Encryption Technologies Available in NSS 3.6

Newsgroup: mozilla.dev.tech.crypto

The Network Security Services (NSS) 3.6 CCATS number is G023895, received on Jan. 18, 2002.

Note: Some technologies listed here are not currently implemented, but are planned for implementation in an upcoming release.

Key Agreement Reference Value End Use
RSA Key Agreement (using PKCS #1) unlimited Key agreement
Diffie-Hellman Key Agreement (using PKCS #3) <= 4096-bit modulus/Future Key agreement
Elliptic Curve Cryptography Key Agreement N/A (future) Key agreement
 
SSL2 Algorithm Reference Key Strength End Use
SSL2-RC4-128-with-MD5 128 Bulk data encryption
SSL2-RC2-128-CBC-with-MD5 128 Bulk data encryption
SSL2-DES-168-EDE3-CBC-with-MD5  168 Bulk data encryption
SSL2-DES-56-CBC-with-MD5 56 Bulk data encryption
SSL2-RC4-128-EXPORT40-with-MD5 40 Bulk data encryption
SSL2-RC2-128-CBC-EXPORT40-with-MD5 40 Bulk data encryption
 
SSL3 Algorithm Reference Key Strength End Use
SSL3-FORTEZZA-DMS-with-FORTEZZA-CBC-SHA 80 Bulk data encryption
SSL3-FORTEZZA-DMS-with-RC4-128-SHA 128 Bulk data encryption
SSL3-RSA-with-RC4-128-MD5 128 Bulk data encryption
SSL3-RSA-with-3DES-EDE-CBC-SHA 168 Bulk data encryption
SSL3-RSA-with-DES-CBC-SHA 56 Bulk data encryption
SSL3-RSA-with-RC4-40-MD5 40 Bulk data encryption
SSL3-RSA-with-RC2-CBC-40-MD5 40 Bulk data encryption
SSL3-FORTEZZA-DMS-with-null-SHA 0 Bulk data encryption
SSL3-RSA-with-null-MD5 0 Bulk data encryption
SSL3-RSA-FIPS-with-3DES-EDE--CBC-SHA 168 Bulk data encryption
SSL3-RSA-FIPS-with-DES-CBC-SHA 56 Bulk data encryption
SSL3-DHE-RSA-with-3DES-EDE-CBC-SHA (client side only) 168 Bulk data encryption
SSL3-DHE-DSS-with-3DES-EDE-CBC-SHA (client side only) 168 Bulk data encryption
SSL3-DHE-RSA-with-DES-CBC-SHA (client side only) 56 Bulk data encryption
SSL3-DHE-DSS-with-DES-CBC-SHA (client side only) 56 Bulk data encryption
 
TLS Algorithm Reference Key Strength End Use
TLS-RSA-1024-with-RC4-56-SHA 56 Bulk data encryption
TLS-RSA-1024-with-DES-CBC-SHA 56 Bulk data encryption
TLS-RSA-with-RC4-128-MD5 128 Bulk data encryption
SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA 128 Bulk data encryption
TLS-RSA-with-3DES-EDE-CBC-SHA 168 Bulk data encryption
TLS-RSA-with-DES-CBC-SHA 56 Bulk data encryption
TLS-RSA-with-AES-256-CBC-SHA 256 Bulk data encryption
TLS-RSA-with-AES-128-CBC-SHA 128 Bulk data encryption
TLS-RSA-with-RC4-40-MD5 40 Bulk data encryption
TLS-RSA-with-RC2-CBC-40-MD5 40 Bulk data encryption
TLS-RSA-with-null-MD5 0 Bulk data encryption
TLS-DHE-RSA-with-AES-256-CBC-SHA (client side only) 256 Bulk data encryption
TLS-DHE-RSA-with-AES-128-CBC-SHA (client side only) 128 Bulk data encryption
TLS-DHE-DSS-with-AES-256-CBC-SHA (client side only) 256 Bulk data encryption
TLS-DHE-DSS-with-AES-128-CBC-SHA (client side only) 128 Bulk data encryption
TLS-DHE-DSS-with-RC4-128-SHA (client side only) 128 Bulk data encryption
 
S/MIME Algorithm Reference Key Strength End Use
S/MIME-DES-EDE3 168 Bulk data encryption
S/MIME-RC2-CBC-128 128 Bulk data encryption
S/MIME-DES-CBC 56 Bulk data encryption
S/MIME-RC2-CBC-64 64 Bulk data encryption
S/MIME-RC2-CBC-40 40 Bulk data encryption
 
PKCS #5 Algorithm Reference Key Strength End Use
PKCS5-RC2-40 40 Private key material encryption for internal storage
PKCS5-RC2-128 128 Private key material encryption for internal storage
PKCS5-RC4-128 128 Private key material encryption for internal storage
PKCS5-DES-56 56 Private key material encryption for internal storage
PKCS5-DES-EDE3 168 Private key material encryption for internal storage
 
PKCS #12 Algorithm Reference Key Strength End Use
PKCS12-RC2-40 40 Key portability/Backup
PKCS12-RC2-128 128 Key portability/Backup
PKCS12-RC4-56 56 Key portability/Backup
PKCS12-RC4-128 128 Key portability/Backup
PKCS12-DES-56 56 Key portability/Backup
PKCS12-DES-EDE3 168 Key portability/Backup
PKCS12-NULL 0 Key portability/Backup
 
Other Characteristics/Technologies Modulus/Key Strength End-Use
PKCS #1 unlimited Industry standard message formats for RSA key agreement and signatures.
PKCS #3 See Diffie-Hellman Key Agreement above Industry standard message formats for Diffie-Hellman key agreement.
PKCS #5/Wallet See PKCS #5 above Password-protected storage of wallet information in NSS database.
PKCS #7 See S/MIME above Signed or encrypted data produced by NSS conforms to this industry standard format.
PKCS #8 Used with PKCS #5 (see above) and PKCS #12 Industry standard format for storage of RSA private keys, used inside encrypted private key database.
PKCS #11, with restricted algorithms ------------------------------ NSS uses this industry standard interface to work with smart cards and encryption accelerators.
PKCS #12 See PKCS #12 above Industry standard file format for storage of certificates and password-protected private keys.

Algorithm/Other Specifications can be found at the following locations:
SSL 3.0:           http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
SSL connections:   http://www.mozilla.org/projects/security/pki/nss/ssl/traces/index.html
Client details:    http://www.mozilla.org/projects/security/pki/nss/ssl/traces/trc-clnt-ex.html
TLS:               http://www.ietf.org/rfc/rfc2246.txt
S/MIME standard:   http://www.ietf.org/html.charters/smime-charter.html
S/MIME v2:         http://www.rfc-editor.org/rfc/rfc2311.txt
S/MIME v3:         http://www.rfc-editor.org/rfc/rfc2633.txt
PKCS #1:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
PKCS #3:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/
PKCS #5:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/
PKCS #7:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/
PKCS #8:           http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/
PKCS #11:          http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
PKCS #12:          http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/