Package software.amazon.awssdk.crt.io

Enum TlsCipherPreference

  • All Implemented Interfaces:
    Serializable, Comparable<TlsCipherPreference>
    public enum TlsCipherPreference
extends Enum<TlsCipherPreference>
    A TlsCipherPreference represents a hardcoded ordered list of TLS Ciphers to use when negotiating a TLS Connection. At present, the ability to configure arbitrary orderings of TLS Ciphers is not allowed, and only a curated list of vetted TlsCipherPreference's are exposed.

    • Enum Constant Detail

      • TLS_CIPHER_SYSTEM_DEFAULT

        public static final TlsCipherPreference TLS_CIPHER_SYSTEM_DEFAULT
        Use whatever the System Default Preference is. This is usually the best option, as it will be automatically updated as the underlying OS or platform changes, and will always be supported on all Platforms.

      • TLS_CIPHER_KMS_PQ_TLSv1_0_2019_06

        public static final TlsCipherPreference TLS_CIPHER_KMS_PQ_TLSv1_0_2019_06
        This TlsCipherPreference contains BIKE Round 1 and SIKE Round 1 Draft Hybrid TLS Ciphers at the top of the preference list. For more info see: - https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid - https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ These Hybrid TLS ciphers perform two Key Exchanges (1 ECDHE + 1 Post-Quantum) during the TLS Handshake in order to combine the security of Classical ECDHE Key Exchange with the conjectured quantum-resistance of newly proposed key exchanges. The algorithms these new Post-Quantum ciphers are based on have been submitted to NIST's Post-Quantum Crypto Standardization Process, and are still under review. While these Post Quantum Hybrid TLS Ciphers are the most preferred ciphers in the preference list, classical ciphers are still present and can be negotiated if the TLS peer does not support these Hybrid TLS Ciphers. Since this Cipher Preference contains algorithms still being evaluated by NIST, it may stop being supported at any time.

      • TLS_CIPHER_PREF_KMS_PQ_SIKE_TLSv1_0_2019_11

        public static final TlsCipherPreference TLS_CIPHER_PREF_KMS_PQ_SIKE_TLSv1_0_2019_11
        This TlsCipherPreference contains SIKE Round 1 Draft Hybrid TLS Ciphers at the top of the preference list. For more info see: - https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid - https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ Since this Cipher Preference contains algorithms still being evaluated by NIST, it may stop being supported at any time.

      • TLS_CIPHER_PREF_KMS_PQ_TLSv1_0_2020_02

        public static final TlsCipherPreference TLS_CIPHER_PREF_KMS_PQ_TLSv1_0_2020_02
        This TlsCipherPreference contains BIKE Round 2, SIKE Round 2, BIKE Round 1, and SIKE Round 1 Draft Hybrid TLS Ciphers at the top of the preference list. For more info see: - https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid - https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ Since this Cipher Preference contains algorithms still being evaluated by NIST, it may stop being supported at any time.

      • TLS_CIPHER_PREF_KMS_PQ_SIKE_TLSv1_0_2020_02

        public static final TlsCipherPreference TLS_CIPHER_PREF_KMS_PQ_SIKE_TLSv1_0_2020_02
        This TlsCipherPreference contains SIKE Round 2 and SIKE Round 1 Draft Hybrid TLS Ciphers at the top of the preference list. For more info see: - https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid - https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ Since this Cipher Preference contains algorithms still being evaluated by NIST, it may stop being supported at any time.

      • TLS_CIPHER_PREF_KMS_PQ_TLSv1_0_2020_07

        public static final TlsCipherPreference TLS_CIPHER_PREF_KMS_PQ_TLSv1_0_2020_07
        This TlsCipherPreference contains Kyber Round 2, BIKE Round 2, SIKE Round 2, BIKE Round 1, and SIKE Round 1 Draft Hybrid TLS Ciphers at the top of the preference list. For more info see: - https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid - https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ Since this Cipher Preference contains algorithms still being evaluated by NIST, it may stop being supported at any time.

      • TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05

        public static final TlsCipherPreference TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05
        This TlsCipherPreference supports TLS 1.0 through TLS 1.3, as well as supporting Kyber Round 3, Bike Round 3, and SIKE Round 3. For more info see: - https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid - https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design - https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ Since this Cipher Preference contains algorithms still being evaluated by NIST, it may stop being supported at any time.

    • Method Detail

      • values

        public static TlsCipherPreference[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (TlsCipherPreference c : TlsCipherPreference.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static TlsCipherPreference valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null

      • isSupported

        public boolean isSupported()
        Not all Cipher Preferences are supported on all Platforms due to differences in the underlying TLS Libraries.
        Returns:
        True if this TlsCipherPreference is currently supported on the current platform.