Appendix A. Prohibited TLS 1.2 Cipher Suites (禁止されたTLS 1.2暗号スイート)
Appendix A. Prohibited TLS 1.2 Cipher Suites (禁止されたTLS 1.2暗号スイート)
HTTP/2実装は, TLS 1.2で以下のいずれかの暗号スイートのネゴシエーションを, INADEQUATE_SECURITYタイプの接続エラー (Section 5.4.1) として扱ってもよい (MAY):
TLS_NULL_WITH_NULL_NULLTLS_RSA_WITH_NULL_MD5TLS_RSA_WITH_NULL_SHATLS_RSA_EXPORT_WITH_RC4_40_MD5TLS_RSA_WITH_RC4_128_MD5TLS_RSA_WITH_RC4_128_SHATLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5TLS_RSA_WITH_IDEA_CBC_SHATLS_RSA_EXPORT_WITH_DES40_CBC_SHATLS_RSA_WITH_DES_CBC_SHATLS_RSA_WITH_3DES_EDE_CBC_SHATLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHATLS_DH_DSS_WITH_DES_CBC_SHATLS_DH_DSS_WITH_3DES_EDE_CBC_SHATLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHATLS_DH_RSA_WITH_DES_CBC_SHATLS_DH_RSA_WITH_3DES_EDE_CBC_SHATLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHATLS_DHE_DSS_WITH_DES_CBC_SHATLS_DHE_DSS_WITH_3DES_EDE_CBC_SHATLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHATLS_DHE_RSA_WITH_DES_CBC_SHATLS_DHE_RSA_WITH_3DES_EDE_CBC_SHATLS_DH_anon_EXPORT_WITH_RC4_40_MD5TLS_DH_anon_WITH_RC4_128_MD5TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHATLS_DH_anon_WITH_DES_CBC_SHATLS_DH_anon_WITH_3DES_EDE_CBC_SHATLS_KRB5_WITH_DES_CBC_SHATLS_KRB5_WITH_3DES_EDE_CBC_SHATLS_KRB5_WITH_RC4_128_SHATLS_KRB5_WITH_IDEA_CBC_SHATLS_KRB5_WITH_DES_CBC_MD5TLS_KRB5_WITH_3DES_EDE_CBC_MD5TLS_KRB5_WITH_RC4_128_MD5TLS_KRB5_WITH_IDEA_CBC_MD5TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHATLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHATLS_KRB5_EXPORT_WITH_RC4_40_SHATLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5TLS_KRB5_EXPORT_WITH_RC4_40_MD5TLS_PSK_WITH_NULL_SHATLS_DHE_PSK_WITH_NULL_SHATLS_RSA_PSK_WITH_NULL_SHATLS_RSA_WITH_AES_128_CBC_SHATLS_DH_DSS_WITH_AES_128_CBC_SHATLS_DH_RSA_WITH_AES_128_CBC_SHATLS_DHE_DSS_WITH_AES_128_CBC_SHATLS_DHE_RSA_WITH_AES_128_CBC_SHATLS_DH_anon_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHATLS_DH_DSS_WITH_AES_256_CBC_SHATLS_DH_RSA_WITH_AES_256_CBC_SHATLS_DHE_DSS_WITH_AES_256_CBC_SHATLS_DHE_RSA_WITH_AES_256_CBC_SHATLS_DH_anon_WITH_AES_256_CBC_SHATLS_RSA_WITH_NULL_SHA256TLS_RSA_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_AES_256_CBC_SHA256TLS_DH_DSS_WITH_AES_128_CBC_SHA256TLS_DH_RSA_WITH_AES_128_CBC_SHA256TLS_DHE_DSS_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_CAMELLIA_128_CBC_SHATLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHATLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHATLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHATLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHATLS_DH_anon_WITH_CAMELLIA_128_CBC_SHATLS_DHE_RSA_WITH_AES_128_CBC_SHA256TLS_DH_DSS_WITH_AES_256_CBC_SHA256TLS_DH_RSA_WITH_AES_256_CBC_SHA256TLS_DHE_DSS_WITH_AES_256_CBC_SHA256TLS_DHE_RSA_WITH_AES_256_CBC_SHA256TLS_DH_anon_WITH_AES_128_CBC_SHA256TLS_DH_anon_WITH_AES_256_CBC_SHA256TLS_RSA_WITH_CAMELLIA_256_CBC_SHATLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHATLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHATLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHATLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHATLS_DH_anon_WITH_CAMELLIA_256_CBC_SHATLS_PSK_WITH_RC4_128_SHATLS_PSK_WITH_3DES_EDE_CBC_SHATLS_PSK_WITH_AES_128_CBC_SHATLS_PSK_WITH_AES_256_CBC_SHATLS_DHE_PSK_WITH_RC4_128_SHATLS_DHE_PSK_WITH_3DES_EDE_CBC_SHATLS_DHE_PSK_WITH_AES_128_CBC_SHATLS_DHE_PSK_WITH_AES_256_CBC_SHATLS_RSA_PSK_WITH_RC4_128_SHATLS_RSA_PSK_WITH_3DES_EDE_CBC_SHATLS_RSA_PSK_WITH_AES_128_CBC_SHATLS_RSA_PSK_WITH_AES_256_CBC_SHATLS_RSA_WITH_SEED_CBC_SHATLS_DH_DSS_WITH_SEED_CBC_SHATLS_DH_RSA_WITH_SEED_CBC_SHATLS_DHE_DSS_WITH_SEED_CBC_SHATLS_DHE_RSA_WITH_SEED_CBC_SHATLS_DH_anon_WITH_SEED_CBC_SHATLS_RSA_WITH_AES_128_GCM_SHA256TLS_RSA_WITH_AES_256_GCM_SHA384TLS_DH_RSA_WITH_AES_128_GCM_SHA256TLS_DH_RSA_WITH_AES_256_GCM_SHA384TLS_DH_DSS_WITH_AES_128_GCM_SHA256TLS_DH_DSS_WITH_AES_256_GCM_SHA384TLS_DH_anon_WITH_AES_128_GCM_SHA256TLS_DH_anon_WITH_AES_256_GCM_SHA384TLS_PSK_WITH_AES_128_GCM_SHA256TLS_PSK_WITH_AES_256_GCM_SHA384TLS_RSA_PSK_WITH_AES_128_GCM_SHA256TLS_RSA_PSK_WITH_AES_256_GCM_SHA384TLS_PSK_WITH_AES_128_CBC_SHA256TLS_PSK_WITH_AES_256_CBC_SHA384TLS_PSK_WITH_NULL_SHA256TLS_PSK_WITH_NULL_SHA384TLS_DHE_PSK_WITH_AES_128_CBC_SHA256TLS_DHE_PSK_WITH_AES_256_CBC_SHA384TLS_DHE_PSK_WITH_NULL_SHA256TLS_DHE_PSK_WITH_NULL_SHA384TLS_RSA_PSK_WITH_AES_128_CBC_SHA256TLS_RSA_PSK_WITH_AES_256_CBC_SHA384TLS_RSA_PSK_WITH_NULL_SHA256TLS_RSA_PSK_WITH_NULL_SHA384TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256TLS_EMPTY_RENEGOTIATION_INFO_SCSVTLS_ECDH_ECDSA_WITH_NULL_SHATLS_ECDH_ECDSA_WITH_RC4_128_SHATLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHATLS_ECDH_ECDSA_WITH_AES_128_CBC_SHATLS_ECDH_ECDSA_WITH_AES_256_CBC_SHATLS_ECDHE_ECDSA_WITH_NULL_SHATLS_ECDHE_ECDSA_WITH_RC4_128_SHATLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHATLS_ECDH_RSA_WITH_NULL_SHATLS_ECDH_RSA_WITH_RC4_128_SHATLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHATLS_ECDH_RSA_WITH_AES_128_CBC_SHATLS_ECDH_RSA_WITH_AES_256_CBC_SHATLS_ECDHE_RSA_WITH_NULL_SHATLS_ECDHE_RSA_WITH_RC4_128_SHATLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHATLS_ECDHE_RSA_WITH_AES_128_CBC_SHATLS_ECDHE_RSA_WITH_AES_256_CBC_SHATLS_ECDH_anon_WITH_NULL_SHATLS_ECDH_anon_WITH_RC4_128_SHATLS_ECDH_anon_WITH_3DES_EDE_CBC_SHATLS_ECDH_anon_WITH_AES_128_CBC_SHATLS_ECDH_anon_WITH_AES_256_CBC_SHATLS_SRP_SHA_WITH_3DES_EDE_CBC_SHATLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHATLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHATLS_SRP_SHA_WITH_AES_128_CBC_SHATLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHATLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHATLS_SRP_SHA_WITH_AES_256_CBC_SHATLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHATLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_PSK_WITH_RC4_128_SHATLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHATLS_ECDHE_PSK_WITH_AES_128_CBC_SHATLS_ECDHE_PSK_WITH_AES_256_CBC_SHATLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384TLS_ECDHE_PSK_WITH_NULL_SHATLS_ECDHE_PSK_WITH_NULL_SHA256TLS_ECDHE_PSK_WITH_NULL_SHA384TLS_RSA_WITH_ARIA_128_CBC_SHA256TLS_RSA_WITH_ARIA_256_CBC_SHA384TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384TLS_DH_anon_WITH_ARIA_128_CBC_SHA256TLS_DH_anon_WITH_ARIA_256_CBC_SHA384TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384TLS_RSA_WITH_ARIA_128_GCM_SHA256TLS_RSA_WITH_ARIA_256_GCM_SHA384TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384TLS_DH_anon_WITH_ARIA_128_GCM_SHA256TLS_DH_anon_WITH_ARIA_256_GCM_SHA384TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384TLS_PSK_WITH_ARIA_128_CBC_SHA256TLS_PSK_WITH_ARIA_256_CBC_SHA384TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384TLS_PSK_WITH_ARIA_128_GCM_SHA256TLS_PSK_WITH_ARIA_256_GCM_SHA384TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384TLS_RSA_WITH_AES_128_CCMTLS_RSA_WITH_AES_256_CCMTLS_RSA_WITH_AES_128_CCM_8TLS_RSA_WITH_AES_256_CCM_8TLS_PSK_WITH_AES_128_CCMTLS_PSK_WITH_AES_256_CCMTLS_PSK_WITH_AES_128_CCM_8TLS_PSK_WITH_AES_256_CCM_8
注意: このリストは, [RFC7540] が開発された際に登録されたTLS暗号スイートのセットから収集されました。このリストには, エフェメラル鍵交換を提供しない暗号スイート, およびTLS null, stream, または block暗号タイプ ([TLS12] のSection 6.2.3で定義) に基づく暗号スイートが含まれています。これらの特性を持つ追加の暗号スイートが定義される可能性があります; これらは明示的に禁止されません。
詳細については, Section 9.2.2を参照してください。