tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

smimepolicy.txt (5077B)

      1 # This Source Code Form is subject to the terms of the Mozilla Public
      2 # License: v. 2.0. If a copy of the MPL was not distributed with this
      3 # file: You can obtain one at http://mozilla.org/MPL/2.0/.
      4 #
      5 # This file enables policy testing
      6 #
      7 # The policy string is set to the config= line in the pkcs11.txt
      8 # it currently has 2 keywords:
      9 #
     10 # disallow= turn off the use of this algorithm by policy. (implies disable)
     11 # allow= allow this algorithm to by used if selected by policy.
     12 # disable= turn off the use of this algorithm even if allowed by policy
     13 #          (application can override)
     14 # enable= turn off this algorithm by default (implies allow)
     15 # flags= policy-lock: can't change policy with NSS_SetAlgorithmPolicy:
     16 #  NSS_SetOption: or SSL_SetCipherPolicy
     17 #        ssl-lock: can't change the cipher suite settings with the application.
     18 #
     19 # The syntax is disallow=algorithm{/uses}:algorithm{/uses}
     20 # where {} signifies an optional element
     21 #
     22 # Signatures:
     23 #	DSA
     24 #	RSA-PKCS
     25 #	RSA-PSS
     26 #       ECDSA
     27 # Hashes:
     28 #	MD2
     29 #	MD4
     30 #	MD5
     31 #	SHA1
     32 #	SHA224
     33 #	SHA256
     34 #	SHA384
     35 #	SHA512
     36 #	SHA3_224
     37 #	SHA3_256
     38 #	SHA3_384
     39 #	SHA3_512
     40 # Ciphers:
     41 #	AES128-CBC
     42 #	AES192-CBC
     43 #	AES256-CBC
     44 #	CAMELLIA128-CBC
     45 #	CAMELLIA192-CBC
     46 #	CAMELLIA256-CBC
     47 #	SEED-CBC
     48 #	DES-EDE3-CBC
     49 #	RC2-40-CBC
     50 #	RC2-64-CBC
     51 #	RC2-128-CBC
     52 # Key exchange
     53 #	RSA-PKCS
     54 #	RSA-OAEP
     55 #	DH
     56 #	ECDH
     57 # Include all of the above:
     58 #       ALL
     59 #-----------------------------------------------
     60 # Uses are:
     61 #    smime
     62 #    smime-legacy
     63 #    smime-key-exchange
     64 #    key-exchange (includes smime-key-exchange)
     65 #    cert-signature
     66 #    smime-signature  (=cms-signature)
     67 #    all-signature (includes cert-signature)
     68 #    signature (all signatures off: some signature allowed based on other option)
     69 #    all (includes all of the above)
     70 #
     71 # NOTE: the certificates used in validation are rsa-pkcs1/sha256 signed.
     72 #
     73 # Sign Vfy Enc Dec hash rec_email rec_name rec_policy snd_name snd_policy alg Test Name
     74  0 0 0 0 SHA256 dave@example.com Dave enable=hmac-sha1 Alice enable=hmac-sha1 AES-256-CBC  Use default policy and enable
     75  0 0 0 0 SHA512 bob@example.com Bob enable=aes256-cbc Alice enable=aes256-cbc AES-256-CBC Only enable aes-256
     76  0 0 0 0 SHA512 bob@example.com Bob enable=camellia256-cbc Alice enable=camellia256-cbc CAMELLIA-256-CBC Only enable camellia
     77  0 0 1 x SHA1 bob@example.com Bob allow=aes128-cbc:aes192-cbc:aes256-cbc:camellia128-cbc:camellia192-cbc:camellia256-cbc:des-ede3-cbc:rc2-40-cbc:rc2-64-cbc:rc2-128-cbc Alice enable=camellia256-cbc NONE-FAILURE Bob allows all: enables default, alice allows and enables camellia
     78  0 0 0 1 SHA384 bob@example.com Bob enable=camellia256-cbc Alice allow=aes128-cbc:aes192-cbc:aes256-cbc:camellia128-cbc:camellia192-cbc:camellia256-cbc:des-ede3-cbc:rc2-40-cbc:rc2-64-cbc:rc2-128-cbc RC2-CBC Alice allows all: enables default, bob allows and enables camellia
     79  0 0 1 x SHA384 bob@example.com Bob enable=aes256-cbc Alice enable=camellia256-cbc NONE-FAILURE Bob Only enables aes Alice Only enables camellia
     80  0 0 0 0 SHA384 bob@example.com Bob enable=camellia256-cbc Alice enable=aes128-cbc:aes192-cbc:aes256-cbc:camellia128-cbc:camellia192-cbc:camellia256-cbc:des-ede3-cbc:rc2-40-cbc:rc2-64-cbc:rc2-128-cbc CAMELLIA-256-CBC Alice enable all explicit, bob allows and enables camellia
     81  0 0 0 0 SHA1 bob@example.com Bob enable=aes128-cbc:aes192-cbc:aes256-cbc:camellia128-cbc:camellia192-cbc:camellia256-cbc:des-ede3-cbc:rc2-40-cbc:rc2-64-cbc:rc2-128-cbc Alice enable=camellia256-cbc CAMELLIA-256-CBC Bob enables all explicit, alice allows and enables camellia
     82  0 0 0 1 SHA256 dave@example.com Dave disallow=rsa-pkcs/smime-key-exchange Alice enable=hmac-sha1 AES-256-CBC  turn off RSA key exchange (decrypt)
     83  1 x x x SHA-1 dave@example.com Dave disallow=sha1/smime-signature Alice enable=hmac-sha1 NONE-FAILURE turn off sha-1 for S/MIME (generate sig)
     84  0 1 x x SHA-1 dave@example.com Dave enable=hmac-sha1 Alice disallow=sha1/smime-signature  NONE-FAILURE turn off sha-1 for S/MIME (verify sig)
     85  0 0 1 x SHA256 dave@example.com Dave enable-hmac-sha1 Alice disallow=rsa-pkcs/smime-key-exchange NONE-FAILURE turn off RSA key exchange (encrypt)
     86  0 0 1 x SHA256 dave@example.com Dave enable-hmac-sha1 Alice disallow=rsa-pkcs/smime-key-exchange_allow=rsa-pkcs/smime-key-echange_legacy NONE_FAILURE turn off RSA key exchange for encrypt only (try to encrypt)
     87  0 0 0 0 SHA256 dave@example.com Dave disallow=rsa-pkcs/smime-key-exchange-encrypt Alice enable=hmac-sha1 AES-256-CBC  turn off RSA key exchange for encrypt only (try to decrypt)
     88  1 x x x SHA256 dave@example.com Dave allow=rsa-min=3000 Alice allow=all NONE-FAILED  Enforce all key size policy on Sender
     89  0 1 x x SHA256 dave@example.com Dave allow=all Alice allow=rsa-min=3000 NONE-FAILED  Enforce all key size policy on Recipient
     90  0 0 1 x SHA256 dave@example.com Dave allow=all Alice allow=key-size-flags=key-size-smime:rsa-min=3000 NONE-FAILED  Enforce KEA key size policy on Recipient
     91  0 0 0 1 SHA256 dave@example.com Dave allow=key-size-flags=key-size-smime:rsa-min=3000 Alice allow=all AES-256-CBC  Enforce KEA key size policy on Sender