You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



Encryption Technologies Available in NSS 3.6

Newsgroup: mozilla.dev.tech.crypto


The Network Security Services (NSS) 3.6 CCATS number is G023895, received on Jan. 18, 2002.

Note: Some technologies listed here are not currently implemented, but are planned for implementation in an upcoming release.
Key Agreement Reference Value End Use
RSA Key Agreement (using PKCS #1) unlimited Key agreement
Diffie-Hellman Key Agreement (using PKCS #3) <= 4096-bit modulus/Future Key agreement
Elliptic Curve Cryptography Key Agreement N/A (future) Key agreement
 
SSL2 Algorithm Reference Key Strength End Use
SSL2-RC4-128-with-MD5 128 Bulk data encryption
SSL2-RC2-128-CBC-with-MD5 128 Bulk data encryption
SSL2-DES-168-EDE3-CBC-with-MD5  168 Bulk data encryption
SSL2-DES-56-CBC-with-MD5 56 Bulk data encryption
SSL2-RC4-128-EXPORT40-with-MD5 40 Bulk data encryption
SSL2-RC2-128-CBC-EXPORT40-with-MD5 40 Bulk data encryption
 
SSL3 Algorithm Reference Key Strength End Use
SSL3-FORTEZZA-DMS-with-FORTEZZA-CBC-SHA 80 Bulk data encryption
SSL3-FORTEZZA-DMS-with-RC4-128-SHA 128 Bulk data encryption
SSL3-RSA-with-RC4-128-MD5 128 Bulk data encryption
SSL3-RSA-with-3DES-EDE-CBC-SHA 168 Bulk data encryption
SSL3-RSA-with-DES-CBC-SHA 56 Bulk data encryption
SSL3-RSA-with-RC4-40-MD5 40 Bulk data encryption
SSL3-RSA-with-RC2-CBC-40-MD5 40 Bulk data encryption
SSL3-FORTEZZA-DMS-with-null-SHA 0 Bulk data encryption
SSL3-RSA-with-null-MD5 0 Bulk data encryption
SSL3-RSA-FIPS-with-3DES-EDE--CBC-SHA 168 Bulk data encryption
SSL3-RSA-FIPS-with-DES-CBC-SHA 56 Bulk data encryption
SSL3-DHE-RSA-with-3DES-EDE-CBC-SHA (client side only) 168 Bulk data encryption
SSL3-DHE-DSS-with-3DES-EDE-CBC-SHA (client side only) 168 Bulk data encryption
SSL3-DHE-RSA-with-DES-CBC-SHA (client side only) 56 Bulk data encryption
SSL3-DHE-DSS-with-DES-CBC-SHA (client side only) 56 Bulk data encryption
 
TLS Algorithm Reference Key Strength End Use
TLS-RSA-1024-with-RC4-56-SHA 56 Bulk data encryption
TLS-RSA-1024-with-DES-CBC-SHA 56 Bulk data encryption
TLS-RSA-with-RC4-128-MD5 128 Bulk data encryption
SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA 128 Bulk data encryption
TLS-RSA-with-3DES-EDE-CBC-SHA 168 Bulk data encryption
TLS-RSA-with-DES-CBC-SHA 56 Bulk data encryption
TLS-RSA-with-AES-256-CBC-SHA 256 Bulk data encryption
TLS-RSA-with-AES-128-CBC-SHA 128 Bulk data encryption
TLS-RSA-with-RC4-40-MD5 40 Bulk data encryption
TLS-RSA-with-RC2-CBC-40-MD5 40 Bulk data encryption
TLS-RSA-with-null-MD5 0 Bulk data encryption
TLS-DHE-RSA-with-AES-256-CBC-SHA (client side only) 256 Bulk data encryption
TLS-DHE-RSA-with-AES-128-CBC-SHA (client side only) 128 Bulk data encryption
TLS-DHE-DSS-with-AES-256-CBC-SHA (client side only) 256 Bulk data encryption
TLS-DHE-DSS-with-AES-128-CBC-SHA (client side only) 128 Bulk data encryption
TLS-DHE-DSS-with-RC4-128-SHA (client side only) 128 Bulk data encryption
 
S/MIME Algorithm Reference Key Strength End Use
S/MIME-DES-EDE3 168 Bulk data encryption
S/MIME-RC2-CBC-128 128 Bulk data encryption
S/MIME-DES-CBC 56 Bulk data encryption
S/MIME-RC2-CBC-64 64 Bulk data encryption
S/MIME-RC2-CBC-40 40 Bulk data encryption
 
PKCS #5 Algorithm Reference Key Strength End Use
PKCS5-RC2-40 40 Private key material encryption for internal storage
PKCS5-RC2-128 128 Private key material encryption for internal storage
PKCS5-RC4-128 128 Private key material encryption for internal storage
PKCS5-DES-56 56 Private key material encryption for internal storage
PKCS5-DES-EDE3 168 Private key material encryption for internal storage
 
PKCS #12 Algorithm Reference Key Strength End Use
PKCS12-RC2-40 40 Key portability/Backup
PKCS12-RC2-128 128 Key portability/Backup
PKCS12-RC4-56 56 Key portability/Backup
PKCS12-RC4-128 128 Key portability/Backup
PKCS12-DES-56 56 Key portability/Backup
PKCS12-DES-EDE3 168 Key portability/Backup
PKCS12-NULL 0 Key portability/Backup
 
Other Characteristics/Technologies Modulus/Key Strength End-Use
PKCS #1 unlimited Industry standard message formats for RSA key agreement and signatures.
PKCS #3 See Diffie-Hellman Key Agreement above Industry standard message formats for Diffie-Hellman key agreement.
PKCS #5/Wallet See PKCS #5 above Password-protected storage of wallet information in NSS database.
PKCS #7 See S/MIME above Signed or encrypted data produced by NSS conforms to this industry standard format.
PKCS #8 Used with PKCS #5 (see above) and PKCS #12 Industry standard format for storage of RSA private keys, used inside encrypted private key database.
PKCS #11, with restricted algorithms ------------------------------ NSS uses this industry standard interface to work with smart cards and encryption accelerators.
PKCS #12 See PKCS #12 above Industry standard file format for storage of certificates and password-protected private keys.

Algorithm/Other Specifications can be found at the following locations:
SSL 3.0:           http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
SSL connections:   http://www.mozilla.org/projects/security/pki/nss/ssl/traces/index.html
Client details:    http://www.mozilla.org/projects/security/pki/nss/ssl/traces/trc-clnt-ex.html
TLS:               http://www.ietf.org/rfc/rfc2246.txt
S/MIME standard:   http://www.ietf.org/html.charters/smime-charter.html
S/MIME v2:         http://www.rfc-editor.org/rfc/rfc2311.txt
S/MIME v3:         http://www.rfc-editor.org/rfc/rfc2633.txt
PKCS #1:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
PKCS #3:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/
PKCS #5:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/
PKCS #7:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/
PKCS #8:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/
PKCS #11:          http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
PKCS #12:          http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/