Encryption Technologies Available in NSS 3.6
The Network Security Services (NSS) 3.6 CCATS number is G023895, received on Jan. 18, 2002.
Note: Some technologies listed here are not currently implemented, but are planned for implementation in an upcoming release.
Key Agreement Reference | Value | End Use |
RSA Key Agreement (using PKCS #1) | unlimited | Key agreement |
Diffie-Hellman Key Agreement (using PKCS #3) | <= 4096-bit modulus/Future | Key agreement |
Elliptic Curve Cryptography Key Agreement | N/A (future) | Key agreement |
SSL2 Algorithm Reference | Key Strength | End Use |
SSL2-RC4-128-with-MD5 | 128 | Bulk data encryption |
SSL2-RC2-128-CBC-with-MD5 | 128 | Bulk data encryption |
SSL2-DES-168-EDE3-CBC-with-MD5 | 168 | Bulk data encryption |
SSL2-DES-56-CBC-with-MD5 | 56 | Bulk data encryption |
SSL2-RC4-128-EXPORT40-with-MD5 | 40 | Bulk data encryption |
SSL2-RC2-128-CBC-EXPORT40-with-MD5 | 40 | Bulk data encryption |
SSL3 Algorithm Reference | Key Strength | End Use |
SSL3-FORTEZZA-DMS-with-FORTEZZA-CBC-SHA | 80 | Bulk data encryption |
SSL3-FORTEZZA-DMS-with-RC4-128-SHA | 128 | Bulk data encryption |
SSL3-RSA-with-RC4-128-MD5 | 128 | Bulk data encryption |
SSL3-RSA-with-3DES-EDE-CBC-SHA | 168 | Bulk data encryption |
SSL3-RSA-with-DES-CBC-SHA | 56 | Bulk data encryption |
SSL3-RSA-with-RC4-40-MD5 | 40 | Bulk data encryption |
SSL3-RSA-with-RC2-CBC-40-MD5 | 40 | Bulk data encryption |
SSL3-FORTEZZA-DMS-with-null-SHA | 0 | Bulk data encryption |
SSL3-RSA-with-null-MD5 | 0 | Bulk data encryption |
SSL3-RSA-FIPS-with-3DES-EDE--CBC-SHA | 168 | Bulk data encryption |
SSL3-RSA-FIPS-with-DES-CBC-SHA | 56 | Bulk data encryption |
SSL3-DHE-RSA-with-3DES-EDE-CBC-SHA (client side only) | 168 | Bulk data encryption |
SSL3-DHE-DSS-with-3DES-EDE-CBC-SHA (client side only) | 168 | Bulk data encryption |
SSL3-DHE-RSA-with-DES-CBC-SHA (client side only) | 56 | Bulk data encryption |
SSL3-DHE-DSS-with-DES-CBC-SHA (client side only) | 56 | Bulk data encryption |
TLS Algorithm Reference | Key Strength | End Use |
TLS-RSA-1024-with-RC4-56-SHA | 56 | Bulk data encryption |
TLS-RSA-1024-with-DES-CBC-SHA | 56 | Bulk data encryption |
TLS-RSA-with-RC4-128-MD5 | 128 | Bulk data encryption |
SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA | 128 | Bulk data encryption |
TLS-RSA-with-3DES-EDE-CBC-SHA | 168 | Bulk data encryption |
TLS-RSA-with-DES-CBC-SHA | 56 | Bulk data encryption |
TLS-RSA-with-AES-256-CBC-SHA | 256 | Bulk data encryption |
TLS-RSA-with-AES-128-CBC-SHA | 128 | Bulk data encryption |
TLS-RSA-with-RC4-40-MD5 | 40 | Bulk data encryption |
TLS-RSA-with-RC2-CBC-40-MD5 | 40 | Bulk data encryption |
TLS-RSA-with-null-MD5 | 0 | Bulk data encryption |
TLS-DHE-RSA-with-AES-256-CBC-SHA (client side only) | 256 | Bulk data encryption |
TLS-DHE-RSA-with-AES-128-CBC-SHA (client side only) | 128 | Bulk data encryption |
TLS-DHE-DSS-with-AES-256-CBC-SHA (client side only) | 256 | Bulk data encryption |
TLS-DHE-DSS-with-AES-128-CBC-SHA (client side only) | 128 | Bulk data encryption |
TLS-DHE-DSS-with-RC4-128-SHA (client side only) | 128 | Bulk data encryption |
S/MIME Algorithm Reference | Key Strength | End Use |
S/MIME-DES-EDE3 | 168 | Bulk data encryption |
S/MIME-RC2-CBC-128 | 128 | Bulk data encryption |
S/MIME-DES-CBC | 56 | Bulk data encryption |
S/MIME-RC2-CBC-64 | 64 | Bulk data encryption |
S/MIME-RC2-CBC-40 | 40 | Bulk data encryption |
PKCS #5 Algorithm Reference | Key Strength | End Use |
PKCS5-RC2-40 | 40 | Private key material encryption for internal storage |
PKCS5-RC2-128 | 128 | Private key material encryption for internal storage |
PKCS5-RC4-128 | 128 | Private key material encryption for internal storage |
PKCS5-DES-56 | 56 | Private key material encryption for internal storage |
PKCS5-DES-EDE3 | 168 | Private key material encryption for internal storage |
PKCS #12 Algorithm Reference | Key Strength | End Use |
PKCS12-RC2-40 | 40 | Key portability/Backup |
PKCS12-RC2-128 | 128 | Key portability/Backup |
PKCS12-RC4-56 | 56 | Key portability/Backup |
PKCS12-RC4-128 | 128 | Key portability/Backup |
PKCS12-DES-56 | 56 | Key portability/Backup |
PKCS12-DES-EDE3 | 168 | Key portability/Backup |
PKCS12-NULL | 0 | Key portability/Backup |
Other Characteristics/Technologies | Modulus/Key Strength | End-Use |
PKCS #1 | unlimited | Industry standard message formats for RSA key agreement and signatures. |
PKCS #3 | See Diffie-Hellman Key Agreement above | Industry standard message formats for Diffie-Hellman key agreement. |
PKCS #5/Wallet | See PKCS #5 above | Password-protected storage of wallet information in NSS database. |
PKCS #7 | See S/MIME above | Signed or encrypted data produced by NSS conforms to this industry standard format. |
PKCS #8 | Used with PKCS #5 (see above) and PKCS #12 | Industry standard format for storage of RSA private keys, used inside encrypted private key database. |
PKCS #11, with restricted algorithms | ------------------------------ | NSS uses this industry standard interface to work with smart cards and encryption accelerators. |
PKCS #12 | See PKCS #12 above | Industry standard file format for storage of certificates and password-protected private keys. |
Algorithm/Other Specifications can be found at the following locations:
SSL 3.0:
http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
SSL connections: http://www.mozilla.org/projects/security/pki/nss/ssl/traces/index.html
Client details: http://www.mozilla.org/projects/security/pki/nss/ssl/traces/trc-clnt-ex.html
TLS:
http://www.ietf.org/rfc/rfc2246.txt
S/MIME standard: http://www.ietf.org/html.charters/smime-charter.html
S/MIME v2: http://www.rfc-editor.org/rfc/rfc2311.txt
S/MIME v3: http://www.rfc-editor.org/rfc/rfc2633.txt
PKCS #1:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
PKCS #3:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/
PKCS #5:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/
PKCS #7:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/
PKCS #8:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/
PKCS #11:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
PKCS #12:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/