authentication and RSA (export) key exchange		X	X
04	0004	TLS_RSA_WITH_RC4_128_MD5	128-bit RC4 encryption with MD5 message authentication and RSA key exchange			X
05	0005	TLS_RSA_WITH_RC4_128_SHA	128-bit RC4 encryption with SHA-1 message authentication and RSA key exchange			X
06	0006	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	40-bit RC2 encryption with MD5 message authentication and RSA (export) key exchange		X	X
09	0009	TLS_RSA_WITH_DES_CBC_SHA	56-bit DES encryption with SHA-1 message authentication and RSA key exchange		X	X
0A	000A	TLS_RSA_WITH_3DES_EDE_CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and RSA key exchange	X		X
0C	000C	TLS_DH_DSS_WITH_DES_CBC_SHA	56-bit DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate		X	X
0D	000D	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate	X		X
0F	000F	TLS_DH_RSA_WITH_DES_CBC_SHA	56-bit DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate		X	X
10	0010	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate	X		X
12	0012	TLS_DHE_DSS_WITH_DES_CBC_SHA	56-bit DES encryption with SHA-1message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate		X	X
13	0013	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate	X		X
15	0015	TLS_DHE_RSA_WITH_DES_CBC_SHA	56-bit DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate		X	X
16	0016	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate	X		X
2F	002F	TLS_RSA_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and RSA key exchange	X		X
30	0030	TLS_DH_DSS_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate	X		X
31	0031	TLS_DH_RSA_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate	X		X
32	0032	TLS_DHE_DSS_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate	X		X
33	0033	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate	X		X
35	0035	TLS_RSA_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and RSA key exchange	X		X
36	0036	TLS_DH_DSS_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate	X		X
37	0037	TLS_DH_RSA_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate	X		X
38	0038	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate	X		X
39	0039	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate	X		X
3B	003B	TLS_RSA_WITH_NULL_SHA256	No encryption with SHA-256 message authentication and RSA key exchange		X	X
3C	003C	TLS_RSA_WITH_AES_128_CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and RSA key exchange	X		X
3D	003D	TLS_RSA_WITH_AES_256_CBC_SHA256	256-bit AES encryption with SHA-256 message authentication and RSA key exchange	X		X
3E	003E	TLS_DH_DSS_WITH_AES_128_CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate	X		X
3F	003F	TLS_DH_RSA_WITH_AES_128_CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate	X		X
40	0040	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate	X		X
67	0067	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate	X		X
68	0068	TLS_DH_DSS_WITH_AES_256_CBC_SHA256	256-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate	X		X
69	0069	TLS_DH_RSA_WITH_AES_256_CBC_SHA256	256-bit AES encryption with SHA-256 message authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate	X		X
6A	006A	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	256-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate	X		X
6B	006B	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256	256-bit AES encryption with SHA-256 message authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate	X		X
9C	009C	TLS_RSA_WITH_AES_128_GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and RSA key exchange	X		X
9D	009D	TLS_RSA_WITH_AES_256_GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and RSA key exchange	X		X
9E	009E	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate	X		X
9F	009F	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with an RSA certificate	X		X
A0	00A0	TLS_DH_RSA_WITH_AES_128_GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate	X		X
A1	00A1	TLS_DH_RSA_WITH_AES_256_GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with an RSA certificate	X		X
A2	00A2	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate	X		X
A3	00A3	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral Diffie-Hellman key exchange signed with a DSA certificate	X		X
A4	00A4	TLS_DH_DSS_WITH_AES_128_GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate	X		X
A5	00A5	TLS_DH_DSS_WITH_AES_256_GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and fixed Diffie-Hellman key exchange signed with a DSA certificate	X		X
	C001	TLS_ECDH_ECDSA_WITH_NULL_SHA	NULL encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate		X	X
	C002	TLS_ECDH_ECDSA_WITH_RC4_128_SHA	128-bit RC4 encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate			X
	C003	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate	X		X
	C004	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate	X		X
	C005	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an ECDSA certificate	X		X
	C006	TLS_ECDHE_ECDSA_WITH_NULL_SHA	NULL encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate		X	X
	C007	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	128-bit RC4 encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate			X
	C008	TLS_ECDHE_ECDSA_WITH_3DES_EDE_ CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate	X		X
	C009	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate	X		X
	C00A	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate	X		X
	C00B	TLS_ECDH_RSA_WITH_NULL_SHA	NULL encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate		X	X
	C00C	TLS_ECDH_RSA_WITH_RC4_128_SHA	128-bit RC4 encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate			X
	C00D	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate	X		X
	C00E	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate	X		X
	C00F	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and fixed ECDH key exchange signed with an RSA certificate	X		X
	C010	TLS_ECDHE_RSA_WITH_NULL_SHA	NULL encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate		X	X
	C011	TLS_ECDHE_RSA_WITH_RC4_128_SHA	128-bit RC4 encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate			X
	C012	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	168-bit Triple DES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate	X		X
	C013	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	128-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate	X		X
	C014	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	256-bit AES encryption with SHA-1 message authentication and ephemeral ECDH key exchange signed with an RSA certificate	X		X
	C023	TLS_ECDHE_ECDSA_WITH_AES_128_ CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate	X		X
	C024	TLS_ECDHE_ECDSA_WITH_AES_256_ CBC_SHA384	256-bit AES encryption with SHA-384 message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate	X		X
	C025	TLS_ECDH_ECDSA_WITH_AES_128_ CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and fixed ECDH key exchange signed with an ECDSA certificate	X		X
	C026	TLS_ECDH_ECDSA_WITH_AES_256_ CBC_SHA384	256-bit AES encryption with SHA-384 message authentication and fixed ECDH key exchange signed with an ECDSA certificate	X		X
	C027	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and ephemeral ECDH key exchange signed with an RSA certificate	X		X
	C028	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	256-bit AES encryption with SHA-384 message authentication and ephemeral ECDH key exchange signed with an RSA certificate	X		X
	C029	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256	128-bit AES encryption with SHA-256 message authentication and fixed ECDH key exchange signed with an RSA certificate	X		X
	C02A	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384	256-bit AES encryption with SHA-384 message authentication and fixed ECDH key exchange signed with an RSA certificate	X		X
	C02B	TLS_ECDHE_ECDSA_WITH_AES_128_ GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD authentication and ephemeral ECDH key exchange signed with an ECDSA certificate	X		X
	C02C	TLS_ECDHE_ECDSA_WITH_AES_256_ GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an ECDSA certificate	X		X
	C02D	TLS_ECDH_ECDSA_WITH_AES_128_ GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an ECDSA certificate	X		X
	C02E	TLS_ECDH_ECDSA_WITH_AES_256_ GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an ECDSA certificate	X		X
	C02F	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an RSA certificate	X		X
	C030	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and ephemeral ECDH key exchange signed with an RSA certificate	X		X
	C031	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256	128-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an RSA certificate	X		X
	C032	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384	256-bit AES in Galois Counter Mode encryption with 128-bit AEAD message authentication and fixed ECDH key exchange signed with an RSA certificate	X		X

Table 3. 通过支持的协议、对称算法和消息身份验证算法定义SSL V3、TLS V1.0、TLS V1.1和TLS V1.2的密码套件

Cipher suite		Protocol support				Symmetric algorithm						Message MAC
4 Char	2 Char	SSL V3	TLS V1.0	TLS V1.1	TLS V1.2	RC2 or RC4	DES or 3DES	AES- CBC 128	AES- CBC 256	AES- GCM 128	AES- GCM 256	MD5	SHA 1	SHA 256	SHA 384	AEAD
0000	00	X	X	X	X
0001	01	X	X	X	X							X
0002	02	X	X	X	X								X
0003	03	X	X			RC4						X
0004	04	X	X	X	X	RC4						X
0005	05	X	X	X	X	RC4							X
0006	06	X	X			RC2						X
0009	09	X	X	X			DES						X
000A	0A	X	X	X	X		3DES						X
000C	0C	X	X	X			DES						X
000D	0D	X	X	X	X		3DES						X
000F	0F	X	X	X			DES						X
0010	10	X	X	X	X		3DES						X
0012	12	X	X	X			DES						X
0013	13	X	X	X	X		3DES						X
0015	15	X	X	X			DES						X
0016	16	X	X	X	X		3DES						X
002F	2F	X	X	X	X			X					X
0030	30	X	X	X	X			X					X
0031	31	X	X	X	X			X					X
0032	32	X	X	X	X			X					X
0033	33	X	X	X	X			X					X
0035	35	X	X	X	X				X				X
0036	36	X	X	X	X				X				X
0037	37	X	X	X	X				X				X
0038	38	X	X	X	X				X				X
0039	39	X	X	X	X				X				X
003B	3B				X									X
003C	3C				X			X						X
003D	3D				X				X					X
003E	3E				X			X						X
003F	3F				X			X						X
0040	40				X			X						X
0067	67				X			X						X
0068	68				X				X					X
0069	69				X				X					X
006A	6A				X				X					X
006B	6B				X				X					X
009C	9C				X					X						X
009D	9D				X						X					X
009E	9E				X					X						X
009F	9F				X						X					X
00A0	A0				X					X						X
00A1	A1				X						X					X
00A2	A2				X					X						X
00A3	A3				X						X					X
00A4	A4				X					X						X
00A5	A5				X						X					X
C001			X	X	X								X
C002			X	X	X	RC4							X
C003			X	X	X		3DES						X
C004			X	X	X			X					X
C005			X	X	X				X				X
C006			X	X	X								X
C007			X	X	X	RC4							X
C008			X	X	X		3DES						X
C009			X	X	X			X					X
C00A			X	X	X				X				X
C00B			X	X	X								X
C00C			X	X	X	RC4							X
C00D			X	X	X		3DES						X
C00E			X	X	X			X					X
C00F			X	X	X				X				X
C010			X	X	X								X
C011			X	X	X	RC4							X
C012			X	X	X		3DES						X
C013			X	X	X			X					X
C014			X	X	X				X				X
C023					X			X						X
C024					X				X						X
C025					X			X						X
C026					X				X						X
C027					X			X						X
C028					X				X						X
C029					X			X						X
C02A					X				X						X
C02B					X					X						X
C02C					X						X					X
C02D					X					X						X
C02E					X						X					X
C02F					X					X						X
C030					X						X					X
C031					X					X						X
C032					X						X					X

Table 4. 通过密钥交换方法和签名证书定义SSL V3、TLS V1.0、TLS V1.1和TLS V1.2的密码套件


Cipher suite		RSA key exchange	Fixed Diffie-Hellman key exchange		Ephemeral Diffie-Hellman key exchange		Fixed EC Diffie-Hellman key exchange		Ephemeral EC Diffie-Hellman key exchange
4 Char	2 Char	RSA key exchange	Signed by RSA1	Signed by DSA1	Signed by RSA1	Signed by DSA1	Signed by RSA1	Signed by ECDSA1	Signed by RSA1	Signed by ECDSA1
0000	00	X
0001	01	X
0002	02	X
0003	03	X
0004	04	X
0005	05	X
0006	06	X
0009	09	X
000A	0A	X
000C	0C			X
000D	0D			X
000F	0F		X
0010	10		X
0012	12					X
0013	13					X
0015	15				X
0016	16				X
002F	2F	X
0030	30			X
0031	31		X
0032	32					X
0033	33				X
0035	35	X
0036	36			X
0037	37		X
0038	38					X
0039	39				X
003B	3B	X
003C	3C	X
003D	3D	X
003E	3E			X
003F	3F		X
0040	40					X
0067	67				X
0068	68			X
0069	69		X
006A	6A					X
006B	6B				X
009C	9C	X
009D	9D	X
009E	9E				X
009F	9F				X
00A0	A0		X
00A1	A1		X
00A2	A2					X
00A3	A3					X
00A4	A4			X
00A5	A5			X
C001								X
C002								X
C003								X
C004								X
C005								X
C006										X
C007										X
C008										X
C009										X
C00A										X
C00B							X
C00C							X
C00D							X
C00E							X
C00F							X
C010									X
C011									X
C012									X
C013									X
C014									X
C023										X
C024										X
C025								X
C026								X
C027									X
C028									X
C029							X
C02A							X
C02B										X
C02C										X
C02D								X
C02E								X
C02F									X
C030									X
C031							X
C032							X

SSL V3、TLS V1.0和TLS V1.1对在使用任何使用基于Diffie-Hellman的密钥交换的密码套件时必须用于对服务器证书进行签名的签名算法施加了限制。TLS V1.2协议没有施加这样的限制。如果服务器证书签名算法列在客户端指定的签名算法对中，则可以使用证书。

Table 5. 支持TLS V1.0、TLS V1.1和TLS V1.2的椭圆曲线定义


I.A.N.A Elliptic curve enumerator (decimal)	Named curve by standards organizations
I.A.N.A Elliptic curve enumerator (decimal)	SECG	ANSI X9.62	NIST
0019	secp192r1	prime192v1	NIST P-192
0021	secp224r1		NIST P-224
0023	secp256r1	prime256v1	NIST P-256
0024	secp384r1		NIST P-384
0025	secp521r1		NIST P-521

Table 6. TLS V1.2、OCSP请求签名和OCSP响应签名算法对定义的签名算法对

Signature algorithm enumerator	Hash and signature algorithm
0101*	MD5 with RSA
0201	SHA-1 with RSA
0202	SHA-1 with DSA
0203	SHA-1 with ECDSA
0301	SHA-224 with RSA
0302	SHA-224 with DSA
0303	SHA-224 with ECDSA
0401	SHA-256 with RSA
0402	SHA-256 with DSA
0403	SHA-256 with ECDSA
0501	SHA-384 with RSA
0503	SHA-384 with ECDSA
0601	SHA-512 with RSA
0603	SHA-512 with ECDSA